| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Incredibar entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
14.06.2012, 16:41
| #1 |
 |  Incredibar entfernen Hallo, ich habe mir vorgestern das Spiel "Freeciv" bei "softonic" runtergeladen. Direkt danach hatte sich ohne mein Zutun die Toolbar mit Namen "Incredibar" installiert und meine Startseite bei Firefox (und auch Internet Explorer, den ich aber nicht nutze) in MyStart by IncrediBar.com umgeändert. Die Toolbar ließ sich ausblenden aber nicht entfernen. Die Startseite habe ich wieder auf "google.de" umstellen können. Auch die geladene "Freeciv" Datei habe ich wieder gelöscht. Unmittelbare Symptome sind nun, dass der Rechner bzw. Browser langsamer sind. Es werden keine ungefragten Seiten mehr geöffnet wie es der Fall war als die erwähnte Startseite eingerichtet war. Jedesmal wenn ich Firefox neu öffne geht unten rechts ein „Fenster“ auf was mich warnt, dass eine Einstellung geändert wurde und ob ich die beibehalten will. Das tauchte das erste Mal auf nachdem ich die Startseite wieder in „Google“ geändert habe. Das kam mir alles sehr spanisch vor, besonders weil der Rechner lansamer agiert. Da ich nicht sehr bewandert bin, will ich da jetzt auch nicht auf eigene Faust und mit Hilfe irgendwelcher Vorschläge bei "gutefrage.net" agieren. Hier auch die gewünschten Scanergebnisse (ausser "Extra.txt.", die wurde irgendwie nicht erstellt). Auch konnte ich keine Dateien mit Namen "dds.txt" und "attach.txt" finden. Ich hoffe ich habe das alles richtig befolgt. Ich habe wirklich keine Ahnung von solchen Foren wie deisem hier und bin ein wenig eingeschüchtert und verwirt von all den Anforderungen. Naja...Hoffnungsvoll grüßt Tim Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1)
Log created at 14:51 on 14/06/2012 (Tim)
Checking for autostart values...
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.
Checking for services/drivers...
-=E.O.F=-
Code:
ATTFilter OTL logfile created on: 14.06.2012 14:58:05 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Tim\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,22% Memory free 3,75 Gb Paging File | 3,09 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 53,74 Gb Free Space | 36,08% Space Free | Partition Type: NTFS Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 232,88 Gb Total Space | 83,31 Gb Free Space | 35,77% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe ========== Modules (No Company Name) ========== MOD - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions [2012.06.12 16:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions [2012.06.12 16:48:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\ffxtlbr@incredibar.com [2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml [2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2 [2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.06.12 16:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.1.10 (GTK+ client) [2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2 [2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia [2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick [2012.05.17 21:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 14:55:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 14:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 14:54:38 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 14:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js [2012.05.17 21:22:10 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js [2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,024,064 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-06-14 17:20:54
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C
Running: 2ojdblpe.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A413C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC25000, 0x267978, 0xE8000020]
---- Devices - GMER 1.0.15 ----
Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation)
---- EOF - GMER 1.0.15 ----
Geändert von TimKnopf (14.06.2012 um 16:59 Uhr) |
|
18.06.2012, 11:45
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Incredibar entfernenZitat:
 Finger weg von Softonic!!  Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Code:
ATTFilter [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
__________________ |
|
18.06.2012, 14:52
| #3 |
| | Incredibar entfernen Ertmal vielen Dank schonmal für die Antwort. Ja die Warnungen habe ich beim Stöbern in anderen Themen dann auch gesehen
__________________ .Hier die Logs von Malwarebytes. Ich poste einfach mal alle. Den ersten Suchlauf hatte ich dummerweise abgebrochen. Da hatte er dann wie du siehst eine infizierte Datei gefunden. Die habe ich unter Quarantäne gestellt. War das falsch? Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tim :: TIM-PC [Administrator] 14.06.2012 11:39:20 mbam-log-2012-06-14 (11-39-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 78337 Laufzeit: 1 Stunde(n), 16 Minute(n), 43 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Tim\Downloads\SoftonicDownloader_fuer_freeciv.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tim :: TIM-PC [Administrator] 16.06.2012 11:36:05 mbam-log-2012-06-16 (11-36-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297310 Laufzeit: 1 Stunde(n), 5 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
18.06.2012, 15:36
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
18.06.2012, 16:52
| #5 |
| | Incredibar entfernen Hier also die das neue OTL Log. In deiner Anleitung stand, dass als nächster Schritt nach dem QuickScan ich solle "OK" klicken. Ich konnte keinen OK Button finden. Hmm... Code:
ATTFilter OTL logfile created on: 18.06.2012 17:16:06 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Tim\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 74,43% Memory free 3,75 Gb Paging File | 3,17 Gb Available in Paging File | 84,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 53,31 Gb Free Space | 35,79% Space Free | Partition Type: NTFS Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01 [binary data] IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions [2012.06.16 15:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions [2012.06.16 13:33:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\firefox@ghostery.com [2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml [2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.16 13:44:13 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.16 15:07:14 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe () O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: feedreader.exe - hkey= - key= - C:\Program Files\FeedReader30\feedreader.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2 [2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2 [2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia [2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 16:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:27:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 15:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 15:24:25 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js [2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,024,820 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.01.10 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Adobe [2012.05.07 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Apple Computer [2011.12.08 16:54:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ATI [2012.05.29 21:34:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2011.12.07 13:21:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Identities [2011.12.08 07:08:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Macromedia [2012.06.14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Media Center Programs [2012.02.23 18:02:45 | 000,000,000 | --SD | M] -- C:\Users\Tim\AppData\Roaming\Microsoft [2011.12.07 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla [2012.06.18 17:14:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Skype [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2012.06.02 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\vlc [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions < %APPDATA%\*.exe /s > [2011.12.08 16:48:07 | 000,010,134 | R--- | M] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe [2012.05.06 16:54:21 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Tim\AppData\Roaming\Spotify\spotify.exe [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
18.06.2012, 20:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26
IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26
FF - prefs.js..browser.search.defaultenginename: "MyStart Search"
FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search="
[2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml
[2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Incredibar entfernen |
|
18.06.2012, 22:03
| #7 |
| | Incredibar entfernen So. Hier das Ergebnis des "Fix". Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found.
Prefs.js: "MyStart Search" removed from browser.search.defaultenginename
Prefs.js: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" removed from keyword.URL
C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml moved successfully.
C:\user.js moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Tim
->Temp folder emptied: 191893 bytes
->Temporary Internet Files folder emptied: 27136185 bytes
->Java cache emptied: 41549 bytes
->FireFox cache emptied: 50452568 bytes
->Flash cache emptied: 2656 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 143786801 bytes
RecycleBin emptied: 90135819 bytes
Total Files Cleaned = 297,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Tim
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.48.0 log created on 06182012_221658
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
|
|
19.06.2012, 07:20
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2012, 09:11
| #9 |
| | Incredibar entfernen Guten Morgen und hier der gewünschte Log... Code:
ATTFilter 09:59:35.0304 0204 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31
09:59:35.0460 0204 ============================================================
09:59:35.0460 0204 Current date / time: 2012/06/19 09:59:35.0460
09:59:35.0460 0204 SystemInfo:
09:59:35.0460 0204
09:59:35.0460 0204 OS Version: 6.1.7601 ServicePack: 1.0
09:59:35.0460 0204 Product type: Workstation
09:59:35.0460 0204 ComputerName: TIM-PC
09:59:35.0460 0204 UserName: Tim
09:59:35.0460 0204 Windows directory: C:\Windows
09:59:35.0460 0204 System windows directory: C:\Windows
09:59:35.0460 0204 Processor architecture: Intel x86
09:59:35.0460 0204 Number of processors: 2
09:59:35.0460 0204 Page size: 0x1000
09:59:35.0460 0204 Boot type: Normal boot
09:59:35.0460 0204 ============================================================
09:59:38.0034 0204 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
09:59:38.0034 0204 ============================================================
09:59:38.0034 0204 \Device\Harddisk0\DR0:
09:59:38.0034 0204 MBR partitions:
09:59:38.0034 0204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
09:59:38.0034 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800
09:59:38.0034 0204 ============================================================
09:59:38.0050 0204 C: <-> \Device\Harddisk0\DR0\Partition1
09:59:38.0050 0204 ============================================================
09:59:38.0050 0204 Initialize success
09:59:38.0050 0204 ============================================================
10:00:54.0875 4740 ============================================================
10:00:54.0875 4740 Scan started
10:00:54.0875 4740 Mode: Manual; SigCheck; TDLFS;
10:00:54.0875 4740 ============================================================
10:00:55.0312 4740 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
10:00:55.0484 4740 1394ohci - ok
10:00:55.0562 4740 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
10:00:55.0593 4740 ACPI - ok
10:00:55.0655 4740 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
10:00:55.0686 4740 AcpiPmi - ok
10:00:55.0811 4740 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
10:00:55.0842 4740 AdobeARMservice - ok
10:00:55.0920 4740 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
10:00:55.0983 4740 adp94xx - ok
10:00:56.0030 4740 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
10:00:56.0076 4740 adpahci - ok
10:00:56.0108 4740 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
10:00:56.0123 4740 adpu320 - ok
10:00:56.0217 4740 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
10:00:56.0357 4740 AeLookupSvc - ok
10:00:56.0435 4740 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
10:00:56.0544 4740 AFD - ok
10:00:56.0607 4740 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
10:00:56.0638 4740 agp440 - ok
10:00:56.0685 4740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
10:00:56.0716 4740 aic78xx - ok
10:00:56.0794 4740 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
10:00:56.0888 4740 ALG - ok
10:00:56.0950 4740 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
10:00:56.0981 4740 aliide - ok
10:00:57.0044 4740 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
10:00:57.0075 4740 amdagp - ok
10:00:57.0106 4740 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
10:00:57.0122 4740 amdide - ok
10:00:57.0168 4740 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
10:00:57.0200 4740 AmdK8 - ok
10:00:57.0231 4740 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
10:00:57.0278 4740 AmdPPM - ok
10:00:57.0340 4740 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
10:00:57.0371 4740 amdsata - ok
10:00:57.0387 4740 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
10:00:57.0402 4740 amdsbs - ok
10:00:57.0418 4740 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
10:00:57.0434 4740 amdxata - ok
10:00:57.0496 4740 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
10:00:57.0652 4740 AppID - ok
10:00:57.0683 4740 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
10:00:57.0746 4740 AppIDSvc - ok
10:00:57.0792 4740 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
10:00:57.0855 4740 Appinfo - ok
10:00:57.0980 4740 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
10:00:58.0011 4740 Apple Mobile Device - ok
10:00:58.0073 4740 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
10:00:58.0151 4740 AppMgmt - ok
10:00:58.0182 4740 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
10:00:58.0198 4740 arc - ok
10:00:58.0229 4740 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
10:00:58.0245 4740 arcsas - ok
10:00:58.0276 4740 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
10:00:58.0432 4740 AsyncMac - ok
10:00:58.0479 4740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
10:00:58.0494 4740 atapi - ok
10:00:58.0588 4740 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys
10:00:58.0650 4740 athr - ok
10:00:58.0775 4740 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe
10:00:59.0134 4740 Ati External Event Utility - ok
10:00:59.0571 4740 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys
10:00:59.0774 4740 atikmdag - ok
10:00:59.0976 4740 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:01:00.0086 4740 AudioEndpointBuilder - ok
10:01:00.0101 4740 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
10:01:00.0148 4740 Audiosrv - ok
10:01:00.0210 4740 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
10:01:00.0288 4740 AxInstSV - ok
10:01:00.0398 4740 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
10:01:00.0491 4740 b06bdrv - ok
10:01:00.0554 4740 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
10:01:00.0616 4740 b57nd60x - ok
10:01:00.0678 4740 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
10:01:00.0772 4740 BDESVC - ok
10:01:00.0803 4740 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
10:01:00.0897 4740 Beep - ok
10:01:00.0990 4740 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
10:01:01.0053 4740 BFE - ok
10:01:01.0131 4740 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
10:01:01.0193 4740 BITS - ok
10:01:01.0224 4740 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
10:01:01.0271 4740 blbdrive - ok
10:01:01.0458 4740 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
10:01:01.0490 4740 Bonjour Service - ok
10:01:01.0552 4740 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
10:01:01.0583 4740 bowser - ok
10:01:01.0614 4740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
10:01:01.0677 4740 BrFiltLo - ok
10:01:01.0692 4740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
10:01:01.0770 4740 BrFiltUp - ok
10:01:01.0848 4740 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
10:01:01.0942 4740 Browser - ok
10:01:02.0004 4740 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
10:01:02.0067 4740 Brserid - ok
10:01:02.0098 4740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
10:01:02.0145 4740 BrSerWdm - ok
10:01:02.0160 4740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
10:01:02.0207 4740 BrUsbMdm - ok
10:01:02.0238 4740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
10:01:02.0301 4740 BrUsbSer - ok
10:01:02.0332 4740 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
10:01:02.0410 4740 BTHMODEM - ok
10:01:02.0457 4740 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
10:01:02.0519 4740 bthserv - ok
10:01:02.0550 4740 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
10:01:02.0597 4740 cdfs - ok
10:01:02.0675 4740 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
10:01:02.0722 4740 cdrom - ok
10:01:02.0800 4740 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:01:02.0894 4740 CertPropSvc - ok
10:01:02.0909 4740 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
10:01:02.0940 4740 circlass - ok
10:01:02.0987 4740 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
10:01:03.0003 4740 CLFS - ok
10:01:03.0096 4740 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:01:03.0112 4740 clr_optimization_v2.0.50727_32 - ok
10:01:03.0221 4740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:01:03.0252 4740 clr_optimization_v4.0.30319_32 - ok
10:01:03.0284 4740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
10:01:03.0315 4740 CmBatt - ok
10:01:03.0362 4740 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
10:01:03.0408 4740 cmdide - ok
10:01:03.0455 4740 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
10:01:03.0549 4740 CNG - ok
10:01:03.0564 4740 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
10:01:03.0580 4740 Compbatt - ok
10:01:03.0658 4740 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
10:01:03.0689 4740 CompositeBus - ok
10:01:03.0705 4740 COMSysApp - ok
10:01:03.0736 4740 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
10:01:03.0767 4740 crcdisk - ok
10:01:03.0814 4740 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
10:01:03.0845 4740 CryptSvc - ok
10:01:03.0923 4740 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
10:01:04.0017 4740 CSC - ok
10:01:04.0079 4740 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
10:01:04.0157 4740 CscService - ok
10:01:04.0235 4740 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:01:04.0360 4740 DcomLaunch - ok
10:01:04.0407 4740 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
10:01:04.0469 4740 defragsvc - ok
10:01:04.0578 4740 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
10:01:04.0610 4740 DfsC - ok
10:01:04.0688 4740 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
10:01:04.0797 4740 Dhcp - ok
10:01:04.0829 4740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
10:01:04.0891 4740 discache - ok
10:01:04.0938 4740 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
10:01:04.0969 4740 Disk - ok
10:01:05.0016 4740 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
10:01:05.0079 4740 Dnscache - ok
10:01:05.0141 4740 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
10:01:05.0235 4740 dot3svc - ok
10:01:05.0266 4740 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
10:01:05.0328 4740 DPS - ok
10:01:05.0391 4740 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
10:01:05.0422 4740 drmkaud - ok
10:01:05.0500 4740 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
10:01:05.0547 4740 DXGKrnl - ok
10:01:05.0578 4740 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
10:01:05.0687 4740 EapHost - ok
10:01:05.0905 4740 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
10:01:06.0015 4740 ebdrv - ok
10:01:06.0155 4740 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
10:01:06.0233 4740 EFS - ok
10:01:06.0358 4740 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
10:01:06.0451 4740 ehRecvr - ok
10:01:06.0592 4740 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
10:01:06.0701 4740 ehSched - ok
10:01:06.0810 4740 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
10:01:06.0857 4740 elxstor - ok
10:01:06.0904 4740 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
10:01:06.0935 4740 ErrDev - ok
10:01:06.0997 4740 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
10:01:07.0060 4740 EventSystem - ok
10:01:07.0107 4740 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
10:01:07.0169 4740 exfat - ok
10:01:07.0200 4740 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
10:01:07.0263 4740 fastfat - ok
10:01:07.0356 4740 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
10:01:07.0465 4740 Fax - ok
10:01:07.0497 4740 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
10:01:07.0543 4740 fdc - ok
10:01:07.0590 4740 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
10:01:07.0684 4740 fdPHost - ok
10:01:07.0715 4740 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
10:01:07.0777 4740 FDResPub - ok
10:01:07.0809 4740 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
10:01:07.0824 4740 FileInfo - ok
10:01:07.0871 4740 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
10:01:07.0933 4740 Filetrace - ok
10:01:07.0965 4740 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
10:01:08.0027 4740 flpydisk - ok
10:01:08.0074 4740 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
10:01:08.0121 4740 FltMgr - ok
10:01:08.0214 4740 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
10:01:08.0292 4740 FontCache - ok
10:01:08.0370 4740 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
10:01:08.0386 4740 FontCache3.0.0.0 - ok
10:01:08.0401 4740 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
10:01:08.0417 4740 FsDepends - ok
10:01:08.0464 4740 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
10:01:08.0495 4740 Fs_Rec - ok
10:01:08.0589 4740 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
10:01:08.0635 4740 fvevol - ok
10:01:08.0682 4740 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
10:01:08.0698 4740 gagp30kx - ok
10:01:08.0745 4740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
10:01:08.0760 4740 GEARAspiWDM - ok
10:01:08.0838 4740 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
10:01:08.0916 4740 gpsvc - ok
10:01:09.0072 4740 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:01:09.0103 4740 gupdate - ok
10:01:09.0119 4740 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe
10:01:09.0135 4740 gupdatem - ok
10:01:09.0166 4740 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
10:01:09.0213 4740 hcw85cir - ok
10:01:09.0291 4740 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
10:01:09.0322 4740 HdAudAddService - ok
10:01:09.0353 4740 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
10:01:09.0400 4740 HDAudBus - ok
10:01:09.0447 4740 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
10:01:09.0478 4740 HidBatt - ok
10:01:09.0509 4740 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
10:01:09.0556 4740 HidBth - ok
10:01:09.0587 4740 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
10:01:09.0649 4740 HidIr - ok
10:01:09.0696 4740 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
10:01:09.0774 4740 hidserv - ok
10:01:09.0868 4740 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
10:01:09.0883 4740 HidUsb - ok
10:01:09.0930 4740 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
10:01:09.0993 4740 hkmsvc - ok
10:01:10.0039 4740 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
10:01:10.0102 4740 HomeGroupListener - ok
10:01:10.0180 4740 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
10:01:10.0258 4740 HomeGroupProvider - ok
10:01:10.0336 4740 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
10:01:10.0367 4740 HpSAMD - ok
10:01:10.0476 4740 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
10:01:10.0539 4740 HTTP - ok
10:01:10.0585 4740 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
10:01:10.0601 4740 hwpolicy - ok
10:01:10.0663 4740 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
10:01:10.0695 4740 i8042prt - ok
10:01:10.0788 4740 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
10:01:10.0804 4740 iaStorV - ok
10:01:10.0975 4740 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
10:01:11.0038 4740 idsvc - ok
10:01:11.0085 4740 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
10:01:11.0100 4740 iirsp - ok
10:01:11.0194 4740 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
10:01:11.0272 4740 IKEEXT - ok
10:01:11.0303 4740 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
10:01:11.0319 4740 intelide - ok
10:01:11.0365 4740 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
10:01:11.0412 4740 intelppm - ok
10:01:11.0459 4740 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
10:01:11.0553 4740 IPBusEnum - ok
10:01:11.0584 4740 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:01:11.0646 4740 IpFilterDriver - ok
10:01:11.0740 4740 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
10:01:11.0787 4740 iphlpsvc - ok
10:01:11.0849 4740 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
10:01:11.0896 4740 IPMIDRV - ok
10:01:11.0943 4740 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
10:01:12.0052 4740 IPNAT - ok
10:01:12.0192 4740 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe
10:01:12.0239 4740 iPod Service - ok
10:01:12.0270 4740 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
10:01:12.0317 4740 IRENUM - ok
10:01:12.0364 4740 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
10:01:12.0379 4740 isapnp - ok
10:01:12.0442 4740 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
10:01:12.0489 4740 iScsiPrt - ok
10:01:12.0551 4740 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
10:01:12.0598 4740 kbdclass - ok
10:01:12.0645 4740 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
10:01:12.0676 4740 kbdhid - ok
10:01:12.0707 4740 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:12.0738 4740 KeyIso - ok
10:01:12.0754 4740 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
10:01:12.0769 4740 KSecDD - ok
10:01:12.0785 4740 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
10:01:12.0816 4740 KSecPkg - ok
10:01:12.0863 4740 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
10:01:12.0925 4740 KtmRm - ok
10:01:13.0003 4740 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
10:01:13.0097 4740 LanmanServer - ok
10:01:13.0144 4740 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
10:01:13.0206 4740 LanmanWorkstation - ok
10:01:13.0269 4740 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
10:01:13.0331 4740 lltdio - ok
10:01:13.0378 4740 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
10:01:13.0425 4740 lltdsvc - ok
10:01:13.0440 4740 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
10:01:13.0471 4740 lmhosts - ok
10:01:13.0518 4740 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
10:01:13.0534 4740 LSI_FC - ok
10:01:13.0549 4740 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
10:01:13.0581 4740 LSI_SAS - ok
10:01:13.0612 4740 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
10:01:13.0627 4740 LSI_SAS2 - ok
10:01:13.0659 4740 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
10:01:13.0674 4740 LSI_SCSI - ok
10:01:13.0690 4740 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
10:01:13.0737 4740 luafv - ok
10:01:13.0783 4740 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
10:01:13.0830 4740 Mcx2Svc - ok
10:01:13.0846 4740 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
10:01:13.0877 4740 megasas - ok
10:01:13.0924 4740 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
10:01:13.0971 4740 MegaSR - ok
10:01:14.0095 4740 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
10:01:14.0111 4740 Microsoft Office Groove Audit Service - ok
10:01:14.0142 4740 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:01:14.0205 4740 MMCSS - ok
10:01:14.0236 4740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
10:01:14.0329 4740 Modem - ok
10:01:14.0376 4740 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
10:01:14.0439 4740 monitor - ok
10:01:14.0517 4740 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
10:01:14.0532 4740 mouclass - ok
10:01:14.0563 4740 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
10:01:14.0610 4740 mouhid - ok
10:01:14.0657 4740 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
10:01:14.0673 4740 mountmgr - ok
10:01:14.0751 4740 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
10:01:14.0797 4740 MozillaMaintenance - ok
10:01:14.0860 4740 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys
10:01:14.0907 4740 MpFilter - ok
10:01:14.0969 4740 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
10:01:14.0985 4740 mpio - ok
10:01:15.0109 4740 MpKsld5b03b59 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys
10:01:15.0125 4740 MpKsld5b03b59 - ok
10:01:15.0156 4740 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
10:01:15.0219 4740 mpsdrv - ok
10:01:15.0297 4740 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
10:01:15.0406 4740 MpsSvc - ok
10:01:15.0437 4740 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
10:01:15.0484 4740 MRxDAV - ok
10:01:15.0562 4740 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
10:01:15.0593 4740 mrxsmb - ok
10:01:15.0640 4740 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:01:15.0671 4740 mrxsmb10 - ok
10:01:15.0702 4740 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:01:15.0733 4740 mrxsmb20 - ok
10:01:15.0796 4740 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
10:01:15.0843 4740 msahci - ok
10:01:15.0936 4740 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe
10:01:15.0952 4740 MSCamSvc - ok
10:01:15.0999 4740 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
10:01:16.0014 4740 msdsm - ok
10:01:16.0045 4740 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
10:01:16.0092 4740 MSDTC - ok
10:01:16.0155 4740 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
10:01:16.0186 4740 Msfs - ok
10:01:16.0201 4740 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
10:01:16.0264 4740 mshidkmdf - ok
10:01:16.0295 4740 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
10:01:16.0326 4740 msisadrv - ok
10:01:16.0389 4740 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
10:01:16.0467 4740 MSiSCSI - ok
10:01:16.0482 4740 msiserver - ok
10:01:16.0529 4740 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
10:01:16.0591 4740 MSKSSRV - ok
10:01:16.0669 4740 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe
10:01:16.0685 4740 MsMpSvc - ok
10:01:16.0716 4740 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
10:01:16.0763 4740 MSPCLOCK - ok
10:01:16.0779 4740 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
10:01:16.0825 4740 MSPQM - ok
10:01:16.0872 4740 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
10:01:16.0888 4740 MsRPC - ok
10:01:16.0935 4740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
10:01:16.0950 4740 mssmbios - ok
10:01:16.0966 4740 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
10:01:16.0997 4740 MSTEE - ok
10:01:17.0013 4740 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
10:01:17.0044 4740 MTConfig - ok
10:01:17.0091 4740 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
10:01:17.0137 4740 Mup - ok
10:01:17.0215 4740 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
10:01:17.0278 4740 napagent - ok
10:01:17.0340 4740 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
10:01:17.0356 4740 NativeWifiP - ok
10:01:17.0434 4740 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
10:01:17.0465 4740 NDIS - ok
10:01:17.0512 4740 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
10:01:17.0543 4740 NdisCap - ok
10:01:17.0574 4740 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
10:01:17.0668 4740 NdisTapi - ok
10:01:17.0746 4740 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
10:01:17.0824 4740 Ndisuio - ok
10:01:17.0855 4740 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
10:01:17.0917 4740 NdisWan - ok
10:01:17.0964 4740 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
10:01:18.0027 4740 NDProxy - ok
10:01:18.0073 4740 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
10:01:18.0167 4740 NetBIOS - ok
10:01:18.0229 4740 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
10:01:18.0323 4740 NetBT - ok
10:01:18.0354 4740 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:18.0370 4740 Netlogon - ok
10:01:18.0432 4740 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
10:01:18.0510 4740 Netman - ok
10:01:18.0557 4740 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
10:01:18.0619 4740 netprofm - ok
10:01:18.0729 4740 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:01:18.0775 4740 NetTcpPortSharing - ok
10:01:18.0822 4740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
10:01:18.0838 4740 nfrd960 - ok
10:01:18.0916 4740 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys
10:01:18.0931 4740 NisDrv - ok
10:01:19.0009 4740 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe
10:01:19.0041 4740 NisSrv - ok
10:01:19.0087 4740 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
10:01:19.0181 4740 NlaSvc - ok
10:01:19.0228 4740 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
10:01:19.0306 4740 Npfs - ok
10:01:19.0337 4740 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
10:01:19.0384 4740 nsi - ok
10:01:19.0399 4740 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
10:01:19.0462 4740 nsiproxy - ok
10:01:19.0571 4740 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
10:01:19.0618 4740 Ntfs - ok
10:01:19.0649 4740 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
10:01:19.0711 4740 Null - ok
10:01:19.0758 4740 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
10:01:19.0805 4740 nvraid - ok
10:01:19.0836 4740 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
10:01:19.0883 4740 nvstor - ok
10:01:19.0930 4740 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
10:01:19.0945 4740 nv_agp - ok
10:01:20.0086 4740 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
10:01:20.0117 4740 odserv - ok
10:01:20.0164 4740 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
10:01:20.0211 4740 ohci1394 - ok
10:01:20.0304 4740 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:01:20.0335 4740 ose - ok
10:01:20.0413 4740 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:01:20.0491 4740 p2pimsvc - ok
10:01:20.0523 4740 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
10:01:20.0554 4740 p2psvc - ok
10:01:20.0601 4740 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
10:01:20.0632 4740 Parport - ok
10:01:20.0679 4740 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
10:01:20.0694 4740 partmgr - ok
10:01:20.0710 4740 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
10:01:20.0741 4740 Parvdm - ok
10:01:20.0788 4740 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
10:01:20.0850 4740 PcaSvc - ok
10:01:20.0913 4740 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
10:01:20.0928 4740 pci - ok
10:01:20.0975 4740 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
10:01:21.0006 4740 pciide - ok
10:01:21.0037 4740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
10:01:21.0069 4740 pcmcia - ok
10:01:21.0084 4740 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
10:01:21.0100 4740 pcw - ok
10:01:21.0162 4740 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
10:01:21.0240 4740 PEAUTH - ok
10:01:21.0349 4740 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
10:01:21.0474 4740 PeerDistSvc - ok
10:01:21.0677 4740 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
10:01:21.0802 4740 pla - ok
10:01:21.0973 4740 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
10:01:22.0051 4740 PlugPlay - ok
10:01:22.0098 4740 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
10:01:22.0145 4740 PNRPAutoReg - ok
10:01:22.0207 4740 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
10:01:22.0254 4740 PNRPsvc - ok
10:01:22.0317 4740 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
10:01:22.0379 4740 PolicyAgent - ok
10:01:22.0441 4740 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
10:01:22.0488 4740 Power - ok
10:01:22.0566 4740 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
10:01:22.0644 4740 PptpMiniport - ok
10:01:22.0675 4740 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
10:01:22.0707 4740 Processor - ok
10:01:22.0785 4740 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
10:01:22.0847 4740 ProfSvc - ok
10:01:22.0894 4740 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:22.0909 4740 ProtectedStorage - ok
10:01:22.0956 4740 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
10:01:23.0003 4740 Psched - ok
10:01:23.0112 4740 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
10:01:23.0175 4740 ql2300 - ok
10:01:23.0331 4740 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
10:01:23.0346 4740 ql40xx - ok
10:01:23.0393 4740 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
10:01:23.0440 4740 QWAVE - ok
10:01:23.0471 4740 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
10:01:23.0518 4740 QWAVEdrv - ok
10:01:23.0549 4740 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
10:01:23.0643 4740 RasAcd - ok
10:01:23.0689 4740 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
10:01:23.0736 4740 RasAgileVpn - ok
10:01:23.0783 4740 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
10:01:23.0830 4740 RasAuto - ok
10:01:23.0877 4740 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
10:01:23.0908 4740 Rasl2tp - ok
10:01:23.0986 4740 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
10:01:24.0095 4740 RasMan - ok
10:01:24.0126 4740 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
10:01:24.0189 4740 RasPppoe - ok
10:01:24.0235 4740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
10:01:24.0298 4740 RasSstp - ok
10:01:24.0345 4740 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
10:01:24.0407 4740 rdbss - ok
10:01:24.0438 4740 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
10:01:24.0454 4740 rdpbus - ok
10:01:24.0501 4740 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
10:01:24.0594 4740 RDPCDD - ok
10:01:24.0625 4740 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
10:01:24.0657 4740 RDPDR - ok
10:01:24.0688 4740 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
10:01:24.0750 4740 RDPENCDD - ok
10:01:24.0781 4740 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
10:01:24.0828 4740 RDPREFMP - ok
10:01:24.0891 4740 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
10:01:24.0969 4740 RDPWD - ok
10:01:25.0031 4740 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
10:01:25.0062 4740 rdyboost - ok
10:01:25.0094 4740 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
10:01:25.0157 4740 RemoteAccess - ok
10:01:25.0204 4740 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
10:01:25.0266 4740 RemoteRegistry - ok
10:01:25.0313 4740 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
10:01:25.0406 4740 RpcEptMapper - ok
10:01:25.0438 4740 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
10:01:25.0484 4740 RpcLocator - ok
10:01:25.0531 4740 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
10:01:25.0578 4740 RpcSs - ok
10:01:25.0625 4740 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
10:01:25.0656 4740 rspndr - ok
10:01:25.0703 4740 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys
10:01:25.0750 4740 RTL8167 - ok
10:01:25.0796 4740 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
10:01:25.0874 4740 s3cap - ok
10:01:25.0906 4740 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:25.0921 4740 SamSs - ok
10:01:25.0984 4740 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
10:01:25.0999 4740 sbp2port - ok
10:01:26.0046 4740 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
10:01:26.0108 4740 SCardSvr - ok
10:01:26.0140 4740 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
10:01:26.0202 4740 scfilter - ok
10:01:26.0311 4740 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
10:01:26.0389 4740 Schedule - ok
10:01:26.0436 4740 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
10:01:26.0483 4740 SCPolicySvc - ok
10:01:26.0530 4740 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
10:01:26.0576 4740 SDRSVC - ok
10:01:26.0623 4740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
10:01:26.0717 4740 secdrv - ok
10:01:26.0764 4740 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
10:01:26.0857 4740 seclogon - ok
10:01:26.0888 4740 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
10:01:26.0951 4740 SENS - ok
10:01:26.0998 4740 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
10:01:27.0044 4740 SensrSvc - ok
10:01:27.0076 4740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
10:01:27.0091 4740 Serenum - ok
10:01:27.0107 4740 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
10:01:27.0154 4740 Serial - ok
10:01:27.0185 4740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
10:01:27.0200 4740 sermouse - ok
10:01:27.0278 4740 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
10:01:27.0356 4740 SessionEnv - ok
10:01:27.0403 4740 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
10:01:27.0434 4740 sffdisk - ok
10:01:27.0466 4740 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
10:01:27.0497 4740 sffp_mmc - ok
10:01:27.0512 4740 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
10:01:27.0544 4740 sffp_sd - ok
10:01:27.0559 4740 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
10:01:27.0575 4740 sfloppy - ok
10:01:27.0637 4740 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
10:01:27.0684 4740 SharedAccess - ok
10:01:27.0731 4740 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
10:01:27.0793 4740 ShellHWDetection - ok
10:01:27.0840 4740 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
10:01:27.0871 4740 sisagp - ok
10:01:27.0918 4740 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
10:01:27.0949 4740 SiSRaid2 - ok
10:01:27.0965 4740 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
10:01:27.0980 4740 SiSRaid4 - ok
10:01:28.0012 4740 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
10:01:28.0058 4740 Smb - ok
10:01:28.0152 4740 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys
10:01:28.0214 4740 smserial - ok
10:01:28.0277 4740 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
10:01:28.0292 4740 SNMPTRAP - ok
10:01:28.0339 4740 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
10:01:28.0355 4740 spldr - ok
10:01:28.0433 4740 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
10:01:28.0495 4740 Spooler - ok
10:01:28.0729 4740 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
10:01:28.0854 4740 sppsvc - ok
10:01:28.0979 4740 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
10:01:29.0057 4740 sppuinotify - ok
10:01:29.0150 4740 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
10:01:29.0182 4740 srv - ok
10:01:29.0213 4740 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
10:01:29.0260 4740 srv2 - ok
10:01:29.0291 4740 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
10:01:29.0306 4740 srvnet - ok
10:01:29.0353 4740 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
10:01:29.0400 4740 SSDPSRV - ok
10:01:29.0416 4740 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
10:01:29.0478 4740 SstpSvc - ok
10:01:29.0525 4740 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
10:01:29.0540 4740 stexstor - ok
10:01:29.0618 4740 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
10:01:29.0712 4740 StiSvc - ok
10:01:29.0759 4740 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
10:01:29.0806 4740 storflt - ok
10:01:29.0821 4740 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
10:01:29.0852 4740 StorSvc - ok
10:01:29.0899 4740 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
10:01:29.0915 4740 storvsc - ok
10:01:29.0962 4740 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
10:01:29.0977 4740 swenum - ok
10:01:30.0040 4740 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
10:01:30.0086 4740 swprv - ok
10:01:30.0196 4740 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
10:01:30.0274 4740 SysMain - ok
10:01:30.0320 4740 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
10:01:30.0367 4740 TabletInputService - ok
10:01:30.0430 4740 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
10:01:30.0476 4740 TapiSrv - ok
10:01:30.0492 4740 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
10:01:30.0570 4740 TBS - ok
10:01:30.0757 4740 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
10:01:30.0851 4740 Tcpip - ok
10:01:30.0866 4740 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
10:01:30.0929 4740 TCPIP6 - ok
10:01:30.0976 4740 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
10:01:31.0038 4740 tcpipreg - ok
10:01:31.0069 4740 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
10:01:31.0132 4740 TDPIPE - ok
10:01:31.0147 4740 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
10:01:31.0178 4740 TDTCP - ok
10:01:31.0241 4740 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
10:01:31.0303 4740 tdx - ok
10:01:31.0350 4740 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
10:01:31.0366 4740 TermDD - ok
10:01:31.0428 4740 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
10:01:31.0506 4740 TermService - ok
10:01:31.0537 4740 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
10:01:31.0584 4740 Themes - ok
10:01:31.0615 4740 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
10:01:31.0662 4740 THREADORDER - ok
10:01:31.0693 4740 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
10:01:31.0756 4740 TrkWks - ok
10:01:31.0865 4740 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
10:01:31.0943 4740 TrustedInstaller - ok
10:01:31.0974 4740 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
10:01:32.0036 4740 tssecsrv - ok
10:01:32.0083 4740 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
10:01:32.0146 4740 TsUsbFlt - ok
10:01:32.0224 4740 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
10:01:32.0302 4740 tunnel - ok
10:01:32.0348 4740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
10:01:32.0395 4740 uagp35 - ok
10:01:32.0442 4740 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
10:01:32.0504 4740 udfs - ok
10:01:32.0551 4740 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
10:01:32.0582 4740 UI0Detect - ok
10:01:32.0660 4740 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
10:01:32.0676 4740 uliagpkx - ok
10:01:32.0738 4740 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys
10:01:32.0785 4740 umbus - ok
10:01:32.0832 4740 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
10:01:32.0863 4740 UmPass - ok
10:01:32.0926 4740 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
10:01:32.0941 4740 UmRdpService - ok
10:01:33.0004 4740 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
10:01:33.0066 4740 upnphost - ok
10:01:33.0128 4740 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
10:01:33.0160 4740 USBAAPL - ok
10:01:33.0222 4740 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
10:01:33.0269 4740 usbaudio - ok
10:01:33.0316 4740 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
10:01:33.0378 4740 usbccgp - ok
10:01:33.0440 4740 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
10:01:33.0487 4740 usbcir - ok
10:01:33.0518 4740 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
10:01:33.0534 4740 usbehci - ok
10:01:33.0612 4740 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
10:01:33.0674 4740 usbhub - ok
10:01:33.0721 4740 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys
10:01:33.0768 4740 usbohci - ok
10:01:33.0815 4740 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
10:01:33.0862 4740 usbprint - ok
10:01:33.0877 4740 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS
10:01:33.0971 4740 USBSTOR - ok
10:01:34.0033 4740 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys
10:01:34.0049 4740 usbuhci - ok
10:01:34.0064 4740 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
10:01:34.0127 4740 UxSms - ok
10:01:34.0174 4740 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
10:01:34.0189 4740 VaultSvc - ok
10:01:34.0252 4740 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
10:01:34.0267 4740 vdrvroot - ok
10:01:34.0345 4740 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
10:01:34.0454 4740 vds - ok
10:01:34.0486 4740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
10:01:34.0501 4740 vga - ok
10:01:34.0532 4740 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
10:01:34.0564 4740 VgaSave - ok
10:01:34.0626 4740 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
10:01:34.0642 4740 vhdmp - ok
10:01:34.0688 4740 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
10:01:34.0720 4740 viaagp - ok
10:01:34.0735 4740 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
10:01:34.0782 4740 ViaC7 - ok
10:01:34.0829 4740 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
10:01:34.0860 4740 viaide - ok
10:01:34.0922 4740 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
10:01:34.0938 4740 vmbus - ok
10:01:34.0969 4740 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
10:01:35.0016 4740 VMBusHID - ok
10:01:35.0063 4740 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
10:01:35.0078 4740 volmgr - ok
10:01:35.0141 4740 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
10:01:35.0156 4740 volmgrx - ok
10:01:35.0219 4740 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
10:01:35.0234 4740 volsnap - ok
10:01:35.0375 4740 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
10:01:35.0546 4740 vpnagent - ok
10:01:35.0624 4740 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys
10:01:35.0624 4740 vpnva - ok
10:01:35.0671 4740 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
10:01:35.0702 4740 vsmraid - ok
10:01:35.0827 4740 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
10:01:35.0968 4740 VSS - ok
10:01:35.0999 4740 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
10:01:36.0046 4740 vwifibus - ok
10:01:36.0077 4740 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
10:01:36.0092 4740 vwififlt - ok
10:01:36.0280 4740 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys
10:01:36.0358 4740 VX1000 - ok
10:01:36.0498 4740 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
10:01:36.0592 4740 W32Time - ok
10:01:36.0654 4740 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
10:01:36.0685 4740 WacomPen - ok
10:01:36.0748 4740 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:36.0794 4740 WANARP - ok
10:01:36.0794 4740 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
10:01:36.0826 4740 Wanarpv6 - ok
10:01:36.0997 4740 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe
10:01:37.0075 4740 WatAdminSvc - ok
10:01:37.0184 4740 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
10:01:37.0231 4740 wbengine - ok
10:01:37.0278 4740 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
10:01:37.0325 4740 WbioSrvc - ok
10:01:37.0387 4740 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
10:01:37.0465 4740 wcncsvc - ok
10:01:37.0481 4740 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
10:01:37.0543 4740 WcsPlugInService - ok
10:01:37.0621 4740 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
10:01:37.0637 4740 Wd - ok
10:01:37.0684 4740 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
10:01:37.0715 4740 Wdf01000 - ok
10:01:37.0746 4740 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:01:37.0840 4740 WdiServiceHost - ok
10:01:37.0855 4740 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
10:01:37.0902 4740 WdiSystemHost - ok
10:01:38.0042 4740 Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe
10:01:38.0214 4740 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning
10:01:38.0214 4740 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1)
10:01:38.0276 4740 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
10:01:38.0308 4740 WebClient - ok
10:01:38.0339 4740 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
10:01:38.0386 4740 Wecsvc - ok
10:01:38.0417 4740 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
10:01:38.0448 4740 wercplsupport - ok
10:01:38.0495 4740 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
10:01:38.0542 4740 WerSvc - ok
10:01:38.0573 4740 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
10:01:38.0604 4740 WfpLwf - ok
10:01:38.0620 4740 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
10:01:38.0635 4740 WIMMount - ok
10:01:38.0729 4740 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
10:01:38.0807 4740 WinDefend - ok
10:01:38.0822 4740 WinHttpAutoProxySvc - ok
10:01:38.0916 4740 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
10:01:38.0994 4740 Winmgmt - ok
10:01:39.0103 4740 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
10:01:39.0166 4740 WinRM - ok
10:01:39.0275 4740 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
10:01:39.0306 4740 WinUsb - ok
10:01:39.0415 4740 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
10:01:39.0509 4740 Wlansvc - ok
10:01:39.0556 4740 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
10:01:39.0571 4740 WmiAcpi - ok
10:01:39.0649 4740 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
10:01:39.0696 4740 wmiApSrv - ok
10:01:39.0868 4740 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
10:01:39.0977 4740 WMPNetworkSvc - ok
10:01:40.0008 4740 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
10:01:40.0070 4740 WPCSvc - ok
10:01:40.0117 4740 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
10:01:40.0148 4740 WPDBusEnum - ok
10:01:40.0211 4740 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
10:01:40.0273 4740 ws2ifsl - ok
10:01:40.0336 4740 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
10:01:40.0398 4740 wscsvc - ok
10:01:40.0414 4740 WSearch - ok
10:01:40.0616 4740 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll
10:01:40.0726 4740 wuauserv - ok
10:01:40.0897 4740 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
10:01:40.0928 4740 WudfPf - ok
10:01:40.0975 4740 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
10:01:41.0006 4740 WUDFRd - ok
10:01:41.0069 4740 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
10:01:41.0147 4740 wudfsvc - ok
10:01:41.0194 4740 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
10:01:41.0240 4740 WwanSvc - ok
10:01:41.0303 4740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
10:01:41.0584 4740 \Device\Harddisk0\DR0 - ok
10:01:41.0599 4740 Boot (0x1200) (e958823fc5d9a649bbec25940721b25c) \Device\Harddisk0\DR0\Partition0
10:01:41.0599 4740 \Device\Harddisk0\DR0\Partition0 - ok
10:01:41.0630 4740 Boot (0x1200) (63dabe9566f05ecff3b2e0bf67fe5fd7) \Device\Harddisk0\DR0\Partition1
10:01:41.0630 4740 \Device\Harddisk0\DR0\Partition1 - ok
10:01:41.0630 4740 ============================================================
10:01:41.0630 4740 Scan finished
10:01:41.0630 4740 ============================================================
10:01:41.0662 4708 Detected object count: 1
10:01:41.0662 4708 Actual detected object count: 1
10:02:00.0132 4708 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user
10:02:00.0132 4708 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip
 (also nachdem ich den Scan gemacht und den Log gepostet hatte) Geändert von TimKnopf (19.06.2012 um 09:48 Uhr) |
|
19.06.2012, 11:24
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2012, 11:43
| #11 |
| | Incredibar entfernen Beim ersten Mal direkt nach dem Anschalten (also vorm booten von Windows) und beim zweiten Mal während des Bootvorgangs von Windows. Edit: Oh man ist das peinlich jetzt!! Dachte mir eben ich probiers nochmal und bemerkte bzw. erinnerte mich dran, dass ich gestern Abend den Stecker rausgezogen hatte. Also Stecker wieder rein und läuft bzw. geht wieder an. war einfach nur der Akku alle vorhin. Mea culpa mea maxima culpa!! Geändert von TimKnopf (19.06.2012 um 11:52 Uhr) |
|
19.06.2012, 12:31
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Hehehe einfach nur Akku leergelutscht?  Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2012, 13:09
| #13 |
| | Incredibar entfernen So. Combofix ausgeführt. Hier das Ergebnis. Code:
ATTFilter ComboFix 12-06-19.01 - Tim 19.06.2012 13:51:01.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.1392 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\Web Assistant\ExTEnsion32.dll
c:\users\Tim\Music\Funk 'n' Soul 'n' Jazz 'n' RnB\The Cat Empire - (2005) Two Shoes\_desktop.ini
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 ))))))))))))))))))))))))))))))
.
.
2012-06-19 11:58 . 2012-06-19 11:58 -------- d-----w- c:\users\Tim\AppData\Local\temp
2012-06-19 11:58 . 2012-06-19 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 11:38 . 2012-06-19 11:38 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys
2012-06-19 11:37 . 2012-06-19 11:37 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\offreg.dll
2012-06-19 07:59 . 2012-06-19 07:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys
2012-06-18 21:10 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\mpengine.dll
2012-06-18 20:16 . 2012-06-18 20:16 -------- d-----w- C:\_OTL
2012-06-17 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 09:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 10:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:07 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 08:30 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 08:30 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 08:30 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:30 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 14:48 . 2012-06-19 11:56 -------- d-----w- c:\program files\Web Assistant
2012-06-12 14:47 . 2012-06-12 16:08 -------- d-----w- c:\users\Tim\AppData\Roaming\.freeciv
2012-06-12 14:46 . 2012-06-14 12:33 -------- d-----w- c:\program files\Freeciv-2.1.10-gtk2
2012-06-12 14:03 . 2012-02-10 23:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll
2012-06-12 09:23 . 2012-06-12 09:23 -------- d-----w- c:\users\Tim\AppData\Local\Macromedia
2012-06-05 14:31 . 2012-06-12 14:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 11:51 . 2012-06-05 11:51 -------- d-----w- c:\program files\Microsoft
2012-06-05 11:30 . 2012-06-05 11:30 -------- d-----w- c:\windows\system32\SPReview
2012-06-05 11:29 . 2012-06-05 11:29 -------- d-----w- c:\windows\system32\EventProviders
2012-05-29 12:32 . 2012-05-29 19:34 -------- d-----w- c:\users\Tim\AppData\Roaming\DVD Flick
2012-05-29 12:31 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-05-29 12:31 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-05-29 12:31 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2012-05-29 12:31 . 2004-03-08 22:00 609824 ----a-w- c:\windows\system32\comctl32.ocx
2012-05-29 12:31 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-05-29 12:31 . 1998-06-23 22:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2012-05-29 12:31 . 2012-05-29 12:32 -------- d-----w- c:\program files\DVD Flick
2012-05-29 12:31 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 14:46 . 2011-12-08 05:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 11:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 07:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 07:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 07:36 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-25 07:30 . 2011-12-07 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472]
"Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
2010-01-21 10:32 2089472 ----a-w- c:\program files\FeedReader30\feedreader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400]
S1 MpKsl12ac70dc;MpKsl12ac70dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys [2012-06-19 29904]
S1 MpKsld5b03b59;MpKsld5b03b59;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys [2012-06-19 29904]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - MPKSL12AC70DC
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299
FF - user.js: extensions.incredibar_i.instlDay - 15503
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9
FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-19 14:03:03
ComboFix-quarantined-files.txt 2012-06-19 12:03
.
Vor Suchlauf: 6 Verzeichnis(se), 59.023.077.376 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 59.041.542.144 Bytes frei
.
- - End Of File - - E326A1D5C6E0DA1CE85F6C3018937626
Geändert von TimKnopf (19.06.2012 um 13:15 Uhr) |
|
19.06.2012, 14:11
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox::
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299
FF - user.js: extensions.incredibar_i.instlDay - 15503
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9
FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.06.2012, 14:47
| #15 |
| | Incredibar entfernen und der nächste... Code:
ATTFilter ComboFix 12-06-19.01 - Tim 19.06.2012 15:21:33.2.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.1145 [GMT 2:00]
ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt
AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6}
SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert
Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 ))))))))))))))))))))))))))))))
.
.
2012-06-19 13:27 . 2012-06-19 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-19 12:05 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{559F9597-D1B1-4FEA-BAE0-7F64B5D6916F}\mpengine.dll
2012-06-19 12:03 . 2012-06-19 13:30 -------- d-----w- c:\users\Tim\AppData\Local\temp
2012-06-18 20:16 . 2012-06-18 20:16 -------- d-----w- C:\_OTL
2012-06-17 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\programdata\Malwarebytes
2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-06-14 09:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 10:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 10:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 10:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 09:07 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 08:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll
2012-06-13 08:30 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 08:30 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 08:30 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 08:30 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 08:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll
2012-06-12 14:48 . 2012-06-19 11:56 -------- d-----w- c:\program files\Web Assistant
2012-06-12 14:47 . 2012-06-12 16:08 -------- d-----w- c:\users\Tim\AppData\Roaming\.freeciv
2012-06-12 14:46 . 2012-06-14 12:33 -------- d-----w- c:\program files\Freeciv-2.1.10-gtk2
2012-06-12 14:03 . 2012-02-10 23:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll
2012-06-12 09:23 . 2012-06-12 09:23 -------- d-----w- c:\users\Tim\AppData\Local\Macromedia
2012-06-05 14:31 . 2012-06-12 14:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-05 11:51 . 2012-06-05 11:51 -------- d-----w- c:\program files\Microsoft
2012-06-05 11:30 . 2012-06-05 11:30 -------- d-----w- c:\windows\system32\SPReview
2012-06-05 11:29 . 2012-06-05 11:29 -------- d-----w- c:\windows\system32\EventProviders
2012-05-29 12:32 . 2012-05-29 19:34 -------- d-----w- c:\users\Tim\AppData\Roaming\DVD Flick
2012-05-29 12:31 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx
2012-05-29 12:31 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx
2012-05-29 12:31 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx
2012-05-29 12:31 . 2004-03-08 22:00 609824 ----a-w- c:\windows\system32\comctl32.ocx
2012-05-29 12:31 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll
2012-05-29 12:31 . 1998-06-23 22:00 164144 ----a-w- c:\windows\system32\comct232.ocx
2012-05-29 12:31 . 2012-05-29 12:32 -------- d-----w- c:\program files\DVD Flick
2012-05-29 12:31 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-12 14:46 . 2011-12-08 05:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-05 11:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll
2012-03-31 04:39 . 2012-05-09 07:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe
2012-03-31 04:39 . 2012-05-09 07:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-03-30 10:23 . 2012-05-09 07:36 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-04-25 07:30 . 2011-12-07 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472]
"Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon]
2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe]
2010-01-21 10:32 2089472 ----a-w- c:\program files\FeedReader30\feedreader.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam]
2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype]
2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC]
2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000]
2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe
.
R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384]
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952]
S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048]
S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.1.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
"MSCurrentCountry"=dword:000000b5
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Microsoft Security Client\MsMpEng.exe
c:\windows\system32\Ati2evxx.exe
c:\windows\system32\Ati2evxx.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Microsoft LifeCam\MSCamS32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\conhost.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-19 15:34:46 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-19 13:34
ComboFix2.txt 2012-06-19 12:03
.
Vor Suchlauf: 9 Verzeichnis(se), 58.951.487.488 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 59.026.673.664 Bytes frei
.
- - End Of File - - E3896B8B879DD57A9FACE6280ED1D10C
|
|
| Themen zu Incredibar entfernen |
| adobe, autorun, bho, bonjour, browser, defender, einstellung, entfernen, error, erste mal, explorer, firefox, format, google earth, incredibar.com, internet, internet explorer, locker, logfile, mozilla, mystart, mystart by incredibar.com, object, plug-in, programme, registry, searchscopes, security, seiten, senden, softonic, software, spotify web helper, version=1.0, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
