|
Plagegeister aller Art und deren Bekämpfung: Incredibar entfernenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.06.2012, 16:41 | #1 |
| Incredibar entfernen Hallo, ich habe mir vorgestern das Spiel "Freeciv" bei "softonic" runtergeladen. Direkt danach hatte sich ohne mein Zutun die Toolbar mit Namen "Incredibar" installiert und meine Startseite bei Firefox (und auch Internet Explorer, den ich aber nicht nutze) in MyStart by IncrediBar.com umgeändert. Die Toolbar ließ sich ausblenden aber nicht entfernen. Die Startseite habe ich wieder auf "google.de" umstellen können. Auch die geladene "Freeciv" Datei habe ich wieder gelöscht. Unmittelbare Symptome sind nun, dass der Rechner bzw. Browser langsamer sind. Es werden keine ungefragten Seiten mehr geöffnet wie es der Fall war als die erwähnte Startseite eingerichtet war. Jedesmal wenn ich Firefox neu öffne geht unten rechts ein „Fenster“ auf was mich warnt, dass eine Einstellung geändert wurde und ob ich die beibehalten will. Das tauchte das erste Mal auf nachdem ich die Startseite wieder in „Google“ geändert habe. Das kam mir alles sehr spanisch vor, besonders weil der Rechner lansamer agiert. Da ich nicht sehr bewandert bin, will ich da jetzt auch nicht auf eigene Faust und mit Hilfe irgendwelcher Vorschläge bei "gutefrage.net" agieren. Hier auch die gewünschten Scanergebnisse (ausser "Extra.txt.", die wurde irgendwie nicht erstellt). Auch konnte ich keine Dateien mit Namen "dds.txt" und "attach.txt" finden. Ich hoffe ich habe das alles richtig befolgt. Ich habe wirklich keine Ahnung von solchen Foren wie deisem hier und bin ein wenig eingeschüchtert und verwirt von all den Anforderungen. Naja...Hoffnungsvoll grüßt Tim Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 14:51 on 14/06/2012 (Tim) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter OTL logfile created on: 14.06.2012 14:58:05 - Run 2 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Tim\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,24 Gb Available Physical Memory | 66,22% Memory free 3,75 Gb Paging File | 3,09 Gb Available in Paging File | 82,48% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 53,74 Gb Free Space | 36,08% Space Free | Partition Type: NTFS Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Drive E: | 232,88 Gb Total Space | 83,31 Gb Free Space | 35,77% Space Free | Partition Type: NTFS Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe ========== Modules (No Company Name) ========== MOD - [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe MOD - [2012.02.20 21:29:04 | 000,087,912 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 21:28:42 | 001,242,472 | ---- | M] () -- C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions [2012.06.12 16:48:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions [2012.06.12 16:48:24 | 000,000,000 | ---D | M] (incredibar.com) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\ffxtlbr@incredibar.com [2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml [2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKCU..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe () O4 - HKCU..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2 [2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.06.12 16:47:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freeciv 2.1.10 (GTK+ client) [2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2 [2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia [2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick [2012.05.17 21:22:10 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 15:02:01 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.14 14:55:02 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.14 14:54:43 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.14 14:54:38 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 14:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js [2012.05.17 21:22:10 | 000,000,969 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js [2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,024,064 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== < End of report > Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net Rootkit scan 2012-06-14 17:20:54 Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 Hitachi_HTS543216L9A300 rev.FB2OC40C Running: 2ojdblpe.exe; Driver: C:\Users\Tim\AppData\Local\Temp\uwldipow.sys ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82A413C9 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82A7AD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8DC25000, 0x267978, 0xE8000020] ---- Devices - GMER 1.0.15 ---- Device \Driver\ACPI_HAL \Device\00000047 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 rdyboost.sys (ReadyBoost Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- Geändert von TimKnopf (14.06.2012 um 16:59 Uhr) |
18.06.2012, 11:45 | #2 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernenZitat:
Finger weg von Softonic!! Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen Code:
ATTFilter [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
__________________ |
18.06.2012, 14:52 | #3 |
| Incredibar entfernen Ertmal vielen Dank schonmal für die Antwort. Ja die Warnungen habe ich beim Stöbern in anderen Themen dann auch gesehen .
__________________Hier die Logs von Malwarebytes. Ich poste einfach mal alle. Den ersten Suchlauf hatte ich dummerweise abgebrochen. Da hatte er dann wie du siehst eine infizierte Datei gefunden. Die habe ich unter Quarantäne gestellt. War das falsch? Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tim :: TIM-PC [Administrator] 14.06.2012 11:39:20 mbam-log-2012-06-14 (11-39-20).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 78337 Laufzeit: 1 Stunde(n), 16 Minute(n), 43 Sekunde(n) [Abgebrochen] Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Tim\Downloads\SoftonicDownloader_fuer_freeciv.exe (PUP.ToolbarDownloader) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.14.05 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 Tim :: TIM-PC [Administrator] 16.06.2012 11:36:05 mbam-log-2012-06-16 (11-36-05).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 297310 Laufzeit: 1 Stunde(n), 5 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
18.06.2012, 15:36 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
18.06.2012, 16:52 | #5 |
| Incredibar entfernen Hier also die das neue OTL Log. In deiner Anleitung stand, dass als nächster Schritt nach dem QuickScan ich solle "OK" klicken. Ich konnte keinen OK Button finden. Hmm... Code:
ATTFilter OTL logfile created on: 18.06.2012 17:16:06 - Run 3 OTL by OldTimer - Version 3.2.48.0 Folder = C:\Users\Tim\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,39 Gb Available Physical Memory | 74,43% Memory free 3,75 Gb Paging File | 3,17 Gb Available in Paging File | 84,67% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 148,95 Gb Total Space | 53,31 Gb Free Space | 35,79% Space Free | Partition Type: NTFS Drive D: | 3,75 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: TIM-PC | User Name: Tim | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe PRC - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe PRC - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe PRC - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe PRC - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.02.25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft LifeCam\MSCamS32.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV - [2012.05.08 15:15:02 | 000,185,856 | ---- | M] () [Auto | Running] -- C:\Programme\Web Assistant\ExtensionUpdaterService.exe -- (Web Assistant Updater) SRV - [2012.04.25 09:30:00 | 000,129,976 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.03.26 17:03:40 | 000,214,952 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv) SRV - [2012.03.26 17:03:40 | 000,011,552 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc) SRV - [2012.03.12 10:59:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2011.08.29 15:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2011.07.20 06:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.06.06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2010.05.20 16:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.07.14 03:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.02.26 19:36:22 | 000,064,856 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe -- (Microsoft Office Groove Audit Service) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - [2012.03.20 20:44:12 | 000,074,112 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv) DRV - [2011.08.29 15:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010.11.20 14:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 14:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 14:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 11:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 11:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.05.20 16:27:26 | 001,961,072 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VX1000.sys -- (VX1000) DRV - [2010.02.11 09:42:22 | 004,450,816 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2009.07.14 00:13:45 | 001,068,032 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\smserial.sys -- (smserial) DRV - [2009.07.14 00:02:46 | 001,096,704 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 45 C7 DF 96 D2 B4 CC 01 [binary data] IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A} IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..keyword.URL: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_257.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\Web Assistant\Firefox [2012.06.12 16:48:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.04.25 09:30:00 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 12.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011.12.07 13:53:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Extensions [2012.06.16 15:37:12 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions [2012.06.16 13:33:20 | 000,000,000 | ---D | M] (Ghostery) -- C:\Users\Tim\AppData\Roaming\mozilla\Firefox\Profiles\01dru1t0.default\extensions\firefox@ghostery.com [2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml [2012.03.20 22:32:32 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.12 16:48:04 | 000,000,000 | ---D | M] (Web Assistant) -- C:\PROGRAM FILES\WEB ASSISTANT\FIREFOX [2012.06.16 13:44:13 | 000,525,301 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI [2012.06.16 15:07:14 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\TIM\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\01DRU1T0.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.04.25 09:30:00 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.19 11:56:02 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.03.19 11:56:02 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.03.19 11:56:02 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.03.19 11:56:02 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.03.19 11:56:02 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.03.19 11:56:02 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Web Assistant) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\Web Assistant\Extension32.dll () O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [feedreader.exe] C:\Program Files\FeedReader30\feedreader.exe () O4 - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000..\Run: [Spotify Web Helper] C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A79DB8EA-D121-414D-9057-607BD610F61A}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig - StartUpReg: feedreader.exe - hkey= - key= - C:\Program Files\FeedReader30\feedreader.exe () MsConfig - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig - StartUpReg: iTunesHelper - hkey= - key= - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) MsConfig - StartUpReg: LifeCam - hkey= - key= - C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) MsConfig - StartUpReg: Skype - hkey= - key= - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) MsConfig - StartUpReg: StartCCC - hkey= - key= - C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) MsConfig - StartUpReg: VX1000 - hkey= - key= - C:\Windows\vVX1000.exe (Microsoft Corporation) MsConfig - State: "startup" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: MsMpSvc - c:\Programme\Microsoft Security Client\MsMpEng.exe (Microsoft Corporation) SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.14 12:36:49 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 11:38:04 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2012.06.14 11:37:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.14 11:37:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.14 11:37:41 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.14 11:37:41 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.12 18:43:52 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.06.12 18:43:39 | 000,000,000 | ---D | C] -- C:\Users\Tim\Desktop\Civ2 [2012.06.12 16:48:01 | 000,000,000 | ---D | C] -- C:\Program Files\Web Assistant [2012.06.12 16:47:48 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.06.12 16:46:57 | 000,000,000 | ---D | C] -- C:\Program Files\Freeciv-2.1.10-gtk2 [2012.06.12 11:23:02 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Local\Macromedia [2012.06.05 13:51:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Add-in [2012.06.05 13:51:54 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft [2012.06.05 13:30:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.06.05 13:29:20 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.05.29 14:32:14 | 000,000,000 | ---D | C] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.05.29 14:32:01 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Flick [2012.05.29 14:31:45 | 000,040,960 | ---- | C] (vbAccelerator) -- C:\Windows\System32\ssubtmr6.dll [2012.05.29 14:31:45 | 000,036,864 | ---- | C] (Robdogg Inc.) -- C:\Windows\System32\trayicon_handler.ocx [2012.05.29 14:31:45 | 000,028,672 | ---- | C] (-) -- C:\Windows\System32\mousewheel.ocx [2012.05.29 14:31:44 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Flick [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.18 16:43:00 | 000,000,880 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:31:50 | 000,015,168 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 15:27:29 | 000,000,876 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.18 15:24:31 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.18 15:24:25 | 1508,462,592 | -HS- | M] () -- C:\hiberfil.sys [2012.06.14 13:38:55 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Users\Tim\Desktop\OTL.exe [2012.06.14 12:36:22 | 000,302,592 | ---- | M] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | M] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:27:41 | 000,050,477 | ---- | M] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.14 11:01:33 | 000,670,878 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.14 11:01:33 | 000,622,390 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.14 11:01:33 | 000,135,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.14 11:01:33 | 000,111,478 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.13 19:22:43 | 000,410,064 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.13 11:04:30 | 000,007,536 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2012.06.12 16:48:25 | 000,000,447 | ---- | M] () -- C:\user.js [4 C:\Users\Tim\Desktop\*.tmp files -> C:\Users\Tim\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.14 12:35:56 | 000,302,592 | ---- | C] () -- C:\Users\Tim\Desktop\2ojdblpe.exe [2012.06.14 12:29:06 | 000,000,000 | ---- | C] () -- C:\Users\Tim\defogger_reenable [2012.06.14 12:26:51 | 000,050,477 | ---- | C] () -- C:\Users\Tim\Desktop\Defogger.exe [2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js [2012.06.12 16:47:32 | 000,007,536 | ---- | C] () -- C:\Users\Tim\AppData\Roaming\.civclientrc [2011.12.09 13:47:54 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.12.08 16:53:54 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin ========== LOP Check ========== [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions [2009.07.14 06:53:46 | 000,024,820 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.06.12 18:08:22 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\.freeciv [2012.01.10 14:59:13 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Adobe [2012.05.07 14:44:20 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Apple Computer [2011.12.08 16:54:31 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\ATI [2012.05.29 21:34:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\DVD Flick [2012.02.19 22:14:00 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Feedreader by netzwelt [2011.12.07 13:21:43 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Identities [2011.12.08 07:08:36 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Macromedia [2012.06.14 11:38:04 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Media Center Programs [2012.02.23 18:02:45 | 000,000,000 | --SD | M] -- C:\Users\Tim\AppData\Roaming\Microsoft [2011.12.07 13:53:26 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Mozilla [2012.06.18 17:14:53 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Skype [2012.05.24 13:37:30 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\Spotify [2012.06.02 22:57:38 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\vlc [2011.12.08 17:51:16 | 000,000,000 | ---D | M] -- C:\Users\Tim\AppData\Roaming\WindSolutions < %APPDATA%\*.exe /s > [2011.12.08 16:48:07 | 000,010,134 | R--- | M] () -- C:\Users\Tim\AppData\Roaming\Microsoft\Installer\{9DBCF44B-77AC-81D8-0F8E-1E60D6330AC2}\ARPPRODUCTICON.exe [2012.05.06 16:54:21 | 009,478,320 | ---- | M] (Spotify Ltd) -- C:\Users\Tim\AppData\Roaming\Spotify\spotify.exe [2012.05.06 16:54:02 | 000,932,528 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
18.06.2012, 20:57 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://mystart.incredibar.com/mb165?a=6OyEJx8HJ9&i=26 IE - HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = http://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6OyEJx8HJ9&i=26 FF - prefs.js..browser.search.defaultenginename: "MyStart Search" FF - prefs.js..keyword.URL: "http://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" [2012.06.12 16:47:44 | 000,002,203 | ---- | M] () -- C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml [2012.06.12 16:48:25 | 000,000,447 | ---- | C] () -- C:\user.js :Commands [purity] [emptytemp] [emptyflash] [resethosts] Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ --> Incredibar entfernen |
18.06.2012, 22:03 | #7 |
| Incredibar entfernen So. Hier das Ergebnis des "Fix". Code:
ATTFilter All processes killed ========== OTL ========== HKU\S-1-5-21-1566656340-3154354100-3834751223-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully! Registry key HKEY_USERS\S-1-5-21-1566656340-3154354100-3834751223-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ not found. Prefs.js: "MyStart Search" removed from browser.search.defaultenginename Prefs.js: "hxxp://mystart.incredibar.com/mb165/?loc=IB_DS&a=6OyEJx8HJ9&&i=26&search=" removed from keyword.URL C:\Users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\searchplugins\MyStart Search.xml moved successfully. C:\user.js moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Tim ->Temp folder emptied: 191893 bytes ->Temporary Internet Files folder emptied: 27136185 bytes ->Java cache emptied: 41549 bytes ->FireFox cache emptied: 50452568 bytes ->Flash cache emptied: 2656 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 143786801 bytes RecycleBin emptied: 90135819 bytes Total Files Cleaned = 297,00 mb [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Tim ->Flash cache emptied: 0 bytes Total Flash Files Cleaned = 0,00 mb C:\Windows\System32\drivers\etc\Hosts moved successfully. HOSTS file reset successfully OTL by OldTimer - Version 3.2.48.0 log created on 06182012_221658 Files\Folders moved on Reboot... Registry entries deleted on Reboot... |
19.06.2012, 07:20 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 09:11 | #9 |
| Incredibar entfernen Guten Morgen und hier der gewünschte Log... Code:
ATTFilter 09:59:35.0304 0204 TDSS rootkit removing tool 2.7.40.0 Jun 15 2012 15:13:31 09:59:35.0460 0204 ============================================================ 09:59:35.0460 0204 Current date / time: 2012/06/19 09:59:35.0460 09:59:35.0460 0204 SystemInfo: 09:59:35.0460 0204 09:59:35.0460 0204 OS Version: 6.1.7601 ServicePack: 1.0 09:59:35.0460 0204 Product type: Workstation 09:59:35.0460 0204 ComputerName: TIM-PC 09:59:35.0460 0204 UserName: Tim 09:59:35.0460 0204 Windows directory: C:\Windows 09:59:35.0460 0204 System windows directory: C:\Windows 09:59:35.0460 0204 Processor architecture: Intel x86 09:59:35.0460 0204 Number of processors: 2 09:59:35.0460 0204 Page size: 0x1000 09:59:35.0460 0204 Boot type: Normal boot 09:59:35.0460 0204 ============================================================ 09:59:38.0034 0204 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 09:59:38.0034 0204 ============================================================ 09:59:38.0034 0204 \Device\Harddisk0\DR0: 09:59:38.0034 0204 MBR partitions: 09:59:38.0034 0204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 09:59:38.0034 0204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E6800 09:59:38.0034 0204 ============================================================ 09:59:38.0050 0204 C: <-> \Device\Harddisk0\DR0\Partition1 09:59:38.0050 0204 ============================================================ 09:59:38.0050 0204 Initialize success 09:59:38.0050 0204 ============================================================ 10:00:54.0875 4740 ============================================================ 10:00:54.0875 4740 Scan started 10:00:54.0875 4740 Mode: Manual; SigCheck; TDLFS; 10:00:54.0875 4740 ============================================================ 10:00:55.0312 4740 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys 10:00:55.0484 4740 1394ohci - ok 10:00:55.0562 4740 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 10:00:55.0593 4740 ACPI - ok 10:00:55.0655 4740 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 10:00:55.0686 4740 AcpiPmi - ok 10:00:55.0811 4740 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 10:00:55.0842 4740 AdobeARMservice - ok 10:00:55.0920 4740 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 10:00:55.0983 4740 adp94xx - ok 10:00:56.0030 4740 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 10:00:56.0076 4740 adpahci - ok 10:00:56.0108 4740 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 10:00:56.0123 4740 adpu320 - ok 10:00:56.0217 4740 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 10:00:56.0357 4740 AeLookupSvc - ok 10:00:56.0435 4740 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 10:00:56.0544 4740 AFD - ok 10:00:56.0607 4740 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 10:00:56.0638 4740 agp440 - ok 10:00:56.0685 4740 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 10:00:56.0716 4740 aic78xx - ok 10:00:56.0794 4740 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 10:00:56.0888 4740 ALG - ok 10:00:56.0950 4740 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 10:00:56.0981 4740 aliide - ok 10:00:57.0044 4740 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 10:00:57.0075 4740 amdagp - ok 10:00:57.0106 4740 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 10:00:57.0122 4740 amdide - ok 10:00:57.0168 4740 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 10:00:57.0200 4740 AmdK8 - ok 10:00:57.0231 4740 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 10:00:57.0278 4740 AmdPPM - ok 10:00:57.0340 4740 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys 10:00:57.0371 4740 amdsata - ok 10:00:57.0387 4740 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 10:00:57.0402 4740 amdsbs - ok 10:00:57.0418 4740 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys 10:00:57.0434 4740 amdxata - ok 10:00:57.0496 4740 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 10:00:57.0652 4740 AppID - ok 10:00:57.0683 4740 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 10:00:57.0746 4740 AppIDSvc - ok 10:00:57.0792 4740 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 10:00:57.0855 4740 Appinfo - ok 10:00:57.0980 4740 Apple Mobile Device (7ef47644b74ebe721cc32211d3c35e76) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 10:00:58.0011 4740 Apple Mobile Device - ok 10:00:58.0073 4740 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll 10:00:58.0151 4740 AppMgmt - ok 10:00:58.0182 4740 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 10:00:58.0198 4740 arc - ok 10:00:58.0229 4740 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 10:00:58.0245 4740 arcsas - ok 10:00:58.0276 4740 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 10:00:58.0432 4740 AsyncMac - ok 10:00:58.0479 4740 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 10:00:58.0494 4740 atapi - ok 10:00:58.0588 4740 athr (76bab0c824e2d05b940c4dd40a9b08bf) C:\Windows\system32\DRIVERS\athr.sys 10:00:58.0650 4740 athr - ok 10:00:58.0775 4740 Ati External Event Utility (86acb6a60c50e99eb8e68710d5a12654) C:\Windows\system32\Ati2evxx.exe 10:00:59.0134 4740 Ati External Event Utility - ok 10:00:59.0571 4740 atikmdag (7db96c2801a78513bdc133c25d07929e) C:\Windows\system32\DRIVERS\atikmdag.sys 10:00:59.0774 4740 atikmdag - ok 10:00:59.0976 4740 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 10:01:00.0086 4740 AudioEndpointBuilder - ok 10:01:00.0101 4740 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 10:01:00.0148 4740 Audiosrv - ok 10:01:00.0210 4740 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 10:01:00.0288 4740 AxInstSV - ok 10:01:00.0398 4740 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 10:01:00.0491 4740 b06bdrv - ok 10:01:00.0554 4740 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 10:01:00.0616 4740 b57nd60x - ok 10:01:00.0678 4740 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 10:01:00.0772 4740 BDESVC - ok 10:01:00.0803 4740 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 10:01:00.0897 4740 Beep - ok 10:01:00.0990 4740 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 10:01:01.0053 4740 BFE - ok 10:01:01.0131 4740 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 10:01:01.0193 4740 BITS - ok 10:01:01.0224 4740 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 10:01:01.0271 4740 blbdrive - ok 10:01:01.0458 4740 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe 10:01:01.0490 4740 Bonjour Service - ok 10:01:01.0552 4740 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 10:01:01.0583 4740 bowser - ok 10:01:01.0614 4740 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 10:01:01.0677 4740 BrFiltLo - ok 10:01:01.0692 4740 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 10:01:01.0770 4740 BrFiltUp - ok 10:01:01.0848 4740 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 10:01:01.0942 4740 Browser - ok 10:01:02.0004 4740 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 10:01:02.0067 4740 Brserid - ok 10:01:02.0098 4740 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 10:01:02.0145 4740 BrSerWdm - ok 10:01:02.0160 4740 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 10:01:02.0207 4740 BrUsbMdm - ok 10:01:02.0238 4740 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 10:01:02.0301 4740 BrUsbSer - ok 10:01:02.0332 4740 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 10:01:02.0410 4740 BTHMODEM - ok 10:01:02.0457 4740 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 10:01:02.0519 4740 bthserv - ok 10:01:02.0550 4740 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 10:01:02.0597 4740 cdfs - ok 10:01:02.0675 4740 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 10:01:02.0722 4740 cdrom - ok 10:01:02.0800 4740 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 10:01:02.0894 4740 CertPropSvc - ok 10:01:02.0909 4740 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 10:01:02.0940 4740 circlass - ok 10:01:02.0987 4740 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 10:01:03.0003 4740 CLFS - ok 10:01:03.0096 4740 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 10:01:03.0112 4740 clr_optimization_v2.0.50727_32 - ok 10:01:03.0221 4740 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 10:01:03.0252 4740 clr_optimization_v4.0.30319_32 - ok 10:01:03.0284 4740 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 10:01:03.0315 4740 CmBatt - ok 10:01:03.0362 4740 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 10:01:03.0408 4740 cmdide - ok 10:01:03.0455 4740 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 10:01:03.0549 4740 CNG - ok 10:01:03.0564 4740 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 10:01:03.0580 4740 Compbatt - ok 10:01:03.0658 4740 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 10:01:03.0689 4740 CompositeBus - ok 10:01:03.0705 4740 COMSysApp - ok 10:01:03.0736 4740 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 10:01:03.0767 4740 crcdisk - ok 10:01:03.0814 4740 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll 10:01:03.0845 4740 CryptSvc - ok 10:01:03.0923 4740 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys 10:01:04.0017 4740 CSC - ok 10:01:04.0079 4740 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll 10:01:04.0157 4740 CscService - ok 10:01:04.0235 4740 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 10:01:04.0360 4740 DcomLaunch - ok 10:01:04.0407 4740 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 10:01:04.0469 4740 defragsvc - ok 10:01:04.0578 4740 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 10:01:04.0610 4740 DfsC - ok 10:01:04.0688 4740 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 10:01:04.0797 4740 Dhcp - ok 10:01:04.0829 4740 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 10:01:04.0891 4740 discache - ok 10:01:04.0938 4740 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 10:01:04.0969 4740 Disk - ok 10:01:05.0016 4740 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 10:01:05.0079 4740 Dnscache - ok 10:01:05.0141 4740 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 10:01:05.0235 4740 dot3svc - ok 10:01:05.0266 4740 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 10:01:05.0328 4740 DPS - ok 10:01:05.0391 4740 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 10:01:05.0422 4740 drmkaud - ok 10:01:05.0500 4740 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 10:01:05.0547 4740 DXGKrnl - ok 10:01:05.0578 4740 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 10:01:05.0687 4740 EapHost - ok 10:01:05.0905 4740 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 10:01:06.0015 4740 ebdrv - ok 10:01:06.0155 4740 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 10:01:06.0233 4740 EFS - ok 10:01:06.0358 4740 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 10:01:06.0451 4740 ehRecvr - ok 10:01:06.0592 4740 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 10:01:06.0701 4740 ehSched - ok 10:01:06.0810 4740 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 10:01:06.0857 4740 elxstor - ok 10:01:06.0904 4740 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 10:01:06.0935 4740 ErrDev - ok 10:01:06.0997 4740 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 10:01:07.0060 4740 EventSystem - ok 10:01:07.0107 4740 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 10:01:07.0169 4740 exfat - ok 10:01:07.0200 4740 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 10:01:07.0263 4740 fastfat - ok 10:01:07.0356 4740 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 10:01:07.0465 4740 Fax - ok 10:01:07.0497 4740 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 10:01:07.0543 4740 fdc - ok 10:01:07.0590 4740 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 10:01:07.0684 4740 fdPHost - ok 10:01:07.0715 4740 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 10:01:07.0777 4740 FDResPub - ok 10:01:07.0809 4740 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 10:01:07.0824 4740 FileInfo - ok 10:01:07.0871 4740 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 10:01:07.0933 4740 Filetrace - ok 10:01:07.0965 4740 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 10:01:08.0027 4740 flpydisk - ok 10:01:08.0074 4740 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 10:01:08.0121 4740 FltMgr - ok 10:01:08.0214 4740 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll 10:01:08.0292 4740 FontCache - ok 10:01:08.0370 4740 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 10:01:08.0386 4740 FontCache3.0.0.0 - ok 10:01:08.0401 4740 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 10:01:08.0417 4740 FsDepends - ok 10:01:08.0464 4740 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 10:01:08.0495 4740 Fs_Rec - ok 10:01:08.0589 4740 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 10:01:08.0635 4740 fvevol - ok 10:01:08.0682 4740 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 10:01:08.0698 4740 gagp30kx - ok 10:01:08.0745 4740 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 10:01:08.0760 4740 GEARAspiWDM - ok 10:01:08.0838 4740 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 10:01:08.0916 4740 gpsvc - ok 10:01:09.0072 4740 gupdate (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe 10:01:09.0103 4740 gupdate - ok 10:01:09.0119 4740 gupdatem (506708142bc63daba64f2d3ad1dcd5bf) C:\Program Files\Google\Update\GoogleUpdate.exe 10:01:09.0135 4740 gupdatem - ok 10:01:09.0166 4740 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 10:01:09.0213 4740 hcw85cir - ok 10:01:09.0291 4740 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys 10:01:09.0322 4740 HdAudAddService - ok 10:01:09.0353 4740 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 10:01:09.0400 4740 HDAudBus - ok 10:01:09.0447 4740 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 10:01:09.0478 4740 HidBatt - ok 10:01:09.0509 4740 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 10:01:09.0556 4740 HidBth - ok 10:01:09.0587 4740 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 10:01:09.0649 4740 HidIr - ok 10:01:09.0696 4740 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 10:01:09.0774 4740 hidserv - ok 10:01:09.0868 4740 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys 10:01:09.0883 4740 HidUsb - ok 10:01:09.0930 4740 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 10:01:09.0993 4740 hkmsvc - ok 10:01:10.0039 4740 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 10:01:10.0102 4740 HomeGroupListener - ok 10:01:10.0180 4740 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 10:01:10.0258 4740 HomeGroupProvider - ok 10:01:10.0336 4740 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 10:01:10.0367 4740 HpSAMD - ok 10:01:10.0476 4740 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 10:01:10.0539 4740 HTTP - ok 10:01:10.0585 4740 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 10:01:10.0601 4740 hwpolicy - ok 10:01:10.0663 4740 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 10:01:10.0695 4740 i8042prt - ok 10:01:10.0788 4740 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys 10:01:10.0804 4740 iaStorV - ok 10:01:10.0975 4740 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 10:01:11.0038 4740 idsvc - ok 10:01:11.0085 4740 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 10:01:11.0100 4740 iirsp - ok 10:01:11.0194 4740 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 10:01:11.0272 4740 IKEEXT - ok 10:01:11.0303 4740 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 10:01:11.0319 4740 intelide - ok 10:01:11.0365 4740 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 10:01:11.0412 4740 intelppm - ok 10:01:11.0459 4740 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 10:01:11.0553 4740 IPBusEnum - ok 10:01:11.0584 4740 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 10:01:11.0646 4740 IpFilterDriver - ok 10:01:11.0740 4740 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 10:01:11.0787 4740 iphlpsvc - ok 10:01:11.0849 4740 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 10:01:11.0896 4740 IPMIDRV - ok 10:01:11.0943 4740 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 10:01:12.0052 4740 IPNAT - ok 10:01:12.0192 4740 iPod Service (57edb35ea2feca88f8b17c0c095c9a56) C:\Program Files\iPod\bin\iPodService.exe 10:01:12.0239 4740 iPod Service - ok 10:01:12.0270 4740 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 10:01:12.0317 4740 IRENUM - ok 10:01:12.0364 4740 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 10:01:12.0379 4740 isapnp - ok 10:01:12.0442 4740 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 10:01:12.0489 4740 iScsiPrt - ok 10:01:12.0551 4740 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys 10:01:12.0598 4740 kbdclass - ok 10:01:12.0645 4740 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys 10:01:12.0676 4740 kbdhid - ok 10:01:12.0707 4740 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:01:12.0738 4740 KeyIso - ok 10:01:12.0754 4740 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 10:01:12.0769 4740 KSecDD - ok 10:01:12.0785 4740 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 10:01:12.0816 4740 KSecPkg - ok 10:01:12.0863 4740 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 10:01:12.0925 4740 KtmRm - ok 10:01:13.0003 4740 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 10:01:13.0097 4740 LanmanServer - ok 10:01:13.0144 4740 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 10:01:13.0206 4740 LanmanWorkstation - ok 10:01:13.0269 4740 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 10:01:13.0331 4740 lltdio - ok 10:01:13.0378 4740 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 10:01:13.0425 4740 lltdsvc - ok 10:01:13.0440 4740 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 10:01:13.0471 4740 lmhosts - ok 10:01:13.0518 4740 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 10:01:13.0534 4740 LSI_FC - ok 10:01:13.0549 4740 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 10:01:13.0581 4740 LSI_SAS - ok 10:01:13.0612 4740 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 10:01:13.0627 4740 LSI_SAS2 - ok 10:01:13.0659 4740 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 10:01:13.0674 4740 LSI_SCSI - ok 10:01:13.0690 4740 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 10:01:13.0737 4740 luafv - ok 10:01:13.0783 4740 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 10:01:13.0830 4740 Mcx2Svc - ok 10:01:13.0846 4740 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 10:01:13.0877 4740 megasas - ok 10:01:13.0924 4740 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 10:01:13.0971 4740 MegaSR - ok 10:01:14.0095 4740 Microsoft Office Groove Audit Service (123271bd5237ab991dc5c21fdf8835eb) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe 10:01:14.0111 4740 Microsoft Office Groove Audit Service - ok 10:01:14.0142 4740 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 10:01:14.0205 4740 MMCSS - ok 10:01:14.0236 4740 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 10:01:14.0329 4740 Modem - ok 10:01:14.0376 4740 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 10:01:14.0439 4740 monitor - ok 10:01:14.0517 4740 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys 10:01:14.0532 4740 mouclass - ok 10:01:14.0563 4740 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 10:01:14.0610 4740 mouhid - ok 10:01:14.0657 4740 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 10:01:14.0673 4740 mountmgr - ok 10:01:14.0751 4740 MozillaMaintenance (96aa8ba23142cc8e2b30f3cae0c80254) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 10:01:14.0797 4740 MozillaMaintenance - ok 10:01:14.0860 4740 MpFilter (d993bea500e7382dc4e760bf4f35efcb) C:\Windows\system32\DRIVERS\MpFilter.sys 10:01:14.0907 4740 MpFilter - ok 10:01:14.0969 4740 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 10:01:14.0985 4740 mpio - ok 10:01:15.0109 4740 MpKsld5b03b59 (a69630d039c38018689190234f866d77) c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys 10:01:15.0125 4740 MpKsld5b03b59 - ok 10:01:15.0156 4740 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 10:01:15.0219 4740 mpsdrv - ok 10:01:15.0297 4740 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 10:01:15.0406 4740 MpsSvc - ok 10:01:15.0437 4740 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 10:01:15.0484 4740 MRxDAV - ok 10:01:15.0562 4740 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 10:01:15.0593 4740 mrxsmb - ok 10:01:15.0640 4740 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 10:01:15.0671 4740 mrxsmb10 - ok 10:01:15.0702 4740 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 10:01:15.0733 4740 mrxsmb20 - ok 10:01:15.0796 4740 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 10:01:15.0843 4740 msahci - ok 10:01:15.0936 4740 MSCamSvc (d98350792a7ce82e7459a7c36481beda) C:\Program Files\Microsoft LifeCam\MSCamS32.exe 10:01:15.0952 4740 MSCamSvc - ok 10:01:15.0999 4740 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 10:01:16.0014 4740 msdsm - ok 10:01:16.0045 4740 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 10:01:16.0092 4740 MSDTC - ok 10:01:16.0155 4740 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 10:01:16.0186 4740 Msfs - ok 10:01:16.0201 4740 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 10:01:16.0264 4740 mshidkmdf - ok 10:01:16.0295 4740 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 10:01:16.0326 4740 msisadrv - ok 10:01:16.0389 4740 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 10:01:16.0467 4740 MSiSCSI - ok 10:01:16.0482 4740 msiserver - ok 10:01:16.0529 4740 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 10:01:16.0591 4740 MSKSSRV - ok 10:01:16.0669 4740 MsMpSvc (24516bf4e12a46cb67302e2cdcb8cddf) c:\Program Files\Microsoft Security Client\MsMpEng.exe 10:01:16.0685 4740 MsMpSvc - ok 10:01:16.0716 4740 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 10:01:16.0763 4740 MSPCLOCK - ok 10:01:16.0779 4740 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 10:01:16.0825 4740 MSPQM - ok 10:01:16.0872 4740 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 10:01:16.0888 4740 MsRPC - ok 10:01:16.0935 4740 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 10:01:16.0950 4740 mssmbios - ok 10:01:16.0966 4740 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 10:01:16.0997 4740 MSTEE - ok 10:01:17.0013 4740 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 10:01:17.0044 4740 MTConfig - ok 10:01:17.0091 4740 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 10:01:17.0137 4740 Mup - ok 10:01:17.0215 4740 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 10:01:17.0278 4740 napagent - ok 10:01:17.0340 4740 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 10:01:17.0356 4740 NativeWifiP - ok 10:01:17.0434 4740 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 10:01:17.0465 4740 NDIS - ok 10:01:17.0512 4740 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 10:01:17.0543 4740 NdisCap - ok 10:01:17.0574 4740 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 10:01:17.0668 4740 NdisTapi - ok 10:01:17.0746 4740 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 10:01:17.0824 4740 Ndisuio - ok 10:01:17.0855 4740 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 10:01:17.0917 4740 NdisWan - ok 10:01:17.0964 4740 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 10:01:18.0027 4740 NDProxy - ok 10:01:18.0073 4740 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 10:01:18.0167 4740 NetBIOS - ok 10:01:18.0229 4740 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 10:01:18.0323 4740 NetBT - ok 10:01:18.0354 4740 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:01:18.0370 4740 Netlogon - ok 10:01:18.0432 4740 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 10:01:18.0510 4740 Netman - ok 10:01:18.0557 4740 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 10:01:18.0619 4740 netprofm - ok 10:01:18.0729 4740 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 10:01:18.0775 4740 NetTcpPortSharing - ok 10:01:18.0822 4740 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 10:01:18.0838 4740 nfrd960 - ok 10:01:18.0916 4740 NisDrv (b52f26bade7d7e4a79706e3fd91834cd) C:\Windows\system32\DRIVERS\NisDrvWFP.sys 10:01:18.0931 4740 NisDrv - ok 10:01:19.0009 4740 NisSrv (290c0d4c4889398797f8df3be00b9698) c:\Program Files\Microsoft Security Client\NisSrv.exe 10:01:19.0041 4740 NisSrv - ok 10:01:19.0087 4740 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 10:01:19.0181 4740 NlaSvc - ok 10:01:19.0228 4740 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 10:01:19.0306 4740 Npfs - ok 10:01:19.0337 4740 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 10:01:19.0384 4740 nsi - ok 10:01:19.0399 4740 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 10:01:19.0462 4740 nsiproxy - ok 10:01:19.0571 4740 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys 10:01:19.0618 4740 Ntfs - ok 10:01:19.0649 4740 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 10:01:19.0711 4740 Null - ok 10:01:19.0758 4740 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys 10:01:19.0805 4740 nvraid - ok 10:01:19.0836 4740 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys 10:01:19.0883 4740 nvstor - ok 10:01:19.0930 4740 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 10:01:19.0945 4740 nv_agp - ok 10:01:20.0086 4740 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 10:01:20.0117 4740 odserv - ok 10:01:20.0164 4740 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 10:01:20.0211 4740 ohci1394 - ok 10:01:20.0304 4740 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 10:01:20.0335 4740 ose - ok 10:01:20.0413 4740 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 10:01:20.0491 4740 p2pimsvc - ok 10:01:20.0523 4740 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 10:01:20.0554 4740 p2psvc - ok 10:01:20.0601 4740 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 10:01:20.0632 4740 Parport - ok 10:01:20.0679 4740 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 10:01:20.0694 4740 partmgr - ok 10:01:20.0710 4740 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 10:01:20.0741 4740 Parvdm - ok 10:01:20.0788 4740 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 10:01:20.0850 4740 PcaSvc - ok 10:01:20.0913 4740 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 10:01:20.0928 4740 pci - ok 10:01:20.0975 4740 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 10:01:21.0006 4740 pciide - ok 10:01:21.0037 4740 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 10:01:21.0069 4740 pcmcia - ok 10:01:21.0084 4740 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 10:01:21.0100 4740 pcw - ok 10:01:21.0162 4740 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 10:01:21.0240 4740 PEAUTH - ok 10:01:21.0349 4740 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll 10:01:21.0474 4740 PeerDistSvc - ok 10:01:21.0677 4740 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 10:01:21.0802 4740 pla - ok 10:01:21.0973 4740 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 10:01:22.0051 4740 PlugPlay - ok 10:01:22.0098 4740 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 10:01:22.0145 4740 PNRPAutoReg - ok 10:01:22.0207 4740 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 10:01:22.0254 4740 PNRPsvc - ok 10:01:22.0317 4740 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 10:01:22.0379 4740 PolicyAgent - ok 10:01:22.0441 4740 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 10:01:22.0488 4740 Power - ok 10:01:22.0566 4740 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 10:01:22.0644 4740 PptpMiniport - ok 10:01:22.0675 4740 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 10:01:22.0707 4740 Processor - ok 10:01:22.0785 4740 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll 10:01:22.0847 4740 ProfSvc - ok 10:01:22.0894 4740 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:01:22.0909 4740 ProtectedStorage - ok 10:01:22.0956 4740 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 10:01:23.0003 4740 Psched - ok 10:01:23.0112 4740 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 10:01:23.0175 4740 ql2300 - ok 10:01:23.0331 4740 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 10:01:23.0346 4740 ql40xx - ok 10:01:23.0393 4740 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 10:01:23.0440 4740 QWAVE - ok 10:01:23.0471 4740 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 10:01:23.0518 4740 QWAVEdrv - ok 10:01:23.0549 4740 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 10:01:23.0643 4740 RasAcd - ok 10:01:23.0689 4740 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 10:01:23.0736 4740 RasAgileVpn - ok 10:01:23.0783 4740 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 10:01:23.0830 4740 RasAuto - ok 10:01:23.0877 4740 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 10:01:23.0908 4740 Rasl2tp - ok 10:01:23.0986 4740 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 10:01:24.0095 4740 RasMan - ok 10:01:24.0126 4740 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 10:01:24.0189 4740 RasPppoe - ok 10:01:24.0235 4740 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 10:01:24.0298 4740 RasSstp - ok 10:01:24.0345 4740 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 10:01:24.0407 4740 rdbss - ok 10:01:24.0438 4740 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 10:01:24.0454 4740 rdpbus - ok 10:01:24.0501 4740 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 10:01:24.0594 4740 RDPCDD - ok 10:01:24.0625 4740 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys 10:01:24.0657 4740 RDPDR - ok 10:01:24.0688 4740 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 10:01:24.0750 4740 RDPENCDD - ok 10:01:24.0781 4740 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 10:01:24.0828 4740 RDPREFMP - ok 10:01:24.0891 4740 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 10:01:24.0969 4740 RDPWD - ok 10:01:25.0031 4740 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 10:01:25.0062 4740 rdyboost - ok 10:01:25.0094 4740 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 10:01:25.0157 4740 RemoteAccess - ok 10:01:25.0204 4740 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 10:01:25.0266 4740 RemoteRegistry - ok 10:01:25.0313 4740 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 10:01:25.0406 4740 RpcEptMapper - ok 10:01:25.0438 4740 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 10:01:25.0484 4740 RpcLocator - ok 10:01:25.0531 4740 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 10:01:25.0578 4740 RpcSs - ok 10:01:25.0625 4740 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 10:01:25.0656 4740 rspndr - ok 10:01:25.0703 4740 RTL8167 (7dfd48e24479b68b258d8770121155a0) C:\Windows\system32\DRIVERS\Rt86win7.sys 10:01:25.0750 4740 RTL8167 - ok 10:01:25.0796 4740 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys 10:01:25.0874 4740 s3cap - ok 10:01:25.0906 4740 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:01:25.0921 4740 SamSs - ok 10:01:25.0984 4740 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 10:01:25.0999 4740 sbp2port - ok 10:01:26.0046 4740 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 10:01:26.0108 4740 SCardSvr - ok 10:01:26.0140 4740 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 10:01:26.0202 4740 scfilter - ok 10:01:26.0311 4740 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 10:01:26.0389 4740 Schedule - ok 10:01:26.0436 4740 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 10:01:26.0483 4740 SCPolicySvc - ok 10:01:26.0530 4740 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 10:01:26.0576 4740 SDRSVC - ok 10:01:26.0623 4740 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 10:01:26.0717 4740 secdrv - ok 10:01:26.0764 4740 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 10:01:26.0857 4740 seclogon - ok 10:01:26.0888 4740 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 10:01:26.0951 4740 SENS - ok 10:01:26.0998 4740 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 10:01:27.0044 4740 SensrSvc - ok 10:01:27.0076 4740 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 10:01:27.0091 4740 Serenum - ok 10:01:27.0107 4740 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 10:01:27.0154 4740 Serial - ok 10:01:27.0185 4740 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 10:01:27.0200 4740 sermouse - ok 10:01:27.0278 4740 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 10:01:27.0356 4740 SessionEnv - ok 10:01:27.0403 4740 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 10:01:27.0434 4740 sffdisk - ok 10:01:27.0466 4740 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 10:01:27.0497 4740 sffp_mmc - ok 10:01:27.0512 4740 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 10:01:27.0544 4740 sffp_sd - ok 10:01:27.0559 4740 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 10:01:27.0575 4740 sfloppy - ok 10:01:27.0637 4740 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 10:01:27.0684 4740 SharedAccess - ok 10:01:27.0731 4740 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 10:01:27.0793 4740 ShellHWDetection - ok 10:01:27.0840 4740 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 10:01:27.0871 4740 sisagp - ok 10:01:27.0918 4740 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 10:01:27.0949 4740 SiSRaid2 - ok 10:01:27.0965 4740 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 10:01:27.0980 4740 SiSRaid4 - ok 10:01:28.0012 4740 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 10:01:28.0058 4740 Smb - ok 10:01:28.0152 4740 smserial (19301c27f3425dc39f6c599f527e507d) C:\Windows\system32\DRIVERS\smserial.sys 10:01:28.0214 4740 smserial - ok 10:01:28.0277 4740 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 10:01:28.0292 4740 SNMPTRAP - ok 10:01:28.0339 4740 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 10:01:28.0355 4740 spldr - ok 10:01:28.0433 4740 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 10:01:28.0495 4740 Spooler - ok 10:01:28.0729 4740 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 10:01:28.0854 4740 sppsvc - ok 10:01:28.0979 4740 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 10:01:29.0057 4740 sppuinotify - ok 10:01:29.0150 4740 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 10:01:29.0182 4740 srv - ok 10:01:29.0213 4740 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 10:01:29.0260 4740 srv2 - ok 10:01:29.0291 4740 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 10:01:29.0306 4740 srvnet - ok 10:01:29.0353 4740 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 10:01:29.0400 4740 SSDPSRV - ok 10:01:29.0416 4740 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 10:01:29.0478 4740 SstpSvc - ok 10:01:29.0525 4740 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 10:01:29.0540 4740 stexstor - ok 10:01:29.0618 4740 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 10:01:29.0712 4740 StiSvc - ok 10:01:29.0759 4740 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys 10:01:29.0806 4740 storflt - ok 10:01:29.0821 4740 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll 10:01:29.0852 4740 StorSvc - ok 10:01:29.0899 4740 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys 10:01:29.0915 4740 storvsc - ok 10:01:29.0962 4740 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 10:01:29.0977 4740 swenum - ok 10:01:30.0040 4740 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 10:01:30.0086 4740 swprv - ok 10:01:30.0196 4740 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 10:01:30.0274 4740 SysMain - ok 10:01:30.0320 4740 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 10:01:30.0367 4740 TabletInputService - ok 10:01:30.0430 4740 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 10:01:30.0476 4740 TapiSrv - ok 10:01:30.0492 4740 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 10:01:30.0570 4740 TBS - ok 10:01:30.0757 4740 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 10:01:30.0851 4740 Tcpip - ok 10:01:30.0866 4740 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 10:01:30.0929 4740 TCPIP6 - ok 10:01:30.0976 4740 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 10:01:31.0038 4740 tcpipreg - ok 10:01:31.0069 4740 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 10:01:31.0132 4740 TDPIPE - ok 10:01:31.0147 4740 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 10:01:31.0178 4740 TDTCP - ok 10:01:31.0241 4740 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 10:01:31.0303 4740 tdx - ok 10:01:31.0350 4740 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 10:01:31.0366 4740 TermDD - ok 10:01:31.0428 4740 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 10:01:31.0506 4740 TermService - ok 10:01:31.0537 4740 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 10:01:31.0584 4740 Themes - ok 10:01:31.0615 4740 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 10:01:31.0662 4740 THREADORDER - ok 10:01:31.0693 4740 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 10:01:31.0756 4740 TrkWks - ok 10:01:31.0865 4740 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 10:01:31.0943 4740 TrustedInstaller - ok 10:01:31.0974 4740 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 10:01:32.0036 4740 tssecsrv - ok 10:01:32.0083 4740 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 10:01:32.0146 4740 TsUsbFlt - ok 10:01:32.0224 4740 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 10:01:32.0302 4740 tunnel - ok 10:01:32.0348 4740 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 10:01:32.0395 4740 uagp35 - ok 10:01:32.0442 4740 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 10:01:32.0504 4740 udfs - ok 10:01:32.0551 4740 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 10:01:32.0582 4740 UI0Detect - ok 10:01:32.0660 4740 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 10:01:32.0676 4740 uliagpkx - ok 10:01:32.0738 4740 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 10:01:32.0785 4740 umbus - ok 10:01:32.0832 4740 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 10:01:32.0863 4740 UmPass - ok 10:01:32.0926 4740 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll 10:01:32.0941 4740 UmRdpService - ok 10:01:33.0004 4740 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 10:01:33.0066 4740 upnphost - ok 10:01:33.0128 4740 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys 10:01:33.0160 4740 USBAAPL - ok 10:01:33.0222 4740 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys 10:01:33.0269 4740 usbaudio - ok 10:01:33.0316 4740 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys 10:01:33.0378 4740 usbccgp - ok 10:01:33.0440 4740 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 10:01:33.0487 4740 usbcir - ok 10:01:33.0518 4740 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys 10:01:33.0534 4740 usbehci - ok 10:01:33.0612 4740 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys 10:01:33.0674 4740 usbhub - ok 10:01:33.0721 4740 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\DRIVERS\usbohci.sys 10:01:33.0768 4740 usbohci - ok 10:01:33.0815 4740 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 10:01:33.0862 4740 usbprint - ok 10:01:33.0877 4740 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\drivers\USBSTOR.SYS 10:01:33.0971 4740 USBSTOR - ok 10:01:34.0033 4740 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\drivers\usbuhci.sys 10:01:34.0049 4740 usbuhci - ok 10:01:34.0064 4740 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 10:01:34.0127 4740 UxSms - ok 10:01:34.0174 4740 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 10:01:34.0189 4740 VaultSvc - ok 10:01:34.0252 4740 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 10:01:34.0267 4740 vdrvroot - ok 10:01:34.0345 4740 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 10:01:34.0454 4740 vds - ok 10:01:34.0486 4740 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 10:01:34.0501 4740 vga - ok 10:01:34.0532 4740 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 10:01:34.0564 4740 VgaSave - ok 10:01:34.0626 4740 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 10:01:34.0642 4740 vhdmp - ok 10:01:34.0688 4740 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 10:01:34.0720 4740 viaagp - ok 10:01:34.0735 4740 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 10:01:34.0782 4740 ViaC7 - ok 10:01:34.0829 4740 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 10:01:34.0860 4740 viaide - ok 10:01:34.0922 4740 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys 10:01:34.0938 4740 vmbus - ok 10:01:34.0969 4740 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys 10:01:35.0016 4740 VMBusHID - ok 10:01:35.0063 4740 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 10:01:35.0078 4740 volmgr - ok 10:01:35.0141 4740 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 10:01:35.0156 4740 volmgrx - ok 10:01:35.0219 4740 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 10:01:35.0234 4740 volsnap - ok 10:01:35.0375 4740 vpnagent (d6653180d162cb3144fdbc8a651cebb1) C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 10:01:35.0546 4740 vpnagent - ok 10:01:35.0624 4740 vpnva (fc94804932cfc35f01b3ae510e3b4d5c) C:\Windows\system32\DRIVERS\vpnva.sys 10:01:35.0624 4740 vpnva - ok 10:01:35.0671 4740 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 10:01:35.0702 4740 vsmraid - ok 10:01:35.0827 4740 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 10:01:35.0968 4740 VSS - ok 10:01:35.0999 4740 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys 10:01:36.0046 4740 vwifibus - ok 10:01:36.0077 4740 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 10:01:36.0092 4740 vwififlt - ok 10:01:36.0280 4740 VX1000 (d22c6b9c2f840d403fd387ad207a4b16) C:\Windows\system32\DRIVERS\VX1000.sys 10:01:36.0358 4740 VX1000 - ok 10:01:36.0498 4740 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 10:01:36.0592 4740 W32Time - ok 10:01:36.0654 4740 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 10:01:36.0685 4740 WacomPen - ok 10:01:36.0748 4740 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 10:01:36.0794 4740 WANARP - ok 10:01:36.0794 4740 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 10:01:36.0826 4740 Wanarpv6 - ok 10:01:36.0997 4740 WatAdminSvc (353a04c273ec58475d8633e75ccd5604) C:\Windows\system32\Wat\WatAdminSvc.exe 10:01:37.0075 4740 WatAdminSvc - ok 10:01:37.0184 4740 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 10:01:37.0231 4740 wbengine - ok 10:01:37.0278 4740 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 10:01:37.0325 4740 WbioSrvc - ok 10:01:37.0387 4740 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 10:01:37.0465 4740 wcncsvc - ok 10:01:37.0481 4740 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 10:01:37.0543 4740 WcsPlugInService - ok 10:01:37.0621 4740 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 10:01:37.0637 4740 Wd - ok 10:01:37.0684 4740 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 10:01:37.0715 4740 Wdf01000 - ok 10:01:37.0746 4740 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 10:01:37.0840 4740 WdiServiceHost - ok 10:01:37.0855 4740 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 10:01:37.0902 4740 WdiSystemHost - ok 10:01:38.0042 4740 Web Assistant Updater (5cab8953e4a9301553ae5fbe7832767a) C:\Program Files\Web Assistant\ExtensionUpdaterService.exe 10:01:38.0214 4740 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - warning 10:01:38.0214 4740 Web Assistant Updater - detected UnsignedFile.Multi.Generic (1) 10:01:38.0276 4740 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 10:01:38.0308 4740 WebClient - ok 10:01:38.0339 4740 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 10:01:38.0386 4740 Wecsvc - ok 10:01:38.0417 4740 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 10:01:38.0448 4740 wercplsupport - ok 10:01:38.0495 4740 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 10:01:38.0542 4740 WerSvc - ok 10:01:38.0573 4740 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 10:01:38.0604 4740 WfpLwf - ok 10:01:38.0620 4740 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 10:01:38.0635 4740 WIMMount - ok 10:01:38.0729 4740 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 10:01:38.0807 4740 WinDefend - ok 10:01:38.0822 4740 WinHttpAutoProxySvc - ok 10:01:38.0916 4740 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 10:01:38.0994 4740 Winmgmt - ok 10:01:39.0103 4740 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 10:01:39.0166 4740 WinRM - ok 10:01:39.0275 4740 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys 10:01:39.0306 4740 WinUsb - ok 10:01:39.0415 4740 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 10:01:39.0509 4740 Wlansvc - ok 10:01:39.0556 4740 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 10:01:39.0571 4740 WmiAcpi - ok 10:01:39.0649 4740 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 10:01:39.0696 4740 wmiApSrv - ok 10:01:39.0868 4740 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 10:01:39.0977 4740 WMPNetworkSvc - ok 10:01:40.0008 4740 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 10:01:40.0070 4740 WPCSvc - ok 10:01:40.0117 4740 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 10:01:40.0148 4740 WPDBusEnum - ok 10:01:40.0211 4740 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 10:01:40.0273 4740 ws2ifsl - ok 10:01:40.0336 4740 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 10:01:40.0398 4740 wscsvc - ok 10:01:40.0414 4740 WSearch - ok 10:01:40.0616 4740 wuauserv (3026418a50c5b4761befa632cedb7406) C:\Windows\system32\wuaueng.dll 10:01:40.0726 4740 wuauserv - ok 10:01:40.0897 4740 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 10:01:40.0928 4740 WudfPf - ok 10:01:40.0975 4740 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 10:01:41.0006 4740 WUDFRd - ok 10:01:41.0069 4740 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 10:01:41.0147 4740 wudfsvc - ok 10:01:41.0194 4740 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 10:01:41.0240 4740 WwanSvc - ok 10:01:41.0303 4740 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0 10:01:41.0584 4740 \Device\Harddisk0\DR0 - ok 10:01:41.0599 4740 Boot (0x1200) (e958823fc5d9a649bbec25940721b25c) \Device\Harddisk0\DR0\Partition0 10:01:41.0599 4740 \Device\Harddisk0\DR0\Partition0 - ok 10:01:41.0630 4740 Boot (0x1200) (63dabe9566f05ecff3b2e0bf67fe5fd7) \Device\Harddisk0\DR0\Partition1 10:01:41.0630 4740 \Device\Harddisk0\DR0\Partition1 - ok 10:01:41.0630 4740 ============================================================ 10:01:41.0630 4740 Scan finished 10:01:41.0630 4740 ============================================================ 10:01:41.0662 4708 Detected object count: 1 10:01:41.0662 4708 Actual detected object count: 1 10:02:00.0132 4708 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - skipped by user 10:02:00.0132 4708 Web Assistant Updater ( UnsignedFile.Multi.Generic ) - User select action: Skip Geändert von TimKnopf (19.06.2012 um 09:48 Uhr) |
19.06.2012, 11:24 | #10 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernenZitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 11:43 | #11 |
| Incredibar entfernen Beim ersten Mal direkt nach dem Anschalten (also vorm booten von Windows) und beim zweiten Mal während des Bootvorgangs von Windows. Edit: Oh man ist das peinlich jetzt!! Dachte mir eben ich probiers nochmal und bemerkte bzw. erinnerte mich dran, dass ich gestern Abend den Stecker rausgezogen hatte. Also Stecker wieder rein und läuft bzw. geht wieder an. war einfach nur der Akku alle vorhin. Mea culpa mea maxima culpa!! Geändert von TimKnopf (19.06.2012 um 11:52 Uhr) |
19.06.2012, 12:31 | #12 | |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Hehehe einfach nur Akku leergelutscht? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 13:09 | #13 |
| Incredibar entfernen So. Combofix ausgeführt. Hier das Ergebnis. Code:
ATTFilter ComboFix 12-06-19.01 - Tim 19.06.2012 13:51:01.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.1392 [GMT 2:00] ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\program files\Web Assistant\ExTEnsion32.dll c:\users\Tim\Music\Funk 'n' Soul 'n' Jazz 'n' RnB\The Cat Empire - (2005) Two Shoes\_desktop.ini . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 )))))))))))))))))))))))))))))) . . 2012-06-19 11:58 . 2012-06-19 11:58 -------- d-----w- c:\users\Tim\AppData\Local\temp 2012-06-19 11:58 . 2012-06-19 11:58 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 11:38 . 2012-06-19 11:38 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys 2012-06-19 11:37 . 2012-06-19 11:37 56200 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\offreg.dll 2012-06-19 07:59 . 2012-06-19 07:59 29904 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys 2012-06-18 21:10 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\mpengine.dll 2012-06-18 20:16 . 2012-06-18 20:16 -------- d-----w- C:\_OTL 2012-06-17 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes 2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 09:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 10:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 10:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 10:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 09:07 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 08:30 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 08:30 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 08:30 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 08:30 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 08:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 14:48 . 2012-06-19 11:56 -------- d-----w- c:\program files\Web Assistant 2012-06-12 14:47 . 2012-06-12 16:08 -------- d-----w- c:\users\Tim\AppData\Roaming\.freeciv 2012-06-12 14:46 . 2012-06-14 12:33 -------- d-----w- c:\program files\Freeciv-2.1.10-gtk2 2012-06-12 14:03 . 2012-02-10 23:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll 2012-06-12 09:23 . 2012-06-12 09:23 -------- d-----w- c:\users\Tim\AppData\Local\Macromedia 2012-06-05 14:31 . 2012-06-12 14:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 11:51 . 2012-06-05 11:51 -------- d-----w- c:\program files\Microsoft 2012-06-05 11:30 . 2012-06-05 11:30 -------- d-----w- c:\windows\system32\SPReview 2012-06-05 11:29 . 2012-06-05 11:29 -------- d-----w- c:\windows\system32\EventProviders 2012-05-29 12:32 . 2012-05-29 19:34 -------- d-----w- c:\users\Tim\AppData\Roaming\DVD Flick 2012-05-29 12:31 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx 2012-05-29 12:31 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx 2012-05-29 12:31 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx 2012-05-29 12:31 . 2004-03-08 22:00 609824 ----a-w- c:\windows\system32\comctl32.ocx 2012-05-29 12:31 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll 2012-05-29 12:31 . 1998-06-23 22:00 164144 ----a-w- c:\windows\system32\comct232.ocx 2012-05-29 12:31 . 2012-05-29 12:32 -------- d-----w- c:\program files\DVD Flick 2012-05-29 12:31 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-12 14:46 . 2011-12-08 05:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-05 11:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-31 04:39 . 2012-05-09 07:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 07:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-09 07:36 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-25 07:30 . 2011-12-07 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472] "Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe] 2010-01-21 10:32 2089472 ----a-w- c:\program files\FeedReader30\feedreader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe . R2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400] S1 MpKsl12ac70dc;MpKsl12ac70dc;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsl12ac70dc.sys [2012-06-19 29904] S1 MpKsld5b03b59;MpKsld5b03b59;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{F75EB2C6-FC40-490C-8C1B-4B647553A672}\MpKsld5b03b59.sys [2012-06-19 29904] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - MPKSL12AC70DC . Inhalt des "geplante Tasks" Ordners . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299 FF - user.js: extensions.incredibar_i.instlDay - 15503 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9 FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-06-19 14:03:03 ComboFix-quarantined-files.txt 2012-06-19 12:03 . Vor Suchlauf: 6 Verzeichnis(se), 59.023.077.376 Bytes frei Nach Suchlauf: 10 Verzeichnis(se), 59.041.542.144 Bytes frei . - - End Of File - - E326A1D5C6E0DA1CE85F6C3018937626 Geändert von TimKnopf (19.06.2012 um 13:15 Uhr) |
19.06.2012, 14:11 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Incredibar entfernen Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Firefox:: FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\ FF - user.js: extensions.incredibar_i.newTab - false FF - user.js: extensions.incredibar_i.tlbrSrchUrl - http://mystart.Incredibar.com/?a=6OyEJx8HJ9&loc=IB_TB&i=26&search= FF - user.js: extensions.incredibar_i.id - 643367ab0000000000000016441ba299 FF - user.js: extensions.incredibar_i.instlDay - 15503 FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14 FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.1416:48 FF - user.js: extensions.incredibar_i.prtnrId - Incredibar FF - user.js: extensions.incredibar_i.prdct - incredibar FF - user.js: extensions.incredibar_i.aflt - orgnl FF - user.js: extensions.incredibar_i.smplGrp - none FF - user.js: extensions.incredibar_i.tlbrId - base FF - user.js: extensions.incredibar_i.instlRef - FF - user.js: extensions.incredibar_i.dfltLng - FF - user.js: extensions.incredibar_i.excTlbr - false FF - user.js: extensions.incredibar_i.ms_url_id - FF - user.js: extensions.incredibar_i.upn2 - 6OyEJx8HJ9 FF - user.js: extensions.incredibar_i.upn2n - 92261573178531787 FF - user.js: extensions.incredibar_i.productid - 26 FF - user.js: extensions.incredibar_i.installerproductid - 26 FF - user.js: extensions.incredibar_i.did - 10665 FF - user.js: extensions.incredibar_i.ppd - 4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet. 6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
19.06.2012, 14:47 | #15 |
| Incredibar entfernen und der nächste... Code:
ATTFilter ComboFix 12-06-19.01 - Tim 19.06.2012 15:21:33.2.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.1145 [GMT 2:00] ausgeführt von:: c:\users\Tim\Desktop\ComboFix.exe Benutzte Befehlsschalter :: c:\users\Tim\Desktop\CFScript.txt AV: Microsoft Security Essentials *Disabled/Updated* {9765EA51-0D3C-7DFB-6091-10E4E1F341F6} SP: Microsoft Security Essentials *Disabled/Updated* {2C040BB5-2B06-7275-5A21-2B969A740B4B} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . Infizierte Kopie von c:\windows\system32\userinit.exe wurde gefunden und desinfiziert Kopie von - c:\windows\erdnt\cache\userinit.exe wurde wiederhergestellt . . ((((((((((((((((((((((( Dateien erstellt von 2012-05-19 bis 2012-06-19 )))))))))))))))))))))))))))))) . . 2012-06-19 13:27 . 2012-06-19 13:27 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-19 12:05 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{559F9597-D1B1-4FEA-BAE0-7F64B5D6916F}\mpengine.dll 2012-06-19 12:03 . 2012-06-19 13:30 -------- d-----w- c:\users\Tim\AppData\Local\temp 2012-06-18 20:16 . 2012-06-18 20:16 -------- d-----w- C:\_OTL 2012-06-17 14:28 . 2012-05-08 16:40 6737808 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll 2012-06-14 09:38 . 2012-06-14 09:38 -------- d-----w- c:\users\Tim\AppData\Roaming\Malwarebytes 2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\programdata\Malwarebytes 2012-06-14 09:37 . 2012-06-14 09:37 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2012-06-14 09:37 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-06-13 10:14 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\system32\crypt32.dll 2012-06-13 10:14 . 2012-04-24 04:36 140288 ----a-w- c:\windows\system32\cryptsvc.dll 2012-06-13 10:14 . 2012-04-24 04:36 103936 ----a-w- c:\windows\system32\cryptnet.dll 2012-06-13 09:07 . 2012-04-28 03:17 183808 ----a-w- c:\windows\system32\drivers\rdpwd.sys 2012-06-13 08:30 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\system32\msi.dll 2012-06-13 08:30 . 2012-05-15 01:05 2343936 ----a-w- c:\windows\system32\win32k.sys 2012-06-13 08:30 . 2012-04-26 04:45 58880 ----a-w- c:\windows\system32\rdpwsx.dll 2012-06-13 08:30 . 2012-04-26 04:45 129536 ----a-w- c:\windows\system32\rdpcorekmts.dll 2012-06-13 08:30 . 2012-04-26 04:41 8192 ----a-w- c:\windows\system32\rdrmemptylst.exe 2012-06-13 08:29 . 2012-05-01 04:44 164352 ----a-w- c:\windows\system32\profsvc.dll 2012-06-12 14:48 . 2012-06-19 11:56 -------- d-----w- c:\program files\Web Assistant 2012-06-12 14:47 . 2012-06-12 16:08 -------- d-----w- c:\users\Tim\AppData\Roaming\.freeciv 2012-06-12 14:46 . 2012-06-14 12:33 -------- d-----w- c:\program files\Freeciv-2.1.10-gtk2 2012-06-12 14:03 . 2012-02-10 23:52 713784 ------w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{C0CF110E-DE33-4C66-B100-A2B2461B7C59}\gapaengine.dll 2012-06-12 09:23 . 2012-06-12 09:23 -------- d-----w- c:\users\Tim\AppData\Local\Macromedia 2012-06-05 14:31 . 2012-06-12 14:46 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-05 11:51 . 2012-06-05 11:51 -------- d-----w- c:\program files\Microsoft 2012-06-05 11:30 . 2012-06-05 11:30 -------- d-----w- c:\windows\system32\SPReview 2012-06-05 11:29 . 2012-06-05 11:29 -------- d-----w- c:\windows\system32\EventProviders 2012-05-29 12:32 . 2012-05-29 19:34 -------- d-----w- c:\users\Tim\AppData\Roaming\DVD Flick 2012-05-29 12:31 . 2008-08-31 11:27 28672 ----a-w- c:\windows\system32\mousewheel.ocx 2012-05-29 12:31 . 2007-08-31 16:36 36864 ----a-w- c:\windows\system32\trayicon_handler.ocx 2012-05-29 12:31 . 2004-03-08 22:00 662288 ----a-w- c:\windows\system32\mscomct2.ocx 2012-05-29 12:31 . 2004-03-08 22:00 609824 ----a-w- c:\windows\system32\comctl32.ocx 2012-05-29 12:31 . 2003-01-26 11:41 40960 ----a-w- c:\windows\system32\ssubtmr6.dll 2012-05-29 12:31 . 1998-06-23 22:00 164144 ----a-w- c:\windows\system32\comct232.ocx 2012-05-29 12:31 . 2012-05-29 12:32 -------- d-----w- c:\program files\DVD Flick 2012-05-29 12:31 . 2004-03-08 22:00 212240 ----a-w- c:\windows\system32\richtx32.ocx . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-12 14:46 . 2011-12-08 05:08 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-06-05 11:43 . 2009-07-14 02:05 152576 ----a-w- c:\windows\system32\msclmd.dll 2012-03-31 04:39 . 2012-05-09 07:36 3968368 ----a-w- c:\windows\system32\ntkrnlpa.exe 2012-03-31 04:39 . 2012-05-09 07:36 3913072 ----a-w- c:\windows\system32\ntoskrnl.exe 2012-03-30 10:23 . 2012-05-09 07:36 1291632 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-04-25 07:30 . 2011-12-07 11:49 97208 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "feedreader.exe"="c:\program files\FeedReader30\feedreader.exe" [2010-01-21 2089472] "Spotify Web Helper"="c:\users\Tim\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe" [2012-05-06 932528] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] "APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-02-20 59240] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-03-27 421736] "MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-03-26 931200] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc] @="Service" . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2011-06-06 11:55 937920 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2012-02-20 19:28 59240 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\feedreader.exe] 2010-01-21 10:32 2089472 ----a-w- c:\program files\FeedReader30\feedreader.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor] 2009-02-26 17:36 30040 ----a-w- c:\program files\Microsoft Office\Office12\GrooveMonitor.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2012-03-27 03:09 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\LifeCam] 2010-05-20 14:27 119152 ----a-w- c:\program files\Microsoft LifeCam\LifeExp.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2011-10-13 08:27 17351304 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StartCCC] 2010-02-10 22:32 61440 ----a-w- c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VX1000] 2010-05-20 14:27 762736 ----a-w- c:\windows\vVX1000.exe . R2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-03-18 130384] R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 116648] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [2012-04-25 129976] R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [2012-03-20 74112] R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [2012-03-26 214952] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 52224] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2012-03-12 1343400] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128] S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2011-06-06 64952] S2 vpnagent;Cisco AnyConnect VPN Agent;c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe [2011-08-29 645048] S2 Web Assistant Updater;Web Assistant Updater;c:\program files\Web Assistant\ExtensionUpdaterService.exe [2012-05-08 185856] S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt86win7.sys [2009-07-13 139776] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - WS2IFSL . Inhalt des "geplante Tasks" Ordners . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38] . 2012-06-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2012-04-13 06:38] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~3\Office12\EXCEL.EXE/3000 TCP: DhcpNameServer = 192.168.1.1 DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab FF - ProfilePath - c:\users\Tim\AppData\Roaming\Mozilla\Firefox\Profiles\01dru1t0.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/ . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . ------------------------ Weitere laufende Prozesse ------------------------ . c:\program files\Microsoft Security Client\MsMpEng.exe c:\windows\system32\Ati2evxx.exe c:\windows\system32\Ati2evxx.exe c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe c:\program files\Bonjour\mDNSResponder.exe c:\program files\Microsoft LifeCam\MSCamS32.exe c:\windows\system32\taskhost.exe c:\windows\system32\conhost.exe c:\windows\system32\sppsvc.exe c:\program files\Windows Media Player\wmpnetwk.exe . ************************************************************************** . Zeit der Fertigstellung: 2012-06-19 15:34:46 - PC wurde neu gestartet ComboFix-quarantined-files.txt 2012-06-19 13:34 ComboFix2.txt 2012-06-19 12:03 . Vor Suchlauf: 9 Verzeichnis(se), 58.951.487.488 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 59.026.673.664 Bytes frei . - - End Of File - - E3896B8B879DD57A9FACE6280ED1D10C |
Themen zu Incredibar entfernen |
adobe, autorun, bho, bonjour, browser, defender, einstellung, entfernen, error, erste mal, explorer, firefox, format, google earth, incredibar.com, internet, internet explorer, locker, logfile, mozilla, mystart, mystart by incredibar.com, object, plug-in, programme, registry, searchscopes, security, seiten, senden, softonic, software, spotify web helper, version=1.0, windows |