| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt SpamWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
19.05.2012, 08:22
| #1 |
 |  Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Hallo, bei einem vollständigen Suchlauf meldet Avira AntiVir (Version 10.2.0.707) folgenden Fund: Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen Habe diese dann in Quarantäne verschoben Mir war zuvor aufgefallen, dass mein Yahoo Mail Account Spam verschickt hat. Habe dann mein Kennwort geändert. Kurze Zeit später wurde aber schon wieder Spam von dort verschickt. Nun habe ich noch einen Vollscan mit zuvor aktualisiertem Malewarebytes gemacht: kein Fund! Rechner scheint sich wieder normal zu verhalten. Muß ich noch was machen? Danke für jeden Tip! Hier der Scan von Malewarebytes: Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.05.18.09 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Michael :: MICHAEL-PC [Administrator] 19.05.2012 04:33:07 mbam-log-2012-05-19 (04-33-07).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 419545 Laufzeit: 1 Stunde(n), 19 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ------ Anbei noch der Scan von Avira, bei dem zuvor der Exploit entdeckt wurde: Avira AntiVir Personal Erstellungsdatum der Reportdatei: Freitag, 18. Mai 2012 23:15 Es wird nach 3716013 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows Vista Windowsversion : (Service Pack 2) [6.0.6002] Boot Modus : Normal gebootet Benutzername : SYSTEM Computername : MICHAEL-PC Versionsinformationen: BUILD.DAT : 10.2.0.707 36070 Bytes 25.01.2012 12:53:00 AVSCAN.EXE : 10.3.0.7 484008 Bytes 14.07.2011 09:44:50 AVSCAN.DLL : 10.0.5.0 57192 Bytes 14.07.2011 09:44:50 LUKE.DLL : 10.3.0.5 45416 Bytes 14.07.2011 09:44:54 LUKERES.DLL : 10.0.0.0 13672 Bytes 14.01.2010 10:59:48 AVSCPLR.DLL : 10.3.0.7 119656 Bytes 14.07.2011 09:44:54 AVREG.DLL : 10.3.0.9 88833 Bytes 14.07.2011 09:44:54 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 10:46:59 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 10:55:18 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 13:51:43 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 11:46:14 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 20:09:22 VBASE005.VDF : 7.11.29.136 2166272 Bytes 10.05.2012 19:32:01 VBASE006.VDF : 7.11.29.137 2048 Bytes 10.05.2012 19:32:01 VBASE007.VDF : 7.11.29.138 2048 Bytes 10.05.2012 19:32:01 VBASE008.VDF : 7.11.29.139 2048 Bytes 10.05.2012 19:32:01 VBASE009.VDF : 7.11.29.140 2048 Bytes 10.05.2012 19:32:01 VBASE010.VDF : 7.11.29.141 2048 Bytes 10.05.2012 19:32:01 VBASE011.VDF : 7.11.29.142 2048 Bytes 10.05.2012 19:32:01 VBASE012.VDF : 7.11.29.143 2048 Bytes 10.05.2012 19:32:01 VBASE013.VDF : 7.11.29.144 2048 Bytes 10.05.2012 19:32:01 VBASE014.VDF : 7.11.30.3 198144 Bytes 14.05.2012 14:43:17 VBASE015.VDF : 7.11.30.69 186368 Bytes 17.05.2012 21:15:30 VBASE016.VDF : 7.11.30.70 2048 Bytes 17.05.2012 21:15:30 VBASE017.VDF : 7.11.30.71 2048 Bytes 17.05.2012 21:15:30 VBASE018.VDF : 7.11.30.72 2048 Bytes 17.05.2012 21:15:30 VBASE019.VDF : 7.11.30.73 2048 Bytes 17.05.2012 21:15:30 VBASE020.VDF : 7.11.30.74 2048 Bytes 17.05.2012 21:15:30 VBASE021.VDF : 7.11.30.75 2048 Bytes 17.05.2012 21:15:30 VBASE022.VDF : 7.11.30.76 2048 Bytes 17.05.2012 21:15:30 VBASE023.VDF : 7.11.30.77 2048 Bytes 17.05.2012 21:15:30 VBASE024.VDF : 7.11.30.78 2048 Bytes 17.05.2012 21:15:30 VBASE025.VDF : 7.11.30.79 2048 Bytes 17.05.2012 21:15:30 VBASE026.VDF : 7.11.30.80 2048 Bytes 17.05.2012 21:15:30 VBASE027.VDF : 7.11.30.81 2048 Bytes 17.05.2012 21:15:30 VBASE028.VDF : 7.11.30.82 2048 Bytes 17.05.2012 21:15:30 VBASE029.VDF : 7.11.30.83 2048 Bytes 17.05.2012 21:15:30 VBASE030.VDF : 7.11.30.84 2048 Bytes 17.05.2012 21:15:30 VBASE031.VDF : 7.11.30.120 109056 Bytes 18.05.2012 21:15:30 Engineversion : 8.2.10.68 AEVDF.DLL : 8.1.2.2 106868 Bytes 27.10.2011 20:11:56 AESCRIPT.DLL : 8.1.4.19 455034 Bytes 12.05.2012 19:32:04 AESCN.DLL : 8.1.8.2 131444 Bytes 27.01.2012 10:46:45 AESBX.DLL : 8.2.5.5 606579 Bytes 13.03.2012 10:12:02 AERDL.DLL : 8.1.9.15 639348 Bytes 12.09.2011 09:29:52 AEPACK.DLL : 8.2.16.13 807287 Bytes 12.05.2012 19:32:04 AEOFFICE.DLL : 8.1.2.28 201082 Bytes 28.04.2012 20:45:03 AEHEUR.DLL : 8.1.4.28 4800886 Bytes 18.05.2012 21:15:31 AEHELP.DLL : 8.1.21.0 254326 Bytes 12.05.2012 19:32:03 AEGEN.DLL : 8.1.5.28 422260 Bytes 28.04.2012 20:45:02 AEEXP.DLL : 8.1.0.40 82292 Bytes 18.05.2012 21:15:31 AEEMU.DLL : 8.1.3.0 393589 Bytes 25.11.2010 10:00:31 AECORE.DLL : 8.1.25.6 201078 Bytes 16.03.2012 11:45:27 AEBB.DLL : 8.1.1.0 53618 Bytes 10.09.2010 18:48:35 AVWINLL.DLL : 10.0.0.0 19304 Bytes 14.01.2010 10:59:12 AVPREF.DLL : 10.0.3.2 44904 Bytes 14.07.2011 09:44:50 AVREP.DLL : 10.0.0.10 174120 Bytes 19.05.2011 08:05:30 AVARKT.DLL : 10.0.26.1 255336 Bytes 14.07.2011 09:44:48 AVEVTLOG.DLL : 10.0.0.9 203112 Bytes 14.07.2011 09:44:49 SQLITE3.DLL : 3.6.19.0 355688 Bytes 28.01.2010 11:57:54 AVSMTP.DLL : 10.0.0.17 63848 Bytes 16.03.2010 14:38:56 NETNT.DLL : 10.0.0.0 11624 Bytes 19.02.2010 13:40:56 RCIMAGE.DLL : 10.0.0.35 2589544 Bytes 14.07.2011 09:44:44 RCTEXT.DLL : 10.0.64.0 98664 Bytes 14.07.2011 09:44:44 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Vollständige Systemprüfung Konfigurationsdatei...................: C:\program files\avira\antivir desktop\sysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, D:, Durchsuche aktive Programme...........: ein Laufende Programme erweitert..........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: ein Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Alle Dateien Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: erweitert Beginn des Suchlaufs: Freitag, 18. Mai 2012 23:15 Der Suchlauf nach versteckten Objekten wird begonnen. Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'iexplore.exe' - '124' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'iexplore.exe' - '83' Modul(e) wurden durchsucht Durchsuche Prozess 'vssvc.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '78' Modul(e) wurden durchsucht Durchsuche Prozess 'avscan.exe' - '28' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '65' Modul(e) wurden durchsucht Durchsuche Prozess 'FlashUtil32_11_2_202_235_ActiveX.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'CCC.exe' - '190' Modul(e) wurden durchsucht Durchsuche Prozess 'MOM.exe' - '61' Modul(e) wurden durchsucht Durchsuche Prozess 'jusched.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'Explorer.EXE' - '131' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '80' Modul(e) wurden durchsucht Durchsuche Prozess 'Dwm.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '21' Modul(e) wurden durchsucht Durchsuche Prozess 'WUDFHost.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'taskeng.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'avshadow.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'SearchIndexer.exe' - '62' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '9' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '42' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'MSCamS32.exe' - '18' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '64' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '57' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '56' Modul(e) wurden durchsucht Durchsuche Prozess 'spoolsv.exe' - '94' Modul(e) wurden durchsucht Durchsuche Prozess 'atieclxx.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '91' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '81' Modul(e) wurden durchsucht Durchsuche Prozess 'SLsvc.exe' - '23' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '37' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '144' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '100' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '66' Modul(e) wurden durchsucht Durchsuche Prozess 'atiesrxx.exe' - '25' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '35' Modul(e) wurden durchsucht Durchsuche Prozess 'svchost.exe' - '40' Modul(e) wurden durchsucht Durchsuche Prozess 'winlogon.exe' - '30' Modul(e) wurden durchsucht Durchsuche Prozess 'lsm.exe' - '22' Modul(e) wurden durchsucht Durchsuche Prozess 'lsass.exe' - '60' Modul(e) wurden durchsucht Durchsuche Prozess 'services.exe' - '33' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'wininit.exe' - '26' Modul(e) wurden durchsucht Durchsuche Prozess 'csrss.exe' - '14' Modul(e) wurden durchsucht Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD1 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD2 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD3 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD4 [INFO] Es wurde kein Virus gefunden! Masterbootsektor HD5 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Bootsektor 'D:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '598' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\' <System> C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395 [0] Archivtyp: ZIP --> Sony.class [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen Beginne mit der Suche in 'D:\' <DATA> Beginne mit der Desinfektion: C:\Users\Michael\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43\494389eb-3bc23395 [FUND] Enthält Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen [HINWEIS] Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '49ff5ac4.qua' verschoben! Ende des Suchlaufs: Samstag, 19. Mai 2012 03:43 Benötigte Zeit: 1:32:49 Stunde(n) Der Suchlauf wurde vollständig durchgeführt. 26880 Verzeichnisse wurden überprüft 409967 Dateien wurden geprüft 1 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 1 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 409966 Dateien ohne Befall 4506 Archive wurden durchsucht 0 Warnungen 1 Hinweise 685650 Objekte wurden beim Rootkitscan durchsucht 0 Versteckte Objekte wurden gefunden Der Klarkeit halber sollte ich vielleicht noch dazu sagen, dass der Avira Report von dem Zeitpunkt stammt, wo der Exploit gefunden wurde. Dann wurde er in Quarantäne verschoben. Danach habe ich den Malewarebites Scan gemacht. Ich hoffe, so ist es besser verständlich. |
|
21.05.2012, 12:13
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
21.05.2012, 15:26
| #3 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Also erst mal vien herzlichen Dank für Deine Antwort!
__________________Gerne poste ich den letzten scan mit Malewarebytes, der ist allerdings leider schon ewig her: Malwarebytes' Anti-Malware 1.46 www.malwarebytes.org Datenbank Version: 4404 Windows 6.0.6000 Internet Explorer 7.0.6000.17037 07.08.2010 22:23:41 mbam-log-2010-08-07 (22-23-41).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Durchsuchte Objekte: 261187 Laufzeit: 44 Minute(n), 8 Sekunde(n) Infizierte Speicherprozesse: 0 Infizierte Speichermodule: 0 Infizierte Registrierungsschlüssel: 0 Infizierte Registrierungswerte: 0 Infizierte Dateiobjekte der Registrierung: 0 Infizierte Verzeichnisse: 0 Infizierte Dateien: 0 Infizierte Speicherprozesse: (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: (Keine bösartigen Objekte gefunden) Infizierte Dateien: (Keine bösartigen Objekte gefunden) |
|
21.05.2012, 15:34
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Hat MBAM nie was gefunden?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
21.05.2012, 16:58
| #5 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Nein, kein Fund mit Malewarebytes, wahrscheinlich weil Avira vorher schon aufgeräumt hat. |
|
21.05.2012, 18:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Führ bitte auch ESET aus, danach sehen wir weiter: ESET Online Scanner
__________________ --> Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam |
|
21.05.2012, 23:46
| #7 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Hallo, da stand dann nur folgendes: Code:
ATTFilter ESETSmartInstaller@High as CAB hook log:
OnlineScanner.ocx - registred OK
Code:
ATTFilter C:\Program Files\Application Updater\ApplicationUpdater.exe probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.dll Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettings.exe Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\SearchSettingsRes409.dll Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\WidgiHelper.exe Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\FF\components\pdfforgeToolbarFF.dll probably a variant of Win32/Toolbar.Widgi application
C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll probably a variant of Win32/Toolbar.Widgi application
C:\Users\Michael\Setup_FreeVideoConverter.exe Win32/Toolbar.Widgi application
|
|
22.05.2012, 12:39
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Ist nur Toolbar-Müll aber keine Malware Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2012, 12:55
| #9 | ||
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt SpamZitat:
Zitat:
|
|
22.05.2012, 13:21
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.05.2012, 16:15
| #11 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Vielen Dank! Anbei das OTL file: OTL Logfile: Code:
ATTFilter OTL logfile created on: 22.05.2012 16:45:58 - Run 3 OTL by OldTimer - Version 3.2.43.1 Folder = C:\Users\Michael Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,00 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 64,43% Memory free 4,24 Gb Paging File | 3,15 Gb Available in Paging File | 74,29% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 303,35 Gb Total Space | 125,07 Gb Free Space | 41,23% Space Free | Partition Type: NTFS Drive D: | 150,69 Gb Total Space | 150,60 Gb Free Space | 99,94% Space Free | Partition Type: NTFS Computer Name: MICHAEL-PC | User Name: Michael | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Michael\OTL.exe (OldTimer Tools) PRC - C:\Windows\System32\Macromed\Flash\FlashUtil32_11_2_202_235_ActiveX.exe (Adobe Systems Incorporated) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira GmbH) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) PRC - C:\Windows\System32\ZSTATUS.EXE (Zenographics) ========== Modules (No Company Name) ========== MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Web\ef684a2ee2f7276eec3973a0654d2bd4\System.Web.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\846b9cf2756fdd15f704c9bab9c70b6f\System.Runtime.Remoting.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\bd76aaaa03ddc15d1840207b5a480644\System.Configuration.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\d2630342a066a7cb9056d9eb6157687a\System.Xml.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\e4d54640bacd18e047a4573cb4611bd3\System.Windows.Forms.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\5d8696f15e49aedf883dd945806a7049\System.Drawing.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\System\28d633338fc8d29f8af31935ef7d001b\System.ni.dll () MOD - C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\af9c9e9d7e0523cd444f8b551baa9cbf\mscorlib.ni.dll () MOD - C:\Program Files\FileZilla FTP Client\fzshellext.dll () MOD - C:\Windows\System32\atitmpxx.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLI.Aspect.CrossDisplay.Graphics.Dashboard.dll () MOD - C:\Program Files\ATI Technologies\ATI.ACE\Branding\Branding.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.Windows.Forms.resources\2.0.0.0_de_b77a5c561934e089\System.Windows.Forms.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\System.resources\2.0.0.0_de_b77a5c561934e089\System.resources.dll () MOD - C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira GmbH) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira GmbH) SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (Application Updater) -- C:\Program Files\Application Updater\ApplicationUpdater.exe (Spigot, Inc.) SRV - (YahooAUService) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (MSCamSvc) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe (Microsoft Corporation) SRV - (TestHandler) -- C:\FirstSteps\OnlineDiagnostic\TestManager\TestHandler.exe (Fujitsu Siemens Computers) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (catchme) -- C:\Users\Michael\AppData\Local\Temp\catchme.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (amdkmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (amdkmdap) -- C:\Windows\System32\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV - (AtiHdmiService) -- C:\Windows\System32\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek ) DRV - (ewusbnet) -- C:\Windows\System32\drivers\ewusbnet.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (hwusbdev) -- C:\Windows\System32\drivers\ewusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (avgio) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys (Avira GmbH) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (nvrd32) -- C:\Windows\System32\drivers\nvrd32.sys (NVIDIA Corporation) DRV - (nvstor32) -- C:\Windows\System32\drivers\nvstor32.sys (NVIDIA Corporation) DRV - (JRAID) -- C:\Windows\System32\drivers\jraid.sys (JMicron Technology Corp.) DRV - (VX1000) -- C:\Windows\System32\drivers\VX1000.sys (Microsoft Corporation) DRV - (ElbyCDFL) -- C:\Windows\System32\drivers\ElbyCDFL.sys (SlySoft, Inc.) DRV - (ElbyDelay) -- C:\Windows\System32\drivers\ElbyDelay.sys (Elaborate Bytes AG) DRV - (PID_0928) Logitech QuickCam Express(PID_0928) -- C:\Windows\System32\drivers\LV561AV.SYS (Logitech Inc.) DRV - (LVUSBSta) -- C:\Windows\System32\drivers\LVUSBSta.sys (Logitech Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.n-tv.de/ IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B6 99 3E AB BD AD CC 01 [binary data] IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\URLSearchHook: {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes,DefaultScope = {57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30} IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{16E302D2-038D-4FCF-A19E-0C049AA00C59}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&type=867034&p={searchTerms} IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\SearchScopes\{57DCD1D0-1FE6-451D-8C1C-2F5A2D0BBF30}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = www-proxy.t-online.de:80 ========== FireFox ========== FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm" FF - prefs.js..browser.search.param.yahoo-type: "${8}" FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=vmn&type=vdio5&p=" FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@innoplus.de/ino3DViewer: C:\Program Files\innoplus\3D-Viewer-innoPlus\npIno3DViewer.dll (INNOVA-engineering GmbH Dresden) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_32: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011.01.18 03:03:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011.01.18 03:03:01 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.05.19 04:20:42 | 000,000,000 | ---D | M] [2009.06.11 12:09:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Extensions [2012.05.17 17:35:21 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions [2010.01.09 12:51:31 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2012.05.17 17:35:22 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\Michael\AppData\Roaming\mozilla\Firefox\Profiles\uhvu7q81.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.05.19 03:58:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2010.08.16 11:07:47 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} [2010.11.12 23:31:39 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} [2010.12.18 13:38:30 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} [2011.02.19 18:09:05 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} [2011.06.17 22:39:50 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} [2012.05.19 03:58:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} [2008.11.03 01:25:00 | 000,000,000 | ---D | M] (Search Settings Plugin) -- C:\Program Files\Mozilla Firefox\extensions\search@searchsettings.com [2009.06.11 12:08:59 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org File not found (No name found) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} [2011.01.18 03:03:03 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009.06.11 12:08:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2009.06.11 12:08:56 | 000,002,344 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2009.06.11 12:08:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2009.06.11 12:08:56 | 000,000,986 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2009.06.11 12:08:56 | 000,000,801 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2010.08.02 01:16:56 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvSvc] C:\Windows\System32\nvsvc.dll (NVIDIA Corporation) O4 - HKLM..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Free YouTube Download - C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([]http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: comdirect.de ([brokerage] https in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: luderworld.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: salsa-munich.de ([www] http in Trusted sites) O15 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..Trusted Domains: vcn-online.de ([www] http in Trusted sites) O16 - DPF: {0F7A9297-7268-11D1-B81A-00A076C01B0A} hxxp://www.cartesianinc.com/Exec/CpcViewAX/CpcViewAX.cab (Reg Error: Key error.) O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0032-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_32-windows-i586.cab (Java Plug-in 1.6.0_32) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A21D5781-2D3B-4B48-8C3F-A4944A5F8470}: DhcpNameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AA2906CF-BD49-4D04-ADB1-B42889BB7389}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Windows\Web\Wallpaper\img16.jpg O24 - Desktop BackupWallPaper: C:\Windows\Web\Wallpaper\img16.jpg O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^E-Mail - Verknüpfung.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Michael^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Internet - Verknüpfung.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: CanonSolutionMenu - hkey= - key= - C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.) MsConfig - StartUpReg: CloneCDTray - hkey= - key= - C:\Program Files\SlySoft\CloneCD\CloneCDTray.exe (SlySoft, Inc.) MsConfig - StartUpReg: IndxStoreSvr_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - hkey= - key= - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) MsConfig - StartUpReg: RtHDVCpl - hkey= - key= - C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) MsConfig - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files\pdfforge Toolbar\SearchSettings.exe (Spigot, Inc.) MsConfig - StartUpReg: Sidebar - hkey= - key= - C:\Program Files\Windows Sidebar\sidebar.exe (Microsoft Corporation) MsConfig - StartUpReg: Skytel - hkey= - key= - C:\Windows\SkyTel.exe (Realtek Semiconductor Corp.) MsConfig - StartUpReg: TkBellExe - hkey= - key= - c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation) MsConfig - StartUpReg: WMPNSCFG - hkey= - key= - C:\Program Files\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - %SystemRoot%\System32\appmgmts.dll File not found SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.7 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E5D12C4E-7B4F-11D3-B5C9-0050045C3C96} - Reg Error: Value error. ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: VIDC.I420 - C:\Windows\System32\i420vfw.dll (www.helixcommunity.org) Drivers32: vidc.iv31 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv32 - C:\Windows\System32\ir32_32.dll (Intel(R) Corporation) Drivers32: vidc.iv41 - C:\Windows\System32\ir41_32.ax (Intel Corporation) Drivers32: vidc.iv50 - C:\Windows\System32\ir50_32.dll (Intel Corporation) Drivers32: vidc.XVID - C:\Windows\System32\xvidvfw.dll () Drivers32: vidc.yv12 - C:\Windows\System32\yv12vfw.dll (www.helixcommunity.org) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.05.22 16:42:01 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\Michael\OTL.exe [2012.05.22 11:10:53 | 000,000,000 | ---D | C] -- C:\ProgramData\WindowsSearch [2012.05.21 21:43:23 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.05.19 04:27:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.05.19 04:27:05 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.05.19 04:20:04 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [2012.05.19 04:19:49 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.05.17 17:35:21 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.05.17 17:35:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDVideoSoft [2012.05.17 17:35:14 | 002,557,952 | ---- | C] (Nokia Corporation and/or its subsidiary(-ies)) -- C:\Windows\System32\QtCore4.dll [2012.05.17 17:35:09 | 000,405,176 | ---- | C] (Newtonsoft) -- C:\Windows\System32\Newtonsoft.Json.Net20.dll [2012.05.17 17:35:05 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft [2012.05.17 17:35:04 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft [2012.05.17 17:33:56 | 000,000,000 | ---D | C] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.05.09 14:09:32 | 000,894,976 | ---- | C] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe [9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.05.22 16:42:01 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\Michael\OTL.exe [2012.05.22 15:51:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 15:06:05 | 000,003,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.05.22 11:08:03 | 000,176,582 | ---- | M] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf [2012.05.22 11:06:02 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.05.19 04:27:07 | 000,000,872 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.19 04:20:42 | 000,001,853 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.05.17 23:07:22 | 000,000,099 | ---- | M] () -- C:\Users\Michael\AppData\Roaming\default.pls [2012.05.17 17:35:16 | 000,000,998 | ---- | M] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk [2012.05.17 17:35:15 | 000,001,061 | ---- | M] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk [2012.05.11 11:58:31 | 000,270,736 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.05.11 10:40:01 | 000,628,504 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.05.11 10:40:01 | 000,595,798 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.05.11 10:40:01 | 000,126,054 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.05.11 10:40:01 | 000,103,872 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.05.09 14:09:32 | 000,894,976 | ---- | M] (Tara Group, Inc.) -- C:\Users\Michael\cdsExplorer.exe [2012.04.23 18:06:01 | 000,002,032 | ---- | M] () -- C:\Users\Michael\AppData\Local\d3d9caps.dat [9 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.05.22 11:08:03 | 000,176,582 | ---- | C] () -- C:\Users\Michael\Documents\Rechnung_2026337432_402788102_22052012.pdf [2012.05.19 04:27:07 | 000,000,872 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.05.19 04:20:11 | 000,002,425 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2012.05.19 04:20:11 | 000,001,853 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader 9.lnk [2012.05.17 17:35:16 | 000,000,998 | ---- | C] () -- C:\Users\Michael\Desktop\DVDVideoSoft Free Studio.lnk [2012.05.17 17:35:15 | 000,001,061 | ---- | C] () -- C:\Users\Michael\Desktop\Free YouTube Download.lnk [2011.05.10 21:28:47 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.05.10 21:24:27 | 000,002,137 | ---- | C] () -- C:\Windows\System32\atipblag.dat [2010.08.25 13:39:46 | 000,116,224 | ---- | C] () -- C:\Windows\System32\pdfcmnnt.dll [2010.08.16 02:42:21 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2010.08.16 02:40:44 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.08.16 02:40:44 | 000,018,904 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchemaTrivial.bin [2010.08.02 01:07:52 | 000,256,512 | ---- | C] () -- C:\Windows\PEV.exe [2010.08.02 01:07:52 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2010.08.02 01:07:52 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2010.08.02 01:07:52 | 000,077,312 | ---- | C] () -- C:\Windows\MBR.exe [2010.08.02 01:07:52 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2010.05.27 18:24:24 | 000,023,040 | ---- | C] () -- C:\Windows\System32\atitmpxx.dll ========== LOP Check ========== [2010.10.15 23:55:06 | 000,000,000 | ---D | M] -- C:\Users\Gast\AppData\Roaming\Canon [2010.09.07 10:16:08 | 000,000,000 | ---D | M] -- C:\Users\Gast2\AppData\Roaming\Canon [2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence [2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon [2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla [2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv [2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy [2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound [2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft [2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online [2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard [2012.05.22 01:10:31 | 000,032,534 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2008.03.27 21:28:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Adobe [2009.06.20 22:18:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Ahead [2010.04.18 21:41:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ArcSoft [2011.05.10 21:31:27 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\ATI [2010.09.10 20:47:20 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Avira [2009.06.29 17:48:00 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\AVS4YOU [2009.06.22 13:23:10 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Broad Intelligence [2010.04.10 15:56:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Canon [2010.01.12 13:00:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\dvdcss [2012.05.17 17:35:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoft [2012.05.17 17:35:21 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\DVDVideoSoftIEHelpers [2012.04.19 23:22:01 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\FileZilla [2010.07.29 22:39:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Goasv [2010.07.29 09:11:31 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Heixy [2008.03.03 13:08:15 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Hewlett-Packard [2008.01.30 13:27:55 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Identities [2008.03.02 02:34:16 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Macromedia [2010.05.20 12:36:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Center Programs [2008.06.23 19:06:23 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Media Player Classic [2012.02.01 12:56:27 | 000,000,000 | --SD | M] -- C:\Users\Michael\AppData\Roaming\Microsoft [2009.11.19 03:15:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\mIRC [2009.06.11 12:09:08 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Mozilla [2009.07.20 21:26:41 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NCH Swift Sound [2008.04.04 16:31:49 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Nero [2009.07.03 10:18:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\NeroDigital™ [2011.01.18 14:37:56 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Real [2009.10.03 14:58:29 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Skype [2009.10.03 14:39:03 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\skypePM [2008.08.20 15:04:13 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\SlySoft [2008.03.14 21:51:14 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Sony Corporation [2008.03.01 17:59:30 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\T-Online [2008.03.13 13:23:46 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Talkback [2010.10.01 21:52:24 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\vlc [2010.07.12 17:41:52 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Wienerberger18599 Standard [2009.12.07 01:05:36 | 000,000,000 | ---D | M] -- C:\Users\Michael\AppData\Roaming\Yahoo! < %APPDATA%\*.exe /s > [2011.05.07 15:39:34 | 000,010,134 | R--- | M] () -- C:\Users\Michael\AppData\Roaming\Microsoft\Installer\{B96DB037-DBEA-4186-9081-9CBD537F82E8}\ARPPRODUCTICON.exe [2010.05.20 02:45:40 | 000,738,824 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20100217.exe [2011.01.18 02:59:52 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\RealPlayer\setup\AU_setup20101108.exe [2009.12.07 02:02:37 | 000,439,816 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\setup.exe [2009.12.07 10:55:51 | 000,079,368 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.09\RUP\vista.exe [2011.01.18 02:59:24 | 000,510,120 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\setup3.13\setup.exe [2011.07.14 15:51:34 | 000,310,400 | ---- | M] (RealNetworks, Inc.) -- C:\Users\Michael\AppData\Roaming\Real\Update\UpgradeHelper\RealPlayer\8.00\rnupgagent.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.18 23:42:26 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_cb7c81c7\AGP440.sys [2007.10.23 13:14:05 | 000,056,504 | ---- | M] (Microsoft Corporation) MD5=198636E76971EBC96404547EC0FD5E75 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6000.20598_none_b85cfa98dae9b436\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\ERDNT\cache\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\drivers\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\drivers\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.10 23:32:28 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_37a5f048\atapi.sys [2007.10.23 14:05:24 | 000,021,688 | ---- | M] (Microsoft Corporation) MD5=28D0C21DB4FFED1BBFB42E9AA34E0C0D -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20658_none_dbad770d3da236bb\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.18 23:41:32 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys [2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_7de13c21\atapi.sys [2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=B35CFCEF838382AB6490B321C87EDF17 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.16632_none_db337a442479c42c\atapi.sys [2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\ERDNT\cache\atapi.sys [2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_64dfd8ea\atapi.sys [2008.03.02 01:03:35 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=E03E8C99D15D0381E02743C36AFC7C6F -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6000.20757_none_dbac78a93da31a8b\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\ERDNT\cache\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\drivers\iaStor.sys [2007.07.12 16:35:02 | 000,305,176 | ---- | M] (Intel Corporation) MD5=2358C53F30CB9DCD1D3843C4E2F299B2 -- C:\Windows\System32\DriverStore\FileRepository\iastor.inf_ec8a8d1b\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.18 23:42:52 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\drivers\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\ERDNT\cache\netlogon.dll [2006.11.02 11:46:11 | 000,559,616 | ---- | M] (Microsoft Corporation) MD5=889A2C9F2AACCD8F64EF50AC0B3D553B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6000.16386_none_fb80f5473b0ed783\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.10 23:28:24 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.18 23:35:38 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\drivers\nvstor.sys [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.18 23:42:10 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: NVSTOR32.SYS > [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\drivers\nvstor32.sys [2007.07.02 17:37:08 | 000,110,112 | ---- | M] (NVIDIA Corporation) MD5=703E3A7093B0FAC0EEBADBB8E931ECAF -- C:\Windows\System32\DriverStore\FileRepository\nvrd32.inf_bbf77119\nvstor32.sys < MD5 for: SCECLI.DLL > [2008.01.18 23:36:20 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\ERDNT\cache\scecli.dll [2006.11.02 11:46:12 | 000,176,640 | ---- | M] (Microsoft Corporation) MD5=80E2839D05CA5970A86D7BE2A08BFF61 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6000.16386_none_35d7205fdc305e3e\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.10 23:28:26 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\ERDNT\cache\user32.dll [2007.10.23 12:39:55 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=3322B167C8F76319C991B851514DFAC9 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.20587_none_cb8c4940898e24a6\user32.dll [2008.01.18 23:36:48 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2006.11.02 11:46:13 | 000,633,856 | ---- | M] (Microsoft Corporation) MD5=E698A5437B89A285ACA3FF022356810A -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6000.16386_none_cb01aa4570716e5e\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.10 23:28:26 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.18 23:33:34 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\ERDNT\cache\userinit.exe [2006.11.02 11:45:50 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=22027835939F86C3E47AD8E3FBDE3D11 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6000.16386_none_d9f1f819d4c4e737\userinit.exe < MD5 for: VIAMRAID.SYS > [2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\drivers\viamraid.sys [2006.11.08 15:23:52 | 000,102,912 | ---- | M] (VIA Technologies inc,.ltd) MD5=7DC3E1DC6E4F8BE381C31BFEA578412A -- C:\Windows\System32\DriverStore\FileRepository\viamraid.inf_74a36694\viamraid.sys < MD5 for: WININIT.EXE > [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.18 23:33:38 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe [2007.10.23 12:43:12 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=39D959CD9F3BC44F78DB3C6588AAC3FE -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.20593_none_2f37c4ba208e02ab\wininit.exe [2006.11.02 11:45:57 | 000,095,744 | ---- | M] (Microsoft Corporation) MD5=D4385B03E8CCCEE6F0EE249F827C1F3E -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6000.16386_none_2ebbf6d3076595ce\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.10 23:28:14 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2006.11.02 11:45:57 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=9F75392B9128A91ABAFB044EA350BAAD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.16386_none_6d8c3f1ad8066b21\winlogon.exe [2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\ERDNT\cache\winlogon.exe [2007.10.23 12:43:12 | 000,308,224 | ---- | M] (Microsoft Corporation) MD5=A3FEA6ED9FD3CF07219A632E4A716226 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6000.20593_none_6e080d01f12ed7fe\winlogon.exe [2008.01.18 23:33:38 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2006.11.02 10:58:26 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=84620AECDCFD2A7A14E6263927D8C0ED -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6000.16386_none_4d4fded8cae2956d\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.18 21:56:50 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2007.10.19 17:59:42 | 006,664,192 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2007.10.19 17:59:40 | 000,102,400 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2007.10.19 17:59:42 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2007.10.19 17:59:48 | 015,720,448 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2007.10.19 17:59:49 | 006,021,120 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
22.05.2012, 18:57
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Reg Error: Value error.) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\pdfforge Toolbar\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll (Spigot, Inc.)
O3 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\..\Toolbar\WebBrowser: (no name) - {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No CLSID value found.
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.05.2012, 20:10
| #13 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Sorry, hat etwas gedauert, weil ich verhindert war. Also jetzt das file: Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E312764E-7706-43F1-8DAB-FCDD2B1E416D}\ not found.
File C:\Program Files\pdfforge Toolbar\SearchSettings.dll not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{B922D405-6D13-4A2B-AE89-08A030DA4402} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B922D405-6D13-4A2B-AE89-08A030DA4402}\ not found.
File C:\Program Files\pdfforge Toolbar\IE\1.1.2\pdfforgeToolbarIE.dll not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Restrictions\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
Registry key HKEY_USERS\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry key HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel\ not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun not found.
Registry value HKEY_USERS\S-1-5-21-3433261542-1180962297-3002301301-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDrives not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Gast
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Gast2
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Michael
->Temp folder emptied: 758265226 bytes
->Temporary Internet Files folder emptied: 1154302971 bytes
->Java cache emptied: 14937830 bytes
->FireFox cache emptied: 24827121 bytes
->Flash cache emptied: 95084 bytes
User: Public
->Temp folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 194232 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 387229607 bytes
RecycleBin emptied: 3342084 bytes
Total Files Cleaned = 2.235,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Gast
->Flash cache emptied: 0 bytes
User: Gast2
->Flash cache emptied: 0 bytes
User: Michael
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.43.1 log created on 05282012_194950
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
29.05.2012, 08:28
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.05.2012, 23:14
| #15 |
| | Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam Anbei das Log: Code:
ATTFilter 00:08:50.0583 5992 TDSS rootkit removing tool 2.7.36.0 May 21 2012 16:40:16
00:08:50.0786 5992 ============================================================
00:08:50.0786 5992 Current date / time: 2012/05/31 00:08:50.0786
00:08:50.0786 5992 SystemInfo:
00:08:50.0786 5992
00:08:50.0786 5992 OS Version: 6.0.6002 ServicePack: 2.0
00:08:50.0786 5992 Product type: Workstation
00:08:50.0786 5992 ComputerName: MICHAEL-PC
00:08:50.0786 5992 UserName: Michael
00:08:50.0786 5992 Windows directory: C:\Windows
00:08:50.0786 5992 System windows directory: C:\Windows
00:08:50.0786 5992 Processor architecture: Intel x86
00:08:50.0786 5992 Number of processors: 4
00:08:50.0786 5992 Page size: 0x1000
00:08:50.0786 5992 Boot type: Normal boot
00:08:50.0786 5992 ============================================================
00:08:51.0458 5992 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
00:08:51.0489 5992 Drive \Device\Harddisk9\DR9 - Size: 0xF2E80000 (3.80 Gb), SectorSize: 0x200, Cylinders: 0x1EF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
00:08:51.0489 5992 ============================================================
00:08:51.0489 5992 \Device\Harddisk0\DR0:
00:08:51.0489 5992 MBR partitions:
00:08:51.0489 5992 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x1770800, BlocksNum 0x25EB1800
00:08:51.0489 5992 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x27622000, BlocksNum 0x12D63800
00:08:51.0489 5992 \Device\Harddisk9\DR9:
00:08:51.0489 5992 MBR partitions:
00:08:51.0489 5992 \Device\Harddisk9\DR9\Partition0: MBR, Type 0xB, StartLBA 0x2000, BlocksNum 0x795400
00:08:51.0489 5992 ============================================================
00:08:51.0520 5992 C: <-> \Device\Harddisk0\DR0\Partition0
00:08:51.0567 5992 D: <-> \Device\Harddisk0\DR0\Partition1
00:08:51.0567 5992 ============================================================
00:08:51.0567 5992 Initialize success
00:08:51.0567 5992 ============================================================
00:09:55.0458 0400 ============================================================
00:09:55.0458 0400 Scan started
00:09:55.0458 0400 Mode: Manual; SigCheck; TDLFS;
00:09:55.0458 0400 ============================================================
00:09:56.0786 0400 ACPI (82b296ae1892fe3dbee00c9cf92f8ac7) C:\Windows\system32\drivers\acpi.sys
00:09:56.0895 0400 ACPI - ok
00:09:56.0989 0400 AdobeFlashPlayerUpdateSvc (76d5a3d2a50402a0b9b6ed13c4371e79) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
00:09:56.0989 0400 AdobeFlashPlayerUpdateSvc - ok
00:09:57.0036 0400 adp94xx (2edc5bbac6c651ece337bde8ed97c9fb) C:\Windows\system32\drivers\adp94xx.sys
00:09:57.0083 0400 adp94xx - ok
00:09:57.0130 0400 adpahci (b84088ca3cdca97da44a984c6ce1ccad) C:\Windows\system32\drivers\adpahci.sys
00:09:57.0145 0400 adpahci - ok
00:09:57.0177 0400 adpu160m (7880c67bccc27c86fd05aa2afb5ea469) C:\Windows\system32\drivers\adpu160m.sys
00:09:57.0192 0400 adpu160m - ok
00:09:57.0224 0400 adpu320 (9ae713f8e30efc2abccd84904333df4d) C:\Windows\system32\drivers\adpu320.sys
00:09:57.0239 0400 adpu320 - ok
00:09:57.0255 0400 AeLookupSvc (9d1fda9e086ba64e3c93c9de32461bcf) C:\Windows\System32\aelupsvc.dll
00:09:57.0536 0400 AeLookupSvc - ok
00:09:57.0599 0400 AFD (3911b972b55fea0478476b2e777b29fa) C:\Windows\system32\drivers\afd.sys
00:09:57.0677 0400 AFD - ok
00:09:57.0708 0400 agp440 (ef23439cdd587f64c2c1b8825cead7d8) C:\Windows\system32\drivers\agp440.sys
00:09:57.0724 0400 agp440 - ok
00:09:57.0755 0400 aic78xx (ae1fdf7bf7bb6c6a70f67699d880592a) C:\Windows\system32\drivers\djsvs.sys
00:09:57.0770 0400 aic78xx - ok
00:09:57.0802 0400 ALG (a1545b731579895d8cc44fc0481c1192) C:\Windows\System32\alg.exe
00:09:57.0911 0400 ALG - ok
00:09:57.0927 0400 aliide (90395b64600ebb4552e26e178c94b2e4) C:\Windows\system32\drivers\aliide.sys
00:09:57.0942 0400 aliide - ok
00:09:57.0974 0400 AMD External Events Utility (60201ad353105d8c6796c1b69e6c49f0) C:\Windows\system32\atiesrxx.exe
00:09:58.0052 0400 AMD External Events Utility - ok
00:09:58.0083 0400 amdagp (2b13e304c9dfdfa5eb582f6a149fa2c7) C:\Windows\system32\drivers\amdagp.sys
00:09:58.0083 0400 amdagp - ok
00:09:58.0099 0400 amdide (0577df1d323fe75a739c787893d300ea) C:\Windows\system32\drivers\amdide.sys
00:09:58.0114 0400 amdide - ok
00:09:58.0145 0400 AmdK7 (dc487885bcef9f28eece6fac0e5ddfc5) C:\Windows\system32\drivers\amdk7.sys
00:09:58.0270 0400 AmdK7 - ok
00:09:58.0286 0400 AmdK8 (0ca0071da4315b00fc1328ca86b425da) C:\Windows\system32\drivers\amdk8.sys
00:09:58.0349 0400 AmdK8 - ok
00:09:58.0567 0400 amdkmdag (51610b74a9a1d84dc86fce1019beaff4) C:\Windows\system32\DRIVERS\atikmdag.sys
00:09:58.0817 0400 amdkmdag - ok
00:09:58.0958 0400 amdkmdap (cd1d86ab81eece67d7bd6f7ef9786ccc) C:\Windows\system32\DRIVERS\atikmpag.sys
00:09:59.0005 0400 amdkmdap - ok
00:09:59.0114 0400 AntiVirSchedulerService (c27d46b06d340293670450fce9dfb166) C:\Program Files\Avira\AntiVir Desktop\sched.exe
00:09:59.0114 0400 AntiVirSchedulerService - ok
00:09:59.0161 0400 AntiVirService (72d90e56563165984224493069c69ed4) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
00:09:59.0177 0400 AntiVirService - ok
00:09:59.0224 0400 Appinfo (c6d704c7f0434dc791aac37cac4b6e14) C:\Windows\System32\appinfo.dll
00:09:59.0286 0400 Appinfo - ok
00:09:59.0333 0400 Application Updater (293e66aa529f0fba1aa56340e293a389) C:\Program Files\Application Updater\ApplicationUpdater.exe
00:09:59.0364 0400 Application Updater ( UnsignedFile.Multi.Generic ) - warning
00:09:59.0364 0400 Application Updater - detected UnsignedFile.Multi.Generic (1)
00:09:59.0427 0400 arc (5f673180268bb1fdb69c99b6619fe379) C:\Windows\system32\drivers\arc.sys
00:09:59.0442 0400 arc - ok
00:09:59.0489 0400 arcsas (957f7540b5e7f602e44648c7de5a1c05) C:\Windows\system32\drivers\arcsas.sys
00:09:59.0489 0400 arcsas - ok
00:09:59.0520 0400 AsyncMac (53b202abee6455406254444303e87be1) C:\Windows\system32\DRIVERS\asyncmac.sys
00:09:59.0567 0400 AsyncMac - ok
00:09:59.0599 0400 atapi (1f05b78ab91c9075565a9d8a4b880bc4) C:\Windows\system32\drivers\atapi.sys
00:09:59.0614 0400 atapi - ok
00:09:59.0661 0400 AtiHdmiService (e6530b7887652ad6ca32401483ae6766) C:\Windows\system32\drivers\AtiHdmi.sys
00:09:59.0708 0400 AtiHdmiService - ok
00:09:59.0755 0400 AudioEndpointBuilder (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0802 0400 AudioEndpointBuilder - ok
00:09:59.0802 0400 Audiosrv (68e2a1a0407a66cf50da0300852424ab) C:\Windows\System32\Audiosrv.dll
00:09:59.0817 0400 Audiosrv - ok
00:09:59.0911 0400 avgio (0b497c79824f8e1bf22fa6aacd3de3a0) C:\Program Files\Avira\AntiVir Desktop\avgio.sys
00:09:59.0911 0400 avgio - ok
00:09:59.0942 0400 avgntflt (1e4114685de1ffa9675e09c6a1fb3f4b) C:\Windows\system32\DRIVERS\avgntflt.sys
00:09:59.0942 0400 avgntflt - ok
00:09:59.0989 0400 avipbb (0f78d3dae6dedd99ae54c9491c62adf2) C:\Windows\system32\DRIVERS\avipbb.sys
00:10:00.0005 0400 avipbb - ok
00:10:00.0052 0400 Beep (67e506b75bd5326a3ec7b70bd014dfb6) C:\Windows\system32\drivers\Beep.sys
00:10:00.0099 0400 Beep - ok
00:10:00.0145 0400 BFE (c789af0f724fda5852fb9a7d3a432381) C:\Windows\System32\bfe.dll
00:10:00.0192 0400 BFE - ok
00:10:00.0270 0400 BITS (93952506c6d67330367f7e7934b6a02f) C:\Windows\system32\qmgr.dll
00:10:00.0317 0400 BITS - ok
00:10:00.0317 0400 blbdrive - ok
00:10:00.0380 0400 bowser (35f376253f687bde63976ccb3f2108ca) C:\Windows\system32\DRIVERS\bowser.sys
00:10:00.0442 0400 bowser - ok
00:10:00.0474 0400 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\drivers\brfiltlo.sys
00:10:00.0505 0400 BrFiltLo - ok
00:10:00.0520 0400 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\drivers\brfiltup.sys
00:10:00.0552 0400 BrFiltUp - ok
00:10:00.0583 0400 Browser (a3629a0c4226f9e9c72faaeebc3ad33c) C:\Windows\System32\browser.dll
00:10:00.0614 0400 Browser - ok
00:10:00.0661 0400 Brserid (b304e75cff293029eddf094246747113) C:\Windows\system32\drivers\brserid.sys
00:10:00.0708 0400 Brserid - ok
00:10:00.0724 0400 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\system32\drivers\brserwdm.sys
00:10:00.0770 0400 BrSerWdm - ok
00:10:00.0786 0400 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\system32\drivers\brusbmdm.sys
00:10:00.0817 0400 BrUsbMdm - ok
00:10:00.0833 0400 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\system32\drivers\brusbser.sys
00:10:00.0895 0400 BrUsbSer - ok
00:10:00.0927 0400 BTHMODEM (ad07c1ec6665b8b35741ab91200c6b68) C:\Windows\system32\drivers\bthmodem.sys
00:10:00.0958 0400 BTHMODEM - ok
00:10:01.0083 0400 catchme - ok
00:10:01.0099 0400 cdfs (7add03e75beb9e6dd102c3081d29840a) C:\Windows\system32\DRIVERS\cdfs.sys
00:10:01.0130 0400 cdfs - ok
00:10:01.0161 0400 cdrom (6b4bffb9becd728097024276430db314) C:\Windows\system32\DRIVERS\cdrom.sys
00:10:01.0192 0400 cdrom - ok
00:10:01.0239 0400 CertPropSvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:01.0270 0400 CertPropSvc - ok
00:10:01.0317 0400 circlass (da8e0afc7baa226c538ef53ac2f90897) C:\Windows\system32\drivers\circlass.sys
00:10:01.0349 0400 circlass - ok
00:10:01.0395 0400 CLFS (d7659d3b5b92c31e84e53c1431f35132) C:\Windows\system32\CLFS.sys
00:10:01.0411 0400 CLFS - ok
00:10:01.0474 0400 clr_optimization_v2.0.50727_32 (8ee772032e2fe80a924f3b8dd5082194) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:10:01.0474 0400 clr_optimization_v2.0.50727_32 - ok
00:10:01.0552 0400 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:10:01.0567 0400 clr_optimization_v4.0.30319_32 - ok
00:10:01.0583 0400 cmdide (45201046c776ffdaf3fc8a0029c581c8) C:\Windows\system32\drivers\cmdide.sys
00:10:01.0599 0400 cmdide - ok
00:10:01.0599 0400 Compbatt (82b8c91d327cfecf76cb58716f7d4997) C:\Windows\system32\drivers\compbatt.sys
00:10:01.0614 0400 Compbatt - ok
00:10:01.0614 0400 COMSysApp - ok
00:10:01.0630 0400 crcdisk (2a213ae086bbec5e937553c7d9a2b22c) C:\Windows\system32\drivers\crcdisk.sys
00:10:01.0645 0400 crcdisk - ok
00:10:01.0661 0400 Crusoe (22a7f883508176489f559ee745b5bf5d) C:\Windows\system32\drivers\crusoe.sys
00:10:01.0692 0400 Crusoe - ok
00:10:01.0739 0400 CryptSvc (fb27772beaf8e1d28ccd825c09da939b) C:\Windows\system32\cryptsvc.dll
00:10:01.0770 0400 CryptSvc - ok
00:10:01.0849 0400 DcomLaunch (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:01.0911 0400 DcomLaunch - ok
00:10:01.0958 0400 DfsC (622c41a07ca7e6dd91770f50d532cb6c) C:\Windows\system32\Drivers\dfsc.sys
00:10:02.0005 0400 DfsC - ok
00:10:02.0114 0400 DFSR (2cc3dcfb533a1035b13dcab6160ab38b) C:\Windows\system32\DFSR.exe
00:10:02.0270 0400 DFSR - ok
00:10:02.0645 0400 Dhcp (9028559c132146fb75eb7acf384b086a) C:\Windows\System32\dhcpcsvc.dll
00:10:02.0677 0400 Dhcp - ok
00:10:02.0724 0400 disk (5d4aefc3386920236a548271f8f1af6a) C:\Windows\system32\drivers\disk.sys
00:10:02.0739 0400 disk - ok
00:10:02.0786 0400 Dnscache (57d762f6f5974af0da2be88a3349baaa) C:\Windows\System32\dnsrslvr.dll
00:10:02.0817 0400 Dnscache - ok
00:10:02.0849 0400 dot3svc (324fd74686b1ef5e7c19a8af49e748f6) C:\Windows\System32\dot3svc.dll
00:10:02.0880 0400 dot3svc - ok
00:10:02.0911 0400 DPS (a622e888f8aa2f6b49e9bc466f0e5def) C:\Windows\system32\dps.dll
00:10:02.0958 0400 DPS - ok
00:10:02.0989 0400 drmkaud (97fef831ab90bee128c9af390e243f80) C:\Windows\system32\drivers\drmkaud.sys
00:10:03.0020 0400 drmkaud - ok
00:10:03.0099 0400 DXGKrnl (c68ac676b0ef30cfbb1080adce49eb1f) C:\Windows\System32\drivers\dxgkrnl.sys
00:10:03.0130 0400 DXGKrnl - ok
00:10:03.0161 0400 E1G60 (f88fb26547fd2ce6d0a5af2985892c48) C:\Windows\system32\DRIVERS\E1G60I32.sys
00:10:03.0255 0400 E1G60 - ok
00:10:03.0349 0400 EapHost (c0b95e40d85cd807d614e264248a45b9) C:\Windows\System32\eapsvc.dll
00:10:03.0380 0400 EapHost - ok
00:10:03.0411 0400 Ecache (7f64ea048dcfac7acf8b4d7b4e6fe371) C:\Windows\system32\drivers\ecache.sys
00:10:03.0427 0400 Ecache - ok
00:10:03.0474 0400 ehRecvr (9be3744d295a7701eb425332014f0797) C:\Windows\ehome\ehRecvr.exe
00:10:03.0505 0400 ehRecvr - ok
00:10:03.0536 0400 ehSched (ad1870c8e5d6dd340c829e6074bf3c3f) C:\Windows\ehome\ehsched.exe
00:10:03.0614 0400 ehSched - ok
00:10:03.0630 0400 ehstart (c27c4ee8926e74aa72efcab24c5242c3) C:\Windows\ehome\ehstart.dll
00:10:03.0661 0400 ehstart - ok
00:10:03.0724 0400 ElbyCDFL (ce37e3d51912e59c80c6d84337c0b4cd) C:\Windows\system32\Drivers\ElbyCDFL.sys
00:10:03.0739 0400 ElbyCDFL - ok
00:10:03.0770 0400 ElbyCDIO (178cc9403816c082d22a1d47fa1f9c85) C:\Windows\system32\Drivers\ElbyCDIO.sys
00:10:03.0786 0400 ElbyCDIO - ok
00:10:03.0786 0400 ElbyDelay (e205c313417da6fa7afe85912a310a65) C:\Windows\system32\Drivers\ElbyDelay.sys
00:10:03.0802 0400 ElbyDelay - ok
00:10:03.0833 0400 elxstor (e8f3f21a71720c84bcf423b80028359f) C:\Windows\system32\drivers\elxstor.sys
00:10:03.0864 0400 elxstor - ok
00:10:03.0911 0400 EMDMgmt (4e6b23dfc917ea39306b529b773950f4) C:\Windows\system32\emdmgmt.dll
00:10:04.0020 0400 EMDMgmt - ok
00:10:04.0052 0400 EventSystem (67058c46504bc12d821f38cf99b7b28f) C:\Windows\system32\es.dll
00:10:04.0083 0400 EventSystem - ok
00:10:04.0145 0400 ewusbnet (4b36d96340200512c7974307d0f7d8b3) C:\Windows\system32\DRIVERS\ewusbnet.sys
00:10:04.0177 0400 ewusbnet - ok
00:10:04.0224 0400 exfat (22b408651f9123527bcee54b4f6c5cae) C:\Windows\system32\drivers\exfat.sys
00:10:04.0286 0400 exfat - ok
00:10:04.0317 0400 fastfat (1e9b9a70d332103c52995e957dc09ef8) C:\Windows\system32\drivers\fastfat.sys
00:10:04.0364 0400 fastfat - ok
00:10:04.0411 0400 fdc (63bdada84951b9c03e641800e176898a) C:\Windows\system32\DRIVERS\fdc.sys
00:10:04.0458 0400 fdc - ok
00:10:04.0489 0400 fdPHost (6629b5f0e98151f4afdd87567ea32ba3) C:\Windows\system32\fdPHost.dll
00:10:04.0536 0400 fdPHost - ok
00:10:04.0567 0400 FDResPub (89ed56dce8e47af40892778a5bd31fd2) C:\Windows\system32\fdrespub.dll
00:10:04.0599 0400 FDResPub - ok
00:10:04.0630 0400 FileInfo (a8c0139a884861e3aae9cfe73b208a9f) C:\Windows\system32\drivers\fileinfo.sys
00:10:04.0630 0400 FileInfo - ok
00:10:04.0630 0400 Filetrace (0ae429a696aecbc5970e3cf2c62635ae) C:\Windows\system32\drivers\filetrace.sys
00:10:04.0677 0400 Filetrace - ok
00:10:04.0708 0400 flpydisk (6603957eff5ec62d25075ea8ac27de68) C:\Windows\system32\DRIVERS\flpydisk.sys
00:10:04.0739 0400 flpydisk - ok
00:10:04.0770 0400 FltMgr (01334f9ea68e6877c4ef05d3ea8abb05) C:\Windows\system32\drivers\fltmgr.sys
00:10:04.0786 0400 FltMgr - ok
00:10:04.0864 0400 FontCache (8ce364388c8eca59b14b539179276d44) C:\Windows\system32\FntCache.dll
00:10:04.0958 0400 FontCache - ok
00:10:05.0020 0400 FontCache3.0.0.0 (c7fbdd1ed42f82bfa35167a5c9803ea3) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
00:10:05.0020 0400 FontCache3.0.0.0 - ok
00:10:05.0083 0400 Fs_Rec (b972a66758577e0bfd1de0f91aaa27b5) C:\Windows\system32\drivers\Fs_Rec.sys
00:10:05.0130 0400 Fs_Rec - ok
00:10:05.0177 0400 gagp30kx (4e1cd0a45c50a8882616cae5bf82f3c5) C:\Windows\system32\drivers\gagp30kx.sys
00:10:05.0177 0400 gagp30kx - ok
00:10:05.0224 0400 gpsvc (cd5d0aeee35dfd4e986a5aa1500a6e66) C:\Windows\System32\gpsvc.dll
00:10:05.0302 0400 gpsvc - ok
00:10:05.0349 0400 HdAudAddService (3f90e001369a07243763bd5a523d8722) C:\Windows\system32\drivers\HdAudio.sys
00:10:05.0427 0400 HdAudAddService - ok
00:10:05.0489 0400 HDAudBus (062452b7ffd68c8c042a6261fe8dff4a) C:\Windows\system32\DRIVERS\HDAudBus.sys
00:10:05.0520 0400 HDAudBus - ok
00:10:05.0567 0400 HidBth (1338520e78d90154ed6be8f84de5fceb) C:\Windows\system32\drivers\hidbth.sys
00:10:05.0614 0400 HidBth - ok
00:10:05.0630 0400 HidIr (ff3160c3a2445128c5a6d9b076da519e) C:\Windows\system32\drivers\hidir.sys
00:10:05.0677 0400 HidIr - ok
00:10:05.0692 0400 hidserv (84067081f3318162797385e11a8f0582) C:\Windows\System32\hidserv.dll
00:10:05.0724 0400 hidserv - ok
00:10:05.0739 0400 HidUsb (cca4b519b17e23a00b826c55716809cc) C:\Windows\system32\DRIVERS\hidusb.sys
00:10:05.0770 0400 HidUsb - ok
00:10:05.0802 0400 hkmsvc (d8ad255b37da92434c26e4876db7d418) C:\Windows\system32\kmsvc.dll
00:10:05.0849 0400 hkmsvc - ok
00:10:05.0895 0400 HpCISSs (df353b401001246853763c4b7aaa6f50) C:\Windows\system32\drivers\hpcisss.sys
00:10:05.0942 0400 HpCISSs - ok
00:10:06.0020 0400 HTTP (f870aa3e254628ebeafe754108d664de) C:\Windows\system32\drivers\HTTP.sys
00:10:06.0099 0400 HTTP - ok
00:10:06.0161 0400 hwdatacard (1fc7a63148e4f2bd831dab0dc732026d) C:\Windows\system32\DRIVERS\ewusbmdm.sys
00:10:06.0192 0400 hwdatacard - ok
00:10:06.0255 0400 hwusbdev (a259d3619aa23d4562581067f85e2006) C:\Windows\system32\DRIVERS\ewusbdev.sys
00:10:06.0286 0400 hwusbdev - ok
00:10:06.0349 0400 i2omp (324c2152ff2c61abae92d09f3cca4d63) C:\Windows\system32\drivers\i2omp.sys
00:10:06.0349 0400 i2omp - ok
00:10:06.0395 0400 i8042prt (22d56c8184586b7a1f6fa60be5f5a2bd) C:\Windows\system32\DRIVERS\i8042prt.sys
00:10:06.0427 0400 i8042prt - ok
00:10:06.0474 0400 iaStor (2358c53f30cb9dcd1d3843c4e2f299b2) C:\Windows\system32\drivers\iastor.sys
00:10:06.0505 0400 iaStor - ok
00:10:06.0536 0400 iaStorV (c957bf4b5d80b46c5017bf0101e6c906) C:\Windows\system32\drivers\iastorv.sys
00:10:06.0552 0400 iaStorV - ok
00:10:06.0661 0400 idsvc (98477b08e61945f974ed9fdc4cb6bdab) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
00:10:06.0708 0400 idsvc - ok
00:10:06.0739 0400 iirsp (2d077bf86e843f901d8db709c95b49a5) C:\Windows\system32\drivers\iirsp.sys
00:10:06.0755 0400 iirsp - ok
00:10:06.0802 0400 IKEEXT (9908d8a397b76cd8d31d0d383c5773c9) C:\Windows\System32\ikeext.dll
00:10:06.0833 0400 IKEEXT - ok
00:10:06.0989 0400 IntcAzAudAddService (0f16d98c3af2138fabfa20adde4e01fe) C:\Windows\system32\drivers\RTKVHDA.sys
00:10:07.0145 0400 IntcAzAudAddService - ok
00:10:07.0286 0400 intelide (83aa759f3189e6370c30de5dc5590718) C:\Windows\system32\drivers\intelide.sys
00:10:07.0302 0400 intelide - ok
00:10:07.0333 0400 intelppm (224191001e78c89dfa78924c3ea595ff) C:\Windows\system32\DRIVERS\intelppm.sys
00:10:07.0364 0400 intelppm - ok
00:10:07.0411 0400 IPBusEnum (9ac218c6e6105477484c6fdbe7d409a4) C:\Windows\system32\ipbusenum.dll
00:10:07.0458 0400 IPBusEnum - ok
00:10:07.0474 0400 IpFilterDriver (62c265c38769b864cb25b4bcf62df6c3) C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:10:07.0505 0400 IpFilterDriver - ok
00:10:07.0536 0400 iphlpsvc (1998bd97f950680bb55f55a7244679c2) C:\Windows\System32\iphlpsvc.dll
00:10:07.0599 0400 iphlpsvc - ok
00:10:07.0599 0400 IpInIp - ok
00:10:07.0630 0400 IPMIDRV (40f34f8aba2a015d780e4b09138b6c17) C:\Windows\system32\drivers\ipmidrv.sys
00:10:07.0661 0400 IPMIDRV - ok
00:10:07.0692 0400 IPNAT (8793643a67b42cec66490b2a0cf92d68) C:\Windows\system32\DRIVERS\ipnat.sys
00:10:07.0724 0400 IPNAT - ok
00:10:07.0755 0400 IRENUM (109c0dfb82c3632fbd11949b73aeeac9) C:\Windows\system32\drivers\irenum.sys
00:10:07.0770 0400 IRENUM - ok
00:10:07.0786 0400 isapnp (350fca7e73cf65bcef43fae1e4e91293) C:\Windows\system32\drivers\isapnp.sys
00:10:07.0786 0400 isapnp - ok
00:10:07.0833 0400 iScsiPrt (232fa340531d940aac623b121a595034) C:\Windows\system32\DRIVERS\msiscsi.sys
00:10:07.0849 0400 iScsiPrt - ok
00:10:07.0864 0400 iteatapi (bced60d16156e428f8df8cf27b0df150) C:\Windows\system32\drivers\iteatapi.sys
00:10:07.0864 0400 iteatapi - ok
00:10:07.0880 0400 iteraid (06fa654504a498c30adca8bec4e87e7e) C:\Windows\system32\drivers\iteraid.sys
00:10:07.0895 0400 iteraid - ok
00:10:07.0911 0400 JRAID (c1632fe31d1824a43dea29725312e3fa) C:\Windows\system32\drivers\jraid.sys
00:10:07.0958 0400 JRAID - ok
00:10:07.0989 0400 kbdclass (37605e0a8cf00cbba538e753e4344c6e) C:\Windows\system32\DRIVERS\kbdclass.sys
00:10:08.0005 0400 kbdclass - ok
00:10:08.0020 0400 kbdhid (ede59ec70e25c24581add1fbec7325f7) C:\Windows\system32\DRIVERS\kbdhid.sys
00:10:08.0052 0400 kbdhid - ok
00:10:08.0083 0400 KeyIso (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:08.0145 0400 KeyIso - ok
00:10:08.0177 0400 KSecDD (2b2f1638466e8cb091400c9019cc730e) C:\Windows\system32\Drivers\ksecdd.sys
00:10:08.0208 0400 KSecDD - ok
00:10:08.0255 0400 KtmRm (8078f8f8f7a79e2e6b494523a828c585) C:\Windows\system32\msdtckrm.dll
00:10:08.0302 0400 KtmRm - ok
00:10:08.0349 0400 LanmanServer (1bf5eebfd518dd7298434d8c862f825d) C:\Windows\System32\srvsvc.dll
00:10:08.0411 0400 LanmanServer - ok
00:10:08.0474 0400 LanmanWorkstation (1db69705b695b987082c8baec0c6b34f) C:\Windows\System32\wkssvc.dll
00:10:08.0520 0400 LanmanWorkstation - ok
00:10:08.0536 0400 lltdio (d1c5883087a0c3f1344d9d55a44901f6) C:\Windows\system32\DRIVERS\lltdio.sys
00:10:08.0567 0400 lltdio - ok
00:10:08.0599 0400 lltdsvc (2d5a428872f1442631d0959a34abff63) C:\Windows\System32\lltdsvc.dll
00:10:08.0630 0400 lltdsvc - ok
00:10:08.0661 0400 lmhosts (35d40113e4a5b961b6ce5c5857702518) C:\Windows\System32\lmhsvc.dll
00:10:08.0708 0400 lmhosts - ok
00:10:08.0755 0400 LSI_FC (a2262fb9f28935e862b4db46438c80d2) C:\Windows\system32\drivers\lsi_fc.sys
00:10:08.0770 0400 LSI_FC - ok
00:10:08.0786 0400 LSI_SAS (30d73327d390f72a62f32c103daf1d6d) C:\Windows\system32\drivers\lsi_sas.sys
00:10:08.0786 0400 LSI_SAS - ok
00:10:08.0833 0400 LSI_SCSI (e1e36fefd45849a95f1ab81de0159fe3) C:\Windows\system32\drivers\lsi_scsi.sys
00:10:08.0833 0400 LSI_SCSI - ok
00:10:08.0864 0400 luafv (8f5c7426567798e62a3b3614965d62cc) C:\Windows\system32\drivers\luafv.sys
00:10:08.0895 0400 luafv - ok
00:10:08.0958 0400 LVUSBSta (a730fc8671a60666d6e877c544dd7cd4) C:\Windows\system32\drivers\lvusbsta.sys
00:10:08.0989 0400 LVUSBSta - ok
00:10:09.0020 0400 Mcx2Svc (aef9babb8a506bc4ce0451a64aaded46) C:\Windows\system32\Mcx2Svc.dll
00:10:09.0036 0400 Mcx2Svc - ok
00:10:09.0067 0400 megasas (d153b14fc6598eae8422a2037553adce) C:\Windows\system32\drivers\megasas.sys
00:10:09.0099 0400 megasas - ok
00:10:09.0114 0400 MMCSS (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:09.0145 0400 MMCSS - ok
00:10:09.0145 0400 Modem (e13b5ea0f51ba5b1512ec671393d09ba) C:\Windows\system32\drivers\modem.sys
00:10:09.0192 0400 Modem - ok
00:10:09.0224 0400 monitor (0a9bb33b56e294f686abb7c1e4e2d8a8) C:\Windows\system32\DRIVERS\monitor.sys
00:10:09.0270 0400 monitor - ok
00:10:09.0302 0400 mouclass (5bf6a1326a335c5298477754a506d263) C:\Windows\system32\DRIVERS\mouclass.sys
00:10:09.0317 0400 mouclass - ok
00:10:09.0317 0400 mouhid (93b8d4869e12cfbe663915502900876f) C:\Windows\system32\DRIVERS\mouhid.sys
00:10:09.0349 0400 mouhid - ok
00:10:09.0364 0400 MountMgr (bdafc88aa6b92f7842416ea6a48e1600) C:\Windows\system32\drivers\mountmgr.sys
00:10:09.0380 0400 MountMgr - ok
00:10:09.0411 0400 mpio (583a41f26278d9e0ea548163d6139397) C:\Windows\system32\drivers\mpio.sys
00:10:09.0427 0400 mpio - ok
00:10:09.0442 0400 mpsdrv (22241feba9b2defa669c8cb0a8dd7d2e) C:\Windows\system32\drivers\mpsdrv.sys
00:10:09.0458 0400 mpsdrv - ok
00:10:09.0505 0400 MpsSvc (5de62c6e9108f14f6794060a9bdecaec) C:\Windows\system32\mpssvc.dll
00:10:09.0552 0400 MpsSvc - ok
00:10:09.0567 0400 Mraid35x (4fbbb70d30fd20ec51f80061703b001e) C:\Windows\system32\drivers\mraid35x.sys
00:10:09.0583 0400 Mraid35x - ok
00:10:09.0614 0400 MRxDAV (82cea0395524aacfeb58ba1448e8325c) C:\Windows\system32\drivers\mrxdav.sys
00:10:09.0645 0400 MRxDAV - ok
00:10:09.0677 0400 mrxsmb (1e94971c4b446ab2290deb71d01cf0c2) C:\Windows\system32\DRIVERS\mrxsmb.sys
00:10:09.0724 0400 mrxsmb - ok
00:10:09.0755 0400 mrxsmb10 (4fccb34d793b116423209c0f8b7a3b03) C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:10:09.0786 0400 mrxsmb10 - ok
00:10:09.0786 0400 mrxsmb20 (c3cb1b40ad4a0124d617a1199b0b9d7c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:10:09.0802 0400 mrxsmb20 - ok
00:10:09.0817 0400 msahci (742aed7939e734c36b7e8d6228ce26b7) C:\Windows\system32\drivers\msahci.sys
00:10:09.0833 0400 msahci - ok
00:10:09.0927 0400 MSCamSvc (641199534871783dd74138fe0bcfdae7) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
00:10:09.0942 0400 MSCamSvc - ok
00:10:09.0958 0400 msdsm (3fc82a2ae4cc149165a94699183d3028) C:\Windows\system32\drivers\msdsm.sys
00:10:09.0974 0400 msdsm - ok
00:10:09.0989 0400 MSDTC (fd7520cc3a80c5fc8c48852bb24c6ded) C:\Windows\System32\msdtc.exe
00:10:10.0020 0400 MSDTC - ok
00:10:10.0052 0400 Msfs (a9927f4a46b816c92f461acb90cf8515) C:\Windows\system32\drivers\Msfs.sys
00:10:10.0083 0400 Msfs - ok
00:10:10.0114 0400 msisadrv (0f400e306f385c56317357d6dea56f62) C:\Windows\system32\drivers\msisadrv.sys
00:10:10.0114 0400 msisadrv - ok
00:10:10.0145 0400 MSiSCSI (85466c0757a23d9a9aecdc0755203cb2) C:\Windows\system32\iscsiexe.dll
00:10:10.0192 0400 MSiSCSI - ok
00:10:10.0192 0400 msiserver - ok
00:10:10.0208 0400 MSKSSRV (d8c63d34d9c9e56c059e24ec7185cc07) C:\Windows\system32\drivers\MSKSSRV.sys
00:10:10.0239 0400 MSKSSRV - ok
00:10:10.0255 0400 MSPCLOCK (1d373c90d62ddb641d50e55b9e78d65e) C:\Windows\system32\drivers\MSPCLOCK.sys
00:10:10.0302 0400 MSPCLOCK - ok
00:10:10.0317 0400 MSPQM (b572da05bf4e098d4bba3a4734fb505b) C:\Windows\system32\drivers\MSPQM.sys
00:10:10.0333 0400 MSPQM - ok
00:10:10.0380 0400 MsRPC (b49456d70555de905c311bcda6ec6adb) C:\Windows\system32\drivers\MsRPC.sys
00:10:10.0395 0400 MsRPC - ok
00:10:10.0427 0400 mssmbios (e384487cb84be41d09711c30ca79646c) C:\Windows\system32\DRIVERS\mssmbios.sys
00:10:10.0427 0400 mssmbios - ok
00:10:10.0458 0400 MSTEE (7199c1eec1e4993caf96b8c0a26bd58a) C:\Windows\system32\drivers\MSTEE.sys
00:10:10.0474 0400 MSTEE - ok
00:10:10.0489 0400 Mup (6a57b5733d4cb702c8ea4542e836b96c) C:\Windows\system32\Drivers\mup.sys
00:10:10.0505 0400 Mup - ok
00:10:10.0536 0400 napagent (e4eaf0c5c1b41b5c83386cf212ca9584) C:\Windows\system32\qagentRT.dll
00:10:10.0583 0400 napagent - ok
00:10:10.0614 0400 NativeWifiP (85c44fdff9cf7e72a40dcb7ec06a4416) C:\Windows\system32\DRIVERS\nwifi.sys
00:10:10.0645 0400 NativeWifiP - ok
00:10:10.0708 0400 NDIS (1357274d1883f68300aeadd15d7bbb42) C:\Windows\system32\drivers\ndis.sys
00:10:10.0755 0400 NDIS - ok
00:10:10.0802 0400 NdisTapi (0e186e90404980569fb449ba7519ae61) C:\Windows\system32\DRIVERS\ndistapi.sys
00:10:10.0833 0400 NdisTapi - ok
00:10:10.0864 0400 Ndisuio (d6973aa34c4d5d76c0430b181c3cd389) C:\Windows\system32\DRIVERS\ndisuio.sys
00:10:10.0895 0400 Ndisuio - ok
00:10:10.0895 0400 NdisWan (818f648618ae34f729fdb47ec68345c3) C:\Windows\system32\DRIVERS\ndiswan.sys
00:10:10.0927 0400 NdisWan - ok
00:10:10.0942 0400 NDProxy (71dab552b41936358f3b541ae5997fb3) C:\Windows\system32\drivers\NDProxy.sys
00:10:10.0989 0400 NDProxy - ok
00:10:11.0161 0400 Nero BackItUp Scheduler 3 (2aae889742376edc5c3203dfb74f28fd) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
00:10:11.0208 0400 Nero BackItUp Scheduler 3 - ok
00:10:11.0270 0400 Net Driver HPZ12 (51c6d8bfbd4ea5b62a1ba7f4469250d3) C:\Windows\system32\HPZinw12.dll
00:10:11.0302 0400 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:11.0302 0400 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:11.0333 0400 NetBIOS (bcd093a5a6777cf626434568dc7dba78) C:\Windows\system32\DRIVERS\netbios.sys
00:10:11.0364 0400 NetBIOS - ok
00:10:11.0395 0400 netbt (ecd64230a59cbd93c85f1cd1cab9f3f6) C:\Windows\system32\DRIVERS\netbt.sys
00:10:11.0427 0400 netbt - ok
00:10:11.0489 0400 Netlogon (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:11.0505 0400 Netlogon - ok
00:10:11.0536 0400 Netman (c8052711daecc48b982434c5116ca401) C:\Windows\System32\netman.dll
00:10:11.0567 0400 Netman - ok
00:10:11.0614 0400 netprofm (2ef3bbe22e5a5acd1428ee387a0d0172) C:\Windows\System32\netprofm.dll
00:10:11.0692 0400 netprofm - ok
00:10:11.0770 0400 NetTcpPortSharing (d6c4e4a39a36029ac0813d476fbd0248) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:10:11.0786 0400 NetTcpPortSharing - ok
00:10:11.0817 0400 nfrd960 (2e7fb731d4790a1bc6270accefacb36e) C:\Windows\system32\drivers\nfrd960.sys
00:10:11.0817 0400 nfrd960 - ok
00:10:11.0849 0400 NlaSvc (2997b15415f9bbe05b5a4c1c85e0c6a2) C:\Windows\System32\nlasvc.dll
00:10:11.0895 0400 NlaSvc - ok
00:10:12.0020 0400 NMIndexingService (cb992ae1506985d9167e85883b4c3240) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
00:10:12.0067 0400 NMIndexingService - ok
00:10:12.0099 0400 Npfs (d36f239d7cce1931598e8fb90a0dbc26) C:\Windows\system32\drivers\Npfs.sys
00:10:12.0130 0400 Npfs - ok
00:10:12.0177 0400 nsi (8bb86f0c7eea2bded6fe095d0b4ca9bd) C:\Windows\system32\nsisvc.dll
00:10:12.0208 0400 nsi - ok
00:10:12.0239 0400 nsiproxy (609773e344a97410ce4ebf74a8914fcf) C:\Windows\system32\drivers\nsiproxy.sys
00:10:12.0270 0400 nsiproxy - ok
00:10:12.0317 0400 Ntfs (6a4a98cee84cf9e99564510dda4baa47) C:\Windows\system32\drivers\Ntfs.sys
00:10:12.0380 0400 Ntfs - ok
00:10:12.0427 0400 ntrigdigi (e875c093aec0c978a90f30c9e0dfbb72) C:\Windows\system32\drivers\ntrigdigi.sys
00:10:12.0474 0400 ntrigdigi - ok
00:10:12.0505 0400 Null (c5dbbcda07d780bda9b685df333bb41e) C:\Windows\system32\drivers\Null.sys
00:10:12.0536 0400 Null - ok
00:10:12.0802 0400 nvlddmkm (e633e4e0e6a65fea569dc2773f1c6d58) C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:10:13.0130 0400 nvlddmkm - ok
00:10:13.0255 0400 nvraid (e69e946f80c1c31c53003bfbf50cbb7c) C:\Windows\system32\drivers\nvraid.sys
00:10:13.0270 0400 nvraid - ok
00:10:13.0286 0400 nvrd32 (ed399014a8029de02ba5ae01da8cc9ee) C:\Windows\system32\drivers\nvrd32.sys
00:10:13.0302 0400 nvrd32 - ok
00:10:13.0317 0400 nvstor (9e0ba19a28c498a6d323d065db76dffc) C:\Windows\system32\drivers\nvstor.sys
00:10:13.0317 0400 nvstor - ok
00:10:13.0333 0400 nvstor32 (703e3a7093b0fac0eebadbb8e931ecaf) C:\Windows\system32\drivers\nvstor32.sys
00:10:13.0349 0400 nvstor32 - ok
00:10:13.0395 0400 nvsvc (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
00:10:13.0411 0400 nvsvc - ok
00:10:13.0427 0400 nv_agp (07c186427eb8fcc3d8d7927187f260f7) C:\Windows\system32\drivers\nv_agp.sys
00:10:13.0442 0400 nv_agp - ok
00:10:13.0442 0400 NwlnkFlt - ok
00:10:13.0442 0400 NwlnkFwd - ok
00:10:13.0583 0400 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:10:13.0614 0400 odserv - ok
00:10:13.0677 0400 ohci1394 (6f310e890d46e246e0e261a63d9b36b4) C:\Windows\system32\DRIVERS\ohci1394.sys
00:10:13.0708 0400 ohci1394 - ok
00:10:13.0755 0400 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:10:13.0770 0400 ose - ok
00:10:13.0833 0400 p2pimsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0927 0400 p2pimsvc - ok
00:10:13.0927 0400 p2psvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:13.0942 0400 p2psvc - ok
00:10:13.0989 0400 Parport (8a79fdf04a73428597e2caf9d0d67850) C:\Windows\system32\DRIVERS\parport.sys
00:10:14.0020 0400 Parport - ok
00:10:14.0052 0400 partmgr (b9c2b89f08670e159f7181891e449cd9) C:\Windows\system32\drivers\partmgr.sys
00:10:14.0067 0400 partmgr - ok
00:10:14.0099 0400 Parvdm (6c580025c81caf3ae9e3617c22cad00e) C:\Windows\system32\DRIVERS\parvdm.sys
00:10:14.0145 0400 Parvdm - ok
00:10:14.0177 0400 PcaSvc (c6276ad11f4bb49b58aa1ed88537f14a) C:\Windows\System32\pcasvc.dll
00:10:14.0239 0400 PcaSvc - ok
00:10:14.0270 0400 pci (941dc1d19e7e8620f40bbc206981efdb) C:\Windows\system32\drivers\pci.sys
00:10:14.0286 0400 pci - ok
00:10:14.0302 0400 pciide (3b1901e401473e03eb8c874271e50c26) C:\Windows\system32\drivers\pciide.sys
00:10:14.0317 0400 pciide - ok
00:10:14.0333 0400 pcmcia (e6f3fb1b86aa519e7698ad05e58b04e5) C:\Windows\system32\drivers\pcmcia.sys
00:10:14.0349 0400 pcmcia - ok
00:10:14.0411 0400 PEAUTH (6349f6ed9c623b44b52ea3c63c831a92) C:\Windows\system32\drivers\peauth.sys
00:10:14.0505 0400 PEAUTH - ok
00:10:14.0552 0400 PID_0928 (5bd2c6d982481d548107c602e7ccfbbc) C:\Windows\system32\DRIVERS\LV561AV.SYS
00:10:14.0567 0400 PID_0928 - ok
00:10:14.0645 0400 pla (b1689df169143f57053f795390c99db3) C:\Windows\system32\pla.dll
00:10:14.0739 0400 pla - ok
00:10:14.0864 0400 PLFlash DeviceIoControl Service (875e4e0661f3a5994df9e5e3a0a4f96b) C:\Windows\system32\IoctlSvc.exe
00:10:14.0880 0400 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
00:10:14.0880 0400 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
00:10:14.0927 0400 PlugPlay (c5e7f8a996ec0a82d508fd9064a5569e) C:\Windows\system32\umpnpmgr.dll
00:10:14.0974 0400 PlugPlay - ok
00:10:15.0036 0400 Pml Driver HPZ12 (79834aa2fbf9fe81eebb229024f6f7fc) C:\Windows\system32\HPZipm12.dll
00:10:15.0036 0400 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0036 0400 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0083 0400 PNRPAutoReg (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0114 0400 PNRPAutoReg - ok
00:10:15.0130 0400 PNRPsvc (0c8e8e61ad1eb0b250b846712c917506) C:\Windows\system32\p2psvc.dll
00:10:15.0145 0400 PNRPsvc - ok
00:10:15.0208 0400 PolicyAgent (d0494460421a03cd5225cca0059aa146) C:\Windows\System32\ipsecsvc.dll
00:10:15.0286 0400 PolicyAgent - ok
00:10:15.0349 0400 PptpMiniport (ecfffaec0c1ecd8dbc77f39070ea1db1) C:\Windows\system32\DRIVERS\raspptp.sys
00:10:15.0364 0400 PptpMiniport - ok
00:10:15.0395 0400 Processor (0e3cef5d28b40cf273281d620c50700a) C:\Windows\system32\drivers\processr.sys
00:10:15.0442 0400 Processor - ok
00:10:15.0474 0400 ProfSvc (0508faa222d28835310b7bfca7a77346) C:\Windows\system32\profsvc.dll
00:10:15.0505 0400 ProfSvc - ok
00:10:15.0536 0400 ProtectedStorage (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:15.0552 0400 ProtectedStorage - ok
00:10:15.0567 0400 PSched (99514faa8df93d34b5589187db3aa0ba) C:\Windows\system32\DRIVERS\pacer.sys
00:10:15.0599 0400 PSched - ok
00:10:15.0661 0400 PxHelp20 (1962166e0ceb740704f30fa55ad3d509) C:\Windows\system32\Drivers\PxHelp20.sys
00:10:15.0677 0400 PxHelp20 ( UnsignedFile.Multi.Generic ) - warning
00:10:15.0677 0400 PxHelp20 - detected UnsignedFile.Multi.Generic (1)
00:10:15.0739 0400 ql2300 (ccdac889326317792480c0a67156a1ec) C:\Windows\system32\drivers\ql2300.sys
00:10:15.0802 0400 ql2300 - ok
00:10:15.0849 0400 ql40xx (81a7e5c076e59995d54bc1ed3a16e60b) C:\Windows\system32\drivers\ql40xx.sys
00:10:15.0864 0400 ql40xx - ok
00:10:15.0895 0400 QWAVE (e9ecae663f47e6cb43962d18ab18890f) C:\Windows\system32\qwave.dll
00:10:15.0911 0400 QWAVE - ok
00:10:15.0927 0400 QWAVEdrv (9f5e0e1926014d17486901c88eca2db7) C:\Windows\system32\drivers\qwavedrv.sys
00:10:15.0927 0400 QWAVEdrv - ok
00:10:15.0942 0400 RasAcd (147d7f9c556d259924351feb0de606c3) C:\Windows\system32\DRIVERS\rasacd.sys
00:10:15.0989 0400 RasAcd - ok
00:10:16.0005 0400 RasAuto (f6a452eb4ceadbb51c9e0ee6b3ecef0f) C:\Windows\System32\rasauto.dll
00:10:16.0052 0400 RasAuto - ok
00:10:16.0067 0400 Rasl2tp (a214adbaf4cb47dd2728859ef31f26b0) C:\Windows\system32\DRIVERS\rasl2tp.sys
00:10:16.0114 0400 Rasl2tp - ok
00:10:16.0145 0400 RasMan (75d47445d70ca6f9f894b032fbc64fcf) C:\Windows\System32\rasmans.dll
00:10:16.0177 0400 RasMan - ok
00:10:16.0177 0400 RasPppoe (509a98dd18af4375e1fc40bc175f1def) C:\Windows\system32\DRIVERS\raspppoe.sys
00:10:16.0208 0400 RasPppoe - ok
00:10:16.0208 0400 RasSstp (2005f4a1e05fa09389ac85840f0a9e4d) C:\Windows\system32\DRIVERS\rassstp.sys
00:10:16.0239 0400 RasSstp - ok
00:10:16.0270 0400 rdbss (b14c9d5b9add2f84f70570bbbfaa7935) C:\Windows\system32\DRIVERS\rdbss.sys
00:10:16.0302 0400 rdbss - ok
00:10:16.0302 0400 RDPCDD (89e59be9a564262a3fb6c4f4f1cd9899) C:\Windows\system32\DRIVERS\RDPCDD.sys
00:10:16.0333 0400 RDPCDD - ok
00:10:16.0380 0400 rdpdr (e8bd98d46f2ed77132ba927fccb47d8b) C:\Windows\system32\drivers\rdpdr.sys
00:10:16.0427 0400 rdpdr - ok
00:10:16.0427 0400 RDPENCDD (9d91fe5286f748862ecffa05f8a0710c) C:\Windows\system32\drivers\rdpencdd.sys
00:10:16.0458 0400 RDPENCDD - ok
00:10:16.0505 0400 RDPWD (79c6df8477250f5c54f7c5ae1d6b814e) C:\Windows\system32\drivers\RDPWD.sys
00:10:16.0567 0400 RDPWD - ok
00:10:16.0599 0400 RemoteAccess (bcdd6b4804d06b1f7ebf29e53a57ece9) C:\Windows\System32\mprdim.dll
00:10:16.0645 0400 RemoteAccess - ok
00:10:16.0677 0400 RemoteRegistry (9e6894ea18daff37b63e1005f83ae4ab) C:\Windows\system32\regsvc.dll
00:10:16.0708 0400 RemoteRegistry - ok
00:10:16.0724 0400 RpcLocator (5123f83cbc4349d065534eeb6bbdc42b) C:\Windows\system32\locator.exe
00:10:16.0770 0400 RpcLocator - ok
00:10:16.0802 0400 RpcSs (3b5b4d53fec14f7476ca29a20cc31ac9) C:\Windows\system32\rpcss.dll
00:10:16.0833 0400 RpcSs - ok
00:10:16.0880 0400 rspndr (9c508f4074a39e8b4b31d27198146fad) C:\Windows\system32\DRIVERS\rspndr.sys
00:10:16.0911 0400 rspndr - ok
00:10:16.0958 0400 RTL8169 (17b1d7ce7af11fb24db1def9621c033b) C:\Windows\system32\DRIVERS\Rtlh86.sys
00:10:16.0974 0400 RTL8169 - ok
00:10:17.0005 0400 SamSs (a3e186b4b935905b829219502557314e) C:\Windows\system32\lsass.exe
00:10:17.0020 0400 SamSs - ok
00:10:17.0052 0400 sbp2port (3ce8f073a557e172b330109436984e30) C:\Windows\system32\drivers\sbp2port.sys
00:10:17.0067 0400 sbp2port - ok
00:10:17.0099 0400 SCardSvr (77b7a11a0c3d78d3386398fbbea1b632) C:\Windows\System32\SCardSvr.dll
00:10:17.0130 0400 SCardSvr - ok
00:10:17.0177 0400 Schedule (1a58069db21d05eb2ab58ee5753ebe8d) C:\Windows\system32\schedsvc.dll
00:10:17.0255 0400 Schedule - ok
00:10:17.0286 0400 SCPolicySvc (312ec3e37a0a1f2006534913e37b4423) C:\Windows\System32\certprop.dll
00:10:17.0302 0400 SCPolicySvc - ok
00:10:17.0317 0400 SDRSVC (716313d9f6b0529d03f726d5aaf6f191) C:\Windows\System32\SDRSVC.dll
00:10:17.0380 0400 SDRSVC - ok
00:10:17.0395 0400 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
00:10:17.0442 0400 secdrv - ok
00:10:17.0458 0400 seclogon (fd5199d4d8a521005e4b5ee7fe00fa9b) C:\Windows\system32\seclogon.dll
00:10:17.0505 0400 seclogon - ok
00:10:17.0536 0400 SENS (a9bbab5759771e523f55563d6cbe140f) C:\Windows\system32\sens.dll
00:10:17.0583 0400 SENS - ok
00:10:17.0614 0400 Serenum (ce9ec966638ef0b10b864ddedf62a099) C:\Windows\system32\DRIVERS\serenum.sys
00:10:17.0630 0400 Serenum - ok
00:10:17.0661 0400 Serial (6d663022db3e7058907784ae14b69898) C:\Windows\system32\DRIVERS\serial.sys
00:10:17.0692 0400 Serial - ok
00:10:17.0708 0400 sermouse (8af3d28a879bf75db53a0ee7a4289624) C:\Windows\system32\drivers\sermouse.sys
00:10:17.0724 0400 sermouse - ok
00:10:17.0755 0400 SessionEnv (d2193326f729b163125610dbf3e17d57) C:\Windows\system32\sessenv.dll
00:10:17.0802 0400 SessionEnv - ok
00:10:17.0817 0400 sffdisk (103b79418da647736ee95645f305f68a) C:\Windows\system32\drivers\sffdisk.sys
00:10:17.0880 0400 sffdisk - ok
00:10:17.0895 0400 sffp_mmc (8fd08a310645fe872eeec6e08c6bf3ee) C:\Windows\system32\drivers\sffp_mmc.sys
00:10:17.0942 0400 sffp_mmc - ok
00:10:17.0974 0400 sffp_sd (9cfa05fcfcb7124e69cfc812b72f9614) C:\Windows\system32\drivers\sffp_sd.sys
00:10:18.0005 0400 sffp_sd - ok
00:10:18.0036 0400 sfloppy (46ed8e91793b2e6f848015445a0ac188) C:\Windows\system32\drivers\sfloppy.sys
00:10:18.0067 0400 sfloppy - ok
00:10:18.0114 0400 SharedAccess (e1499bd0ff76b1b2fbbf1af339d91165) C:\Windows\System32\ipnathlp.dll
00:10:18.0161 0400 SharedAccess - ok
00:10:18.0208 0400 ShellHWDetection (c7230fbee14437716701c15be02c27b8) C:\Windows\System32\shsvcs.dll
00:10:18.0239 0400 ShellHWDetection - ok
00:10:18.0270 0400 sisagp (d2a595d6eebeeaf4334f8e50efbc9931) C:\Windows\system32\drivers\sisagp.sys
00:10:18.0270 0400 sisagp - ok
00:10:18.0286 0400 SiSRaid2 (cedd6f4e7d84e9f98b34b3fe988373aa) C:\Windows\system32\drivers\sisraid2.sys
00:10:18.0302 0400 SiSRaid2 - ok
00:10:18.0317 0400 SiSRaid4 (df843c528c4f69d12ce41ce462e973a7) C:\Windows\system32\drivers\sisraid4.sys
00:10:18.0333 0400 SiSRaid4 - ok
00:10:18.0458 0400 slsvc (862bb4cbc05d80c5b45be430e5ef872f) C:\Windows\system32\SLsvc.exe
00:10:18.0630 0400 slsvc - ok
00:10:18.0739 0400 SLUINotify (6edc422215cd78aa8a9cde6b30abbd35) C:\Windows\system32\SLUINotify.dll
00:10:18.0755 0400 SLUINotify - ok
00:10:18.0786 0400 Smb (7b75299a4d201d6a6533603d6914ab04) C:\Windows\system32\DRIVERS\smb.sys
00:10:18.0817 0400 Smb - ok
00:10:18.0833 0400 SNMPTRAP (2a146a055b4401c16ee62d18b8e2a032) C:\Windows\System32\snmptrap.exe
00:10:18.0849 0400 SNMPTRAP - ok
00:10:18.0880 0400 spldr (7aebdeef071fe28b0eef2cdd69102bff) C:\Windows\system32\drivers\spldr.sys
00:10:18.0895 0400 spldr - ok
00:10:18.0927 0400 Spooler (8554097e5136c3bf9f69fe578a1b35f4) C:\Windows\System32\spoolsv.exe
00:10:18.0974 0400 Spooler - ok
00:10:19.0005 0400 srv (41987f9fc0e61adf54f581e15029ad91) C:\Windows\system32\DRIVERS\srv.sys
00:10:19.0067 0400 srv - ok
00:10:19.0114 0400 srv2 (ff33aff99564b1aa534f58868cbe41ef) C:\Windows\system32\DRIVERS\srv2.sys
00:10:19.0177 0400 srv2 - ok
00:10:19.0192 0400 srvnet (7605c0e1d01a08f3ecd743f38b834a44) C:\Windows\system32\DRIVERS\srvnet.sys
00:10:19.0224 0400 srvnet - ok
00:10:19.0239 0400 SSDPSRV (03d50b37234967433a5ea5ba72bc0b62) C:\Windows\System32\ssdpsrv.dll
00:10:19.0286 0400 SSDPSRV - ok
00:10:19.0317 0400 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
00:10:19.0317 0400 ssmdrv - ok
00:10:19.0349 0400 SstpSvc (6f1a32e7b7b30f004d9a20afadb14944) C:\Windows\system32\sstpsvc.dll
00:10:19.0380 0400 SstpSvc - ok
00:10:19.0442 0400 stisvc (5de7d67e49b88f5f07f3e53c4b92a352) C:\Windows\System32\wiaservc.dll
00:10:19.0474 0400 stisvc - ok
00:10:19.0489 0400 swenum (7ba58ecf0c0a9a69d44b3dca62becf56) C:\Windows\system32\DRIVERS\swenum.sys
00:10:19.0505 0400 swenum - ok
00:10:19.0552 0400 swprv (f21fd248040681cca1fb6c9a03aaa93d) C:\Windows\System32\swprv.dll
00:10:19.0599 0400 swprv - ok
00:10:19.0614 0400 Symc8xx (192aa3ac01df071b541094f251deed10) C:\Windows\system32\drivers\symc8xx.sys
00:10:19.0630 0400 Symc8xx - ok
00:10:19.0645 0400 Sym_hi (8c8eb8c76736ebaf3b13b633b2e64125) C:\Windows\system32\drivers\sym_hi.sys
00:10:19.0645 0400 Sym_hi - ok
00:10:19.0661 0400 Sym_u3 (8072af52b5fd103bbba387a1e49f62cb) C:\Windows\system32\drivers\sym_u3.sys
00:10:19.0661 0400 Sym_u3 - ok
00:10:19.0708 0400 SysMain (9a51b04e9886aa4ee90093586b0ba88d) C:\Windows\system32\sysmain.dll
00:10:19.0739 0400 SysMain - ok
00:10:19.0755 0400 TabletInputService (2dca225eae15f42c0933e998ee0231c3) C:\Windows\System32\TabSvc.dll
00:10:19.0786 0400 TabletInputService - ok
00:10:19.0817 0400 TapiSrv (d7673e4b38ce21ee54c59eeeb65e2483) C:\Windows\System32\tapisrv.dll
00:10:19.0849 0400 TapiSrv - ok
00:10:19.0895 0400 TBS (cb05822cd9cc6c688168e113c603dbe7) C:\Windows\System32\tbssvc.dll
00:10:19.0927 0400 TBS - ok
00:10:19.0989 0400 Tcpip (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\drivers\tcpip.sys
00:10:20.0020 0400 Tcpip - ok
00:10:20.0036 0400 Tcpip6 (27d470dabc77bc60d0a3b0e4deb6cb91) C:\Windows\system32\DRIVERS\tcpip.sys
00:10:20.0067 0400 Tcpip6 - ok
00:10:20.0099 0400 tcpipreg (608c345a255d82a6289c2d468eb41fd7) C:\Windows\system32\drivers\tcpipreg.sys
00:10:20.0161 0400 tcpipreg - ok
00:10:20.0208 0400 TDPIPE (5dcf5e267be67a1ae926f2df77fbcc56) C:\Windows\system32\drivers\tdpipe.sys
00:10:20.0239 0400 TDPIPE - ok
00:10:20.0239 0400 TDTCP (389c63e32b3cefed425b61ed92d3f021) C:\Windows\system32\drivers\tdtcp.sys
00:10:20.0286 0400 TDTCP - ok
00:10:20.0317 0400 tdx (76b06eb8a01fc8624d699e7045303e54) C:\Windows\system32\DRIVERS\tdx.sys
00:10:20.0349 0400 tdx - ok
00:10:20.0364 0400 TermDD (3cad38910468eab9a6479e2f01db43c7) C:\Windows\system32\DRIVERS\termdd.sys
00:10:20.0380 0400 TermDD - ok
00:10:20.0411 0400 TermService (bb95da09bef6e7a131bff3ba5032090d) C:\Windows\System32\termsrv.dll
00:10:20.0505 0400 TermService - ok
00:10:20.0567 0400 TestHandler (8c80a73a5d77b2208ca91e4fa269981d) C:\firststeps\OnlineDiagnostic\TestManager\TestHandler.exe
00:10:20.0583 0400 TestHandler ( UnsignedFile.Multi.Generic ) - warning
00:10:20.0583 0400 TestHandler - detected UnsignedFile.Multi.Generic (1)
00:10:20.0630 0400 Themes (c7230fbee14437716701c15be02c27b8) C:\Windows\system32\shsvcs.dll
00:10:20.0645 0400 Themes - ok
00:10:20.0677 0400 THREADORDER (1076ffcffaae8385fd62dfcb25ac4708) C:\Windows\system32\mmcss.dll
00:10:20.0692 0400 THREADORDER - ok
00:10:20.0724 0400 TrkWks (ec74e77d0eb004bd3a809b5f8fb8c2ce) C:\Windows\System32\trkwks.dll
00:10:20.0770 0400 TrkWks - ok
00:10:20.0802 0400 TrustedInstaller (97d9d6a04e3ad9b6c626b9931db78dba) C:\Windows\servicing\TrustedInstaller.exe
00:10:20.0817 0400 TrustedInstaller - ok
00:10:20.0833 0400 tssecsrv (dcf0f056a2e4f52287264f5ab29cf206) C:\Windows\system32\DRIVERS\tssecsrv.sys
00:10:20.0880 0400 tssecsrv - ok
00:10:20.0911 0400 tunmp (caecc0120ac49e3d2f758b9169872d38) C:\Windows\system32\DRIVERS\tunmp.sys
00:10:20.0942 0400 tunmp - ok
00:10:20.0942 0400 tunnel (300db877ac094feab0be7688c3454a9c) C:\Windows\system32\DRIVERS\tunnel.sys
00:10:20.0974 0400 tunnel - ok
00:10:21.0005 0400 uagp35 (c3ade15414120033a36c0f293d4a4121) C:\Windows\system32\drivers\uagp35.sys
00:10:21.0020 0400 uagp35 - ok
00:10:21.0052 0400 udfs (d9728af68c4c7693cb100b8441cbdec6) C:\Windows\system32\DRIVERS\udfs.sys
00:10:21.0083 0400 udfs - ok
00:10:21.0114 0400 UI0Detect (ecef404f62863755951e09c802c94ad5) C:\Windows\system32\UI0Detect.exe
00:10:21.0130 0400 UI0Detect - ok
00:10:21.0145 0400 uliagpkx (75e6890ebfce0841d3291b02e7a8bdb0) C:\Windows\system32\drivers\uliagpkx.sys
00:10:21.0161 0400 uliagpkx - ok
00:10:21.0192 0400 uliahci (3cd4ea35a6221b85dcc25daa46313f8d) C:\Windows\system32\drivers\uliahci.sys
00:10:21.0208 0400 uliahci - ok
00:10:21.0239 0400 UlSata (8514d0e5cd0534467c5fc61be94a569f) C:\Windows\system32\drivers\ulsata.sys
00:10:21.0255 0400 UlSata - ok
00:10:21.0270 0400 ulsata2 (38c3c6e62b157a6bc46594fada45c62b) C:\Windows\system32\drivers\ulsata2.sys
00:10:21.0286 0400 ulsata2 - ok
00:10:21.0317 0400 umbus (32cff9f809ae9aed85464492bf3e32d2) C:\Windows\system32\DRIVERS\umbus.sys
00:10:21.0349 0400 umbus - ok
00:10:21.0380 0400 upnphost (68308183f4ae0be7bf8ecd07cb297999) C:\Windows\System32\upnphost.dll
00:10:21.0427 0400 upnphost - ok
00:10:21.0458 0400 usbaudio (32db9517628ff0d070682aab61e688f0) C:\Windows\system32\drivers\usbaudio.sys
00:10:21.0489 0400 usbaudio - ok
00:10:21.0520 0400 usbccgp (caf811ae4c147ffcd5b51750c7f09142) C:\Windows\system32\DRIVERS\usbccgp.sys
00:10:21.0567 0400 usbccgp - ok
00:10:21.0599 0400 usbcir (e9476e6c486e76bc4898074768fb7131) C:\Windows\system32\drivers\usbcir.sys
00:10:21.0645 0400 usbcir - ok
00:10:21.0677 0400 usbehci (79e96c23a97ce7b8f14d310da2db0c9b) C:\Windows\system32\DRIVERS\usbehci.sys
00:10:21.0692 0400 usbehci - ok
00:10:21.0708 0400 usbhub (4673bbcb006af60e7abddbe7a130ba42) C:\Windows\system32\DRIVERS\usbhub.sys
00:10:21.0739 0400 usbhub - ok
00:10:21.0755 0400 usbohci (38dbc7dd6cc5a72011f187425384388b) C:\Windows\system32\drivers\usbohci.sys
00:10:21.0802 0400 usbohci - ok
00:10:21.0817 0400 usbprint (e75c4b5269091d15a2e7dc0b6d35f2f5) C:\Windows\system32\DRIVERS\usbprint.sys
00:10:21.0849 0400 usbprint - ok
00:10:21.0880 0400 usbscan (a508c9bd8724980512136b039bba65e9) C:\Windows\system32\DRIVERS\usbscan.sys
00:10:21.0911 0400 usbscan - ok
00:10:21.0942 0400 USBSTOR (be3da31c191bc222d9ad503c5224f2ad) C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:10:21.0974 0400 USBSTOR - ok
00:10:22.0005 0400 usbuhci (814d653efc4d48be3b04a307eceff56f) C:\Windows\system32\DRIVERS\usbuhci.sys
00:10:22.0020 0400 usbuhci - ok
00:10:22.0052 0400 UxSms (1509e705f3ac1d474c92454a5c2dd81f) C:\Windows\System32\uxsms.dll
00:10:22.0067 0400 UxSms - ok
00:10:22.0114 0400 vds (cd88d1b7776dc17a119049742ec07eb4) C:\Windows\System32\vds.exe
00:10:22.0161 0400 vds - ok
00:10:22.0177 0400 vga (87b06e1f30b749a114f74622d013f8d4) C:\Windows\system32\DRIVERS\vgapnp.sys
00:10:22.0208 0400 vga - ok
00:10:22.0239 0400 VgaSave (2e93ac0a1d8c79d019db6c51f036636c) C:\Windows\System32\drivers\vga.sys
00:10:22.0255 0400 VgaSave - ok
00:10:22.0270 0400 viaagp (045d9961e591cf0674a920b6ba3ba5cb) C:\Windows\system32\drivers\viaagp.sys
00:10:22.0286 0400 viaagp - ok
00:10:22.0286 0400 ViaC7 (56a4de5f02f2e88182b0981119b4dd98) C:\Windows\system32\drivers\viac7.sys
00:10:22.0333 0400 ViaC7 - ok
00:10:22.0333 0400 viaide (fd2e3175fcada350c7ab4521dca187ec) C:\Windows\system32\drivers\viaide.sys
00:10:22.0349 0400 viaide - ok
00:10:22.0364 0400 viamraid (7dc3e1dc6e4f8be381c31bfea578412a) C:\Windows\system32\drivers\viamraid.sys
00:10:22.0380 0400 viamraid - ok
00:10:22.0411 0400 volmgr (69503668ac66c77c6cd7af86fbdf8c43) C:\Windows\system32\drivers\volmgr.sys
00:10:22.0427 0400 volmgr - ok
00:10:22.0458 0400 volmgrx (23e41b834759917bfd6b9a0d625d0c28) C:\Windows\system32\drivers\volmgrx.sys
00:10:22.0489 0400 volmgrx - ok
00:10:22.0520 0400 volsnap (147281c01fcb1df9252de2a10d5e7093) C:\Windows\system32\drivers\volsnap.sys
00:10:22.0536 0400 volsnap - ok
00:10:22.0552 0400 vsmraid (d984439746d42b30fc65a4c3546c6829) C:\Windows\system32\drivers\vsmraid.sys
00:10:22.0567 0400 vsmraid - ok
00:10:22.0645 0400 VSS (db3d19f850c6eb32bdcb9bc0836acddb) C:\Windows\system32\vssvc.exe
00:10:22.0724 0400 VSS - ok
00:10:22.0817 0400 VX1000 (f4fab0b9d43a65f79fc838c94006f643) C:\Windows\system32\DRIVERS\VX1000.sys
00:10:22.0895 0400 VX1000 - ok
00:10:22.0989 0400 W32Time (96ea68b9eb310a69c25ebb0282b2b9de) C:\Windows\system32\w32time.dll
00:10:23.0020 0400 W32Time - ok
00:10:23.0052 0400 WacomPen (48dfee8f1af7c8235d4e626f0c4fe031) C:\Windows\system32\drivers\wacompen.sys
00:10:23.0099 0400 WacomPen - ok
00:10:23.0130 0400 Wanarp (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0161 0400 Wanarp - ok
00:10:23.0161 0400 Wanarpv6 (55201897378cca7af8b5efd874374a26) C:\Windows\system32\DRIVERS\wanarp.sys
00:10:23.0177 0400 Wanarpv6 - ok
00:10:23.0208 0400 wcncsvc (a3cd60fd826381b49f03832590e069af) C:\Windows\System32\wcncsvc.dll
00:10:23.0239 0400 wcncsvc - ok
00:10:23.0286 0400 WcsPlugInService (11bcb7afcdd7aadacb5746f544d3a9c7) C:\Windows\System32\WcsPlugInService.dll
00:10:23.0302 0400 WcsPlugInService - ok
00:10:23.0317 0400 Wd (afc5ad65b991c1e205cf25cfdbf7a6f4) C:\Windows\system32\drivers\wd.sys
00:10:23.0333 0400 Wd - ok
00:10:23.0349 0400 Wdf01000 (b6f0a7ad6d4bd325fbcd8bac96cd8d96) C:\Windows\system32\drivers\Wdf01000.sys
00:10:23.0395 0400 Wdf01000 - ok
00:10:23.0411 0400 WdiServiceHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0442 0400 WdiServiceHost - ok
00:10:23.0442 0400 WdiSystemHost (abfc76b48bb6c96e3338d8943c5d93b5) C:\Windows\system32\wdi.dll
00:10:23.0458 0400 WdiSystemHost - ok
00:10:23.0505 0400 WebClient (04c37d8107320312fbae09926103d5e2) C:\Windows\System32\webclnt.dll
00:10:23.0520 0400 WebClient - ok
00:10:23.0552 0400 Wecsvc (ae3736e7e8892241c23e4ebbb7453b60) C:\Windows\system32\wecsvc.dll
00:10:23.0583 0400 Wecsvc - ok
00:10:23.0599 0400 wercplsupport (670ff720071ed741206d69bd995ea453) C:\Windows\System32\wercplsupport.dll
00:10:23.0614 0400 wercplsupport - ok
00:10:23.0661 0400 WerSvc (32b88481d3b326da6deb07b1d03481e7) C:\Windows\System32\WerSvc.dll
00:10:23.0692 0400 WerSvc - ok
00:10:23.0739 0400 WinDefend (4575aa12561c5648483403541d0d7f2b) C:\Program Files\Windows Defender\mpsvc.dll
00:10:23.0770 0400 WinDefend - ok
00:10:23.0770 0400 WinHttpAutoProxySvc - ok
00:10:23.0833 0400 Winmgmt (6b2a1d0e80110e3d04e6863c6e62fd8a) C:\Windows\system32\wbem\WMIsvc.dll
00:10:23.0849 0400 Winmgmt - ok
00:10:23.0911 0400 WinRM (7cfe68bdc065e55aa5e8421607037511) C:\Windows\system32\WsmSvc.dll
00:10:24.0052 0400 WinRM - ok
00:10:24.0083 0400 Wlansvc (c008405e4feeb069e30da1d823910234) C:\Windows\System32\wlansvc.dll
00:10:24.0161 0400 Wlansvc - ok
00:10:24.0239 0400 WmiAcpi (701a9f884a294327e9141d73746ee279) C:\Windows\system32\drivers\wmiacpi.sys
00:10:24.0286 0400 WmiAcpi - ok
00:10:24.0317 0400 wmiApSrv (43be3875207dcb62a85c8c49970b66cc) C:\Windows\system32\wbem\WmiApSrv.exe
00:10:24.0333 0400 wmiApSrv - ok
00:10:24.0427 0400 WMPNetworkSvc (3978704576a121a9204f8cc49a301a9b) C:\Program Files\Windows Media Player\wmpnetwk.exe
00:10:24.0520 0400 WMPNetworkSvc - ok
00:10:24.0567 0400 WPCSvc (cfc5a04558f5070cee3e3a7809f3ff52) C:\Windows\System32\wpcsvc.dll
00:10:24.0599 0400 WPCSvc - ok
00:10:24.0645 0400 WPDBusEnum (801fbdb89d472b3c467eb112a0fc9246) C:\Windows\system32\wpdbusenum.dll
00:10:24.0677 0400 WPDBusEnum - ok
00:10:24.0724 0400 WpdUsb (de9d36f91a4df3d911626643debf11ea) C:\Windows\system32\DRIVERS\wpdusb.sys
00:10:24.0739 0400 WpdUsb - ok
00:10:24.0864 0400 WPFFontCache_v0400 (dcf3e3edf5109ee8bc02fe6e1f045795) C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
00:10:24.0895 0400 WPFFontCache_v0400 - ok
00:10:24.0927 0400 ws2ifsl (e3a3cb253c0ec2494d4a61f5e43a389c) C:\Windows\system32\drivers\ws2ifsl.sys
00:10:24.0974 0400 ws2ifsl - ok
00:10:25.0005 0400 wscsvc (1ca6c40261ddc0425987980d0cd2aaab) C:\Windows\system32\wscsvc.dll
00:10:25.0020 0400 wscsvc - ok
00:10:25.0020 0400 WSearch - ok
00:10:25.0114 0400 wuauserv (6298277b73c77fa99106b271a7525163) C:\Windows\system32\wuaueng.dll
00:10:25.0208 0400 wuauserv - ok
00:10:25.0333 0400 WUDFRd (ac13cb789d93412106b0fb6c7eb2bcb6) C:\Windows\system32\DRIVERS\WUDFRd.sys
00:10:25.0380 0400 WUDFRd - ok
00:10:25.0395 0400 wudfsvc (575a4190d989f64732119e4114045a4f) C:\Windows\System32\WUDFSvc.dll
00:10:25.0411 0400 wudfsvc - ok
00:10:25.0520 0400 YahooAUService (dd0042f0c3b606a6a8b92d49afb18ad6) C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
00:10:25.0567 0400 YahooAUService - ok
00:10:25.0614 0400 MBR (0x1B8) (5c616939100b85e558da92b899a0fc36) \Device\Harddisk0\DR0
00:10:25.0864 0400 \Device\Harddisk0\DR0 - ok
00:10:25.0864 0400 MBR (0x1B8) (5fb38429d5d77768867c76dcbdb35194) \Device\Harddisk9\DR9
00:10:26.0036 0400 \Device\Harddisk9\DR9 - ok
00:10:26.0036 0400 Boot (0x1200) (cf5de9159ffb1cb8eb6b55b583856064) \Device\Harddisk0\DR0\Partition0
00:10:26.0036 0400 \Device\Harddisk0\DR0\Partition0 - ok
00:10:26.0067 0400 Boot (0x1200) (3753966672eaaec89d81e786665cec99) \Device\Harddisk0\DR0\Partition1
00:10:26.0067 0400 \Device\Harddisk0\DR0\Partition1 - ok
00:10:26.0067 0400 Boot (0x1200) (33740cb783757988312b885debdb75eb) \Device\Harddisk9\DR9\Partition0
00:10:26.0067 0400 \Device\Harddisk9\DR9\Partition0 - ok
00:10:26.0083 0400 ============================================================
00:10:26.0083 0400 Scan finished
00:10:26.0083 0400 ============================================================
00:10:26.0083 4604 Detected object count: 6
00:10:26.0083 4604 Actual detected object count: 6
00:11:03.0036 4604 Application Updater ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 Application Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604 PxHelp20 ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 PxHelp20 ( UnsignedFile.Multi.Generic ) - User select action: Skip
00:11:03.0036 4604 TestHandler ( UnsignedFile.Multi.Generic ) - skipped by user
00:11:03.0036 4604 TestHandler ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
| Themen zu Avira meldet EXP/JAVA.Ternub.Gen - Yahoo Account verschickt Spam |
| account, administrator, anti-malware, autostart, avira, ccc.exe, dateien, dateisystem, explorer, folge, folgende, fund, heuristiks/extra, heuristiks/shuriken, kein fund, kennwort, kurze, mail, melde, meldet, mom.exe, nt.dll, quarantäne, registrierung, service, service pack 2, spam, speicher, verschickt, version, verweise, vista, yahoo, yahoo mail |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
