| |
| |||||||
Log-Analyse und Auswertung: Bundespolizei - Ihr Computer wurde gesperrt, UkashWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
28.06.2012, 13:19
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Bundespolizei - Ihr Computer wurde gesperrt, Ukash Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.06.2012, 21:03
| #17 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo,
__________________hier ist das neue OTL-Log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 28.06.2012 21:46:36 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Lutz\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 7,98 Gb Total Physical Memory | 7,24 Gb Available Physical Memory | 90,76% Memory free 15,96 Gb Paging File | 15,25 Gb Available in Paging File | 95,52% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 679,32 Gb Total Space | 580,63 Gb Free Space | 85,47% Space Free | Partition Type: NTFS Computer Name: LUTZ-VAIO | User Name: Lutz | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.28 21:41:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe ========== Modules (No Company Name) ========== ========== Win32 Services (SafeList) ========== SRV:64bit: - [2011.11.30 19:49:50 | 000,260,768 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV - [2012.06.12 19:13:34 | 000,257,224 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.01.20 16:23:00 | 000,054,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2012.01.13 12:21:16 | 000,103,440 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe -- (McAfee SiteAdvisor Service) SRV - [2012.01.13 11:41:36 | 001,256,040 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Sony\VAIO Update Common\VUAgent.exe -- (VUAgent) SRV - [2012.01.03 06:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.12.19 17:32:26 | 000,394,672 | ---- | M] (Eastman Kodak Company) [Auto | Stopped] -- C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe -- (Kodak AiO Network Discovery Service) SRV - [2011.11.03 21:30:26 | 000,138,392 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2011.11.03 21:30:26 | 000,074,904 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2011.10.24 15:49:14 | 000,958,112 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe -- (VCFw) SRV - [2011.09.23 20:18:38 | 000,289,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe -- (SpfService) SRV - [2011.09.08 17:44:00 | 000,549,408 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe -- (VcmIAlzMgr) SRV - [2011.09.08 16:29:16 | 000,381,488 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe -- (VcmINSMgr) SRV - [2011.08.26 19:47:26 | 000,101,600 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe -- (VcmXmlIfHelper) SRV - [2011.07.15 16:43:38 | 000,969,352 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2011.07.07 15:44:12 | 000,066,696 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe -- (VAIO Event Service) SRV - [2011.07.05 19:10:04 | 000,098,976 | ---- | M] (Atheros Commnucations) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\adminservice.exe -- (AtherosSvc) SRV - [2011.07.05 17:41:26 | 000,138,400 | ---- | M] (Atheros) [Auto | Stopped] -- C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe -- (Atheros Bt&Wlan Coex Agent) SRV - [2011.06.24 22:34:09 | 002,656,536 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2011.06.24 22:33:54 | 000,326,424 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2011.06.16 21:23:42 | 000,378,472 | ---- | M] (NVIDIA Corporation) [Auto | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2011.05.31 16:51:20 | 000,552,584 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2011.04.18 22:00:50 | 000,223,544 | ---- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe -- (MOBK649backup) SRV - [2011.03.28 22:11:06 | 002,292,096 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2011.03.15 14:44:30 | 000,428,384 | ---- | M] (Sony Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe -- (PMBDeviceInfoProvider) SRV - [2011.03.01 21:23:36 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.02.25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE -- (SeaPort) SRV - [2011.02.23 14:05:04 | 000,105,024 | ---- | M] (ArcSoft, Inc.) [Auto | Stopped] -- C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe -- (uCamMonitor) SRV - [2011.01.12 18:00:42 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2010.09.30 03:06:46 | 000,169,408 | ---- | M] (Adobe Systems Incorporated) [Auto | Stopped] -- C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor9.0) SRV - [2010.09.22 18:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2010.05.20 16:15:00 | 000,110,736 | R--- | M] (InterVideo) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2010.03.11 14:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Stopped] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.02.24 05:05:12 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2010.02.24 05:05:02 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2010.01.09 22:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.04.04 15:56:40 | 000,024,904 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.02.24 11:14:42 | 000,203,320 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV:64bit: - [2012.02.24 11:14:42 | 000,099,384 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV:64bit: - [2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2011.07.20 23:10:19 | 000,174,184 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2011.07.05 19:10:42 | 000,496,800 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btfilter.sys -- (BtFilter) DRV:64bit: - [2011.07.05 19:10:40 | 000,280,992 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_rcp.sys -- (BTATH_RCP) DRV:64bit: - [2011.07.05 19:10:38 | 000,167,072 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_hcrp.sys -- (BTATH_HCRP) DRV:64bit: - [2011.07.05 19:10:38 | 000,068,256 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_lwflt.sys -- (BTATH_LWFLT) DRV:64bit: - [2011.07.05 19:10:38 | 000,036,000 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_flt.sys -- (AthBTPort) DRV:64bit: - [2011.07.05 19:10:36 | 000,330,400 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_a2dp.sys -- (BTATH_A2DP) DRV:64bit: - [2011.07.05 19:10:36 | 000,110,240 | ---- | M] (Atheros) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btath_avdt.sys -- (btath_avdt) DRV:64bit: - [2011.07.05 19:10:36 | 000,030,368 | ---- | M] (Atheros) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btath_bus.sys -- (BTATH_BUS) DRV:64bit: - [2011.07.05 19:10:34 | 000,051,872 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AthDfu.sys -- (ATHDFU) DRV:64bit: - [2011.06.24 22:33:53 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) Intel(R) DRV:64bit: - [2011.06.23 23:51:41 | 000,098,816 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsnxc64.sys -- (risdsnpe) DRV:64bit: - [2011.06.23 23:44:52 | 000,102,400 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2011.06.23 23:26:45 | 000,471,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2011.06.22 22:06:30 | 001,404,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2011.06.21 01:03:42 | 002,753,536 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2011.04.18 22:00:24 | 000,066,040 | ---- | M] (Mozy, Inc.) [File_System | System | Stopped] -- C:\Windows\SysNative\drivers\MOBK649.sys -- (MOBK649Filter) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.10 13:50:36 | 000,181,248 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2010.12.10 13:50:36 | 000,080,384 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.04.26 22:20:29 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2010.03.19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:02 | 000,281,088 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\e1y60x64.sys -- (e1yexpress) Intel(R) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.26 14:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV:64bit: - [2007.04.17 11:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Stopped] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://vaioportal.sony.eu IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://sony.msn.com [binary data] IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.de/ IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}: "URL" = hxxp://services.zinio.com/search?s={searchTerms}&rf=sonyslices IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=hxxp://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms} IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local> ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_2_202_235.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files (x86)\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files (x86)\McAfee\Supportability\MVT\npmvtplugin.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files (x86)\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@playstation.com/PsndlCheck,version=1.00: C:\Program Files (x86)\Sony\PLAYSTATION Network Downloader\nppsndl.dll (Sony Computer Entertainment Inc.) FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files (x86)\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files (x86)\McAfee\SiteAdvisor [2012.02.23 21:44:21 | 000,000,000 | ---D | M] O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2:64bit: - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (CIESpeechBHO Class) - {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3:64bit: - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [AthBtTray] C:\Program Files (x86)\Bluetooth Suite\AthBtTray.exe (Atheros Commnucations) O4:64bit: - HKLM..\Run: [AtherosBtStack] C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe (Atheros Communications) O4:64bit: - HKLM..\Run: [EKIJ5000StatusMonitor] C:\Windows\SysNative\spool\drivers\x64\3\EKIJ5000MUI.exe (Eastman Kodak Company) O4:64bit: - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found O4 - HKLM..\Run: [Dolby Home Theater v4] C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [KiesTrayAgent] C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) O4 - HKLM..\Run: [PMBVolumeWatcher] C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe (Sony Corporation) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [gStart] C:\Program Files (x86)\Garmin\Training Center\gStart.exe (GARMIN Corp.) O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [KiesHelper] C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe (Samsung) O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [KiesPDLR] C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe () O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [ylwjrdbirmccoeg] C:\ProgramData\ylwjrdbi.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] rundll32.exe "C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll",ProcessCleanupScript File not found O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\RunOnce: [MvtApp.exe] C:\Users\Lutz\AppData\Local\Temp\McInstaller\MVTInstaller.exe (McAfee, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~2\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Send by Bluetooth to - {7815BE26-237D-41A8-A98F-F7BD75F71086} - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll (Atheros Commnucations) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 333 W Evelyn Ave. Mountain View, CA 94041) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: internet ([]about in Trusted sites) O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: mcafee.com ([]http in Trusted sites) O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Domains: mcafee.com ([]https in Trusted sites) O15 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1B5678AB-ABE2-4386-9B89-8DD52F17C056}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{BA9A3F60-A80C-491D-9768-F2248DAEF8CA}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\x64\mcieplg.dll (McAfee, Inc.) O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll (McAfee, Inc.) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: MCODS - Reg Error: Value error. SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: MCODS - Reg Error: Value error. SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: McMPFSvc - Service SafeBootNet:64bit: MCODS - Reg Error: Value error. SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: McMPFSvc - Service SafeBootNet: MCODS - Reg Error: Value error. SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{3942788D-F1D2-4201-9BF0-003753DCCEB6} - RunDLL32 IEDKCS32.DLL,BrandIE4 CUSTOM ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Unable to start System Restore Service. Error code 1084 ========== Files/Folders - Created Within 30 Days ========== [2012.06.28 21:41:54 | 000,596,992 | ---- | C] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe [2012.06.27 21:49:06 | 000,000,000 | R--D | C] -- C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices [2012.06.23 10:29:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.06.20 20:13:50 | 010,063,000 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Lutz\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.18 18:53:30 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes [2012.06.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.18 18:53:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.18 18:53:23 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.06.18 18:53:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.06.18 18:52:35 | 000,000,000 | ---D | C] -- C:\Program Files\AntiMalware [2012.06.18 18:08:17 | 000,000,000 | ---D | C] -- C:\ProgramData\jsorbhknqhvjyjg [2012.06.16 08:21:14 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{48547DCF-9B60-4C35-9BFF-47084E501207} [2012.06.13 23:17:01 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{6BE25665-27B6-4F13-8F04-E4C9398E2975} [2012.06.13 23:16:40 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{0D4AE072-6750-43B1-ACFA-79D919691403} [2012.06.11 22:26:41 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{325F8C04-F6A8-4E81-9EEB-206DC461D41C} [2012.06.11 22:26:30 | 000,000,000 | ---D | C] -- C:\Users\Lutz\AppData\Local\{BE33C3DE-E3B7-4727-B1BE-01C473E246F9} [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.06.28 21:41:54 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Lutz\Desktop\OTL.exe [2012.06.28 21:36:31 | 000,065,536 | ---- | M] () -- C:\Windows\SysNative\Ikeext.etl [2012.06.28 21:36:24 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.28 21:36:14 | 2132,713,471 | -HS- | M] () -- C:\hiberfil.sys [2012.06.25 20:30:06 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.20 20:15:09 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.20 20:14:04 | 010,063,000 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Lutz\Desktop\mbam-setup-1.61.0.1400.exe [2012.06.18 20:14:30 | 000,000,000 | ---- | M] () -- C:\Users\Lutz\defogger_reenable [2012.06.18 19:13:34 | 001,612,484 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.06.18 19:13:34 | 000,696,620 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.06.18 19:13:34 | 000,651,938 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.06.18 19:13:34 | 000,147,916 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.06.18 19:13:34 | 000,120,870 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.06.18 18:08:18 | 000,000,052 | ---- | M] () -- C:\ProgramData\piscchdeyvhsktu [2012.06.18 18:08:13 | 000,073,728 | ---- | M] () -- C:\ProgramData\ylwjrdbi.exe [2012.06.18 18:08:13 | 000,073,728 | ---- | M] () -- C:\ProgramData\maetvqly.exe [2012.06.18 17:10:34 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.18 17:10:34 | 000,020,720 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.17 10:36:30 | 000,002,042 | ---- | M] () -- C:\Windows\MOBK649.blk [2012.06.17 10:36:30 | 000,001,032 | ---- | M] () -- C:\Windows\MOBK649.flt [2012.06.14 20:56:23 | 000,385,744 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.06.18 20:14:30 | 000,000,000 | ---- | C] () -- C:\Users\Lutz\defogger_reenable [2012.06.18 18:53:24 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.06.18 18:08:18 | 000,073,728 | ---- | C] () -- C:\ProgramData\ylwjrdbi.exe [2012.06.18 18:08:18 | 000,073,728 | ---- | C] () -- C:\ProgramData\maetvqly.exe [2012.06.18 18:08:14 | 000,000,052 | ---- | C] () -- C:\ProgramData\piscchdeyvhsktu [2012.03.18 18:22:08 | 000,074,703 | ---- | C] () -- C:\Windows\SysWow64\mfc45.dll [2011.11.29 17:38:18 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2011.11.29 17:38:12 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2011.11.29 17:38:12 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2011.11.29 17:38:12 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2011.11.29 17:38:12 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2011.08.28 06:47:58 | 000,340,992 | ---- | C] () -- C:\Windows\SysWow64\SonyVideoProcessor.dll [2011.06.27 08:25:40 | 000,066,856 | ---- | C] () -- C:\Windows\SysWow64\SynTPEnhPS.dll [2011.02.11 01:03:27 | 001,590,378 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== LOP Check ========== [2012.02.05 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon [2011.12.24 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Garmin [2012.02.28 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\iolo [2012.04.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\pdfforge [2011.12.24 17:12:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PTV AG [2011.12.22 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Samsung [2012.06.17 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony [2012.04.09 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Temp [2011.12.23 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Windows Live Writer [2012.03.06 22:16:58 | 000,032,624 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2011.12.18 19:11:03 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Adobe [2012.02.05 18:03:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Amazon [2012.01.07 00:21:08 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\ArcSoft [2011.12.18 15:58:24 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Atheros [2012.05.05 22:00:28 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\dvdcss [2011.12.24 18:07:00 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Garmin [2011.12.18 15:55:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Identities [2011.12.18 15:58:36 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Intel Corporation [2012.02.28 00:36:12 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\iolo [2011.08.28 06:11:28 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Macromedia [2012.06.18 18:53:30 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Malwarebytes [2012.01.04 00:59:06 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\McAfee [2011.05.27 23:57:27 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Media Center Programs [2012.05.17 13:36:31 | 000,000,000 | --SD | M] -- C:\Users\Lutz\AppData\Roaming\Microsoft [2011.12.27 15:02:42 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\NVIDIA [2012.04.06 18:40:05 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\pdfforge [2011.12.24 17:12:33 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\PTV AG [2011.12.22 22:35:29 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Samsung [2012.06.17 23:01:57 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony [2011.12.27 15:02:59 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Sony Corporation [2012.04.09 23:15:35 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Temp [2012.05.05 22:01:18 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\vlc [2011.12.23 12:09:58 | 000,000,000 | ---D | M] -- C:\Users\Lutz\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2011.08.28 06:11:06 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\Lutz\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe [2012.04.02 22:07:25 | 000,106,408 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentInstaller.exe [2012.04.02 22:07:25 | 000,101,288 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\AgentUpdate.exe [2012.04.02 22:07:26 | 000,021,416 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\FirmwareUpdateTemp\AGENT\KiesPDLR.exe [2012.02.03 10:50:16 | 000,943,504 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\Kies.exe [2012.02.03 10:50:20 | 000,278,928 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesDriverInstaller.exe [2012.02.01 10:17:02 | 000,308,224 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesLogger.exe [2012.02.03 10:50:18 | 003,508,624 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\KiesTrayAgent.exe [2012.01.31 11:16:12 | 000,290,816 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceDataService.exe [2012.01.31 11:16:12 | 000,693,248 | ---- | M] (Mobileleader Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\DeviceManager.exe [2012.02.03 10:50:22 | 000,067,472 | ---- | M] (Samsung) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\DeviceModules\Kies_Tutorial.exe [2012.04.02 22:07:25 | 000,106,408 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentInstaller.exe [2012.04.02 22:07:25 | 000,101,288 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\AgentUpdate.exe [2012.02.03 10:50:26 | 000,131,984 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\BinaryLoaderMgr.exe [2012.04.02 22:07:26 | 000,021,416 | ---- | M] () -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\FirmwareUpdate\KiesPDLR.exe [2012.02.03 10:50:28 | 003,570,312 | ---- | M] (Freeware) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\External\MediaModules\MyFreeCodecPack.exe [2011.12.23 13:58:10 | 024,123,656 | ---- | M] (SAMSUNG Electronics Co., Ltd.) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\backup\USB Driver\SAMSUNG_USB_Driver_for_Mobile_Phones.exe [2012.02.03 10:50:30 | 000,371,088 | ---- | M] (ml) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\Temp\Kies.Update.exe [2012.04.04 07:05:32 | 000,371,088 | ---- | M] (ml) -- C:\Users\Lutz\AppData\Roaming\Samsung\Kies\UpdateTemp\Updater\Kies.Update.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTOR.SYS > [2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\drivers\iaStor.sys [2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_a36325196df56f7d\iaStor.sys [2011.07.28 10:38:42 | 000,439,320 | ---- | M] (Intel Corporation) MD5=D469B77687E12FE43E344806740B624D -- C:\Windows\SysNative\DriverStore\FileRepository\iastor.inf_amd64_neutral_e3082ac13af8d3bf\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 05:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 05:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 05:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 05:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 05:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 05:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 05:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 05:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 05:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 05:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 05:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
29.06.2012, 11:54
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&form=SNYEDF&pc=MASE&src=IE-SearchBox
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}: "URL" = http://services.zinio.com/search?s={searchTerms}&rf=sonyslices
IE - HKU\S-1-5-21-3186709454-3120492849-985887968-1000\..\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}: "URL" = http://rover.ebay.com/rover/1/707-37276-16609-27/4?mpre=http://shop.ebay.de/?oemInLn=ieSrch-Q311&_nkw={searchTerms}
O4 - HKLM..\Run: [Conime] %windir%\system32\conime.exe File not found
O4 - HKU\S-1-5-21-3186709454-3120492849-985887968-1000..\Run: [ylwjrdbirmccoeg] C:\ProgramData\ylwjrdbi.exe ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
:Files
C:\ProgramData\jsorbhknqhvjyjg
C:\ProgramData\ylwjrdbi.exe
C:\ProgramData\maetvqly.exe
C:\ProgramData\piscchdeyvhsktu
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
29.06.2012, 21:39
| #19 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, immerhin kann ich jetzt wieder im Normalmodus arbeiten. Das ist ja schon mal schön. Hier ist das neue Log: Code:
ATTFilter All processes killed
========== OTL ==========
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
64bit-Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Internet Explorer\SearchScopes\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7D5B5262-639D-4292-9FB2-16EFF876EDC2}\ not found.
Registry key HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Internet Explorer\SearchScopes\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B51C5DF5-81DC-48FB-846D-0BB35DAE92F6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Conime deleted successfully.
Registry value HKEY_USERS\S-1-5-21-3186709454-3120492849-985887968-1000\Software\Microsoft\Windows\CurrentVersion\Run\\ylwjrdbirmccoeg deleted successfully.
C:\ProgramData\ylwjrdbi.exe moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
========== FILES ==========
C:\ProgramData\jsorbhknqhvjyjg folder moved successfully.
File\Folder C:\ProgramData\ylwjrdbi.exe not found.
C:\ProgramData\maetvqly.exe moved successfully.
C:\ProgramData\piscchdeyvhsktu moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56468 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Lutz
->Temp folder emptied: 318916513 bytes
->Temporary Internet Files folder emptied: 421771956 bytes
->Java cache emptied: 15317 bytes
->Flash cache emptied: 62640 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 241157243 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 56180 bytes
RecycleBin emptied: 129313 bytes
Total Files Cleaned = 937,00 mb
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Lutz
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.0 log created on 06292012_222633
Files\Folders moved on Reboot...
C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
File C:\Users\Lutz\AppData\Local\Temp\FXSAPIDebugLogFile.txt not found!
Registry entries deleted on Reboot...
|
|
29.06.2012, 23:11
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.06.2012, 07:58
| #21 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, hier ist das Log des Kaspersky TDSS-Killers: Code:
ATTFilter 08:50:11.0543 7532 TDSS rootkit removing tool 2.7.43.0 Jun 29 2012 17:54:22
08:50:11.0762 7532 ============================================================
08:50:11.0762 7532 Current date / time: 2012/06/30 08:50:11.0762
08:50:11.0762 7532 SystemInfo:
08:50:11.0762 7532
08:50:11.0762 7532 OS Version: 6.1.7601 ServicePack: 1.0
08:50:11.0762 7532 Product type: Workstation
08:50:11.0762 7532 ComputerName: LUTZ-VAIO
08:50:11.0762 7532 UserName: Lutz
08:50:11.0762 7532 Windows directory: C:\Windows
08:50:11.0762 7532 System windows directory: C:\Windows
08:50:11.0762 7532 Running under WOW64
08:50:11.0762 7532 Processor architecture: Intel x64
08:50:11.0762 7532 Number of processors: 8
08:50:11.0762 7532 Page size: 0x1000
08:50:11.0762 7532 Boot type: Normal boot
08:50:11.0762 7532 ============================================================
08:50:12.0214 7532 Drive \Device\Harddisk0\DR0 - Size: 0xAEA8CDE000 (698.64 Gb), SectorSize: 0x200, Cylinders: 0x16441, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:50:12.0214 7532 ============================================================
08:50:12.0214 7532 \Device\Harddisk0\DR0:
08:50:12.0214 7532 MBR partitions:
08:50:12.0214 7532 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x2670000, BlocksNum 0x32000
08:50:12.0214 7532 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x26A2000, BlocksNum 0x54EA3EF0
08:50:12.0214 7532 ============================================================
08:50:12.0245 7532 C: <-> \Device\Harddisk0\DR0\Partition1
08:50:12.0245 7532 ============================================================
08:50:12.0245 7532 Initialize success
08:50:12.0245 7532 ============================================================
08:51:38.0217 6964 ============================================================
08:51:38.0217 6964 Scan started
08:51:38.0217 6964 Mode: Manual; SigCheck; TDLFS;
08:51:38.0217 6964 ============================================================
08:51:38.0826 6964 1394ohci (a87d604aea360176311474c87a63bb88) C:\Windows\system32\drivers\1394ohci.sys
08:51:38.0950 6964 1394ohci - ok
08:51:39.0060 6964 ACDaemon (adc420616c501b45d26c0fd3ef1e54e4) C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
08:51:39.0091 6964 ACDaemon - ok
08:51:39.0153 6964 ACPI (d81d9e70b8a6dd14d42d7b4efa65d5f2) C:\Windows\system32\drivers\ACPI.sys
08:51:39.0200 6964 ACPI - ok
08:51:39.0216 6964 AcpiPmi (99f8e788246d495ce3794d7e7821d2ca) C:\Windows\system32\drivers\acpipmi.sys
08:51:39.0309 6964 AcpiPmi - ok
08:51:39.0403 6964 AdobeActiveFileMonitor9.0 (1474f121c3df1232d3e7239c03691ee6) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
08:51:39.0434 6964 AdobeActiveFileMonitor9.0 - ok
08:51:39.0512 6964 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:51:39.0528 6964 AdobeARMservice - ok
08:51:39.0652 6964 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:51:39.0668 6964 AdobeFlashPlayerUpdateSvc - ok
08:51:39.0730 6964 adp94xx (2f6b34b83843f0c5118b63ac634f5bf4) C:\Windows\system32\drivers\adp94xx.sys
08:51:39.0762 6964 adp94xx - ok
08:51:39.0808 6964 adpahci (597f78224ee9224ea1a13d6350ced962) C:\Windows\system32\drivers\adpahci.sys
08:51:39.0855 6964 adpahci - ok
08:51:39.0886 6964 adpu320 (e109549c90f62fb570b9540c4b148e54) C:\Windows\system32\drivers\adpu320.sys
08:51:39.0918 6964 adpu320 - ok
08:51:39.0949 6964 AeLookupSvc (4b78b431f225fd8624c5655cb1de7b61) C:\Windows\System32\aelupsvc.dll
08:51:40.0074 6964 AeLookupSvc - ok
08:51:40.0136 6964 AFD (1c7857b62de5994a75b054a9fd4c3825) C:\Windows\system32\drivers\afd.sys
08:51:40.0214 6964 AFD - ok
08:51:40.0261 6964 agp440 (608c14dba7299d8cb6ed035a68a15799) C:\Windows\system32\drivers\agp440.sys
08:51:40.0276 6964 agp440 - ok
08:51:40.0323 6964 ALG (3290d6946b5e30e70414990574883ddb) C:\Windows\System32\alg.exe
08:51:40.0386 6964 ALG - ok
08:51:40.0432 6964 aliide (5812713a477a3ad7363c7438ca2ee038) C:\Windows\system32\drivers\aliide.sys
08:51:40.0448 6964 aliide - ok
08:51:40.0464 6964 amdide (1ff8b4431c353ce385c875f194924c0c) C:\Windows\system32\drivers\amdide.sys
08:51:40.0464 6964 amdide - ok
08:51:40.0495 6964 AmdK8 (7024f087cff1833a806193ef9d22cda9) C:\Windows\system32\drivers\amdk8.sys
08:51:40.0542 6964 AmdK8 - ok
08:51:40.0557 6964 AmdPPM (1e56388b3fe0d031c44144eb8c4d6217) C:\Windows\system32\drivers\amdppm.sys
08:51:40.0604 6964 AmdPPM - ok
08:51:40.0635 6964 amdsata (d4121ae6d0c0e7e13aa221aa57ef2d49) C:\Windows\system32\drivers\amdsata.sys
08:51:40.0666 6964 amdsata - ok
08:51:40.0682 6964 amdsbs (f67f933e79241ed32ff46a4f29b5120b) C:\Windows\system32\drivers\amdsbs.sys
08:51:40.0698 6964 amdsbs - ok
08:51:40.0729 6964 amdxata (540daf1cea6094886d72126fd7c33048) C:\Windows\system32\drivers\amdxata.sys
08:51:40.0729 6964 amdxata - ok
08:51:40.0776 6964 AppID (89a69c3f2f319b43379399547526d952) C:\Windows\system32\drivers\appid.sys
08:51:40.0916 6964 AppID - ok
08:51:40.0947 6964 AppIDSvc (0bc381a15355a3982216f7172f545de1) C:\Windows\System32\appidsvc.dll
08:51:41.0010 6964 AppIDSvc - ok
08:51:41.0041 6964 Appinfo (3977d4a871ca0d4f2ed1e7db46829731) C:\Windows\System32\appinfo.dll
08:51:41.0119 6964 Appinfo - ok
08:51:41.0150 6964 arc (c484f8ceb1717c540242531db7845c4e) C:\Windows\system32\drivers\arc.sys
08:51:41.0166 6964 arc - ok
08:51:41.0181 6964 arcsas (019af6924aefe7839f61c830227fe79c) C:\Windows\system32\drivers\arcsas.sys
08:51:41.0197 6964 arcsas - ok
08:51:41.0228 6964 ArcSoftKsUFilter (c130bc4a51b1382b2be8e44579ec4c0a) C:\Windows\system32\DRIVERS\ArcSoftKsUFilter.sys
08:51:41.0228 6964 ArcSoftKsUFilter - ok
08:51:41.0337 6964 aspnet_state (9217d874131ae6ff8f642f124f00a555) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
08:51:41.0368 6964 aspnet_state - ok
08:51:41.0384 6964 AsyncMac (769765ce2cc62867468cea93969b2242) C:\Windows\system32\DRIVERS\asyncmac.sys
08:51:41.0462 6964 AsyncMac - ok
08:51:41.0493 6964 atapi (02062c0b390b7729edc9e69c680a6f3c) C:\Windows\system32\drivers\atapi.sys
08:51:41.0493 6964 atapi - ok
08:51:41.0540 6964 AthBTPort (a434e093cd25870e5d32cb0b70c442ed) C:\Windows\system32\DRIVERS\btath_flt.sys
08:51:41.0556 6964 AthBTPort - ok
08:51:41.0634 6964 ATHDFU (4119870b90e1b5e7797d6433d21f9216) C:\Windows\System32\Drivers\AthDfu.sys
08:51:41.0649 6964 ATHDFU - ok
08:51:41.0727 6964 Atheros Bt&Wlan Coex Agent (4c4a576818ea028257c624ae36ff7a03) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe
08:51:41.0743 6964 Atheros Bt&Wlan Coex Agent - ok
08:51:41.0774 6964 AtherosSvc (520ce4bc1d9c83225f1dd76d1d2f28c8) C:\Program Files (x86)\Bluetooth Suite\adminservice.exe
08:51:41.0790 6964 AtherosSvc - ok
08:51:41.0946 6964 athr (a5e770426d18f8ef332a593f3289da91) C:\Windows\system32\DRIVERS\athrx.sys
08:51:42.0039 6964 athr - ok
08:51:42.0164 6964 AudioEndpointBuilder (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:51:42.0226 6964 AudioEndpointBuilder - ok
08:51:42.0226 6964 AudioSrv (f23fef6d569fce88671949894a8becf1) C:\Windows\System32\Audiosrv.dll
08:51:42.0258 6964 AudioSrv - ok
08:51:42.0289 6964 AxInstSV (a6bf31a71b409dfa8cac83159e1e2aff) C:\Windows\System32\AxInstSV.dll
08:51:42.0367 6964 AxInstSV - ok
08:51:42.0445 6964 b06bdrv (3e5b191307609f7514148c6832bb0842) C:\Windows\system32\drivers\bxvbda.sys
08:51:42.0492 6964 b06bdrv - ok
08:51:42.0538 6964 b57nd60a (b5ace6968304a3900eeb1ebfd9622df2) C:\Windows\system32\DRIVERS\b57nd60a.sys
08:51:42.0585 6964 b57nd60a - ok
08:51:42.0679 6964 BBSvc (93ee7d9c35ae7e9ffda148d7805f1421) C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
08:51:42.0710 6964 BBSvc - ok
08:51:42.0741 6964 BDESVC (fde360167101b4e45a96f939f388aeb0) C:\Windows\System32\bdesvc.dll
08:51:42.0804 6964 BDESVC - ok
08:51:42.0835 6964 Beep (16a47ce2decc9b099349a5f840654746) C:\Windows\system32\drivers\Beep.sys
08:51:42.0913 6964 Beep - ok
08:51:42.0975 6964 BFE (82974d6a2fd19445cc5171fc378668a4) C:\Windows\System32\bfe.dll
08:51:43.0038 6964 BFE - ok
08:51:43.0116 6964 BITS (1ea7969e3271cbc59e1730697dc74682) C:\Windows\System32\qmgr.dll
08:51:43.0225 6964 BITS - ok
08:51:43.0287 6964 blbdrive (61583ee3c3a17003c4acd0475646b4d3) C:\Windows\system32\drivers\blbdrive.sys
08:51:43.0303 6964 blbdrive - ok
08:51:43.0334 6964 bowser (6c02a83164f5cc0a262f4199f0871cf5) C:\Windows\system32\DRIVERS\bowser.sys
08:51:43.0350 6964 bowser - ok
08:51:43.0396 6964 BrFiltLo (f09eee9edc320b5e1501f749fde686c8) C:\Windows\system32\drivers\BrFiltLo.sys
08:51:43.0412 6964 BrFiltLo - ok
08:51:43.0428 6964 BrFiltUp (b114d3098e9bdb8bea8b053685831be6) C:\Windows\system32\drivers\BrFiltUp.sys
08:51:43.0443 6964 BrFiltUp - ok
08:51:43.0474 6964 Browser (8ef0d5c41ec907751b8429162b1239ed) C:\Windows\System32\browser.dll
08:51:43.0521 6964 Browser - ok
08:51:43.0552 6964 Brserid (43bea8d483bf1870f018e2d02e06a5bd) C:\Windows\System32\Drivers\Brserid.sys
08:51:43.0599 6964 Brserid - ok
08:51:43.0630 6964 BrSerWdm (a6eca2151b08a09caceca35c07f05b42) C:\Windows\System32\Drivers\BrSerWdm.sys
08:51:43.0646 6964 BrSerWdm - ok
08:51:43.0693 6964 BrUsbMdm (b79968002c277e869cf38bd22cd61524) C:\Windows\System32\Drivers\BrUsbMdm.sys
08:51:43.0724 6964 BrUsbMdm - ok
08:51:43.0802 6964 BrUsbSer (a87528880231c54e75ea7a44943b38bf) C:\Windows\System32\Drivers\BrUsbSer.sys
08:51:43.0849 6964 BrUsbSer - ok
08:51:43.0896 6964 BTATH_A2DP (bc9616c9d05b4b0843ff0d8d7a003aa7) C:\Windows\system32\drivers\btath_a2dp.sys
08:51:43.0911 6964 BTATH_A2DP - ok
08:51:43.0927 6964 btath_avdt (00a186bab2d5db4f549bcf8666d8ab39) C:\Windows\system32\drivers\btath_avdt.sys
08:51:43.0927 6964 btath_avdt - ok
08:51:43.0958 6964 BTATH_BUS (d6ead8f45ecbede3b1adbee5f075e0e2) C:\Windows\system32\drivers\btath_bus.sys
08:51:43.0974 6964 BTATH_BUS - ok
08:51:44.0036 6964 BTATH_HCRP (557bc22d5ac7fb5dd51ad00f0a03be09) C:\Windows\system32\drivers\btath_hcrp.sys
08:51:44.0052 6964 BTATH_HCRP - ok
08:51:44.0098 6964 BTATH_LWFLT (3b9f872f1330728172d2f5abfb8a7706) C:\Windows\system32\DRIVERS\btath_lwflt.sys
08:51:44.0114 6964 BTATH_LWFLT - ok
08:51:44.0145 6964 BTATH_RCP (4225b326514f20bab3751e532f403d1d) C:\Windows\system32\drivers\btath_rcp.sys
08:51:44.0161 6964 BTATH_RCP - ok
08:51:44.0223 6964 BtFilter (60675e839a37056ed5cbc7e00935451c) C:\Windows\system32\DRIVERS\btfilter.sys
08:51:44.0239 6964 BtFilter - ok
08:51:44.0301 6964 BthEnum (cf98190a94f62e405c8cb255018b2315) C:\Windows\system32\drivers\BthEnum.sys
08:51:44.0348 6964 BthEnum - ok
08:51:44.0395 6964 BTHMODEM (9da669f11d1f894ab4eb69bf546a42e8) C:\Windows\system32\drivers\bthmodem.sys
08:51:44.0426 6964 BTHMODEM - ok
08:51:44.0504 6964 BthPan (02dd601b708dd0667e1331fa8518e9ff) C:\Windows\system32\DRIVERS\bthpan.sys
08:51:44.0566 6964 BthPan - ok
08:51:44.0629 6964 BTHPORT (64c198198501f7560ee41d8d1efa7952) C:\Windows\System32\Drivers\BTHport.sys
08:51:44.0660 6964 BTHPORT - ok
08:51:44.0722 6964 bthserv (95f9c2976059462cbbf227f7aab10de9) C:\Windows\system32\bthserv.dll
08:51:44.0785 6964 bthserv - ok
08:51:44.0800 6964 BTHUSB (f188b7394d81010767b6df3178519a37) C:\Windows\System32\Drivers\BTHUSB.sys
08:51:44.0816 6964 BTHUSB - ok
08:51:44.0863 6964 cdfs (b8bd2bb284668c84865658c77574381a) C:\Windows\system32\DRIVERS\cdfs.sys
08:51:44.0956 6964 cdfs - ok
08:51:45.0003 6964 cdrom (f036ce71586e93d94dab220d7bdf4416) C:\Windows\system32\drivers\cdrom.sys
08:51:45.0019 6964 cdrom - ok
08:51:45.0050 6964 CertPropSvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:51:45.0097 6964 CertPropSvc - ok
08:51:45.0144 6964 circlass (d7cd5c4e1b71fa62050515314cfb52cf) C:\Windows\system32\drivers\circlass.sys
08:51:45.0190 6964 circlass - ok
08:51:45.0268 6964 CLFS (fe1ec06f2253f691fe36217c592a0206) C:\Windows\system32\CLFS.sys
08:51:45.0284 6964 CLFS - ok
08:51:45.0393 6964 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:51:45.0393 6964 clr_optimization_v2.0.50727_32 - ok
08:51:45.0456 6964 clr_optimization_v2.0.50727_64 (d1ceea2b47cb998321c579651ce3e4f8) C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:51:45.0471 6964 clr_optimization_v2.0.50727_64 - ok
08:51:45.0565 6964 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:51:45.0565 6964 clr_optimization_v4.0.30319_32 - ok
08:51:45.0627 6964 clr_optimization_v4.0.30319_64 (c6f9af94dcd58122a4d7e89db6bed29d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:51:45.0643 6964 clr_optimization_v4.0.30319_64 - ok
08:51:45.0690 6964 CmBatt (0840155d0bddf1190f84a663c284bd33) C:\Windows\system32\drivers\CmBatt.sys
08:51:45.0721 6964 CmBatt - ok
08:51:45.0768 6964 cmdide (e19d3f095812725d88f9001985b94edd) C:\Windows\system32\drivers\cmdide.sys
08:51:45.0783 6964 cmdide - ok
08:51:45.0830 6964 CNG (c4943b6c962e4b82197542447ad599f4) C:\Windows\system32\Drivers\cng.sys
08:51:45.0846 6964 CNG - ok
08:51:45.0892 6964 Compbatt (102de219c3f61415f964c88e9085ad14) C:\Windows\system32\drivers\compbatt.sys
08:51:45.0892 6964 Compbatt - ok
08:51:45.0939 6964 CompositeBus (03edb043586cceba243d689bdda370a8) C:\Windows\system32\drivers\CompositeBus.sys
08:51:45.0970 6964 CompositeBus - ok
08:51:45.0986 6964 COMSysApp - ok
08:51:46.0002 6964 crcdisk (1c827878a998c18847245fe1f34ee597) C:\Windows\system32\drivers\crcdisk.sys
08:51:46.0002 6964 crcdisk - ok
08:51:46.0033 6964 CryptSvc (4f5414602e2544a4554d95517948b705) C:\Windows\system32\cryptsvc.dll
08:51:46.0064 6964 CryptSvc - ok
08:51:46.0095 6964 DcomLaunch (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:51:46.0142 6964 DcomLaunch - ok
08:51:46.0189 6964 defragsvc (3cec7631a84943677aa8fa8ee5b6b43d) C:\Windows\System32\defragsvc.dll
08:51:46.0220 6964 defragsvc - ok
08:51:46.0267 6964 DfsC (9bb2ef44eaa163b29c4a4587887a0fe4) C:\Windows\system32\Drivers\dfsc.sys
08:51:46.0314 6964 DfsC - ok
08:51:46.0345 6964 dg_ssudbus (113212d25d0c9bb8901a9833774da97f) C:\Windows\system32\DRIVERS\ssudbus.sys
08:51:46.0360 6964 dg_ssudbus - ok
08:51:46.0423 6964 Dhcp (43d808f5d9e1a18e5eeb5ebc83969e4e) C:\Windows\system32\dhcpcore.dll
08:51:46.0454 6964 Dhcp - ok
08:51:46.0470 6964 discache (13096b05847ec78f0977f2c0f79e9ab3) C:\Windows\system32\drivers\discache.sys
08:51:46.0516 6964 discache - ok
08:51:46.0563 6964 Disk (9819eee8b5ea3784ec4af3b137a5244c) C:\Windows\system32\drivers\disk.sys
08:51:46.0579 6964 Disk - ok
08:51:46.0610 6964 Dnscache (16835866aaa693c7d7fceba8fff706e4) C:\Windows\System32\dnsrslvr.dll
08:51:46.0626 6964 Dnscache - ok
08:51:46.0657 6964 dot3svc (b1fb3ddca0fdf408750d5843591afbc6) C:\Windows\System32\dot3svc.dll
08:51:46.0688 6964 dot3svc - ok
08:51:46.0735 6964 DPS (b26f4f737e8f9df4f31af6cf31d05820) C:\Windows\system32\dps.dll
08:51:46.0766 6964 DPS - ok
08:51:46.0813 6964 drmkaud (9b19f34400d24df84c858a421c205754) C:\Windows\system32\drivers\drmkaud.sys
08:51:46.0844 6964 drmkaud - ok
08:51:46.0953 6964 DXGKrnl (f5bee30450e18e6b83a5012c100616fd) C:\Windows\System32\drivers\dxgkrnl.sys
08:51:46.0984 6964 DXGKrnl - ok
08:51:47.0031 6964 e1yexpress (50ad8fc1dc800ff36087994c8f7fdff2) C:\Windows\system32\DRIVERS\e1y60x64.sys
08:51:47.0047 6964 e1yexpress - ok
08:51:47.0094 6964 EapHost (e2dda8726da9cb5b2c4000c9018a9633) C:\Windows\System32\eapsvc.dll
08:51:47.0172 6964 EapHost - ok
08:51:47.0328 6964 ebdrv (dc5d737f51be844d8c82c695eb17372f) C:\Windows\system32\drivers\evbda.sys
08:51:47.0390 6964 ebdrv - ok
08:51:47.0499 6964 EFS (c118a82cd78818c29ab228366ebf81c3) C:\Windows\System32\lsass.exe
08:51:47.0562 6964 EFS - ok
08:51:47.0655 6964 ehRecvr (c4002b6b41975f057d98c439030cea07) C:\Windows\ehome\ehRecvr.exe
08:51:47.0733 6964 ehRecvr - ok
08:51:47.0764 6964 ehSched (4705e8ef9934482c5bb488ce28afc681) C:\Windows\ehome\ehsched.exe
08:51:47.0780 6964 ehSched - ok
08:51:47.0874 6964 elxstor (0e5da5369a0fcaea12456dd852545184) C:\Windows\system32\drivers\elxstor.sys
08:51:47.0905 6964 elxstor - ok
08:51:47.0920 6964 ErrDev (34a3c54752046e79a126e15c51db409b) C:\Windows\system32\drivers\errdev.sys
08:51:47.0952 6964 ErrDev - ok
08:51:48.0014 6964 EventSystem (4166f82be4d24938977dd1746be9b8a0) C:\Windows\system32\es.dll
08:51:48.0045 6964 EventSystem - ok
08:51:48.0092 6964 exfat (a510c654ec00c1e9bdd91eeb3a59823b) C:\Windows\system32\drivers\exfat.sys
08:51:48.0108 6964 exfat - ok
08:51:48.0139 6964 fastfat (0adc83218b66a6db380c330836f3e36d) C:\Windows\system32\drivers\fastfat.sys
08:51:48.0170 6964 fastfat - ok
08:51:48.0217 6964 Fax (dbefd454f8318a0ef691fdd2eaab44eb) C:\Windows\system32\fxssvc.exe
08:51:48.0264 6964 Fax - ok
08:51:48.0295 6964 fdc (d765d19cd8ef61f650c384f62fac00ab) C:\Windows\system32\drivers\fdc.sys
08:51:48.0326 6964 fdc - ok
08:51:48.0357 6964 fdPHost (0438cab2e03f4fb61455a7956026fe86) C:\Windows\system32\fdPHost.dll
08:51:48.0404 6964 fdPHost - ok
08:51:48.0420 6964 FDResPub (802496cb59a30349f9a6dd22d6947644) C:\Windows\system32\fdrespub.dll
08:51:48.0466 6964 FDResPub - ok
08:51:48.0498 6964 FileInfo (655661be46b5f5f3fd454e2c3095b930) C:\Windows\system32\drivers\fileinfo.sys
08:51:48.0513 6964 FileInfo - ok
08:51:48.0529 6964 Filetrace (5f671ab5bc87eea04ec38a6cd5962a47) C:\Windows\system32\drivers\filetrace.sys
08:51:48.0591 6964 Filetrace - ok
08:51:48.0622 6964 flpydisk (c172a0f53008eaeb8ea33fe10e177af5) C:\Windows\system32\drivers\flpydisk.sys
08:51:48.0622 6964 flpydisk - ok
08:51:48.0654 6964 FltMgr (da6b67270fd9db3697b20fce94950741) C:\Windows\system32\drivers\fltmgr.sys
08:51:48.0669 6964 FltMgr - ok
08:51:48.0732 6964 FontCache (5c4cb4086fb83115b153e47add961a0c) C:\Windows\system32\FntCache.dll
08:51:48.0794 6964 FontCache - ok
08:51:48.0841 6964 FontCache3.0.0.0 (a8b7f3818ab65695e3a0bb3279f6dce6) C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:51:48.0872 6964 FontCache3.0.0.0 - ok
08:51:48.0919 6964 FsDepends (d43703496149971890703b4b1b723eac) C:\Windows\system32\drivers\FsDepends.sys
08:51:48.0934 6964 FsDepends - ok
08:51:48.0981 6964 Fs_Rec (6bd9295cc032dd3077c671fccf579a7b) C:\Windows\system32\drivers\Fs_Rec.sys
08:51:48.0997 6964 Fs_Rec - ok
08:51:49.0028 6964 fvevol (1f7b25b858fa27015169fe95e54108ed) C:\Windows\system32\DRIVERS\fvevol.sys
08:51:49.0059 6964 fvevol - ok
08:51:49.0075 6964 gagp30kx (8c778d335c9d272cfd3298ab02abe3b6) C:\Windows\system32\drivers\gagp30kx.sys
08:51:49.0090 6964 gagp30kx - ok
08:51:49.0168 6964 gpsvc (277bbc7e1aa1ee957f573a10eca7ef3a) C:\Windows\System32\gpsvc.dll
08:51:49.0215 6964 gpsvc - ok
08:51:49.0231 6964 hcw85cir (f2523ef6460fc42405b12248338ab2f0) C:\Windows\system32\drivers\hcw85cir.sys
08:51:49.0262 6964 hcw85cir - ok
08:51:49.0309 6964 HdAudAddService (975761c778e33cd22498059b91e7373a) C:\Windows\system32\drivers\HdAudio.sys
08:51:49.0356 6964 HdAudAddService - ok
08:51:49.0387 6964 HDAudBus (97bfed39b6b79eb12cddbfeed51f56bb) C:\Windows\system32\drivers\HDAudBus.sys
08:51:49.0418 6964 HDAudBus - ok
08:51:49.0434 6964 HidBatt (78e86380454a7b10a5eb255dc44a355f) C:\Windows\system32\drivers\HidBatt.sys
08:51:49.0449 6964 HidBatt - ok
08:51:49.0480 6964 HidBth (7fd2a313f7afe5c4dab14798c48dd104) C:\Windows\system32\drivers\hidbth.sys
08:51:49.0512 6964 HidBth - ok
08:51:49.0543 6964 HidIr (0a77d29f311b88cfae3b13f9c1a73825) C:\Windows\system32\drivers\hidir.sys
08:51:49.0574 6964 HidIr - ok
08:51:49.0590 6964 hidserv (bd9eb3958f213f96b97b1d897dee006d) C:\Windows\system32\hidserv.dll
08:51:49.0652 6964 hidserv - ok
08:51:49.0683 6964 HidUsb (9592090a7e2b61cd582b612b6df70536) C:\Windows\system32\DRIVERS\hidusb.sys
08:51:49.0683 6964 HidUsb - ok
08:51:49.0714 6964 hkmsvc (387e72e739e15e3d37907a86d9ff98e2) C:\Windows\system32\kmsvc.dll
08:51:49.0792 6964 hkmsvc - ok
08:51:49.0824 6964 HomeGroupListener (efdfb3dd38a4376f93e7985173813abd) C:\Windows\system32\ListSvc.dll
08:51:49.0870 6964 HomeGroupListener - ok
08:51:49.0902 6964 HomeGroupProvider (908acb1f594274965a53926b10c81e89) C:\Windows\system32\provsvc.dll
08:51:49.0933 6964 HomeGroupProvider - ok
08:51:49.0995 6964 HpSAMD (39d2abcd392f3d8a6dce7b60ae7b8efc) C:\Windows\system32\drivers\HpSAMD.sys
08:51:50.0011 6964 HpSAMD - ok
08:51:50.0120 6964 HTTP (0ea7de1acb728dd5a369fd742d6eee28) C:\Windows\system32\drivers\HTTP.sys
08:51:50.0198 6964 HTTP - ok
08:51:50.0214 6964 hwpolicy (a5462bd6884960c9dc85ed49d34ff392) C:\Windows\system32\drivers\hwpolicy.sys
08:51:50.0229 6964 hwpolicy - ok
08:51:50.0260 6964 i8042prt (fa55c73d4affa7ee23ac4be53b4592d3) C:\Windows\system32\drivers\i8042prt.sys
08:51:50.0260 6964 i8042prt - ok
08:51:50.0307 6964 iaStor (d469b77687e12fe43e344806740b624d) C:\Windows\system32\drivers\iaStor.sys
08:51:50.0338 6964 iaStor - ok
08:51:50.0416 6964 IAStorDataMgrSvc (983fc69644ddf0486c8dfea262948d1a) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:51:50.0432 6964 IAStorDataMgrSvc - ok
08:51:50.0479 6964 iaStorV (aaaf44db3bd0b9d1fb6969b23ecc8366) C:\Windows\system32\drivers\iaStorV.sys
08:51:50.0510 6964 iaStorV - ok
08:51:50.0619 6964 idsvc (5988fc40f8db5b0739cd1e3a5d0d78bd) C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:51:50.0650 6964 idsvc - ok
08:51:50.0682 6964 iirsp (5c18831c61933628f5bb0ea2675b9d21) C:\Windows\system32\drivers\iirsp.sys
08:51:50.0697 6964 iirsp - ok
08:51:50.0760 6964 IKEEXT (fcd84c381e0140af901e58d48882d26b) C:\Windows\System32\ikeext.dll
08:51:50.0838 6964 IKEEXT - ok
08:51:50.0978 6964 IntcAzAudAddService (65f70696be5abc11634fcf96af7d7896) C:\Windows\system32\drivers\RTKVHD64.sys
08:51:51.0025 6964 IntcAzAudAddService - ok
08:51:51.0118 6964 intelide (f00f20e70c6ec3aa366910083a0518aa) C:\Windows\system32\drivers\intelide.sys
08:51:51.0134 6964 intelide - ok
08:51:51.0181 6964 intelppm (ada036632c664caa754079041cf1f8c1) C:\Windows\system32\drivers\intelppm.sys
08:51:51.0228 6964 intelppm - ok
08:51:51.0259 6964 IPBusEnum (098a91c54546a3b878dad6a7e90a455b) C:\Windows\system32\ipbusenum.dll
08:51:51.0321 6964 IPBusEnum - ok
08:51:51.0352 6964 IpFilterDriver (c9f0e1bd74365a8771590e9008d22ab6) C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:51:51.0368 6964 IpFilterDriver - ok
08:51:51.0415 6964 iphlpsvc (a34a587fffd45fa649fba6d03784d257) C:\Windows\System32\iphlpsvc.dll
08:51:51.0462 6964 iphlpsvc - ok
08:51:51.0477 6964 IPMIDRV (0fc1aea580957aa8817b8f305d18ca3a) C:\Windows\system32\drivers\IPMIDrv.sys
08:51:51.0493 6964 IPMIDRV - ok
08:51:51.0524 6964 IPNAT (af9b39a7e7b6caa203b3862582e9f2d0) C:\Windows\system32\drivers\ipnat.sys
08:51:51.0602 6964 IPNAT - ok
08:51:51.0618 6964 IRENUM (3abf5e7213eb28966d55d58b515d5ce9) C:\Windows\system32\drivers\irenum.sys
08:51:51.0649 6964 IRENUM - ok
08:51:51.0680 6964 isapnp (2f7b28dc3e1183e5eb418df55c204f38) C:\Windows\system32\drivers\isapnp.sys
08:51:51.0696 6964 isapnp - ok
08:51:51.0774 6964 iScsiPrt (d931d7309deb2317035b07c9f9e6b0bd) C:\Windows\system32\drivers\msiscsi.sys
08:51:51.0852 6964 iScsiPrt - ok
08:51:51.0898 6964 IviRegMgr (f415a88162d23977b5edae4f0410e903) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
08:51:51.0930 6964 IviRegMgr - ok
08:51:51.0976 6964 kbdclass (bc02336f1cba7dcc7d1213bb588a68a5) C:\Windows\system32\drivers\kbdclass.sys
08:51:51.0992 6964 kbdclass - ok
08:51:52.0023 6964 kbdhid (0705eff5b42a9db58548eec3b26bb484) C:\Windows\system32\drivers\kbdhid.sys
08:51:52.0054 6964 kbdhid - ok
08:51:52.0086 6964 KeyIso (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:51:52.0101 6964 KeyIso - ok
08:51:52.0179 6964 Kodak AiO Network Discovery Service (27277a11db52fefae5b01dc8fb570b28) C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe
08:51:52.0210 6964 Kodak AiO Network Discovery Service - ok
08:51:52.0242 6964 KSecDD (da1e991a61cfdd755a589e206b97644b) C:\Windows\system32\Drivers\ksecdd.sys
08:51:52.0257 6964 KSecDD - ok
08:51:52.0273 6964 KSecPkg (7e33198d956943a4f11a5474c1e9106f) C:\Windows\system32\Drivers\ksecpkg.sys
08:51:52.0288 6964 KSecPkg - ok
08:51:52.0320 6964 ksthunk (6869281e78cb31a43e969f06b57347c4) C:\Windows\system32\drivers\ksthunk.sys
08:51:52.0382 6964 ksthunk - ok
08:51:52.0413 6964 KtmRm (6ab66e16aa859232f64deb66887a8c9c) C:\Windows\system32\msdtckrm.dll
08:51:52.0460 6964 KtmRm - ok
08:51:52.0538 6964 LanmanServer (d9f42719019740baa6d1c6d536cbdaa6) C:\Windows\system32\srvsvc.dll
08:51:52.0616 6964 LanmanServer - ok
08:51:52.0632 6964 LanmanWorkstation (851a1382eed3e3a7476db004f4ee3e1a) C:\Windows\System32\wkssvc.dll
08:51:52.0678 6964 LanmanWorkstation - ok
08:51:52.0710 6964 lltdio (1538831cf8ad2979a04c423779465827) C:\Windows\system32\DRIVERS\lltdio.sys
08:51:52.0756 6964 lltdio - ok
08:51:52.0788 6964 lltdsvc (c1185803384ab3feed115f79f109427f) C:\Windows\System32\lltdsvc.dll
08:51:52.0834 6964 lltdsvc - ok
08:51:52.0850 6964 lmhosts (f993a32249b66c9d622ea5592a8b76b8) C:\Windows\System32\lmhsvc.dll
08:51:52.0881 6964 lmhosts - ok
08:51:52.0959 6964 LMS (f4a17dcab576267c85663e64f3ace5a4) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:51:52.0959 6964 LMS - ok
08:51:53.0006 6964 LSI_FC (1a93e54eb0ece102495a51266dcdb6a6) C:\Windows\system32\drivers\lsi_fc.sys
08:51:53.0037 6964 LSI_FC - ok
08:51:53.0068 6964 LSI_SAS (1047184a9fdc8bdbff857175875ee810) C:\Windows\system32\drivers\lsi_sas.sys
08:51:53.0068 6964 LSI_SAS - ok
08:51:53.0084 6964 LSI_SAS2 (30f5c0de1ee8b5bc9306c1f0e4a75f93) C:\Windows\system32\drivers\lsi_sas2.sys
08:51:53.0100 6964 LSI_SAS2 - ok
08:51:53.0115 6964 LSI_SCSI (0504eacaff0d3c8aed161c4b0d369d4a) C:\Windows\system32\drivers\lsi_scsi.sys
08:51:53.0131 6964 LSI_SCSI - ok
08:51:53.0162 6964 luafv (43d0f98e1d56ccddb0d5254cff7b356e) C:\Windows\system32\drivers\luafv.sys
08:51:53.0209 6964 luafv - ok
08:51:53.0256 6964 MBAMProtector (dbc08862a71459e74f7538b432c114cc) C:\Windows\system32\drivers\mbam.sys
08:51:53.0287 6964 MBAMProtector - ok
08:51:53.0380 6964 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:51:53.0427 6964 MBAMService - ok
08:51:53.0490 6964 McAfee SiteAdvisor Service (be8c524313db75fa26fb2b0c0aaff88e) c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe
08:51:53.0521 6964 McAfee SiteAdvisor Service - ok
08:51:53.0536 6964 Mcx2Svc (0be09cd858abf9df6ed259d57a1a1663) C:\Windows\system32\Mcx2Svc.dll
08:51:53.0568 6964 Mcx2Svc - ok
08:51:53.0599 6964 megasas (a55805f747c6edb6a9080d7c633bd0f4) C:\Windows\system32\drivers\megasas.sys
08:51:53.0614 6964 megasas - ok
08:51:53.0677 6964 MegaSR (baf74ce0072480c3b6b7c13b2a94d6b3) C:\Windows\system32\drivers\MegaSR.sys
08:51:53.0708 6964 MegaSR - ok
08:51:53.0755 6964 MEIx64 (a6518dcc42f7a6e999bb3bea8fd87567) C:\Windows\system32\drivers\HECIx64.sys
08:51:53.0770 6964 MEIx64 - ok
08:51:53.0802 6964 MMCSS (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:51:53.0848 6964 MMCSS - ok
08:51:53.0895 6964 MOBK649backup (db033326180514b9a45612ce14324f5c) C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe
08:51:53.0926 6964 MOBK649backup - ok
08:51:53.0958 6964 MOBK649Filter (3c69aa906ee867ade4437acd8460b43d) C:\Windows\system32\DRIVERS\MOBK649.sys
08:51:53.0973 6964 MOBK649Filter - ok
08:51:53.0989 6964 Modem (800ba92f7010378b09f9ed9270f07137) C:\Windows\system32\drivers\modem.sys
08:51:54.0051 6964 Modem - ok
08:51:54.0067 6964 monitor (b03d591dc7da45ece20b3b467e6aadaa) C:\Windows\system32\DRIVERS\monitor.sys
08:51:54.0082 6964 monitor - ok
08:51:54.0129 6964 mouclass (7d27ea49f3c1f687d357e77a470aea99) C:\Windows\system32\DRIVERS\mouclass.sys
08:51:54.0129 6964 mouclass - ok
08:51:54.0160 6964 mouhid (d3bf052c40b0c4166d9fd86a4288c1e6) C:\Windows\system32\DRIVERS\mouhid.sys
08:51:54.0192 6964 mouhid - ok
08:51:54.0223 6964 mountmgr (32e7a3d591d671a6df2db515a5cbe0fa) C:\Windows\system32\drivers\mountmgr.sys
08:51:54.0238 6964 mountmgr - ok
08:51:54.0254 6964 mpio (a44b420d30bd56e145d6a2bc8768ec58) C:\Windows\system32\drivers\mpio.sys
08:51:54.0270 6964 mpio - ok
08:51:54.0285 6964 mpsdrv (6c38c9e45ae0ea2fa5e551f2ed5e978f) C:\Windows\system32\drivers\mpsdrv.sys
08:51:54.0316 6964 mpsdrv - ok
08:51:54.0363 6964 MpsSvc (54ffc9c8898113ace189d4aa7199d2c1) C:\Windows\system32\mpssvc.dll
08:51:54.0394 6964 MpsSvc - ok
08:51:54.0426 6964 MRxDAV (dc722758b8261e1abafd31a3c0a66380) C:\Windows\system32\drivers\mrxdav.sys
08:51:54.0488 6964 MRxDAV - ok
08:51:54.0535 6964 mrxsmb (a5d9106a73dc88564c825d317cac68ac) C:\Windows\system32\DRIVERS\mrxsmb.sys
08:51:54.0582 6964 mrxsmb - ok
08:51:54.0597 6964 mrxsmb10 (d711b3c1d5f42c0c2415687be09fc163) C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:51:54.0628 6964 mrxsmb10 - ok
08:51:54.0644 6964 mrxsmb20 (9423e9d355c8d303e76b8cfbd8a5c30c) C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:51:54.0660 6964 mrxsmb20 - ok
08:51:54.0675 6964 msahci (c25f0bafa182cbca2dd3c851c2e75796) C:\Windows\system32\drivers\msahci.sys
08:51:54.0691 6964 msahci - ok
08:51:54.0722 6964 msdsm (db801a638d011b9633829eb6f663c900) C:\Windows\system32\drivers\msdsm.sys
08:51:54.0753 6964 msdsm - ok
08:51:54.0784 6964 MSDTC (de0ece52236cfa3ed2dbfc03f28253a8) C:\Windows\System32\msdtc.exe
08:51:54.0800 6964 MSDTC - ok
08:51:54.0831 6964 Msfs (aa3fb40e17ce1388fa1bedab50ea8f96) C:\Windows\system32\drivers\Msfs.sys
08:51:54.0894 6964 Msfs - ok
08:51:54.0909 6964 mshidkmdf (f9d215a46a8b9753f61767fa72a20326) C:\Windows\System32\drivers\mshidkmdf.sys
08:51:54.0987 6964 mshidkmdf - ok
08:51:55.0003 6964 msisadrv (d916874bbd4f8b07bfb7fa9b3ccae29d) C:\Windows\system32\drivers\msisadrv.sys
08:51:55.0003 6964 msisadrv - ok
08:51:55.0034 6964 MSiSCSI (808e98ff49b155c522e6400953177b08) C:\Windows\system32\iscsiexe.dll
08:51:55.0065 6964 MSiSCSI - ok
08:51:55.0065 6964 msiserver - ok
08:51:55.0112 6964 MSKSSRV (49ccf2c4fea34ffad8b1b59d49439366) C:\Windows\system32\drivers\MSKSSRV.sys
08:51:55.0190 6964 MSKSSRV - ok
08:51:55.0206 6964 MSPCLOCK (bdd71ace35a232104ddd349ee70e1ab3) C:\Windows\system32\drivers\MSPCLOCK.sys
08:51:55.0237 6964 MSPCLOCK - ok
08:51:55.0237 6964 MSPQM (4ed981241db27c3383d72092b618a1d0) C:\Windows\system32\drivers\MSPQM.sys
08:51:55.0268 6964 MSPQM - ok
08:51:55.0284 6964 MsRPC (759a9eeb0fa9ed79da1fb7d4ef78866d) C:\Windows\system32\drivers\MsRPC.sys
08:51:55.0299 6964 MsRPC - ok
08:51:55.0315 6964 mssmbios (0eed230e37515a0eaee3c2e1bc97b288) C:\Windows\system32\drivers\mssmbios.sys
08:51:55.0330 6964 mssmbios - ok
08:51:55.0362 6964 MSTEE (2e66f9ecb30b4221a318c92ac2250779) C:\Windows\system32\drivers\MSTEE.sys
08:51:55.0424 6964 MSTEE - ok
08:51:55.0440 6964 MTConfig (7ea404308934e675bffde8edf0757bcd) C:\Windows\system32\drivers\MTConfig.sys
08:51:55.0440 6964 MTConfig - ok
08:51:55.0455 6964 Mup (f9a18612fd3526fe473c1bda678d61c8) C:\Windows\system32\Drivers\mup.sys
08:51:55.0471 6964 Mup - ok
08:51:55.0502 6964 napagent (582ac6d9873e31dfa28a4547270862dd) C:\Windows\system32\qagentRT.dll
08:51:55.0549 6964 napagent - ok
08:51:55.0596 6964 NativeWifiP (1ea3749c4114db3e3161156ffffa6b33) C:\Windows\system32\DRIVERS\nwifi.sys
08:51:55.0642 6964 NativeWifiP - ok
08:51:55.0689 6964 NDIS (79b47fd40d9a817e932f9d26fac0a81c) C:\Windows\system32\drivers\ndis.sys
08:51:55.0720 6964 NDIS - ok
08:51:55.0736 6964 NdisCap (9f9a1f53aad7da4d6fef5bb73ab811ac) C:\Windows\system32\DRIVERS\ndiscap.sys
08:51:55.0767 6964 NdisCap - ok
08:51:55.0798 6964 NdisTapi (30639c932d9fef22b31268fe25a1b6e5) C:\Windows\system32\DRIVERS\ndistapi.sys
08:51:55.0861 6964 NdisTapi - ok
08:51:55.0892 6964 Ndisuio (136185f9fb2cc61e573e676aa5402356) C:\Windows\system32\DRIVERS\ndisuio.sys
08:51:55.0939 6964 Ndisuio - ok
08:51:55.0970 6964 NdisWan (53f7305169863f0a2bddc49e116c2e11) C:\Windows\system32\DRIVERS\ndiswan.sys
08:51:56.0001 6964 NdisWan - ok
08:51:56.0017 6964 NDProxy (015c0d8e0e0421b4cfd48cffe2825879) C:\Windows\system32\drivers\NDProxy.sys
08:51:56.0064 6964 NDProxy - ok
08:51:56.0095 6964 NetBIOS (86743d9f5d2b1048062b14b1d84501c4) C:\Windows\system32\DRIVERS\netbios.sys
08:51:56.0142 6964 NetBIOS - ok
08:51:56.0173 6964 NetBT (09594d1089c523423b32a4229263f068) C:\Windows\system32\DRIVERS\netbt.sys
08:51:56.0204 6964 NetBT - ok
08:51:56.0220 6964 Netlogon (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:51:56.0220 6964 Netlogon - ok
08:51:56.0266 6964 Netman (847d3ae376c0817161a14a82c8922a9e) C:\Windows\System32\netman.dll
08:51:56.0329 6964 Netman - ok
08:51:56.0422 6964 NetMsmqActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0438 6964 NetMsmqActivator - ok
08:51:56.0454 6964 NetPipeActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0454 6964 NetPipeActivator - ok
08:51:56.0485 6964 netprofm (5f28111c648f1e24f7dbc87cdeb091b8) C:\Windows\System32\netprofm.dll
08:51:56.0547 6964 netprofm - ok
08:51:56.0547 6964 NetTcpActivator (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0563 6964 NetTcpActivator - ok
08:51:56.0563 6964 NetTcpPortSharing (d22cd77d4f0d63d1169bb35911bff12d) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
08:51:56.0563 6964 NetTcpPortSharing - ok
08:51:56.0625 6964 nfrd960 (77889813be4d166cdab78ddba990da92) C:\Windows\system32\drivers\nfrd960.sys
08:51:56.0641 6964 nfrd960 - ok
08:51:56.0703 6964 NlaSvc (1ee99a89cc788ada662441d1e9830529) C:\Windows\System32\nlasvc.dll
08:51:56.0781 6964 NlaSvc - ok
08:51:56.0797 6964 Npfs (1e4c4ab5c9b8dd13179bbdc75a2a01f7) C:\Windows\system32\drivers\Npfs.sys
08:51:56.0844 6964 Npfs - ok
08:51:56.0844 6964 nsi (d54bfdf3e0c953f823b3d0bfe4732528) C:\Windows\system32\nsisvc.dll
08:51:56.0875 6964 nsi - ok
08:51:56.0890 6964 nsiproxy (e7f5ae18af4168178a642a9247c63001) C:\Windows\system32\drivers\nsiproxy.sys
08:51:56.0922 6964 nsiproxy - ok
08:51:57.0015 6964 Ntfs (a2f74975097f52a00745f9637451fdd8) C:\Windows\system32\drivers\Ntfs.sys
08:51:57.0078 6964 Ntfs - ok
08:51:57.0234 6964 Null (9899284589f75fa8724ff3d16aed75c1) C:\Windows\system32\drivers\Null.sys
08:51:57.0312 6964 Null - ok
08:51:57.0343 6964 nusb3hub (158ad24745bd85ba9be3c51c38f48c32) C:\Windows\system32\drivers\nusb3hub.sys
08:51:57.0374 6964 nusb3hub - ok
08:51:57.0405 6964 nusb3xhc (d40a13b2c0891e218f9523b376955db6) C:\Windows\system32\drivers\nusb3xhc.sys
08:51:57.0468 6964 nusb3xhc - ok
08:51:57.0514 6964 NVHDA (f2662fdc20518ee8a8eed4f61ba42349) C:\Windows\system32\drivers\nvhda64v.sys
08:51:57.0530 6964 NVHDA - ok
08:51:58.0513 6964 nvlddmkm (a8151a773ce78233375445d41b77e85e) C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:51:58.0669 6964 nvlddmkm - ok
08:51:58.0825 6964 nvraid (0a92cb65770442ed0dc44834632f66ad) C:\Windows\system32\drivers\nvraid.sys
08:51:58.0856 6964 nvraid - ok
08:51:58.0934 6964 nvstor (dab0e87525c10052bf65f06152f37e4a) C:\Windows\system32\drivers\nvstor.sys
08:51:58.0965 6964 nvstor - ok
08:51:59.0028 6964 NVSvc (b10cca77064c6171846e1cf0d7155af3) C:\Windows\system32\nvvsvc.exe
08:51:59.0043 6964 NVSvc - ok
08:51:59.0106 6964 nv_agp (270d7cd42d6e3979f6dd0146650f0e05) C:\Windows\system32\drivers\nv_agp.sys
08:51:59.0121 6964 nv_agp - ok
08:51:59.0168 6964 ohci1394 (3589478e4b22ce21b41fa1bfc0b8b8a0) C:\Windows\system32\drivers\ohci1394.sys
08:51:59.0199 6964 ohci1394 - ok
08:51:59.0308 6964 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:51:59.0324 6964 ose - ok
08:51:59.0714 6964 osppsvc (61bffb5f57ad12f83ab64b7181829b34) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
08:51:59.0776 6964 osppsvc - ok
08:51:59.0886 6964 p2pimsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:51:59.0917 6964 p2pimsvc - ok
08:51:59.0932 6964 p2psvc (927463ecb02179f88e4b9a17568c63c3) C:\Windows\system32\p2psvc.dll
08:51:59.0948 6964 p2psvc - ok
08:52:00.0010 6964 Parport (0086431c29c35be1dbc43f52cc273887) C:\Windows\system32\drivers\parport.sys
08:52:00.0057 6964 Parport - ok
08:52:00.0120 6964 partmgr (e9766131eeade40a27dc27d2d68fba9c) C:\Windows\system32\drivers\partmgr.sys
08:52:00.0135 6964 partmgr - ok
08:52:00.0166 6964 PcaSvc (3aeaa8b561e63452c655dc0584922257) C:\Windows\System32\pcasvc.dll
08:52:00.0198 6964 PcaSvc - ok
08:52:00.0260 6964 pci (94575c0571d1462a0f70bde6bd6ee6b3) C:\Windows\system32\drivers\pci.sys
08:52:00.0260 6964 pci - ok
08:52:00.0338 6964 pciide (b5b8b5ef2e5cb34df8dcf8831e3534fa) C:\Windows\system32\drivers\pciide.sys
08:52:00.0354 6964 pciide - ok
08:52:00.0385 6964 pcmcia (b2e81d4e87ce48589f98cb8c05b01f2f) C:\Windows\system32\drivers\pcmcia.sys
08:52:00.0400 6964 pcmcia - ok
08:52:00.0432 6964 pcw (d6b9c2e1a11a3a4b26a182ffef18f603) C:\Windows\system32\drivers\pcw.sys
08:52:00.0447 6964 pcw - ok
08:52:00.0463 6964 PEAUTH (68769c3356b3be5d1c732c97b9a80d6e) C:\Windows\system32\drivers\peauth.sys
08:52:00.0510 6964 PEAUTH - ok
08:52:00.0603 6964 PerfHost (e495e408c93141e8fc72dc0c6046ddfa) C:\Windows\SysWow64\perfhost.exe
08:52:00.0634 6964 PerfHost - ok
08:52:00.0697 6964 pla (c7cf6a6e137463219e1259e3f0f0dd6c) C:\Windows\system32\pla.dll
08:52:00.0744 6964 pla - ok
08:52:00.0837 6964 PlugPlay (25fbdef06c4d92815b353f6e792c8129) C:\Windows\system32\umpnpmgr.dll
08:52:00.0868 6964 PlugPlay - ok
08:52:00.0978 6964 PMBDeviceInfoProvider (e9605a180001a6b5551112d91de92ca1) C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe
08:52:00.0993 6964 PMBDeviceInfoProvider - ok
08:52:01.0009 6964 PNRPAutoReg (7195581cec9bb7d12abe54036acc2e38) C:\Windows\system32\pnrpauto.dll
08:52:01.0024 6964 PNRPAutoReg - ok
08:52:01.0040 6964 PNRPsvc (3eac4455472cc2c97107b5291e0dcafe) C:\Windows\system32\pnrpsvc.dll
08:52:01.0056 6964 PNRPsvc - ok
08:52:01.0102 6964 PolicyAgent (4f15d75adf6156bf56eced6d4a55c389) C:\Windows\System32\ipsecsvc.dll
08:52:01.0149 6964 PolicyAgent - ok
08:52:01.0180 6964 Power (6ba9d927dded70bd1a9caded45f8b184) C:\Windows\system32\umpo.dll
08:52:01.0212 6964 Power - ok
08:52:01.0274 6964 PptpMiniport (f92a2c41117a11a00be01ca01a7fcde9) C:\Windows\system32\DRIVERS\raspptp.sys
08:52:01.0305 6964 PptpMiniport - ok
08:52:01.0336 6964 Processor (0d922e23c041efb1c3fac2a6f943c9bf) C:\Windows\system32\drivers\processr.sys
08:52:01.0352 6964 Processor - ok
08:52:01.0383 6964 ProfSvc (53e83f1f6cf9d62f32801cf66d8352a8) C:\Windows\system32\profsvc.dll
08:52:01.0430 6964 ProfSvc - ok
08:52:01.0446 6964 ProtectedStorage (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:01.0461 6964 ProtectedStorage - ok
08:52:01.0508 6964 Psched (0557cf5a2556bd58e26384169d72438d) C:\Windows\system32\DRIVERS\pacer.sys
08:52:01.0570 6964 Psched - ok
08:52:01.0633 6964 PSI_SVC_2 (f036cfb275d0c55f4e45fbbf5f98b3c8) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
08:52:01.0648 6964 PSI_SVC_2 - ok
08:52:01.0680 6964 PxHlpa64 (87b04878a6d59d6c79251dc960c674c1) C:\Windows\system32\Drivers\PxHlpa64.sys
08:52:01.0711 6964 PxHlpa64 - ok
08:52:01.0804 6964 ql2300 (a53a15a11ebfd21077463ee2c7afeef0) C:\Windows\system32\drivers\ql2300.sys
08:52:01.0851 6964 ql2300 - ok
08:52:01.0945 6964 ql40xx (4f6d12b51de1aaeff7dc58c4d75423c8) C:\Windows\system32\drivers\ql40xx.sys
08:52:01.0976 6964 ql40xx - ok
08:52:02.0023 6964 QWAVE (906191634e99aea92c4816150bda3732) C:\Windows\system32\qwave.dll
08:52:02.0054 6964 QWAVE - ok
08:52:02.0070 6964 QWAVEdrv (76707bb36430888d9ce9d705398adb6c) C:\Windows\system32\drivers\qwavedrv.sys
08:52:02.0101 6964 QWAVEdrv - ok
08:52:02.0116 6964 RasAcd (5a0da8ad5762fa2d91678a8a01311704) C:\Windows\system32\DRIVERS\rasacd.sys
08:52:02.0163 6964 RasAcd - ok
08:52:02.0194 6964 RasAgileVpn (7ecff9b22276b73f43a99a15a6094e90) C:\Windows\system32\DRIVERS\AgileVpn.sys
08:52:02.0241 6964 RasAgileVpn - ok
08:52:02.0272 6964 RasAuto (8f26510c5383b8dbe976de1cd00fc8c7) C:\Windows\System32\rasauto.dll
08:52:02.0350 6964 RasAuto - ok
08:52:02.0366 6964 Rasl2tp (471815800ae33e6f1c32fb1b97c490ca) C:\Windows\system32\DRIVERS\rasl2tp.sys
08:52:02.0413 6964 Rasl2tp - ok
08:52:02.0460 6964 RasMan (ee867a0870fc9e4972ba9eaad35651e2) C:\Windows\System32\rasmans.dll
08:52:02.0491 6964 RasMan - ok
08:52:02.0538 6964 RasPppoe (855c9b1cd4756c5e9a2aa58a15f58c25) C:\Windows\system32\DRIVERS\raspppoe.sys
08:52:02.0616 6964 RasPppoe - ok
08:52:02.0631 6964 RasSstp (e8b1e447b008d07ff47d016c2b0eeecb) C:\Windows\system32\DRIVERS\rassstp.sys
08:52:02.0678 6964 RasSstp - ok
08:52:02.0694 6964 rdbss (77f665941019a1594d887a74f301fa2f) C:\Windows\system32\DRIVERS\rdbss.sys
08:52:02.0725 6964 rdbss - ok
08:52:02.0756 6964 rdpbus (302da2a0539f2cf54d7c6cc30c1f2d8d) C:\Windows\system32\drivers\rdpbus.sys
08:52:02.0772 6964 rdpbus - ok
08:52:02.0787 6964 RDPCDD (cea6cc257fc9b7715f1c2b4849286d24) C:\Windows\system32\DRIVERS\RDPCDD.sys
08:52:02.0818 6964 RDPCDD - ok
08:52:02.0818 6964 RDPENCDD (bb5971a4f00659529a5c44831af22365) C:\Windows\system32\drivers\rdpencdd.sys
08:52:02.0865 6964 RDPENCDD - ok
08:52:02.0881 6964 RDPREFMP (216f3fa57533d98e1f74ded70113177a) C:\Windows\system32\drivers\rdprefmp.sys
08:52:02.0896 6964 RDPREFMP - ok
08:52:02.0943 6964 RDPWD (e61608aa35e98999af9aaeeea6114b0a) C:\Windows\system32\drivers\RDPWD.sys
08:52:02.0990 6964 RDPWD - ok
08:52:03.0037 6964 rdyboost (34ed295fa0121c241bfef24764fc4520) C:\Windows\system32\drivers\rdyboost.sys
08:52:03.0068 6964 rdyboost - ok
08:52:03.0099 6964 regi (4d9afddda0efe97cdbfd3b5fa48b05f6) C:\Windows\system32\drivers\regi.sys
08:52:03.0099 6964 regi - ok
08:52:03.0146 6964 RemoteAccess (254fb7a22d74e5511c73a3f6d802f192) C:\Windows\System32\mprdim.dll
08:52:03.0224 6964 RemoteAccess - ok
08:52:03.0240 6964 RemoteRegistry (e4d94f24081440b5fc5aa556c7c62702) C:\Windows\system32\regsvc.dll
08:52:03.0286 6964 RemoteRegistry - ok
08:52:03.0318 6964 RFCOMM (3dd798846e2c28102b922c56e71b7932) C:\Windows\system32\DRIVERS\rfcomm.sys
08:52:03.0364 6964 RFCOMM - ok
08:52:03.0411 6964 rimspci (ff71ecb1b121c6273ec4c45eddbc4fe4) C:\Windows\system32\drivers\rimssne64.sys
08:52:03.0458 6964 rimspci - ok
08:52:03.0489 6964 risdsnpe (e33075c22c14c57095f037253f936bb8) C:\Windows\system32\drivers\risdsnxc64.sys
08:52:03.0520 6964 risdsnpe - ok
08:52:03.0598 6964 Roxio UPnP Renderer 10 (65226131770b22ef24fb869ad821de47) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
08:52:03.0614 6964 Roxio UPnP Renderer 10 - ok
08:52:03.0630 6964 Roxio Upnp Server 10 (2a3d24e83e5f63bf4a0220fdd23457cb) C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
08:52:03.0645 6964 Roxio Upnp Server 10 - ok
08:52:03.0676 6964 RpcEptMapper (e4dc58cf7b3ea515ae917ff0d402a7bb) C:\Windows\System32\RpcEpMap.dll
08:52:03.0723 6964 RpcEptMapper - ok
08:52:03.0754 6964 RpcLocator (d5ba242d4cf8e384db90e6a8ed850b8c) C:\Windows\system32\locator.exe
08:52:03.0786 6964 RpcLocator - ok
08:52:03.0817 6964 RpcSs (5c627d1b1138676c0a7ab2c2c190d123) C:\Windows\system32\rpcss.dll
08:52:03.0864 6964 RpcSs - ok
08:52:03.0910 6964 rspndr (ddc86e4f8e7456261e637e3552e804ff) C:\Windows\system32\DRIVERS\rspndr.sys
08:52:03.0973 6964 rspndr - ok
08:52:04.0035 6964 RTL8167 (f4c374b1c46de294b573bb43723ac3f6) C:\Windows\system32\DRIVERS\Rt64win7.sys
08:52:04.0066 6964 RTL8167 - ok
08:52:04.0113 6964 SamSs (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:04.0113 6964 SamSs - ok
08:52:04.0144 6964 sbp2port (ac03af3329579fffb455aa2daabbe22b) C:\Windows\system32\drivers\sbp2port.sys
08:52:04.0160 6964 sbp2port - ok
08:52:04.0191 6964 SCardSvr (9b7395789e3791a3b6d000fe6f8b131e) C:\Windows\System32\SCardSvr.dll
08:52:04.0222 6964 SCardSvr - ok
08:52:04.0238 6964 scfilter (253f38d0d7074c02ff8deb9836c97d2b) C:\Windows\system32\DRIVERS\scfilter.sys
08:52:04.0285 6964 scfilter - ok
08:52:04.0316 6964 Schedule (262f6592c3299c005fd6bec90fc4463a) C:\Windows\system32\schedsvc.dll
08:52:04.0378 6964 Schedule - ok
08:52:04.0394 6964 SCPolicySvc (f17d1d393bbc69c5322fbfafaca28c7f) C:\Windows\System32\certprop.dll
08:52:04.0425 6964 SCPolicySvc - ok
08:52:04.0456 6964 sdbus (111e0ebc0ad79cb0fa014b907b231cf0) C:\Windows\system32\DRIVERS\sdbus.sys
08:52:04.0472 6964 sdbus - ok
08:52:04.0503 6964 SDRSVC (6ea4234dc55346e0709560fe7c2c1972) C:\Windows\System32\SDRSVC.dll
08:52:04.0519 6964 SDRSVC - ok
08:52:04.0612 6964 SeaPort (cc781378e7eda615d2cdca3b17829fa4) C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
08:52:04.0644 6964 SeaPort - ok
08:52:04.0675 6964 secdrv (3ea8a16169c26afbeb544e0e48421186) C:\Windows\system32\drivers\secdrv.sys
08:52:04.0737 6964 secdrv - ok
08:52:04.0768 6964 seclogon (bc617a4e1b4fa8df523a061739a0bd87) C:\Windows\system32\seclogon.dll
08:52:04.0784 6964 seclogon - ok
08:52:04.0815 6964 SENS (c32ab8fa018ef34c0f113bd501436d21) C:\Windows\System32\sens.dll
08:52:04.0846 6964 SENS - ok
08:52:04.0862 6964 SensrSvc (0336cffafaab87a11541f1cf1594b2b2) C:\Windows\system32\sensrsvc.dll
08:52:04.0893 6964 SensrSvc - ok
08:52:04.0924 6964 Serenum (cb624c0035412af0debec78c41f5ca1b) C:\Windows\system32\drivers\serenum.sys
08:52:04.0956 6964 Serenum - ok
08:52:04.0987 6964 Serial (c1d8e28b2c2adfaec4ba89e9fda69bd6) C:\Windows\system32\drivers\serial.sys
08:52:05.0018 6964 Serial - ok
08:52:05.0049 6964 sermouse (1c545a7d0691cc4a027396535691c3e3) C:\Windows\system32\drivers\sermouse.sys
08:52:05.0080 6964 sermouse - ok
08:52:05.0127 6964 SessionEnv (0b6231bf38174a1628c4ac812cc75804) C:\Windows\system32\sessenv.dll
08:52:05.0174 6964 SessionEnv - ok
08:52:05.0236 6964 SFEP (286d3889e6ab5589646ff8a63cb928ae) C:\Windows\system32\drivers\SFEP.sys
08:52:05.0268 6964 SFEP - ok
08:52:05.0283 6964 sffdisk (a554811bcd09279536440c964ae35bbf) C:\Windows\system32\drivers\sffdisk.sys
08:52:05.0330 6964 sffdisk - ok
08:52:05.0346 6964 sffp_mmc (ff414f0baefeba59bc6c04b3db0b87bf) C:\Windows\system32\drivers\sffp_mmc.sys
08:52:05.0392 6964 sffp_mmc - ok
08:52:05.0408 6964 sffp_sd (dd85b78243a19b59f0637dcf284da63c) C:\Windows\system32\drivers\sffp_sd.sys
08:52:05.0439 6964 sffp_sd - ok
08:52:05.0486 6964 sfloppy (a9d601643a1647211a1ee2ec4e433ff4) C:\Windows\system32\drivers\sfloppy.sys
08:52:05.0517 6964 sfloppy - ok
08:52:05.0564 6964 SharedAccess (b95f6501a2f8b2e78c697fec401970ce) C:\Windows\System32\ipnathlp.dll
08:52:05.0626 6964 SharedAccess - ok
08:52:05.0658 6964 ShellHWDetection (aaf932b4011d14052955d4b212a4da8d) C:\Windows\System32\shsvcs.dll
08:52:05.0704 6964 ShellHWDetection - ok
08:52:05.0736 6964 SiSRaid2 (843caf1e5fde1ffd5ff768f23a51e2e1) C:\Windows\system32\drivers\SiSRaid2.sys
08:52:05.0767 6964 SiSRaid2 - ok
08:52:05.0798 6964 SiSRaid4 (6a6c106d42e9ffff8b9fcb4f754f6da4) C:\Windows\system32\drivers\sisraid4.sys
08:52:05.0814 6964 SiSRaid4 - ok
08:52:05.0845 6964 Smb (548260a7b8654e024dc30bf8a7c5baa4) C:\Windows\system32\DRIVERS\smb.sys
08:52:05.0923 6964 Smb - ok
08:52:05.0954 6964 SNMPTRAP (6313f223e817cc09aa41811daa7f541d) C:\Windows\System32\snmptrap.exe
08:52:05.0985 6964 SNMPTRAP - ok
08:52:06.0110 6964 SOHCImp (4aea7a1c3ca06d95d6966c34d13c0d8b) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
08:52:06.0126 6964 SOHCImp - ok
08:52:06.0157 6964 SOHDs (16fd95781117e13107d477ae36219e6f) C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
08:52:06.0172 6964 SOHDs - ok
08:52:06.0266 6964 SpfService (c03e480e63a80d73fabe28d24d3b6b47) C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe
08:52:06.0297 6964 SpfService - ok
08:52:06.0328 6964 spldr (b9e31e5cacdfe584f34f730a677803f9) C:\Windows\system32\drivers\spldr.sys
08:52:06.0344 6964 spldr - ok
08:52:06.0391 6964 Spooler (b96c17b5dc1424d56eea3a99e97428cd) C:\Windows\System32\spoolsv.exe
08:52:06.0438 6964 Spooler - ok
08:52:06.0594 6964 sppsvc (e17e0188bb90fae42d83e98707efa59c) C:\Windows\system32\sppsvc.exe
08:52:06.0640 6964 sppsvc - ok
08:52:06.0734 6964 sppuinotify (93d7d61317f3d4bc4f4e9f8a96a7de45) C:\Windows\system32\sppuinotify.dll
08:52:06.0781 6964 sppuinotify - ok
08:52:06.0859 6964 srv (441fba48bff01fdb9d5969ebc1838f0b) C:\Windows\system32\DRIVERS\srv.sys
08:52:06.0906 6964 srv - ok
08:52:06.0952 6964 srv2 (b4adebbf5e3677cce9651e0f01f7cc28) C:\Windows\system32\DRIVERS\srv2.sys
08:52:06.0984 6964 srv2 - ok
08:52:07.0030 6964 srvnet (27e461f0be5bff5fc737328f749538c3) C:\Windows\system32\DRIVERS\srvnet.sys
08:52:07.0046 6964 srvnet - ok
08:52:07.0077 6964 SSDPSRV (51b52fbd583cde8aa9ba62b8b4298f33) C:\Windows\System32\ssdpsrv.dll
08:52:07.0108 6964 SSDPSRV - ok
08:52:07.0124 6964 SstpSvc (ab7aebf58dad8daab7a6c45e6a8885cb) C:\Windows\system32\sstpsvc.dll
08:52:07.0155 6964 SstpSvc - ok
08:52:07.0202 6964 ssudmdm (78cd64791f8634cf7b582fd085e57c4b) C:\Windows\system32\DRIVERS\ssudmdm.sys
08:52:07.0218 6964 ssudmdm - ok
08:52:07.0327 6964 Stereo Service (525597fa2e9d49f19c59623b05562968) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
08:52:07.0342 6964 Stereo Service - ok
08:52:07.0374 6964 stexstor (f3817967ed533d08327dc73bc4d5542a) C:\Windows\system32\drivers\stexstor.sys
08:52:07.0389 6964 stexstor - ok
08:52:07.0436 6964 stisvc (8dd52e8e6128f4b2da92ce27402871c1) C:\Windows\System32\wiaservc.dll
08:52:07.0498 6964 stisvc - ok
08:52:07.0514 6964 swenum (d01ec09b6711a5f8e7e6564a4d0fbc90) C:\Windows\system32\drivers\swenum.sys
08:52:07.0530 6964 swenum - ok
08:52:07.0561 6964 swprv (e08e46fdd841b7184194011ca1955a0b) C:\Windows\System32\swprv.dll
08:52:07.0639 6964 swprv - ok
08:52:07.0748 6964 SynTP (b0c7d4dcf4800df2f2145b500d0161e8) C:\Windows\system32\drivers\SynTP.sys
08:52:07.0779 6964 SynTP - ok
08:52:07.0982 6964 SysMain (bf9ccc0bf39b418c8d0ae8b05cf95b7d) C:\Windows\system32\sysmain.dll
08:52:08.0044 6964 SysMain - ok
08:52:08.0122 6964 TabletInputService (e3c61fd7b7c2557e1f1b0b4cec713585) C:\Windows\System32\TabSvc.dll
08:52:08.0185 6964 TabletInputService - ok
08:52:08.0200 6964 TapiSrv (40f0849f65d13ee87b9a9ae3c1dd6823) C:\Windows\System32\tapisrv.dll
08:52:08.0247 6964 TapiSrv - ok
08:52:08.0247 6964 TBS (1be03ac720f4d302ea01d40f588162f6) C:\Windows\System32\tbssvc.dll
08:52:08.0294 6964 TBS - ok
08:52:08.0419 6964 Tcpip (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\drivers\tcpip.sys
08:52:08.0466 6964 Tcpip - ok
08:52:08.0653 6964 TCPIP6 (acb82bda8f46c84f465c1afa517dc4b9) C:\Windows\system32\DRIVERS\tcpip.sys
08:52:08.0684 6964 TCPIP6 - ok
08:52:08.0793 6964 tcpipreg (df687e3d8836bfb04fcc0615bf15a519) C:\Windows\system32\drivers\tcpipreg.sys
08:52:08.0856 6964 tcpipreg - ok
08:52:08.0871 6964 TDPIPE (3371d21011695b16333a3934340c4e7c) C:\Windows\system32\drivers\tdpipe.sys
08:52:08.0918 6964 TDPIPE - ok
08:52:08.0934 6964 TDTCP (51c5eceb1cdee2468a1748be550cfbc8) C:\Windows\system32\drivers\tdtcp.sys
08:52:08.0965 6964 TDTCP - ok
08:52:09.0012 6964 tdx (ddad5a7ab24d8b65f8d724f5c20fd806) C:\Windows\system32\DRIVERS\tdx.sys
08:52:09.0074 6964 tdx - ok
08:52:09.0121 6964 TermDD (561e7e1f06895d78de991e01dd0fb6e5) C:\Windows\system32\drivers\termdd.sys
08:52:09.0121 6964 TermDD - ok
08:52:09.0183 6964 TermService (2e648163254233755035b46dd7b89123) C:\Windows\System32\termsrv.dll
08:52:09.0246 6964 TermService - ok
08:52:09.0261 6964 Themes (f0344071948d1a1fa732231785a0664c) C:\Windows\system32\themeservice.dll
08:52:09.0277 6964 Themes - ok
08:52:09.0292 6964 THREADORDER (e40e80d0304a73e8d269f7141d77250b) C:\Windows\system32\mmcss.dll
08:52:09.0324 6964 THREADORDER - ok
08:52:09.0339 6964 TrkWks (7e7afd841694f6ac397e99d75cead49d) C:\Windows\System32\trkwks.dll
08:52:09.0386 6964 TrkWks - ok
08:52:09.0433 6964 TrustedInstaller (773212b2aaa24c1e31f10246b15b276c) C:\Windows\servicing\TrustedInstaller.exe
08:52:09.0511 6964 TrustedInstaller - ok
08:52:09.0542 6964 tssecsrv (ce18b2cdfc837c99e5fae9ca6cba5d30) C:\Windows\system32\DRIVERS\tssecsrv.sys
08:52:09.0604 6964 tssecsrv - ok
08:52:09.0620 6964 TsUsbFlt (d11c783e3ef9a3c52c0ebe83cc5000e9) C:\Windows\system32\drivers\tsusbflt.sys
08:52:09.0667 6964 TsUsbFlt - ok
08:52:09.0698 6964 TsUsbGD (9cc2ccae8a84820eaecb886d477cbcb8) C:\Windows\system32\drivers\TsUsbGD.sys
08:52:09.0729 6964 TsUsbGD - ok
08:52:09.0760 6964 tunnel (3566a8daafa27af944f5d705eaa64894) C:\Windows\system32\DRIVERS\tunnel.sys
08:52:09.0838 6964 tunnel - ok
08:52:09.0838 6964 uagp35 (b4dd609bd7e282bfc683cec7eaaaad67) C:\Windows\system32\drivers\uagp35.sys
08:52:09.0854 6964 uagp35 - ok
08:52:09.0948 6964 uCamMonitor (1fe69f3c1ca1cf4b7ec7e2e9090fffdc) C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe
08:52:09.0963 6964 uCamMonitor - ok
08:52:10.0026 6964 udfs (ff4232a1a64012baa1fd97c7b67df593) C:\Windows\system32\DRIVERS\udfs.sys
08:52:10.0104 6964 udfs - ok
08:52:10.0135 6964 UI0Detect (3cbdec8d06b9968aba702eba076364a1) C:\Windows\system32\UI0Detect.exe
08:52:10.0150 6964 UI0Detect - ok
08:52:10.0182 6964 uliagpkx (4bfe1bc28391222894cbf1e7d0e42320) C:\Windows\system32\drivers\uliagpkx.sys
08:52:10.0213 6964 uliagpkx - ok
08:52:10.0244 6964 umbus (dc54a574663a895c8763af0fa1ff7561) C:\Windows\system32\DRIVERS\umbus.sys
08:52:10.0260 6964 umbus - ok
08:52:10.0306 6964 UmPass (b2e8e8cb557b156da5493bbddcc1474d) C:\Windows\system32\drivers\umpass.sys
08:52:10.0353 6964 UmPass - ok
08:52:10.0494 6964 UNS (db641944f7e4b14c13c3fefc89843f69) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:52:10.0540 6964 UNS - ok
08:52:10.0618 6964 upnphost (d47ec6a8e81633dd18d2436b19baf6de) C:\Windows\System32\upnphost.dll
08:52:10.0665 6964 upnphost - ok
08:52:10.0696 6964 usbccgp (6f1a3157a1c89435352ceb543cdb359c) C:\Windows\system32\drivers\usbccgp.sys
08:52:10.0743 6964 usbccgp - ok
08:52:10.0790 6964 usbcir (af0892a803fdda7492f595368e3b68e7) C:\Windows\system32\drivers\usbcir.sys
08:52:10.0821 6964 usbcir - ok
08:52:10.0837 6964 usbehci (c025055fe7b87701eb042095df1a2d7b) C:\Windows\system32\drivers\usbehci.sys
08:52:10.0868 6964 usbehci - ok
08:52:10.0884 6964 usbhub (287c6c9410b111b68b52ca298f7b8c24) C:\Windows\system32\drivers\usbhub.sys
08:52:10.0915 6964 usbhub - ok
08:52:10.0946 6964 usbohci (9840fc418b4cbd632d3d0a667a725c31) C:\Windows\system32\drivers\usbohci.sys
08:52:10.0962 6964 usbohci - ok
08:52:10.0993 6964 usbprint (73188f58fb384e75c4063d29413cee3d) C:\Windows\system32\drivers\usbprint.sys
08:52:11.0040 6964 usbprint - ok
08:52:11.0055 6964 USBSTOR (fed648b01349a3c8395a5169db5fb7d6) C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:52:11.0102 6964 USBSTOR - ok
08:52:11.0133 6964 usbuhci (62069a34518bcf9c1fd9e74b3f6db7cd) C:\Windows\system32\drivers\usbuhci.sys
08:52:11.0164 6964 usbuhci - ok
08:52:11.0196 6964 usbvideo (454800c2bc7f3927ce030141ee4f4c50) C:\Windows\system32\Drivers\usbvideo.sys
08:52:11.0242 6964 usbvideo - ok
08:52:11.0274 6964 UxSms (edbb23cbcf2cdf727d64ff9b51a6070e) C:\Windows\System32\uxsms.dll
08:52:11.0352 6964 UxSms - ok
08:52:11.0445 6964 VAIO Event Service (387d3dffcf0a544539e9c5d8b81169a2) C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe
08:52:11.0476 6964 VAIO Event Service - ok
08:52:11.0586 6964 VAIO Power Management (d1933e428d991b15affd48b1a7beb643) C:\Program Files\Sony\VAIO Power Management\SPMService.exe
08:52:11.0632 6964 VAIO Power Management - ok
08:52:11.0648 6964 VaultSvc (c118a82cd78818c29ab228366ebf81c3) C:\Windows\system32\lsass.exe
08:52:11.0664 6964 VaultSvc - ok
08:52:11.0820 6964 VCFw (24f7e301defd05f3e36a8b76f498c282) C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe
08:52:11.0866 6964 VCFw - ok
08:52:11.0991 6964 VcmIAlzMgr (f9d722a62c881b59439f9fc27bc7e285) C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe
08:52:12.0007 6964 VcmIAlzMgr - ok
08:52:12.0085 6964 VcmINSMgr (c350d9b371d28c551bc661f3baf1a109) C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe
08:52:12.0100 6964 VcmINSMgr - ok
08:52:12.0178 6964 VcmXmlIfHelper (9bc1f203c5604c24f345bcfcd6956bae) C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe
08:52:12.0194 6964 VcmXmlIfHelper - ok
08:52:12.0256 6964 VCService (d076011ecd0d1310e879f32ebf3b4886) C:\Program Files\Sony\VAIO Care\VCService.exe
08:52:12.0256 6964 VCService - ok
08:52:12.0412 6964 vdrvroot (c5c876ccfc083ff3b128f933823e87bd) C:\Windows\system32\drivers\vdrvroot.sys
08:52:12.0412 6964 vdrvroot - ok
08:52:12.0459 6964 vds (8d6b481601d01a456e75c3210f1830be) C:\Windows\System32\vds.exe
08:52:12.0490 6964 vds - ok
08:52:12.0522 6964 vga (da4da3f5e02943c2dc8c6ed875de68dd) C:\Windows\system32\DRIVERS\vgapnp.sys
08:52:12.0537 6964 vga - ok
08:52:12.0537 6964 VgaSave (53e92a310193cb3c03bea963de7d9cfc) C:\Windows\System32\drivers\vga.sys
08:52:12.0584 6964 VgaSave - ok
08:52:12.0615 6964 vhdmp (2ce2df28c83aeaf30084e1b1eb253cbb) C:\Windows\system32\drivers\vhdmp.sys
08:52:12.0631 6964 vhdmp - ok
08:52:12.0646 6964 viaide (e5689d93ffe4e5d66c0178761240dd54) C:\Windows\system32\drivers\viaide.sys
08:52:12.0646 6964 viaide - ok
08:52:12.0693 6964 volmgr (d2aafd421940f640b407aefaaebd91b0) C:\Windows\system32\drivers\volmgr.sys
08:52:12.0693 6964 volmgr - ok
08:52:12.0724 6964 volmgrx (a255814907c89be58b79ef2f189b843b) C:\Windows\system32\drivers\volmgrx.sys
08:52:12.0740 6964 volmgrx - ok
08:52:12.0756 6964 volsnap (0d08d2f3b3ff84e433346669b5e0f639) C:\Windows\system32\drivers\volsnap.sys
08:52:12.0771 6964 volsnap - ok
08:52:12.0802 6964 vsmraid (5e2016ea6ebaca03c04feac5f330d997) C:\Windows\system32\drivers\vsmraid.sys
08:52:12.0818 6964 vsmraid - ok
08:52:12.0958 6964 VSNService (8be8c47d5b09f5550dcbf6fcd8832ccb) C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
08:52:13.0005 6964 VSNService - ok
08:52:13.0068 6964 VSS (b60ba0bc31b0cb414593e169f6f21cc2) C:\Windows\system32\vssvc.exe
08:52:13.0130 6964 VSS - ok
08:52:13.0255 6964 VUAgent (fb4a1695d2d74f9c92ca5e84795cdbe1) C:\Program Files\Sony\VAIO Update Common\VUAgent.exe
08:52:13.0270 6964 VUAgent - ok
08:52:13.0364 6964 vwifibus (36d4720b72b5c5d9cb2b9c29e9df67a1) C:\Windows\system32\DRIVERS\vwifibus.sys
08:52:13.0380 6964 vwifibus - ok
08:52:13.0395 6964 vwififlt (6a3d66263414ff0d6fa754c646612f3f) C:\Windows\system32\DRIVERS\vwififlt.sys
08:52:13.0426 6964 vwififlt - ok
08:52:13.0458 6964 vwifimp (6a638fc4bfddc4d9b186c28c91bd1a01) C:\Windows\system32\DRIVERS\vwifimp.sys
08:52:13.0489 6964 vwifimp - ok
08:52:13.0520 6964 W32Time (1c9d80cc3849b3788048078c26486e1a) C:\Windows\system32\w32time.dll
08:52:13.0551 6964 W32Time - ok
08:52:13.0582 6964 WacomPen (4e9440f4f152a7b944cb1663d3935a3e) C:\Windows\system32\drivers\wacompen.sys
08:52:13.0598 6964 WacomPen - ok
08:52:13.0645 6964 WANARP (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:13.0676 6964 WANARP - ok
08:52:13.0676 6964 Wanarpv6 (356afd78a6ed4457169241ac3965230c) C:\Windows\system32\DRIVERS\wanarp.sys
08:52:13.0707 6964 Wanarpv6 - ok
08:52:13.0754 6964 wbengine (78f4e7f5c56cb9716238eb57da4b6a75) C:\Windows\system32\wbengine.exe
08:52:13.0801 6964 wbengine - ok
08:52:13.0910 6964 WbioSrvc (3aa101e8edab2db4131333f4325c76a3) C:\Windows\System32\wbiosrvc.dll
08:52:13.0926 6964 WbioSrvc - ok
08:52:13.0941 6964 wcncsvc (7368a2afd46e5a4481d1de9d14848edd) C:\Windows\System32\wcncsvc.dll
08:52:13.0972 6964 wcncsvc - ok
08:52:13.0988 6964 WcsPlugInService (20f7441334b18cee52027661df4a6129) C:\Windows\System32\WcsPlugInService.dll
08:52:14.0004 6964 WcsPlugInService - ok
08:52:14.0035 6964 Wd (72889e16ff12ba0f235467d6091b17dc) C:\Windows\system32\drivers\wd.sys
08:52:14.0050 6964 Wd - ok
08:52:14.0191 6964 Wdf01000 (441bd2d7b4f98134c3a4f9fa570fd250) C:\Windows\system32\drivers\Wdf01000.sys
08:52:14.0238 6964 Wdf01000 - ok
08:52:14.0284 6964 WdiServiceHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:52:14.0378 6964 WdiServiceHost - ok
08:52:14.0378 6964 WdiSystemHost (bf1fc3f79b863c914687a737c2f3d681) C:\Windows\system32\wdi.dll
08:52:14.0394 6964 WdiSystemHost - ok
08:52:14.0472 6964 WebClient (3db6d04e1c64272f8b14eb8bc4616280) C:\Windows\System32\webclnt.dll
08:52:14.0534 6964 WebClient - ok
08:52:14.0581 6964 Wecsvc (c749025a679c5103e575e3b48e092c43) C:\Windows\system32\wecsvc.dll
08:52:14.0612 6964 Wecsvc - ok
08:52:14.0628 6964 wercplsupport (7e591867422dc788b9e5bd337a669a08) C:\Windows\System32\wercplsupport.dll
08:52:14.0659 6964 wercplsupport - ok
08:52:14.0768 6964 WerSvc (6d137963730144698cbd10f202e9f251) C:\Windows\System32\WerSvc.dll
08:52:14.0815 6964 WerSvc - ok
08:52:14.0893 6964 WfpLwf (611b23304bf067451a9fdee01fbdd725) C:\Windows\system32\DRIVERS\wfplwf.sys
08:52:14.0908 6964 WfpLwf - ok
08:52:14.0955 6964 WIMMount (05ecaec3e4529a7153b3136ceb49f0ec) C:\Windows\system32\drivers\wimmount.sys
08:52:14.0971 6964 WIMMount - ok
08:52:15.0002 6964 WinDefend - ok
08:52:15.0018 6964 WinHttpAutoProxySvc - ok
08:52:15.0080 6964 Winmgmt (19b07e7e8915d701225da41cb3877306) C:\Windows\system32\wbem\WMIsvc.dll
08:52:15.0111 6964 Winmgmt - ok
08:52:15.0283 6964 WinRM (bcb1310604aa415c4508708975b3931e) C:\Windows\system32\WsmSvc.dll
08:52:15.0376 6964 WinRM - ok
08:52:15.0517 6964 WinUsb (fe88b288356e7b47b74b13372add906d) C:\Windows\system32\DRIVERS\WinUsb.sys
08:52:15.0564 6964 WinUsb - ok
08:52:15.0626 6964 Wlansvc (4fada86e62f18a1b2f42ba18ae24e6aa) C:\Windows\System32\wlansvc.dll
08:52:15.0688 6964 Wlansvc - ok
08:52:15.0735 6964 wlcrasvc (06c8fa1cf39de6a735b54d906ba791c6) C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:52:15.0751 6964 wlcrasvc - ok
08:52:15.0907 6964 wlidsvc (2bacd71123f42cea603f4e205e1ae337) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:52:15.0938 6964 wlidsvc - ok
08:52:16.0047 6964 WmiAcpi (f6ff8944478594d0e414d3f048f0d778) C:\Windows\system32\drivers\wmiacpi.sys
08:52:16.0094 6964 WmiAcpi - ok
08:52:16.0141 6964 wmiApSrv (38b84c94c5a8af291adfea478ae54f93) C:\Windows\system32\wbem\WmiApSrv.exe
08:52:16.0172 6964 wmiApSrv - ok
08:52:16.0234 6964 WMPNetworkSvc - ok
08:52:16.0266 6964 WPCSvc (96c6e7100d724c69fcf9e7bf590d1dca) C:\Windows\System32\wpcsvc.dll
08:52:16.0297 6964 WPCSvc - ok
08:52:16.0312 6964 WPDBusEnum (93221146d4ebbf314c29b23cd6cc391d) C:\Windows\system32\wpdbusenum.dll
08:52:16.0344 6964 WPDBusEnum - ok
08:52:16.0359 6964 ws2ifsl (6bcc1d7d2fd2453957c5479a32364e52) C:\Windows\system32\drivers\ws2ifsl.sys
08:52:16.0422 6964 ws2ifsl - ok
08:52:16.0437 6964 wscsvc (e8b1fe6669397d1772d8196df0e57a9e) C:\Windows\System32\wscsvc.dll
08:52:16.0453 6964 wscsvc - ok
08:52:16.0453 6964 WSearch - ok
08:52:16.0578 6964 wuauserv (d9ef901dca379cfe914e9fa13b73b4c4) C:\Windows\system32\wuaueng.dll
08:52:16.0624 6964 wuauserv - ok
08:52:16.0734 6964 WudfPf (d3381dc54c34d79b22cee0d65ba91b7c) C:\Windows\system32\drivers\WudfPf.sys
08:52:16.0796 6964 WudfPf - ok
08:52:16.0827 6964 WUDFRd (cf8d590be3373029d57af80914190682) C:\Windows\system32\DRIVERS\WUDFRd.sys
08:52:16.0874 6964 WUDFRd - ok
08:52:16.0905 6964 wudfsvc (7a95c95b6c4cf292d689106bcae49543) C:\Windows\System32\WUDFSvc.dll
08:52:16.0921 6964 wudfsvc - ok
08:52:16.0952 6964 WwanSvc (9a3452b3c2a46c073166c5cf49fad1ae) C:\Windows\System32\wwansvc.dll
08:52:16.0968 6964 WwanSvc - ok
08:52:17.0014 6964 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
08:52:17.0997 6964 \Device\Harddisk0\DR0 - ok
08:52:18.0028 6964 Boot (0x1200) (074c48e4d628861c1fc5e48d88b1d560) \Device\Harddisk0\DR0\Partition0
08:52:18.0028 6964 \Device\Harddisk0\DR0\Partition0 - ok
08:52:18.0044 6964 Boot (0x1200) (a6cc779b9839fe3cf291ad144bbdad55) \Device\Harddisk0\DR0\Partition1
08:52:18.0060 6964 \Device\Harddisk0\DR0\Partition1 - ok
08:52:18.0060 6964 ============================================================
08:52:18.0060 6964 Scan finished
08:52:18.0060 6964 ============================================================
08:52:18.0075 3440 Detected object count: 0
08:52:18.0075 3440 Actual detected object count: 0
|
|
01.07.2012, 15:20
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.07.2012, 23:05
| #23 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, hier kommt das Log von ComboFix: Combofix Logfile: Code:
ATTFilter ComboFix 12-07-01.03 - Lutz 01.07.2012 23:36:59.1.8 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.8173.6026 [GMT 2:00]
ausgeführt von:: c:\users\Lutz\Desktop\ComboFix.exe
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files\AntiMalware
c:\program files\AntiMalware\mbam-setup-1.61.0.1400.exe
c:\users\Lutz\AppData\Local\Temp\bd7c47bb-f5c0-417c-a180-ec348d87718a\CliSecureRT.dll
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-01 bis 2012-07-01 ))))))))))))))))))))))))))))))
.
.
2012-06-29 20:34 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-29 20:34 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-06-29 20:34 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-06-29 20:34 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-29 20:33 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-06-29 20:33 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-06-29 20:33 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-06-29 20:33 . 2012-06-02 13:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-29 20:33 . 2012-06-02 13:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-06-29 20:26 . 2012-06-29 20:26 -------- d-----w- C:\_OTL
2012-06-23 08:29 . 2012-06-23 08:29 -------- d-----w- c:\program files (x86)\ESET
2012-06-18 16:53 . 2012-06-18 16:53 -------- d-----w- c:\users\Lutz\AppData\Roaming\Malwarebytes
2012-06-18 16:53 . 2012-06-18 16:53 -------- d-----w- c:\programdata\Malwarebytes
2012-06-18 16:53 . 2012-06-20 18:15 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-06-18 16:53 . 2012-04-04 13:56 24904 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-13 16:56 . 2012-04-26 05:41 77312 ----a-w- c:\windows\system32\rdpwsx.dll
2012-06-13 16:56 . 2012-04-26 05:41 149504 ----a-w- c:\windows\system32\rdpcorekmts.dll
2012-06-13 16:56 . 2012-04-26 05:34 9216 ----a-w- c:\windows\system32\rdrmemptylst.exe
2012-06-13 16:56 . 2012-05-01 05:40 209920 ----a-w- c:\windows\system32\profsvc.dll
2012-06-13 16:56 . 2012-05-04 11:06 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-06-13 16:56 . 2012-05-04 10:03 3913072 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2012-06-13 16:55 . 2012-05-04 10:03 3968368 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2012-06-13 16:55 . 2012-05-15 01:32 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-06-13 16:55 . 2012-04-28 03:55 210944 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2012-06-13 16:55 . 2012-04-07 12:31 3216384 ----a-w- c:\windows\system32\msi.dll
2012-06-13 16:55 . 2012-04-07 11:26 2342400 ----a-w- c:\windows\SysWow64\msi.dll
2012-06-13 16:55 . 2012-04-24 05:37 1462272 ----a-w- c:\windows\system32\crypt32.dll
2012-06-13 16:55 . 2012-04-24 05:37 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-06-13 16:55 . 2012-04-24 05:37 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-06-13 16:55 . 2012-04-24 04:36 1158656 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-06-13 16:55 . 2012-04-24 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-06-13 16:55 . 2012-04-24 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-29 20:30 . 2012-04-06 07:25 426184 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-06-29 20:30 . 2011-08-28 04:11 70344 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-06-29 20:30 . 2012-04-06 07:30 9815752 ----a-w- c:\windows\SysWow64\FlashPlayerInstaller.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files (x86)\Samsung\Kies\KiesHelper.exe" [2012-04-04 954256]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-04-04 21392]
"gStart"="c:\program files (x86)\Garmin\Training Center\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2011-01-12 283160]
"Dolby Home Theater v4"="c:\program files (x86)\Dolby Home Theater v4\pcee4.exe" [2011-05-02 500736]
"ISBMgr.exe"="c:\program files (x86)\Sony\ISB Utility\ISBMgr.exe" [2011-05-31 2801288]
"PMBVolumeWatcher"="c:\program files (x86)\Sony\PMB\PMBVolumeWatcher.exe" [2011-03-15 650080]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
c:\users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Online Backup Status.lnk - c:\program files (x86)\McAfee Online Backup\MOBK649stat.exe [2011-4-18 5077304]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Roxio Upnp Server 10;Roxio Upnp Server 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe [2010-02-24 362992]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-29 250056]
R3 ATHDFU;Atheros Valkyrie USB BootROM;c:\windows\System32\Drivers\AthDfu.sys [2011-07-05 51872]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-03-01 183560]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-02-24 99384]
R3 e1yexpress;Intel(R) Gigabit Network Connections Driver;c:\windows\system32\DRIVERS\e1y60x64.sys [2009-06-10 281088]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-04-04 24904]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 Roxio UPnP Renderer 10;Roxio UPnP Renderer 10;c:\program files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe [2010-02-24 313840]
R3 SOHDs;VAIO Device Searcher;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe [2011-11-03 74904]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-02-24 203320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 VcmXmlIfHelper;VAIO Content Metadata XML Interface;c:\program files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe [2011-08-26 101600]
R3 VCService;VCService;c:\program files\Sony\VAIO Care\VCService.exe [2012-01-20 54432]
R3 VUAgent;VUAgent;c:\program files\Sony\VAIO Update Common\VUAgent.exe [2012-01-13 1256040]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-04-04 654408]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-22 57184]
S0 PxHlpa64;PxHlpa64;c:\windows\System32\Drivers\PxHlpa64.sys [2010-03-19 55856]
S1 MOBK649Filter;MOBK649Filter;c:\windows\system32\DRIVERS\MOBK649.sys [2011-04-18 66040]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AdobeActiveFileMonitor9.0;Adobe Active File Monitor V9;c:\program files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe [2010-09-30 169408]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 Atheros Bt&Wlan Coex Agent;Atheros Bt&Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [2011-07-05 138400]
S2 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe [2011-07-05 98976]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2011-01-12 13336]
S2 Kodak AiO Network Discovery Service;Kodak AiO Network Discovery Service;c:\program files (x86)\Kodak\AiO\Center\EKAiOHostService.exe [2011-12-19 394672]
S2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\progra~2\mcafee\SITEAD~1\McSACore.exe [2012-01-13 103440]
S2 MOBK649backup;McAfee Online Backup Service;c:\program files (x86)\McAfee Online Backup\MOBK649backup.exe [2011-04-18 223544]
S2 PMBDeviceInfoProvider;PMBDeviceInfoProvider;c:\program files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe [2011-03-15 428384]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 rimspci;rimspci;c:\windows\system32\drivers\rimssne64.sys [2011-06-23 102400]
S2 risdsnpe;risdsnpe;c:\windows\system32\drivers\risdsnxc64.sys [2011-06-23 98816]
S2 SampleCollector;VAIO Care Performance Service;c:\program files\Sony\VAIO Care\VCPerfService.exe [2011-11-30 260768]
S2 SOHCImp;VAIO Content Importer;c:\program files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe [2011-11-03 138392]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2011-06-16 378472]
S2 uCamMonitor;CamMonitor;c:\program files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe [2011-02-23 105024]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2011-06-24 2656536]
S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [2011-05-31 552584]
S2 VCFw;VAIO Content Folder Watcher;c:\program files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe [2011-10-24 958112]
S2 VcmIAlzMgr;VAIO Content Metadata Intelligent Analyzing Manager;c:\program files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe [2011-09-08 549408]
S2 VcmINSMgr;VAIO Content Metadata Intelligent Network Service Manager;c:\program files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe [2011-09-08 381488]
S2 VSNService;VSNService;c:\program files\Sony\VAIO Smart Network\VSNService.exe [2011-07-15 969352]
S3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
S3 AthBTPort;Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys [2011-07-05 36000]
S3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys [2011-07-05 330400]
S3 btath_avdt;Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys [2011-07-05 110240]
S3 BTATH_BUS;Atheros Bluetooth Bus;c:\windows\system32\drivers\btath_bus.sys [2011-07-05 30368]
S3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\system32\drivers\btath_hcrp.sys [2011-07-05 167072]
S3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys [2011-07-05 68256]
S3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\system32\drivers\btath_rcp.sys [2011-07-05 280992]
S3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys [2011-07-05 496800]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\drivers\HECIx64.sys [2011-06-24 56344]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-12-10 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-12-10 181248]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2011-07-20 174184]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2011-06-23 471144]
S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2010-04-26 12032]
S3 SpfService;VAIO Entertainment Common Service;c:\program files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe [2011-09-23 289952]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-01 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-06 20:30]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK649]
@="{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}"
[HKEY_CLASSES_ROOT\CLSID\{7d7a9cff-a4c1-f2b8-7421-c722f7eac08a}]
2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6492]
@="{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}"
[HKEY_CLASSES_ROOT\CLSID\{658e5c17-2ba4-ed79-d884-37ebe15e7b9b}]
2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\MOBK6493]
@="{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}"
[HKEY_CLASSES_ROOT\CLSID\{22f1b264-d4dd-ef46-08eb-3eb0c80441ba}]
2011-04-18 20:00 4734264 ----a-w- c:\program files (x86)\McAfee Online Backup\MOBK649shell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2011-07-20 11895400]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2011-07-20 2226280]
"AtherosBtStack"="c:\program files (x86)\Bluetooth Suite\BtvStack.exe" [2011-07-05 947360]
"AthBtTray"="c:\program files (x86)\Bluetooth Suite\AthBtTray.exe" [2011-07-05 797344]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-07-28 497648]
"EKIJ5000StatusMonitor"="c:\windows\system32\spool\DRIVERS\x64\3\EKIJ5000MUI.exe" [2010-09-02 2045440]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-04-04 3521424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"LoadAppInit_DLLs"=0x0
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page =
uInternet Settings,ProxyOverride = <local>
IE: An OneNote s&enden - c:\progra~2\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~2\Office14\EXCEL.EXE/3000
Trusted Zone: internet
Trusted Zone: mcafee.com
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SampleCollector]
"ImagePath"="\"c:\program files\Sony\VAIO Care\VCPerfService.exe\" \"/service\" \"/sstates\" \"/sampleinterval=5000\" \"/procinterval=5\" \"/dllinterval=120\" \"/counter=\Processor(_Total)\% Processor Time:1/counter=\PhysicalDisk(_Total)\Disk Bytes/sec:1\" \"/counter=\Network Interface(*)\Bytes Total/sec:1\" \"/expandcounter=\Processor Information(*)\Processor Frequency:1\" \"&_\" \"/expandcounter=\Processor(*)\% Idle Time:1\" \"/expandcounter=\Processor(*)\% C1 Time:1\" \"/expandcounter=\Processor(*)\% C2 Time:1\" \"/expandcounter=\Processor(*)\%C3 &_ Time:1\" \"/expandcounter=\Processor(*)\% Processor Time:1\" \"/directory=c:\programdata\Sony Corporation\VAIO Care\inteldata\""
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_3_300_257_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_3_300_257.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE
c:\windows\SysWOW64\rundll32.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgr.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\program files (x86)\Sony\VAIO Control Center\VESMgrSub.exe
c:\windows\SysWOW64\DllHost.exe
c:\windows\SysWOW64\DllHost.exe
c:\program files (x86)\Common Files\Sony Shared\SOHLib\SHTtray.exe
c:\program files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files\Sony\VAIO Care\listener.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-01 23:47:11 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-01 21:47
.
Vor Suchlauf: 14 Verzeichnis(se), 624.090.898.432 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 623.549.440.000 Bytes frei
.
- - End Of File - - FE7F34FCBC4A5BBABCFAC426B8277364
|
|
02.07.2012, 13:06
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.07.2012, 20:29
| #25 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, hier sind die Logs: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-07-02 20:32:38
Windows 6.1.7601 Service Pack 1
Running: botv0y67.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78b00f38
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\ccaf78d9d570
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78b00f38 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\ccaf78d9d570 (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 20:55:32 on 02.07.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Microsoft Corporation Internet Explorer 9.00.8112.16421 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "MOBK649Filter" (MOBK649Filter) - "Mozy, Inc." - C:\Windows\System32\DRIVERS\MOBK649.sys "regi" (regi) - "InterVideo" - C:\Windows\system32\drivers\regi.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll {5513F07E-936B-4E52-9B00-067394E91CC5} "McAfee SACore Protocol Handler" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\VISSHE.DLL {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONFILTER.DLL {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks )----- {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_26" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_26.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "@C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101" - ? - res://C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll/204 (File not found) {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "ClsidExtension" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} "McAfee SiteAdvisor Toolbar" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} "CIESpeechBHO Class" - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\IEPlugIn.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {B164E929-A1B6-4A06-B104-2CD0E90A88FF} "McAfee SiteAdvisor BHO" - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\mcieplg.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~2\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office14\ONENOTEM.EXE (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "McAfee Online Backup Status.lnk" - "McAfee, Inc." - C:\Program Files (x86)\McAfee Online Backup\MOBK649stat.exe (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "gStart" - "GARMIN Corp." - C:\Program Files (x86)\Garmin\Training Center\gStart.exe "KiesHelper" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\KiesHelper.exe /s "KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Conime" - ? - %windir%\system32\conime.exe (File not found) "Dolby Home Theater v4" - "Dolby Laboratories Inc." - "C:\Program Files (x86)\Dolby Home Theater v4\pcee4.exe" -autostart "IAStorIcon" - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "ISBMgr.exe" - ? - "C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe" "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe "PMBVolumeWatcher" - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBVolumeWatcher.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "KODAK EASYSHARE All-in-One Printer" - "Eastman Kodak Company" - C:\Windows\system32\EKIJ5000MON.dll "pdfcmon" - "pdfforge GbR" - C:\Windows\system32\pdfcmon.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Active File Monitor V9" (AdobeActiveFileMonitor9.0) - "Adobe Systems Incorporated" - C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ArcSoft Connect Daemon" (ACDaemon) - "ArcSoft Inc." - C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Atheros Bt&Wlan Coex Agent" (Atheros Bt&Wlan Coex Agent) - "Atheros" - C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe "AtherosSvc" (AtherosSvc) - "Atheros Commnucations" - C:\Program Files (x86)\Bluetooth Suite\adminservice.exe "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE "CamMonitor" (uCamMonitor) - "ArcSoft, Inc." - C:\Program Files (x86)\ArcSoft\Magic-i Visual Effects 2\uCamMonitor.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "IviRegMgr" (IviRegMgr) - "InterVideo" - C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe "Kodak AiO Network Discovery Service" (Kodak AiO Network Discovery Service) - "Eastman Kodak Company" - C:\Program Files (x86)\Kodak\AiO\Center\EKAiOHostService.exe "McAfee Online Backup Service" (MOBK649backup) - "McAfee, Inc." - C:\Program Files (x86)\McAfee Online Backup\MOBK649backup.exe "McAfee SiteAdvisor Service" (McAfee SiteAdvisor Service) - "McAfee, Inc." - c:\PROGRA~2\mcafee\SITEAD~1\McSACore.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "PMBDeviceInfoProvider" (PMBDeviceInfoProvider) - "Sony Corporation" - C:\Program Files (x86)\Sony\PMB\PMBDeviceInfoProvider.exe "Protexis Licensing V2" (PSI_SVC_2) - "Protexis Inc." - C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe "Roxio UPnP Renderer 10" (Roxio UPnP Renderer 10) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe "Roxio Upnp Server 10" (Roxio Upnp Server 10) - "Sonic Solutions" - C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe "SeaPort" (SeaPort) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE "VAIO Care Performance Service" (SampleCollector) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCPerfService.exe "VAIO Content Folder Watcher" (VCFw) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\VAIO Content Folder Watcher\VCFw.exe "VAIO Content Importer" (SOHCImp) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe "VAIO Content Metadata Intelligent Analyzing Manager" (VcmIAlzMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Analyzing Manager\VcmIAlzMgr.exe "VAIO Content Metadata Intelligent Network Service Manager" (VcmINSMgr) - "Sony Corporation" - C:\Program Files\Sony\VCM Intelligent Network Service Manager\VcmINSMgr.exe "VAIO Content Metadata XML Interface" (VcmXmlIfHelper) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VcmXml\VcmXmlIfHelper64.exe "VAIO Device Searcher" (SOHDs) - "Sony Corporation" - C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe "VAIO Entertainment Common Service" (SpfService) - "Sony Corporation" - C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\SPF\SpfService64.exe "VAIO Event Service" (VAIO Event Service) - "Sony Corporation" - C:\Program Files (x86)\Sony\VAIO Control Center\VESMgr.exe "VAIO Power Management" (VAIO Power Management) - "Sony Corporation" - C:\Program Files\Sony\VAIO Power Management\SPMService.exe "VCService" (VCService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Care\VCService.exe "VSNService" (VSNService) - "Sony Corporation" - C:\Program Files\Sony\VAIO Smart Network\VSNService.exe "VUAgent" (VUAgent) - "Sony Corporation" - C:\Program Files\Sony\VAIO Update Common\VUAgent.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== --- --- --- If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-07-02 21:14:50
-----------------------------
21:14:50.609 OS Version: Windows x64 6.1.7601 Service Pack 1
21:14:50.609 Number of processors: 8 586 0x2A07
21:14:50.609 ComputerName: LUTZ-VAIO UserName: Lutz
21:14:51.732 Initialize success
21:14:54.930 AVAST engine defs: 12070201
21:15:24.492 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:15:24.492 Disk 0 Vendor: TOSHIBA_ GT00 Size: 715404MB BusType: 3
21:15:24.555 Disk 0 MBR read successfully
21:15:24.555 Disk 0 MBR scan
21:15:24.570 Disk 0 Windows 7 default MBR code
21:15:24.586 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 19679 MB offset 2048
21:15:24.617 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 40304640
21:15:24.633 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 695623 MB offset 40509440
21:15:24.664 Disk 0 scanning C:\Windows\system32\drivers
21:15:34.118 Service scanning
21:16:07.736 Modules scanning
21:16:07.751 Disk 0 trace - called modules:
21:16:07.798 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:16:07.798 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80092fa790]
21:16:07.814 3 CLASSPNP.SYS[fffff88001bbb43f] -> nt!IofCallDriver -> [0xfffffa8007528800]
21:16:07.829 5 ACPI.sys[fffff88000f967a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007557050]
21:16:07.829 Scan finished successfully
21:16:58.467 Disk 0 MBR has been saved successfully to "C:\Users\Lutz\Desktop\MBR.dat"
21:16:58.483 The log file has been saved successfully to "C:\Users\Lutz\Desktop\aswMBR.txt"
|
|
03.07.2012, 13:06
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.07.2012, 20:30
| #27 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, hier sind die Logs von Malwarebytes und SUPERAntiSpyware. Die Anleitung von SUPERAntiSpyware empfiehlt das Programm nach dem Scan wieder zu deinstallieren. Kann ich das trotz der Funde machen? Code:
ATTFilter Malwarebytes Anti-Malware 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.07.03.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Lutz :: LUTZ-VAIO [Administrator] 03.07.2012 18:37:10 mbam-log-2012-07-03 (18-37-10).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 389359 Laufzeit: 39 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter SUPERAntiSpyware Scan Log
hxxp://www.superantispyware.com
Generated 07/03/2012 at 09:11 PM
Application Version : 5.5.1006
Core Rules Database Version : 8839
Trace Rules Database Version: 6651
Scan type : Complete Scan
Total Scan Time : 01:38:27
Operating System Information
Windows 7 Home Premium 64-bit, Service Pack 1 (Build 6.01.7601)
UAC On - Administrator
Memory items scanned : 946
Memory threats detected : 0
Registry items scanned : 67697
Registry threats detected : 0
File items scanned : 168097
File threats detected : 29
Adware.Tracking Cookie
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\QD8A6DEC.txt [ /ad.zanox.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VTDPXNJ0.txt [ /revsci.net ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\V2KD7CLG.txt [ /www.windowsmedia.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\GS6YU01D.txt [ /ads.creative-serving.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VFY070TN.txt [ /adx.chip.de ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\YRUP7U9N.txt [ /doubleclick.net ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\34V910KZ.txt [ /apmebf.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\Q2CFDRE3.txt [ /mediaplex.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\AXENE8ZF.txt [ /ad.360yield.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\LFABGU7W.txt [ /tracking.quisma.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\YEF4ST34.txt [ /invitemedia.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\BMBZ5BTC.txt [ /atdmt.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\PIUFD9CF.txt [ /zanox.com ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\VFBN6X3K.txt [ /yieldmanager.net ]
C:\Users\Lutz\AppData\Roaming\Microsoft\Windows\Cookies\6388GWQK.txt [ /c.atdmt.com ]
C:\USERS\LUTZ\AppData\Roaming\Microsoft\Windows\Cookies\Low\W7IF66D8.txt [ Cookie:lutz@doubleclick.net/ ]
C:\USERS\LUTZ\Cookies\QD8A6DEC.txt [ Cookie:lutz@ad.zanox.com/ ]
C:\USERS\LUTZ\Cookies\VTDPXNJ0.txt [ Cookie:lutz@revsci.net/ ]
C:\USERS\LUTZ\Cookies\YRUP7U9N.txt [ Cookie:lutz@doubleclick.net/ ]
C:\USERS\LUTZ\Cookies\Q2CFDRE3.txt [ Cookie:lutz@mediaplex.com/ ]
C:\USERS\LUTZ\Cookies\LFABGU7W.txt [ Cookie:lutz@tracking.quisma.com/ ]
C:\USERS\LUTZ\Cookies\YEF4ST34.txt [ Cookie:lutz@invitemedia.com/ ]
C:\USERS\LUTZ\Cookies\PIUFD9CF.txt [ Cookie:lutz@zanox.com/ ]
C:\USERS\LUTZ\Cookies\VFBN6X3K.txt [ Cookie:lutz@yieldmanager.net/ ]
C:\USERS\LUTZ\Cookies\6388GWQK.txt [ Cookie:lutz@c.atdmt.com/ ]
C:\USERS\LUTZ\APPDATA\ROAMING\MICROSOFT\WINDOWS\COOKIES\LOW\LUTZ@XITI[1].TXT [ /XITI ]
Trojan.Agent/Gen-FraudPack
C:\PROGRAM FILES (X86)\RAD.ROUTENPLANER. 7.0\BIN\DXBAREXTITEMSD9.BPL
Trojan.Agent/Gen-Malagent
C:\_OTL\MOVEDFILES\06292012_222633\C_PROGRAMDATA\MAETVQLY.EXE
C:\_OTL\MOVEDFILES\06292012_222633\C_PROGRAMDATA\YLWJRDBI.EXE
|
|
04.07.2012, 16:29
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, UkashCode:
ATTFilter Trojan.Agent/Gen-FraudPack
C:\PROGRAM FILES (X86)\RAD.ROUTENPLANER. 7.0\BIN\DXBAREXTITEMSD9.BPL
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.07.2012, 17:47
| #29 |
| | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Hallo, die Software "Rad.Routenplaner.7.0" habe ich als DVD vom TVG Verlag (DeTeMedien) gekauft. |
|
05.07.2012, 09:54
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Bundespolizei - Ihr Computer wurde gesperrt, Ukash Dann ist das ein Fehlalarm. Die anderen Funde sind nur Cookies und Schädlinge in der Quarantäne. Das ist ok Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller http://filepony.de/download-cookie_culler/ Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ich halte es so, dass ich zum "wilden Surfen" den Opera-Browser oder Chromium unter meinem Linux verwende. Mein Hauptbrowser (Firefox) speichert nur die Cookies von den Sites die ich auch will, alles andere lehne ich manuell ab (der FF fragt mich immer) - die anderen Browser nehmen alles an Cookies zwar an, aber spätestens beim nächsten Start von Opera oder Chromium sind keine Cookies mehr da. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Bundespolizei - Ihr Computer wurde gesperrt, Ukash |
| adobe, autorun, bho, bingbar, bonjour, browser, bundespolizei trojaner, computer, device driver, document, downloader, error, explorer, firefox, flash player, gesperrt, home, install.exe, intranet, ip-adresse, logfile, microsoft office word, plug-in, realtek, registry, rundll, scan, searchscopes, senden, server, siteadvisor, trojan.agent.ge, trojaner, ukash, usb, usb 3.0, version=1.0, windows, wlan |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
