| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Nach Google Suche umleitung über Rocketnews zu safeseeking.comWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
21.06.2012, 17:54
| #1 |
| |  Nach Google Suche umleitung über Rocketnews zu safeseeking.com Hallo, mein Kumpel hat auf seinem Laptop folgendes Problem. Wenn er in seinem Standard Browser suchen über Google oder allgemein eingibt wird er von der gewünschten Seiten weggeleitet und landet über die Seite von Rocketnews.com auf safeseeking.com. Das Problem betrifft anscheinend einige hier worauf ich gleich den OTL runtergeladen hab um ein Scan zu starten. Hoffe ihr könnt mir mit einem passenen Script helfen. Danke Code:
ATTFilter OTL logfile created on: 21.06.2012 19:07:02 - Run 1 OTL by OldTimer - Version 3.2.50.0 Folder = F:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 66,47% Memory free 3,87 Gb Paging File | 2,98 Gb Available in Paging File | 76,82% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,56 Gb Total Space | 24,40 Gb Free Space | 17,24% Space Free | Partition Type: NTFS Drive D: | 7,39 Gb Total Space | 2,23 Gb Free Space | 30,12% Space Free | Partition Type: NTFS Drive E: | 66,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive F: | 1367,19 Gb Total Space | 108,97 Gb Free Space | 7,97% Space Free | Partition Type: NTFS Drive I: | 30,07 Gb Total Space | 24,35 Gb Free Space | 80,95% Space Free | Partition Type: NTFS Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - F:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\T-Mobile\InternetManager_H\bmop.exe (Bytemobile, Inc.) PRC - C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe () PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe () PRC - C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe () PRC - C:\Program Files\T-Mobile\InternetManager_H\bmctl.exe (Bytemobile, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files\T-Mobile\InternetManager_H\SMSUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\SmsAppPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\USSDUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\XFramePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\sdk.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\SmsSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\USSDSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Trace.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\ServiceUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Win7Support.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\rdiff.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtGui4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtCore4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtNetwork4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\MiniFramePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\PluginContainer.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetSettingPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtXml4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Proxy.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetConnectPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\MenuMgrPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NDISPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSDialup.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSNDIS.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSAdapt.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSPowerMgr.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\mingwm10.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DialupUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\core.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceAppPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\LiveUpdateInterface.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Common.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DataServicePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\HelpUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\LayoutPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\CompressRatePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AtCodec.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe () MOD - C:\Program Files\T-Mobile\InternetManager_H\ATR2SMgr.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Common Files\Nero\Lib\log4cxx.dll () ========== Win32 Services (SafeList) ========== SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (SMR300) -- C:\Windows\System32\drivers\SMR300.SYS (Symantec Corporation) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_wwanecm) -- C:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.babylon.com/?AF=109958&babsrc=HP_ss&mntrId=706feed6000000000000582c80139263 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 22 D8 49 DE 18 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=706feed6000000000000582c80139263 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_2_202_235.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012.02.20 12:17:46 | 000,000,000 | ---D | M] [2012.06.21 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.06.19 18:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.18 18:38:39 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO) O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053CF95D-444B-4D97-BCD6-6827006F6E13}: NameServer = 10.74.210.210 10.74.210.211 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DB34FEC-0DEC-4F5D-B477-8CB0231FE7F1}: NameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4FFF8887-91F5-42E3-A7F2-6F278D7DDDE2}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06EC670-4838-4825-A00E-F173CE4E650F}: NameServer = 10.74.210.210 10.74.210.211 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O32 - AutoRun File - [2010.12.30 21:56:05 | 000,147,808 | R--- | M] () - E:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009.09.25 12:46:52 | 000,000,045 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{375d1d17-9845-11e1-92f9-001b246b9834}\Shell - "" = AutoRun O33 - MountPoints2\{375d1d17-9845-11e1-92f9-001b246b9834}\Shell\AutoRun\command - "" = I:\AutoRun.exe O33 - MountPoints2\{7c1f39aa-5d9c-11e1-9164-001b246b9834}\Shell - "" = AutoRun O33 - MountPoints2\{7c1f39aa-5d9c-11e1-9164-001b246b9834}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{888e0ec4-5bab-11e1-9c15-001a6bad344a}\Shell - "" = AutoRun O33 - MountPoints2\{888e0ec4-5bab-11e1-9c15-001a6bad344a}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{888e0eea-5bab-11e1-9c15-001a6bad344a}\Shell - "" = AutoRun O33 - MountPoints2\{888e0eea-5bab-11e1-9c15-001a6bad344a}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.12.30 21:56:05 | 000,147,808 | R--- | M] () O33 - MountPoints2\{888e0f1c-5bab-11e1-9c15-001b246b9834}\Shell - "" = AutoRun O33 - MountPoints2\{888e0f1c-5bab-11e1-9c15-001b246b9834}\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.12.30 21:56:05 | 000,147,808 | R--- | M] () O33 - MountPoints2\E\Shell - "" = AutoRun O33 - MountPoints2\E\Shell\AutoRun\command - "" = E:\AutoRun.exe -- [2010.12.30 21:56:05 | 000,147,808 | R--- | M] () O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.21 18:40:39 | 000,083,064 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR300.SYS [2012.06.21 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\NPE [2012.06.21 18:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.06.19 18:53:57 | 000,476,936 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.19 18:53:56 | 000,157,448 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.19 18:53:56 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.19 18:53:56 | 000,149,256 | ---- | C] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.19 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\ReiseGenial [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReiseGenial [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReiseGenial ========== Files - Modified Within 30 Days ========== [2012.06.21 19:07:44 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.21 19:07:44 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.21 19:07:44 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.21 19:07:44 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.21 19:06:32 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 19:06:32 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.21 19:01:26 | 000,000,300 | ---- | M] () -- C:\Windows\tasks\KOYNZA.job [2012.06.21 19:01:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.21 19:01:10 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2012.06.21 18:41:36 | 013,466,490 | ---- | M] () -- C:\ProgramData\SMRBackup300.dat [2012.06.21 18:40:39 | 000,083,064 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SMR300.SYS [2012.06.21 18:33:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.19 18:53:47 | 000,476,936 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\npdeployJava1.dll [2012.06.19 18:53:47 | 000,472,840 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\deployJava1.dll [2012.06.19 18:53:47 | 000,157,448 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaws.exe [2012.06.19 18:53:47 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\javaw.exe [2012.06.19 18:53:47 | 000,149,256 | ---- | M] (Sun Microsystems, Inc.) -- C:\Windows\System32\java.exe [2012.06.11 20:01:54 | 000,159,744 | RHS- | M] () -- C:\Windows\System32\spwizengp.dll [2012.06.06 21:17:03 | 000,137,928 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avipbb.sys [2012.06.06 21:17:03 | 000,083,392 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\avgntflt.sys [2012.05.29 13:09:54 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll ========== Files Created - No Company Name ========== [2012.06.21 18:40:57 | 013,466,490 | ---- | C] () -- C:\ProgramData\SMRBackup300.dat [2012.06.11 20:01:54 | 000,159,744 | RHS- | C] () -- C:\Windows\System32\spwizengp.dll [2012.06.11 20:01:54 | 000,000,300 | ---- | C] () -- C:\Windows\tasks\KOYNZA.job [2012.02.14 21:57:30 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin < End of report > Code:
ATTFilter OTL Extras logfile created on: 21.06.2012 19:07:02 - Run 1
OTL by OldTimer - Version 3.2.50.0 Folder = F:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,94 Gb Total Physical Memory | 1,29 Gb Available Physical Memory | 66,47% Memory free
3,87 Gb Paging File | 2,98 Gb Available in Paging File | 76,82% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,56 Gb Total Space | 24,40 Gb Free Space | 17,24% Space Free | Partition Type: NTFS
Drive D: | 7,39 Gb Total Space | 2,23 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive E: | 66,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive F: | 1367,19 Gb Total Space | 108,97 Gb Free Space | 7,97% Space Free | Partition Type: NTFS
Drive I: | 30,07 Gb Total Space | 24,35 Gb Free Space | 80,95% Space Free | Partition Type: NTFS
Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = htmlfile] -- Reg Error: Value error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [open] -- Reg Error: Value error.
htmlfile [opennew] -- Reg Error: Value error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1190BB9B-606D-4EF1-8F21-ABF36DA63F8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CCFD6DA-FF8C-417C-BD22-E9ACE5A9D275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E5F4BFE-F6F5-41BE-8F72-612EF862ED3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F331CEE-929B-4664-97E6-5CC175C52401}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{33EF73B1-E902-484E-BFA1-2F75CD9C122F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{354289DC-F850-4B7B-A69B-FBED82E21AB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36F8D272-878A-4E7F-80E9-7E6325EF1DD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3DA1A1F0-CB04-4A2D-964D-C359935DD834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46C0B3CB-8C52-4BB7-AD63-113AEEFE5ECF}" = lport=139 | protocol=6 | dir=in | app=system |
"{59F254AE-2DB5-43FA-B1D9-8FA7442C00F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{661E283A-C52A-40F6-8BF2-14D1F44FCF4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BFC2280-972C-4FED-AB7F-4EB57E38ABC9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{6D74C026-4FFD-4419-9B1B-15C63D3C4E2C}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D7C2023-FBC6-4951-ABF1-471DC7F678D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{97E9BD87-60AB-43DE-A304-3FB9AA171997}" = lport=138 | protocol=17 | dir=in | app=system |
"{AABF92C7-288C-43E9-BA09-2375B9CA101E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{AB6A1B3A-955C-493C-98E5-E7C26C193CCC}" = lport=56787 | protocol=6 | dir=in | name=windows core service |
"{ACB05DDE-92E7-4082-9946-0B700298FF2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD503196-6AD2-488D-B2A8-E143E0161981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BED63295-B1FD-4CBB-96B2-AAB81118351C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C98589F5-2D27-4F3A-A2C1-0D708AEB1253}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB661BED-BA14-49E9-AEC5-38C9B6C1C05D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CCD3315D-91F6-4F50-9025-5CD557CC6A82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F61BD7F8-33BB-4DE3-846A-FD955DE69DF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA6533B1-372B-47E4-8E44-31684AF70BEC}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A699F7-689B-46CD-A4AA-B197DEBADEE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{06D28004-0B8D-41C0-9556-340C7D0B320C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{160B4DF5-49A4-46EC-951C-E72E17785B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1675BBEE-67A8-4029-A91D-EF1576A0B975}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1B060A61-7604-4085-AA85-AAA823D9A744}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E205403-64DA-44FB-8A13-4742F8302F52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B57DD95-2484-4324-94B0-FFF9BF3CD57E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30A7CD3A-0524-44FA-B261-F37A4F82CC4F}" = protocol=6 | dir=out | app=system |
"{377C2549-5AD9-419E-A218-58CE654D690D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3E6E5F45-C09C-4EB9-88AF-402A1B9CDD9C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{47F16B82-1310-49BF-B8B1-3A1BC770FA4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E52D376-0035-4535-A07F-2F064819E95F}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{5005FDE5-7C1A-40B4-BCBD-D3F5F4BC3204}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{502BAC88-A49D-4837-BDC7-3A5EC05621E5}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{55631FCB-F509-4F5C-BCCF-4ACAC288E6BB}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{5EA75D74-3400-461C-8C9E-3973001D2A98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{866AE4EE-BF60-4BC3-921A-3DD3E1BFC2D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FE0CF8A-BF5D-4065-906A-BE45DAD77B2B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{A4C2278D-B6E1-4302-AAEF-D7D08F0779EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A75F03B0-2AB1-4160-91CC-DDFCC708E7C0}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{B5E8C4F9-A3DB-46AD-84C3-5EAA4706D502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B80FF2A7-0455-4549-8B93-A84C7CEB79D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9BCEFDA-C2DB-44E0-8A1C-34E289768416}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0172745-6D73-4019-A875-977634333C51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4C46449-C3F8-431A-B6A3-476AD7C2C278}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3D0E2B-76D6-4AAC-AF80-5F4147C44C56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83216033FF}" = Java(TM) 6 Update 33
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"Internet Manager" = Internet Manager
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Drivers" = NVIDIA Drivers
"ReiseGenial_is1" = ReiseGenial 3.6.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 30.05.2012 09:29:29 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 31.05.2012 14:44:50 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 04.06.2012 11:08:52 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 05.06.2012 15:14:46 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 05.06.2012 15:29:26 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.06.2012 14:43:38 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description = Während der Initialisierung der Suchengine trat ein unbekannter Fehler
auf! Fehlercode: 0x35
Error - 06.06.2012 15:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.06.2012 15:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.06.2012 14:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 14:50:02 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 14.06.2012 16:21:38 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 14.06.2012 16:21:53 | Computer Name = Flo-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 14.06.2012 16:21:53 | Computer Name = Flo-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 19.06.2012 12:01:08 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Internet Manager. OUC erreicht.
Error - 19.06.2012 12:01:08 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 19.06.2012 12:01:10 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 19.06.2012 12:01:10 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 19.06.2012 12:01:10 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ricoh xD-Picture Card Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 19.06.2012 12:01:24 | Computer Name = Flo-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 19.06.2012 13:39:34 | Computer Name = Flo-PC | Source = Microsoft-Windows-HAL | ID = 12
Description = Der Speicher wurde beim letzten Leistungsübergang des Systems von
der Plattformfirmware beschädigt. Überprüfen Sie, ob für Ihr System aktualisierte
Firmware verfügbar ist.
< End of report >
|
|
22.06.2012, 07:16
| #2 |
| /// Selecta Jahrusso   | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Mein Name ist Daniel und ich werde dir mit deinem Malware Relevanten Problemen helfen. Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Deinstalliere bitte Babylon toolbar on IE = Adware Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
25.06.2012, 18:41
| #3 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Hallo Daniel,
__________________danke für deine Hilfe. Tut mir leid für die verspätete Antwort. Ich habe wie besagt die Babylon Toolbar deinstallieren lassen und mir das Logfile vom TDSSkiller geben lassen. Hier ist sie: Code:
ATTFilter 19:36:18.0390 5172 TDSS rootkit removing tool 2.7.41.0 Jun 20 2012 20:53:32
19:36:18.0443 5172 ============================================================
19:36:18.0443 5172 Current date / time: 2012/06/25 19:36:18.0443
19:36:18.0443 5172 SystemInfo:
19:36:18.0443 5172
19:36:18.0443 5172 OS Version: 6.1.7600 ServicePack: 0.0
19:36:18.0443 5172 Product type: Workstation
19:36:18.0443 5172 ComputerName: FLO-PC
19:36:18.0444 5172 UserName: Flo
19:36:18.0444 5172 Windows directory: C:\Windows
19:36:18.0444 5172 System windows directory: C:\Windows
19:36:18.0444 5172 Processor architecture: Intel x86
19:36:18.0444 5172 Number of processors: 2
19:36:18.0444 5172 Page size: 0x1000
19:36:18.0444 5172 Boot type: Normal boot
19:36:18.0444 5172 ============================================================
19:36:19.0874 5172 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
19:36:19.0882 5172 Drive \Device\Harddisk1\DR2 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2C881, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
19:36:19.0907 5172 ============================================================
19:36:19.0907 5172 \Device\Harddisk0\DR0:
19:36:19.0907 5172 MBR partitions:
19:36:19.0907 5172 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
19:36:19.0907 5172 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x11B1D000
19:36:19.0907 5172 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x11B4FD3C, BlocksNum 0xEC8D85
19:36:19.0907 5172 \Device\Harddisk1\DR2:
19:36:19.0908 5172 MBR partitions:
19:36:19.0908 5172 \Device\Harddisk1\DR2\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAAE60000
19:36:19.0908 5172 \Device\Harddisk1\DR2\Partition1: MBR, Type 0x7, StartLBA 0xAAE60800, BlocksNum 0x3C26000
19:36:19.0908 5172 ============================================================
19:36:19.0939 5172 C: <-> \Device\Harddisk0\DR0\Partition1
19:36:19.0974 5172 D: <-> \Device\Harddisk0\DR0\Partition2
19:36:20.0018 5172 F: <-> \Device\Harddisk1\DR2\Partition0
19:36:20.0057 5172 I: <-> \Device\Harddisk1\DR2\Partition1
19:36:20.0057 5172 ============================================================
19:36:20.0057 5172 Initialize success
19:36:20.0057 5172 ============================================================
19:36:25.0958 4692 ============================================================
19:36:25.0958 4692 Scan started
19:36:25.0958 4692 Mode: Manual;
19:36:25.0958 4692 ============================================================
19:36:26.0847 4692 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\DRIVERS\1394ohci.sys
19:36:26.0863 4692 1394ohci - ok
19:36:26.0901 4692 ACPI (f0e07d144c8685b8774bc32fc8da4df0) C:\Windows\system32\DRIVERS\ACPI.sys
19:36:26.0906 4692 ACPI - ok
19:36:26.0938 4692 AcpiPmi (98d81ca942d19f7d9153b095162ac013) C:\Windows\system32\DRIVERS\acpipmi.sys
19:36:26.0942 4692 AcpiPmi - ok
19:36:27.0025 4692 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
19:36:27.0027 4692 AdobeARMservice - ok
19:36:27.0107 4692 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
19:36:27.0110 4692 AdobeFlashPlayerUpdateSvc - ok
19:36:27.0168 4692 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
19:36:27.0185 4692 adp94xx - ok
19:36:27.0222 4692 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
19:36:27.0237 4692 adpahci - ok
19:36:27.0255 4692 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
19:36:27.0267 4692 adpu320 - ok
19:36:27.0301 4692 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
19:36:27.0303 4692 AeLookupSvc - ok
19:36:27.0363 4692 AFD (0db7a48388d54d154ebec120461a0fcd) C:\Windows\system32\drivers\afd.sys
19:36:27.0369 4692 AFD - ok
19:36:27.0405 4692 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\DRIVERS\agp440.sys
19:36:27.0414 4692 agp440 - ok
19:36:27.0462 4692 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
19:36:27.0471 4692 aic78xx - ok
19:36:27.0516 4692 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
19:36:27.0526 4692 ALG - ok
19:36:27.0536 4692 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\DRIVERS\aliide.sys
19:36:27.0543 4692 aliide - ok
19:36:27.0564 4692 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\DRIVERS\amdagp.sys
19:36:27.0573 4692 amdagp - ok
19:36:27.0579 4692 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\DRIVERS\amdide.sys
19:36:27.0586 4692 amdide - ok
19:36:27.0634 4692 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
19:36:27.0635 4692 AmdK8 - ok
19:36:27.0645 4692 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
19:36:27.0654 4692 AmdPPM - ok
19:36:27.0680 4692 amdsata (2101a86c25c154f8314b24ef49d7fbc2) C:\Windows\system32\DRIVERS\amdsata.sys
19:36:27.0691 4692 amdsata - ok
19:36:27.0716 4692 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
19:36:27.0727 4692 amdsbs - ok
19:36:27.0741 4692 amdxata (b81c2b5616f6420a9941ea093a92b150) C:\Windows\system32\DRIVERS\amdxata.sys
19:36:27.0742 4692 amdxata - ok
19:36:27.0812 4692 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
19:36:27.0816 4692 AntiVirSchedulerService - ok
19:36:27.0862 4692 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
19:36:27.0866 4692 AntiVirService - ok
19:36:27.0905 4692 AppID (feb834c02ce1e84b6a38f953ca067706) C:\Windows\system32\drivers\appid.sys
19:36:27.0913 4692 AppID - ok
19:36:27.0949 4692 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
19:36:27.0951 4692 AppIDSvc - ok
19:36:27.0991 4692 Appinfo (7dead9e3f65dcb2794f2711003bbf650) C:\Windows\System32\appinfo.dll
19:36:27.0992 4692 Appinfo - ok
19:36:28.0031 4692 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
19:36:28.0043 4692 AppMgmt - ok
19:36:28.0085 4692 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
19:36:28.0097 4692 arc - ok
19:36:28.0123 4692 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
19:36:28.0134 4692 arcsas - ok
19:36:28.0156 4692 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
19:36:28.0162 4692 AsyncMac - ok
19:36:28.0184 4692 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\DRIVERS\atapi.sys
19:36:28.0185 4692 atapi - ok
19:36:28.0263 4692 ATSwpWDF (befe54e9bc648a3c79c917a63b6ee7da) C:\Windows\system32\Drivers\ATSwpWDF.sys
19:36:28.0311 4692 ATSwpWDF - ok
19:36:28.0375 4692 AudioEndpointBuilder (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
19:36:28.0383 4692 AudioEndpointBuilder - ok
19:36:28.0393 4692 Audiosrv (510c873bfa135aa829f4180352772734) C:\Windows\System32\Audiosrv.dll
19:36:28.0398 4692 Audiosrv - ok
19:36:28.0424 4692 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
19:36:28.0426 4692 avgntflt - ok
19:36:28.0459 4692 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
19:36:28.0474 4692 avipbb - ok
19:36:28.0494 4692 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
19:36:28.0504 4692 avkmgr - ok
19:36:28.0530 4692 AxInstSV (dd6a431b43e34b91a767d1ce33728175) C:\Windows\System32\AxInstSV.dll
19:36:28.0541 4692 AxInstSV - ok
19:36:28.0605 4692 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
19:36:28.0622 4692 b06bdrv - ok
19:36:28.0656 4692 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
19:36:28.0669 4692 b57nd60x - ok
19:36:28.0767 4692 BCM43XX (eb7c2dadf52f50f69f198c14c3556dc1) C:\Windows\system32\DRIVERS\bcmwl6.sys
19:36:28.0809 4692 BCM43XX - ok
19:36:28.0899 4692 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
19:36:28.0922 4692 BDESVC - ok
19:36:28.0965 4692 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
19:36:28.0969 4692 Beep - ok
19:36:29.0018 4692 BFE (85ac71c045ceb054ed48a7841aae0c11) C:\Windows\System32\bfe.dll
19:36:29.0028 4692 BFE - ok
19:36:29.0084 4692 BITS (53f476476f55a27f580661bde09c4ec4) C:\Windows\System32\qmgr.dll
19:36:29.0097 4692 BITS - ok
19:36:29.0115 4692 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
19:36:29.0122 4692 blbdrive - ok
19:36:29.0156 4692 BMLoad (70cd6d71fc48bbbd1385d7b35aeadecc) C:\Windows\system32\drivers\BMLoad.sys
19:36:29.0157 4692 BMLoad - ok
19:36:29.0200 4692 bowser (9a5c671b7fbae4865149bb11f59b91b2) C:\Windows\system32\DRIVERS\bowser.sys
19:36:29.0202 4692 bowser - ok
19:36:29.0235 4692 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
19:36:29.0239 4692 BrFiltLo - ok
19:36:29.0256 4692 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
19:36:29.0260 4692 BrFiltUp - ok
19:36:29.0292 4692 Browser (598e1280e7ff3744f4b8329366cc5635) C:\Windows\System32\browser.dll
19:36:29.0303 4692 Browser - ok
19:36:29.0333 4692 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
19:36:29.0349 4692 Brserid - ok
19:36:29.0365 4692 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
19:36:29.0374 4692 BrSerWdm - ok
19:36:29.0393 4692 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
19:36:29.0398 4692 BrUsbMdm - ok
19:36:29.0404 4692 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
19:36:29.0409 4692 BrUsbSer - ok
19:36:29.0450 4692 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\DRIVERS\BthEnum.sys
19:36:29.0457 4692 BthEnum - ok
19:36:29.0466 4692 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
19:36:29.0474 4692 BTHMODEM - ok
19:36:29.0494 4692 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
19:36:29.0497 4692 BthPan - ok
19:36:29.0527 4692 BTHPORT (4a34888e13224678dd062466afec4240) C:\Windows\system32\Drivers\BTHport.sys
19:36:29.0548 4692 BTHPORT - ok
19:36:29.0589 4692 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
19:36:29.0591 4692 bthserv - ok
19:36:29.0611 4692 BTHUSB (fa04c63916fa221dbb91fce153d07a55) C:\Windows\system32\Drivers\BTHUSB.sys
19:36:29.0619 4692 BTHUSB - ok
19:36:29.0651 4692 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
19:36:29.0653 4692 cdfs - ok
19:36:29.0681 4692 cdrom (ba6e70aa0e6091bc39de29477d866a77) C:\Windows\system32\DRIVERS\cdrom.sys
19:36:29.0693 4692 cdrom - ok
19:36:29.0722 4692 CertPropSvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
19:36:29.0733 4692 CertPropSvc - ok
19:36:29.0749 4692 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
19:36:29.0757 4692 circlass - ok
19:36:29.0795 4692 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
19:36:29.0800 4692 CLFS - ok
19:36:29.0892 4692 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
19:36:29.0916 4692 clr_optimization_v2.0.50727_32 - ok
19:36:29.0950 4692 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
19:36:29.0955 4692 CmBatt - ok
19:36:29.0972 4692 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\DRIVERS\cmdide.sys
19:36:29.0979 4692 cmdide - ok
19:36:30.0021 4692 CNG (36c252e474b2ffa0f0fbbff20d92a640) C:\Windows\system32\Drivers\cng.sys
19:36:30.0028 4692 CNG - ok
19:36:30.0109 4692 Com4QLBEx (c7a0e61d5714ac20de52d4f66ec773b8) C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
19:36:30.0114 4692 Com4QLBEx - ok
19:36:30.0144 4692 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
19:36:30.0145 4692 Compbatt - ok
19:36:30.0169 4692 CompositeBus (f1724ba27e97d627f808fb0ba77a28a6) C:\Windows\system32\DRIVERS\CompositeBus.sys
19:36:30.0177 4692 CompositeBus - ok
19:36:30.0192 4692 COMSysApp - ok
19:36:30.0222 4692 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
19:36:30.0231 4692 crcdisk - ok
19:36:30.0270 4692 CryptSvc (9c231178ce4fb385f4b54b0a9080b8a4) C:\Windows\system32\cryptsvc.dll
19:36:30.0274 4692 CryptSvc - ok
19:36:30.0306 4692 CSC (27c9490bdd0ae48911ab8cf1932591ed) C:\Windows\system32\drivers\csc.sys
19:36:30.0329 4692 CSC - ok
19:36:30.0368 4692 CscService (56fb5f222ea30d3d3fc459879772cb73) C:\Windows\System32\cscsvc.dll
19:36:30.0378 4692 CscService - ok
19:36:30.0425 4692 DcomLaunch (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
19:36:30.0434 4692 DcomLaunch - ok
19:36:30.0466 4692 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
19:36:30.0471 4692 defragsvc - ok
19:36:30.0535 4692 DfsC (83d1ecea8faae75604c0fa49ac7ad996) C:\Windows\system32\Drivers\dfsc.sys
19:36:30.0538 4692 DfsC - ok
19:36:30.0584 4692 Dhcp (c56495fbd770712367cad35e5de72da6) C:\Windows\system32\dhcpcore.dll
19:36:30.0590 4692 Dhcp - ok
19:36:30.0619 4692 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
19:36:30.0620 4692 discache - ok
19:36:30.0657 4692 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
19:36:30.0659 4692 Disk - ok
19:36:30.0700 4692 Dnscache (b15be77a2bacf9c3177d27518afe26a9) C:\Windows\System32\dnsrslvr.dll
19:36:30.0704 4692 Dnscache - ok
19:36:30.0743 4692 dot3svc (4408c85c21eea48eb0ce486baeef0502) C:\Windows\System32\dot3svc.dll
19:36:30.0758 4692 dot3svc - ok
19:36:30.0778 4692 DPS (7fa81c6e11caa594adb52084da73a1e5) C:\Windows\system32\dps.dll
19:36:30.0781 4692 DPS - ok
19:36:30.0808 4692 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
19:36:30.0813 4692 drmkaud - ok
19:36:30.0862 4692 dtsoftbus01 (fb38473835476a6fb272215a1d972af9) C:\Windows\system32\DRIVERS\dtsoftbus01.sys
19:36:30.0867 4692 dtsoftbus01 - ok
19:36:30.0918 4692 DXGKrnl (c94b6c3cc628179cb9b9061c19888b99) C:\Windows\System32\drivers\dxgkrnl.sys
19:36:30.0949 4692 DXGKrnl - ok
19:36:30.0979 4692 E1G60 (22ef8965101685add128f03a2b03ce16) C:\Windows\system32\DRIVERS\E1G60I32.sys
19:36:30.0990 4692 E1G60 - ok
19:36:31.0021 4692 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
19:36:31.0024 4692 EapHost - ok
19:36:31.0271 4692 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
19:36:31.0340 4692 ebdrv - ok
19:36:31.0453 4692 EFS (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\System32\lsass.exe
19:36:31.0462 4692 EFS - ok
19:36:31.0523 4692 ehRecvr (3a74a6e33685662b125a3269b1f2114f) C:\Windows\ehome\ehRecvr.exe
19:36:31.0533 4692 ehRecvr - ok
19:36:31.0549 4692 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
19:36:31.0562 4692 ehSched - ok
19:36:31.0650 4692 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
19:36:31.0669 4692 elxstor - ok
19:36:31.0696 4692 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\DRIVERS\errdev.sys
19:36:31.0701 4692 ErrDev - ok
19:36:31.0813 4692 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
19:36:31.0823 4692 EventSystem - ok
19:36:31.0883 4692 ewusbmbb (026f6d48cc5293c7b8a696376618b9d2) C:\Windows\system32\DRIVERS\ewusbwwan.sys
19:36:31.0901 4692 ewusbmbb - ok
19:36:31.0956 4692 ew_hwusbdev (57c171ea22f0a7f068fcb0caedd1e8e7) C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
19:36:31.0958 4692 ew_hwusbdev - ok
19:36:32.0012 4692 ew_usbenumfilter (61a973f60e94a551ba7b15f3460444fb) C:\Windows\system32\DRIVERS\ew_usbenumfilter.sys
19:36:32.0013 4692 ew_usbenumfilter - ok
19:36:32.0048 4692 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
19:36:32.0060 4692 exfat - ok
19:36:32.0084 4692 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
19:36:32.0096 4692 fastfat - ok
19:36:32.0156 4692 Fax (f7ea23cc5e6bf2181f3f399d54f6efc1) C:\Windows\system32\fxssvc.exe
19:36:32.0180 4692 Fax - ok
19:36:32.0196 4692 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
19:36:32.0204 4692 fdc - ok
19:36:32.0237 4692 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
19:36:32.0244 4692 fdPHost - ok
19:36:32.0263 4692 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
19:36:32.0272 4692 FDResPub - ok
19:36:32.0290 4692 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
19:36:32.0292 4692 FileInfo - ok
19:36:32.0319 4692 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
19:36:32.0326 4692 Filetrace - ok
19:36:32.0333 4692 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
19:36:32.0339 4692 flpydisk - ok
19:36:32.0360 4692 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
19:36:32.0364 4692 FltMgr - ok
19:36:32.0430 4692 FontCache (151258fc2ec8c48bdf8a53350ae0a676) C:\Windows\system32\FntCache.dll
19:36:32.0456 4692 FontCache - ok
19:36:32.0535 4692 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
19:36:32.0543 4692 FontCache3.0.0.0 - ok
19:36:32.0563 4692 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
19:36:32.0572 4692 FsDepends - ok
19:36:32.0603 4692 Fs_Rec (a574b4360e438977038aae4bf60d79a2) C:\Windows\system32\drivers\Fs_Rec.sys
19:36:32.0611 4692 Fs_Rec - ok
19:36:32.0630 4692 fvevol (5592f5dba26282d24d2b080eb438a4d7) C:\Windows\system32\DRIVERS\fvevol.sys
19:36:32.0634 4692 fvevol - ok
19:36:32.0661 4692 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
19:36:32.0671 4692 gagp30kx - ok
19:36:32.0732 4692 gpsvc (8ba3c04702bf8f927ab36ae8313ca4ee) C:\Windows\System32\gpsvc.dll
19:36:32.0743 4692 gpsvc - ok
19:36:32.0777 4692 HBtnKey (c172f0d0329e46513b09e1fc60a27b9d) C:\Windows\system32\DRIVERS\cpqbttn.sys
19:36:32.0783 4692 HBtnKey - ok
19:36:32.0814 4692 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
19:36:32.0821 4692 hcw85cir - ok
19:36:32.0857 4692 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys
19:36:32.0876 4692 HdAudAddService - ok
19:36:32.0903 4692 HDAudBus (717a2207fd6f13ad3e664c7d5a43c7bf) C:\Windows\system32\DRIVERS\HDAudBus.sys
19:36:32.0906 4692 HDAudBus - ok
19:36:32.0913 4692 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
19:36:32.0919 4692 HidBatt - ok
19:36:32.0946 4692 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
19:36:32.0955 4692 HidBth - ok
19:36:32.0967 4692 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
19:36:32.0977 4692 HidIr - ok
19:36:33.0009 4692 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
19:36:33.0018 4692 hidserv - ok
19:36:33.0069 4692 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys
19:36:33.0083 4692 HidUsb - ok
19:36:33.0120 4692 hkmsvc (741c2a45ca8407e374aaba3e330b7872) C:\Windows\system32\kmsvc.dll
19:36:33.0142 4692 hkmsvc - ok
19:36:33.0175 4692 HomeGroupListener (a768ca158bb06782a2835b907f4873c3) C:\Windows\system32\ListSvc.dll
19:36:33.0193 4692 HomeGroupListener - ok
19:36:33.0221 4692 HomeGroupProvider (fb08dec5ef43d0c66d83b8e9694e7549) C:\Windows\system32\provsvc.dll
19:36:33.0227 4692 HomeGroupProvider - ok
19:36:33.0287 4692 HpqKbFiltr (1210960ff8928950d2a786895b0c424a) C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
19:36:33.0293 4692 HpqKbFiltr - ok
19:36:33.0385 4692 hpqwmiex (fdf273a845f1ffcceadf363aaf47582f) C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
19:36:33.0390 4692 hpqwmiex - ok
19:36:33.0425 4692 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\DRIVERS\HpSAMD.sys
19:36:33.0435 4692 HpSAMD - ok
19:36:33.0498 4692 HTTP (c531c7fd9e8b62021112787c4e2c5a5a) C:\Windows\system32\drivers\HTTP.sys
19:36:33.0509 4692 HTTP - ok
19:36:33.0554 4692 huawei_cdcacm (42a64382a0607b80c99c37170911b346) C:\Windows\system32\DRIVERS\ew_jucdcacm.sys
19:36:33.0564 4692 huawei_cdcacm - ok
19:36:33.0577 4692 huawei_enumerator (f44461e66f1b7dd267957fe9baa63ed0) C:\Windows\system32\DRIVERS\ew_jubusenum.sys
19:36:33.0587 4692 huawei_enumerator - ok
19:36:33.0605 4692 huawei_ext_ctrl (69a103138b77ac0950ec3846e2e6f655) C:\Windows\system32\DRIVERS\ew_juextctrl.sys
19:36:33.0612 4692 huawei_ext_ctrl - ok
19:36:33.0639 4692 huawei_wwanecm (7de001bab4056257e1792af1fcfa489f) C:\Windows\system32\DRIVERS\ew_juwwanecm.sys
19:36:33.0643 4692 huawei_wwanecm - ok
19:36:33.0696 4692 hwdatacard (f547f862b8907f1bcbd9b72a72a6449e) C:\Windows\system32\DRIVERS\ewusbmdm.sys
19:36:33.0720 4692 hwdatacard - ok
19:36:33.0784 4692 HWDeviceService.exe - ok
19:36:33.0828 4692 hwpolicy (8305f33cde89ad6c7a0763ed0b5a8d42) C:\Windows\system32\drivers\hwpolicy.sys
19:36:33.0829 4692 hwpolicy - ok
19:36:33.0878 4692 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\DRIVERS\i8042prt.sys
19:36:33.0890 4692 i8042prt - ok
19:36:33.0944 4692 iaStorV (934af4d7c5f457b9f0743f4299b77b67) C:\Windows\system32\DRIVERS\iaStorV.sys
19:36:33.0962 4692 iaStorV - ok
19:36:34.0082 4692 idsvc (5af815eb5bc9802e5a064e2ba62bfc0c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
19:36:34.0124 4692 idsvc - ok
19:36:34.0169 4692 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
19:36:34.0177 4692 iirsp - ok
19:36:34.0283 4692 IJPLMSVC (ad5df6f4fbbc798636edc66bfec7d0de) C:\Program Files\Canon\IJPLM\IJPLMSVC.EXE
19:36:34.0285 4692 IJPLMSVC - ok
19:36:34.0359 4692 IKEEXT (fac0ee6562b121b1399d6e855583f7a5) C:\Windows\System32\ikeext.dll
19:36:34.0370 4692 IKEEXT - ok
19:36:34.0409 4692 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\DRIVERS\intelide.sys
19:36:34.0417 4692 intelide - ok
19:36:34.0440 4692 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
19:36:34.0450 4692 intelppm - ok
19:36:34.0558 4692 Internet Manager. RunOuc (80a3cb16c3abab616d33c1d8b2db0ece) C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe
19:36:34.0564 4692 Internet Manager. RunOuc - ok
19:36:34.0604 4692 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
19:36:34.0616 4692 IPBusEnum - ok
19:36:34.0636 4692 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
19:36:34.0645 4692 IpFilterDriver - ok
19:36:34.0683 4692 iphlpsvc (477397b432a256a50ee7e4339eb9ea14) C:\Windows\System32\iphlpsvc.dll
19:36:34.0694 4692 iphlpsvc - ok
19:36:34.0712 4692 IPMIDRV (e4454b6c37d7ffd5649611f6496308a7) C:\Windows\system32\DRIVERS\IPMIDrv.sys
19:36:34.0722 4692 IPMIDRV - ok
19:36:34.0732 4692 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
19:36:34.0744 4692 IPNAT - ok
19:36:34.0773 4692 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
19:36:34.0778 4692 IRENUM - ok
19:36:34.0796 4692 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\DRIVERS\isapnp.sys
19:36:34.0805 4692 isapnp - ok
19:36:34.0833 4692 iScsiPrt (ed46c223ae46c6866ab77cdc41c404b7) C:\Windows\system32\DRIVERS\msiscsi.sys
19:36:34.0848 4692 iScsiPrt - ok
19:36:34.0876 4692 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
19:36:34.0885 4692 kbdclass - ok
19:36:34.0922 4692 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys
19:36:34.0929 4692 kbdhid - ok
19:36:34.0953 4692 KeyIso (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:36:34.0955 4692 KeyIso - ok
19:36:34.0969 4692 KSecDD (0263364acb9c834ace52fb85c2c064ec) C:\Windows\system32\Drivers\ksecdd.sys
19:36:34.0971 4692 KSecDD - ok
19:36:34.0989 4692 KSecPkg (27391db553be2a4e2b0adeea2873b2af) C:\Windows\system32\Drivers\ksecpkg.sys
19:36:34.0992 4692 KSecPkg - ok
19:36:35.0033 4692 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
19:36:35.0050 4692 KtmRm - ok
19:36:35.0081 4692 LanmanServer (8f6bf790d3168224c16f2af68a84438c) C:\Windows\system32\srvsvc.dll
19:36:35.0085 4692 LanmanServer - ok
19:36:35.0113 4692 LanmanWorkstation (b9891f885dcf1f0513a51cb58493cb1f) C:\Windows\System32\wkssvc.dll
19:36:35.0117 4692 LanmanWorkstation - ok
19:36:35.0169 4692 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
19:36:35.0177 4692 lltdio - ok
19:36:35.0210 4692 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
19:36:35.0223 4692 lltdsvc - ok
19:36:35.0238 4692 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
19:36:35.0246 4692 lmhosts - ok
19:36:35.0288 4692 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
19:36:35.0299 4692 LSI_FC - ok
19:36:35.0330 4692 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
19:36:35.0340 4692 LSI_SAS - ok
19:36:35.0369 4692 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
19:36:35.0378 4692 LSI_SAS2 - ok
19:36:35.0402 4692 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
19:36:35.0412 4692 LSI_SCSI - ok
19:36:35.0443 4692 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
19:36:35.0445 4692 luafv - ok
19:36:35.0487 4692 Mcx2Svc (e2b0887816ed336685954e3d8fdaa51d) C:\Windows\system32\Mcx2Svc.dll
19:36:35.0518 4692 Mcx2Svc - ok
19:36:35.0552 4692 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
19:36:35.0570 4692 megasas - ok
19:36:35.0617 4692 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
19:36:35.0630 4692 MegaSR - ok
19:36:35.0732 4692 Microsoft Office Groove Audit Service (fafe367d032ed82e9332b4c741a20216) C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
19:36:35.0734 4692 Microsoft Office Groove Audit Service - ok
19:36:35.0765 4692 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:35.0774 4692 MMCSS - ok
19:36:35.0793 4692 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
19:36:35.0795 4692 Modem - ok
19:36:35.0818 4692 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
19:36:35.0820 4692 monitor - ok
19:36:35.0849 4692 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
19:36:35.0858 4692 mouclass - ok
19:36:35.0916 4692 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
19:36:35.0929 4692 mouhid - ok
19:36:35.0956 4692 mountmgr (921c18727c5920d6c0300736646931c2) C:\Windows\system32\drivers\mountmgr.sys
19:36:35.0961 4692 mountmgr - ok
19:36:36.0008 4692 mpio (2af5997438c55fb79d33d015c30e1974) C:\Windows\system32\DRIVERS\mpio.sys
19:36:36.0023 4692 mpio - ok
19:36:36.0039 4692 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
19:36:36.0047 4692 mpsdrv - ok
19:36:36.0095 4692 MpsSvc (5cd996cecf45cbc3e8d109c86b82d69e) C:\Windows\system32\mpssvc.dll
19:36:36.0106 4692 MpsSvc - ok
19:36:36.0136 4692 MRxDAV (b1be47008d20e43da3adc37c24cdb89d) C:\Windows\system32\drivers\mrxdav.sys
19:36:36.0149 4692 MRxDAV - ok
19:36:36.0192 4692 mrxsmb (ca7570e42522e24324a12161db14ec02) C:\Windows\system32\DRIVERS\mrxsmb.sys
19:36:36.0195 4692 mrxsmb - ok
19:36:36.0221 4692 mrxsmb10 (f965c3ab2b2ae5c378f4562486e35051) C:\Windows\system32\DRIVERS\mrxsmb10.sys
19:36:36.0226 4692 mrxsmb10 - ok
19:36:36.0242 4692 mrxsmb20 (25c38264a3c72594dd21d355d70d7a5d) C:\Windows\system32\DRIVERS\mrxsmb20.sys
19:36:36.0244 4692 mrxsmb20 - ok
19:36:36.0266 4692 msahci (4326d168944123f38dd3b2d9c37a0b12) C:\Windows\system32\DRIVERS\msahci.sys
19:36:36.0275 4692 msahci - ok
19:36:36.0293 4692 msdsm (455029c7174a2dbb03dba8a0d8bddd9a) C:\Windows\system32\DRIVERS\msdsm.sys
19:36:36.0307 4692 msdsm - ok
19:36:36.0344 4692 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
19:36:36.0358 4692 MSDTC - ok
19:36:36.0374 4692 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
19:36:36.0375 4692 Msfs - ok
19:36:36.0403 4692 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
19:36:36.0408 4692 mshidkmdf - ok
19:36:36.0417 4692 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\DRIVERS\msisadrv.sys
19:36:36.0418 4692 msisadrv - ok
19:36:36.0463 4692 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
19:36:36.0476 4692 MSiSCSI - ok
19:36:36.0481 4692 msiserver - ok
19:36:36.0517 4692 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
19:36:36.0522 4692 MSKSSRV - ok
19:36:36.0528 4692 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
19:36:36.0535 4692 MSPCLOCK - ok
19:36:36.0551 4692 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
19:36:36.0555 4692 MSPQM - ok
19:36:36.0585 4692 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
19:36:36.0588 4692 MsRPC - ok
19:36:36.0603 4692 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\DRIVERS\mssmbios.sys
19:36:36.0605 4692 mssmbios - ok
19:36:36.0625 4692 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
19:36:36.0630 4692 MSTEE - ok
19:36:36.0648 4692 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
19:36:36.0654 4692 MTConfig - ok
19:36:36.0678 4692 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
19:36:36.0680 4692 Mup - ok
19:36:36.0720 4692 napagent (80284f1985c70c86f0b5f86da2dfe1df) C:\Windows\system32\qagentRT.dll
19:36:36.0727 4692 napagent - ok
19:36:36.0769 4692 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
19:36:36.0786 4692 NativeWifiP - ok
19:36:36.0833 4692 NDIS (23759d175a0a9baaf04d05047bc135a8) C:\Windows\system32\drivers\ndis.sys
19:36:36.0861 4692 NDIS - ok
19:36:36.0894 4692 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
19:36:36.0900 4692 NdisCap - ok
19:36:36.0928 4692 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
19:36:36.0935 4692 NdisTapi - ok
19:36:36.0948 4692 Ndisuio (b30ae7f2b6d7e343b0df32e6c08fce75) C:\Windows\system32\DRIVERS\ndisuio.sys
19:36:36.0956 4692 Ndisuio - ok
19:36:36.0979 4692 NdisWan (267c415eadcbe53c9ca873dee39cf3a4) C:\Windows\system32\DRIVERS\ndiswan.sys
19:36:36.0992 4692 NdisWan - ok
19:36:37.0004 4692 NDProxy (af7e7c63dcef3f8772726f86039d6eb4) C:\Windows\system32\drivers\NDProxy.sys
19:36:37.0012 4692 NDProxy - ok
19:36:37.0188 4692 Nero BackItUp Scheduler 3 (a0101e836d2a39682e134c47b1565256) C:\Program Files\Nero\Nero8\Nero BackItUp\NBService.exe
19:36:37.0199 4692 Nero BackItUp Scheduler 3 - ok
19:36:37.0236 4692 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
19:36:37.0237 4692 NetBIOS - ok
19:36:37.0257 4692 NetBT (dd52a733bf4ca5af84562a5e2f963b91) C:\Windows\system32\DRIVERS\netbt.sys
19:36:37.0262 4692 NetBT - ok
19:36:37.0287 4692 Netlogon (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:36:37.0289 4692 Netlogon - ok
19:36:37.0346 4692 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
19:36:37.0353 4692 Netman - ok
19:36:37.0381 4692 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
19:36:37.0389 4692 netprofm - ok
19:36:37.0465 4692 NetTcpPortSharing (fe2aa5a684b0dd9b1fae57b7817c198b) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
19:36:37.0479 4692 NetTcpPortSharing - ok
19:36:37.0527 4692 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
19:36:37.0536 4692 nfrd960 - ok
19:36:37.0567 4692 NlaSvc (2226496e34bd40734946a054b1cd657f) C:\Windows\System32\nlasvc.dll
19:36:37.0572 4692 NlaSvc - ok
19:36:37.0681 4692 NMIndexingService (6ef0506ce1f553e9bd085645933c8686) C:\Program Files\Common Files\Nero\Lib\NMIndexingService.exe
19:36:37.0687 4692 NMIndexingService - ok
19:36:37.0699 4692 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
19:36:37.0701 4692 Npfs - ok
19:36:37.0724 4692 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
19:36:37.0726 4692 nsi - ok
19:36:37.0737 4692 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
19:36:37.0739 4692 nsiproxy - ok
19:36:37.0827 4692 Ntfs (3795dcd21f740ee799fb7223234215af) C:\Windows\system32\drivers\Ntfs.sys
19:36:37.0848 4692 Ntfs - ok
19:36:37.0871 4692 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
19:36:37.0876 4692 Null - ok
19:36:37.0961 4692 NVENETFD (a1108084b0d2fc43dcc401735770e2a3) C:\Windows\system32\DRIVERS\nvmfdx32.sys
19:36:37.0990 4692 NVENETFD - ok
19:36:38.0442 4692 nvlddmkm (05200c3a9b1370aa2d8c99f1a464168b) C:\Windows\system32\DRIVERS\nvlddmkm.sys
19:36:38.0723 4692 nvlddmkm - ok
19:36:38.0870 4692 nvraid (3f3d04b1d08d43c16ea7963954ec768d) C:\Windows\system32\DRIVERS\nvraid.sys
19:36:38.0893 4692 nvraid - ok
19:36:38.0954 4692 nvsmu (9aebc32f9d6e02ebee0369ab296fe7c8) C:\Windows\system32\DRIVERS\nvsmu.sys
19:36:38.0956 4692 nvsmu - ok
19:36:38.0983 4692 nvstor (c99f251a5de63c6f129cf71933aced0f) C:\Windows\system32\DRIVERS\nvstor.sys
19:36:38.0994 4692 nvstor - ok
19:36:39.0035 4692 nvsvc (a1da6d6d706ba55348db4ba688f37ca5) C:\Windows\system32\nvvsvc.exe
19:36:39.0052 4692 nvsvc - ok
19:36:39.0062 4692 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\DRIVERS\nv_agp.sys
19:36:39.0074 4692 nv_agp - ok
19:36:39.0184 4692 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
19:36:39.0190 4692 odserv - ok
19:36:39.0228 4692 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\DRIVERS\ohci1394.sys
19:36:39.0238 4692 ohci1394 - ok
19:36:39.0284 4692 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
19:36:39.0286 4692 ose - ok
19:36:39.0331 4692 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:39.0338 4692 p2pimsvc - ok
19:36:39.0370 4692 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
19:36:39.0388 4692 p2psvc - ok
19:36:39.0419 4692 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
19:36:39.0429 4692 Parport - ok
19:36:39.0449 4692 partmgr (ff4218952b51de44fe910953a3e686b9) C:\Windows\system32\drivers\partmgr.sys
19:36:39.0451 4692 partmgr - ok
19:36:39.0479 4692 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
19:36:39.0484 4692 Parvdm - ok
19:36:39.0497 4692 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
19:36:39.0501 4692 PcaSvc - ok
19:36:39.0524 4692 pci (c858cb77c577780ecc456a892e7e7d0f) C:\Windows\system32\DRIVERS\pci.sys
19:36:39.0527 4692 pci - ok
19:36:39.0536 4692 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\DRIVERS\pciide.sys
19:36:39.0537 4692 pciide - ok
19:36:39.0556 4692 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
19:36:39.0572 4692 pcmcia - ok
19:36:39.0585 4692 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
19:36:39.0587 4692 pcw - ok
19:36:39.0632 4692 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
19:36:39.0661 4692 PEAUTH - ok
19:36:39.0745 4692 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
19:36:39.0764 4692 PeerDistSvc - ok
19:36:39.0887 4692 pla (9c1bff7910c89a1d12e57343475840cb) C:\Windows\system32\pla.dll
19:36:39.0930 4692 pla - ok
19:36:40.0044 4692 PlugPlay (71def5ec79774c798342d0ea16e41780) C:\Windows\system32\umpnpmgr.dll
19:36:40.0060 4692 PlugPlay - ok
19:36:40.0091 4692 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
19:36:40.0099 4692 PNRPAutoReg - ok
19:36:40.0131 4692 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
19:36:40.0135 4692 PNRPsvc - ok
19:36:40.0180 4692 PolicyAgent (48e1b75c6dc0232fd92baae4bd344721) C:\Windows\System32\ipsecsvc.dll
19:36:40.0187 4692 PolicyAgent - ok
19:36:40.0221 4692 Power (dbff83f709a91049621c1d35dd45c92c) C:\Windows\system32\umpo.dll
19:36:40.0226 4692 Power - ok
19:36:40.0299 4692 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
19:36:40.0308 4692 PptpMiniport - ok
19:36:40.0322 4692 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
19:36:40.0331 4692 Processor - ok
19:36:40.0363 4692 ProfSvc (630cf26f0227498b7d5a92b12548960f) C:\Windows\system32\profsvc.dll
19:36:40.0368 4692 ProfSvc - ok
19:36:40.0398 4692 ProtectedStorage (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:36:40.0400 4692 ProtectedStorage - ok
19:36:40.0436 4692 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
19:36:40.0439 4692 Psched - ok
19:36:40.0520 4692 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
19:36:40.0556 4692 ql2300 - ok
19:36:40.0682 4692 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
19:36:40.0705 4692 ql40xx - ok
19:36:40.0733 4692 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
19:36:40.0748 4692 QWAVE - ok
19:36:40.0758 4692 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
19:36:40.0766 4692 QWAVEdrv - ok
19:36:40.0786 4692 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
19:36:40.0790 4692 RasAcd - ok
19:36:40.0827 4692 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
19:36:40.0836 4692 RasAgileVpn - ok
19:36:40.0859 4692 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
19:36:40.0871 4692 RasAuto - ok
19:36:40.0891 4692 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
19:36:40.0901 4692 Rasl2tp - ok
19:36:40.0942 4692 RasMan (0ce66ec736b7fc526d78f7624c7d2a94) C:\Windows\System32\rasmans.dll
19:36:40.0949 4692 RasMan - ok
19:36:40.0964 4692 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
19:36:40.0974 4692 RasPppoe - ok
19:36:41.0013 4692 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
19:36:41.0023 4692 RasSstp - ok
19:36:41.0046 4692 rdbss (835d7e81bf517a3b72384bdcc85e1ce6) C:\Windows\system32\DRIVERS\rdbss.sys
19:36:41.0051 4692 rdbss - ok
19:36:41.0065 4692 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
19:36:41.0071 4692 rdpbus - ok
19:36:41.0090 4692 RDPCDD (1e016846895b15a99f9a176a05029075) C:\Windows\system32\DRIVERS\RDPCDD.sys
19:36:41.0091 4692 RDPCDD - ok
19:36:41.0122 4692 RDPDR (c5ff95883ffef704d50c40d21cfb3ab5) C:\Windows\system32\drivers\rdpdr.sys
19:36:41.0135 4692 RDPDR - ok
19:36:41.0161 4692 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
19:36:41.0162 4692 RDPENCDD - ok
19:36:41.0185 4692 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
19:36:41.0186 4692 RDPREFMP - ok
19:36:41.0220 4692 RDPWD (801371ba9782282892d00aadb08ee367) C:\Windows\system32\drivers\RDPWD.sys
19:36:41.0231 4692 RDPWD - ok
19:36:41.0284 4692 rdyboost (4ea225bf1cf05e158853f30a99ca29a7) C:\Windows\system32\drivers\rdyboost.sys
19:36:41.0287 4692 rdyboost - ok
19:36:41.0315 4692 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
19:36:41.0325 4692 RemoteAccess - ok
19:36:41.0359 4692 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
19:36:41.0372 4692 RemoteRegistry - ok
19:36:41.0407 4692 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
19:36:41.0419 4692 RFCOMM - ok
19:36:41.0460 4692 rimmptsk (df672613fbbcd58c38bb0bc2694bcfb0) C:\Windows\system32\DRIVERS\rimmptsk.sys
19:36:41.0468 4692 rimmptsk - ok
19:36:41.0489 4692 rimsptsk (9bfb54d3559f2ff7301271d29d383564) C:\Windows\system32\DRIVERS\rimsptsk.sys
19:36:41.0497 4692 rimsptsk - ok
19:36:41.0526 4692 rismxdp (dcb87da83cc1010cbc9fc4dc9e395bbc) C:\Windows\system32\DRIVERS\rixdptsk.sys
19:36:41.0533 4692 rismxdp - ok
19:36:41.0566 4692 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
19:36:41.0569 4692 RpcEptMapper - ok
19:36:41.0598 4692 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
19:36:41.0605 4692 RpcLocator - ok
19:36:41.0637 4692 RpcSs (b82cd39e336973359d7c9bf911e8e84f) C:\Windows\system32\rpcss.dll
19:36:41.0643 4692 RpcSs - ok
19:36:41.0681 4692 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
19:36:41.0690 4692 rspndr - ok
19:36:41.0710 4692 s3cap (5423d8437051e89dd34749f242c98648) C:\Windows\system32\DRIVERS\vms3cap.sys
19:36:41.0715 4692 s3cap - ok
19:36:41.0743 4692 SamSs (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:36:41.0745 4692 SamSs - ok
19:36:41.0782 4692 sbp2port (34ee0c44b724e3e4ce2eff29126de5b5) C:\Windows\system32\DRIVERS\sbp2port.sys
19:36:41.0794 4692 sbp2port - ok
19:36:41.0821 4692 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
19:36:41.0836 4692 SCardSvr - ok
19:36:41.0846 4692 scfilter (a95c54b2ac3cc9c73fcdf9e51a1d6b51) C:\Windows\system32\DRIVERS\scfilter.sys
19:36:41.0854 4692 scfilter - ok
19:36:41.0905 4692 Schedule (df1e5c82e4d09cf8105cc644980c4803) C:\Windows\system32\schedsvc.dll
19:36:41.0919 4692 Schedule - ok
19:36:41.0945 4692 SCPolicySvc (628a9e30ec5e18dd5de6be4dbdc12198) C:\Windows\System32\certprop.dll
19:36:41.0947 4692 SCPolicySvc - ok
19:36:41.0994 4692 sdbus (7b48cff3a475fe849dea65ec4d35c425) C:\Windows\system32\DRIVERS\sdbus.sys
19:36:42.0004 4692 sdbus - ok
19:36:42.0027 4692 SDRSVC (5fd90abdbfaee85986802622cbb03446) C:\Windows\System32\SDRSVC.dll
19:36:42.0041 4692 SDRSVC - ok
19:36:42.0088 4692 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
19:36:42.0094 4692 secdrv - ok
19:36:42.0125 4692 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
19:36:42.0134 4692 seclogon - ok
19:36:42.0166 4692 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
19:36:42.0170 4692 SENS - ok
19:36:42.0185 4692 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
19:36:42.0195 4692 SensrSvc - ok
19:36:42.0207 4692 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
19:36:42.0213 4692 Serenum - ok
19:36:42.0228 4692 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
19:36:42.0240 4692 Serial - ok
19:36:42.0268 4692 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
19:36:42.0274 4692 sermouse - ok
19:36:42.0319 4692 SessionEnv (8f55ce568c543d5adf45c409d16718fc) C:\Windows\system32\sessenv.dll
19:36:42.0331 4692 SessionEnv - ok
19:36:42.0344 4692 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\DRIVERS\sffdisk.sys
19:36:42.0349 4692 sffdisk - ok
19:36:42.0361 4692 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\DRIVERS\sffp_mmc.sys
19:36:42.0367 4692 sffp_mmc - ok
19:36:42.0375 4692 sffp_sd (4f1e5b0fe7c8050668dbfade8999aefb) C:\Windows\system32\DRIVERS\sffp_sd.sys
19:36:42.0381 4692 sffp_sd - ok
19:36:42.0386 4692 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
19:36:42.0394 4692 sfloppy - ok
19:36:42.0430 4692 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
19:36:42.0448 4692 SharedAccess - ok
19:36:42.0494 4692 ShellHWDetection (cd2e48fa5b29ee2b3b5858056d246ef2) C:\Windows\System32\shsvcs.dll
19:36:42.0500 4692 ShellHWDetection - ok
19:36:42.0515 4692 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\DRIVERS\sisagp.sys
19:36:42.0524 4692 sisagp - ok
19:36:42.0557 4692 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
19:36:42.0565 4692 SiSRaid2 - ok
19:36:42.0579 4692 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
19:36:42.0588 4692 SiSRaid4 - ok
19:36:42.0634 4692 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
19:36:42.0643 4692 Smb - ok
19:36:42.0674 4692 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
19:36:42.0682 4692 SNMPTRAP - ok
19:36:42.0694 4692 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
19:36:42.0695 4692 spldr - ok
19:36:42.0741 4692 Spooler (d1bb750eb51694de183e08b9c33be5b2) C:\Windows\System32\spoolsv.exe
19:36:42.0749 4692 Spooler - ok
19:36:42.0909 4692 sppsvc (4c287f9069fedbd791178876ee9de536) C:\Windows\system32\sppsvc.exe
19:36:42.0962 4692 sppsvc - ok
19:36:43.0063 4692 sppuinotify (d8e3e19eebdab49dd4a8d3062ead4ec7) C:\Windows\system32\sppuinotify.dll
19:36:43.0089 4692 sppuinotify - ok
19:36:43.0149 4692 srv (c4a027b8c0bd3fc0699f41fa5e9e0c87) C:\Windows\system32\DRIVERS\srv.sys
19:36:43.0155 4692 srv - ok
19:36:43.0179 4692 srv2 (414bb592cad8a79649d01f9d94318fb3) C:\Windows\system32\DRIVERS\srv2.sys
19:36:43.0186 4692 srv2 - ok
19:36:43.0236 4692 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
19:36:43.0249 4692 SrvHsfHDA - ok
19:36:43.0310 4692 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
19:36:43.0342 4692 SrvHsfV92 - ok
19:36:43.0382 4692 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
19:36:43.0409 4692 SrvHsfWinac - ok
19:36:43.0443 4692 srvnet (ff207d67700aa18242aaf985d3e7d8f4) C:\Windows\system32\DRIVERS\srvnet.sys
19:36:43.0446 4692 srvnet - ok
19:36:43.0475 4692 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
19:36:43.0479 4692 SSDPSRV - ok
19:36:43.0504 4692 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
19:36:43.0512 4692 ssmdrv - ok
19:36:43.0527 4692 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
19:36:43.0532 4692 SstpSvc - ok
19:36:43.0558 4692 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
19:36:43.0567 4692 stexstor - ok
19:36:43.0635 4692 StiSvc (a22825e7bb7018e8af3e229a5af17221) C:\Windows\System32\wiaservc.dll
19:36:43.0645 4692 StiSvc - ok
19:36:43.0663 4692 storflt (957e346ca948668f2496a6ccf6ff82cc) C:\Windows\system32\DRIVERS\vmstorfl.sys
19:36:43.0665 4692 storflt - ok
19:36:43.0686 4692 storvsc (d5751969dc3e4b88bf482ac8ec9fe019) C:\Windows\system32\DRIVERS\storvsc.sys
19:36:43.0695 4692 storvsc - ok
19:36:43.0715 4692 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\DRIVERS\swenum.sys
19:36:43.0722 4692 swenum - ok
19:36:43.0757 4692 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
19:36:43.0766 4692 swprv - ok
19:36:43.0825 4692 SynTP (964524a9edcce945e82419abe9db94ee) C:\Windows\system32\DRIVERS\SynTP.sys
19:36:43.0842 4692 SynTP - ok
19:36:43.0933 4692 SysMain (04105c8da62353589c29bdaeb8d88bd8) C:\Windows\system32\sysmain.dll
19:36:43.0969 4692 SysMain - ok
19:36:44.0005 4692 TabletInputService (fcfb6c552fbc0da299799cbd50ad9fd4) C:\Windows\System32\TabSvc.dll
19:36:44.0018 4692 TabletInputService - ok
19:36:44.0036 4692 TapiSrv (2f46b0c70a4adc8c90cf825da3b4feaf) C:\Windows\System32\tapisrv.dll
19:36:44.0043 4692 TapiSrv - ok
19:36:44.0059 4692 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
19:36:44.0064 4692 TBS - ok
19:36:44.0180 4692 Tcpip (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\drivers\tcpip.sys
19:36:44.0201 4692 Tcpip - ok
19:36:44.0229 4692 TCPIP6 (56c198ac82efa622dd93e9e43575f79c) C:\Windows\system32\DRIVERS\tcpip.sys
19:36:44.0241 4692 TCPIP6 - ok
19:36:44.0282 4692 tcpipBM (74905ebcbb8cbdb1f3c0b1778bbcb4bc) C:\Windows\system32\drivers\tcpipBM.sys
19:36:44.0289 4692 tcpipBM - ok
19:36:44.0318 4692 tcpipreg (e64444523add154f86567c469bc0b17f) C:\Windows\system32\drivers\tcpipreg.sys
19:36:44.0326 4692 tcpipreg - ok
19:36:44.0344 4692 TDPIPE (1875c1490d99e70e449e3afae9fcbadf) C:\Windows\system32\drivers\tdpipe.sys
19:36:44.0349 4692 TDPIPE - ok
19:36:44.0357 4692 TDTCP (7551e91ea999ee9a8e9c331d5a9c31f3) C:\Windows\system32\drivers\tdtcp.sys
19:36:44.0363 4692 TDTCP - ok
19:36:44.0386 4692 tdx (cb39e896a2a83702d1737bfd402b3542) C:\Windows\system32\DRIVERS\tdx.sys
19:36:44.0395 4692 tdx - ok
19:36:44.0408 4692 TermDD (c36f41ee20e6999dbf4b0425963268a5) C:\Windows\system32\DRIVERS\termdd.sys
19:36:44.0418 4692 TermDD - ok
19:36:44.0479 4692 TermService (a01e50a04d7b1960b33e92b9080e6a94) C:\Windows\System32\termsrv.dll
19:36:44.0503 4692 TermService - ok
19:36:44.0524 4692 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
19:36:44.0528 4692 Themes - ok
19:36:44.0554 4692 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
19:36:44.0557 4692 THREADORDER - ok
19:36:44.0574 4692 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
19:36:44.0586 4692 TrkWks - ok
19:36:44.0789 4692 TrustedInstaller (41a4c781d2286208d397d72099304133) C:\Windows\servicing\TrustedInstaller.exe
19:36:44.0819 4692 TrustedInstaller - ok
19:36:44.0873 4692 tssecsrv (98ae6fa07d12cb4ec5cf4a9bfa5f4242) C:\Windows\system32\DRIVERS\tssecsrv.sys
19:36:44.0880 4692 tssecsrv - ok
19:36:45.0059 4692 TuneUp.UtilitiesSvc (af5f31156ee89d35ad6ec3179a805d23) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe
19:36:45.0085 4692 TuneUp.UtilitiesSvc - ok
19:36:45.0129 4692 TuneUpUtilitiesDrv (f2107c9d85ec0df116939ccce06ae697) C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys
19:36:45.0130 4692 TuneUpUtilitiesDrv - ok
19:36:45.0273 4692 tunnel (3e461d890a97f9d4c168f5fda36e1d00) C:\Windows\system32\DRIVERS\tunnel.sys
19:36:45.0295 4692 tunnel - ok
19:36:45.0318 4692 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
19:36:45.0328 4692 uagp35 - ok
19:36:45.0357 4692 udfs (09cc3e16f8e5ee7168e01cf8fcbe061a) C:\Windows\system32\DRIVERS\udfs.sys
19:36:45.0373 4692 udfs - ok
19:36:45.0411 4692 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
19:36:45.0415 4692 UI0Detect - ok
19:36:45.0431 4692 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\DRIVERS\uliagpkx.sys
19:36:45.0442 4692 uliagpkx - ok
19:36:45.0462 4692 umbus (049b3a50b3d646baeeee9eec9b0668dc) C:\Windows\system32\DRIVERS\umbus.sys
19:36:45.0471 4692 umbus - ok
19:36:45.0505 4692 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
19:36:45.0510 4692 UmPass - ok
19:36:45.0540 4692 UmRdpService (8ecaca5454844f66386f7be4ae0d7cd1) C:\Windows\System32\umrdp.dll
19:36:45.0554 4692 UmRdpService - ok
19:36:45.0579 4692 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
19:36:45.0585 4692 upnphost - ok
19:36:45.0610 4692 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys
19:36:45.0620 4692 usbccgp - ok
19:36:45.0644 4692 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\DRIVERS\usbcir.sys
19:36:45.0657 4692 usbcir - ok
19:36:45.0675 4692 usbehci (1c333bfd60f2fed2c7ad5daf533cb742) C:\Windows\system32\DRIVERS\usbehci.sys
19:36:45.0682 4692 usbehci - ok
19:36:45.0703 4692 usbhub (ee6ef93ccfa94fae8c6ab298273d8ae2) C:\Windows\system32\DRIVERS\usbhub.sys
19:36:45.0719 4692 usbhub - ok
19:36:45.0733 4692 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
19:36:45.0734 4692 usbohci - ok
19:36:45.0773 4692 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
19:36:45.0780 4692 usbprint - ok
19:36:45.0803 4692 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
19:36:45.0811 4692 usbscan - ok
19:36:45.0821 4692 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS
19:36:45.0824 4692 USBSTOR - ok
19:36:45.0859 4692 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\DRIVERS\usbuhci.sys
19:36:45.0865 4692 usbuhci - ok
19:36:45.0917 4692 usbvideo (f642a7e4bf78cfa359cca0a3557c28d7) C:\Windows\system32\Drivers\usbvideo.sys
19:36:45.0928 4692 usbvideo - ok
19:36:45.0988 4692 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
19:36:46.0010 4692 UxSms - ok
19:36:46.0074 4692 UxTuneUp (6275822ac454a8a831d063841a4dbb5d) C:\Windows\System32\uxtuneup.dll
19:36:46.0081 4692 UxTuneUp - ok
19:36:46.0121 4692 VaultSvc (c2243ff9e9aad0c30e8b1a0914da15b6) C:\Windows\system32\lsass.exe
19:36:46.0125 4692 VaultSvc - ok
19:36:46.0158 4692 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\DRIVERS\vdrvroot.sys
19:36:46.0161 4692 vdrvroot - ok
19:36:46.0207 4692 vds (8c4e7c49d3641bc9e299e466a7f8867d) C:\Windows\System32\vds.exe
19:36:46.0229 4692 vds - ok
19:36:46.0261 4692 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
19:36:46.0267 4692 vga - ok
19:36:46.0294 4692 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
19:36:46.0300 4692 VgaSave - ok
19:36:46.0327 4692 vhdmp (3be6e1f3a4f1afec8cee0d7883f93583) C:\Windows\system32\DRIVERS\vhdmp.sys
19:36:46.0342 4692 vhdmp - ok
19:36:46.0381 4692 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\DRIVERS\viaagp.sys
19:36:46.0390 4692 viaagp - ok
19:36:46.0398 4692 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
19:36:46.0407 4692 ViaC7 - ok
19:36:46.0415 4692 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\DRIVERS\viaide.sys
19:36:46.0422 4692 viaide - ok
19:36:46.0451 4692 vmbus (379b349f65f453d2a6e75ea6b7448e49) C:\Windows\system32\DRIVERS\vmbus.sys
19:36:46.0465 4692 vmbus - ok
19:36:46.0490 4692 VMBusHID (ec2bbab4b84d0738c6c83d2234dc36fe) C:\Windows\system32\DRIVERS\VMBusHID.sys
19:36:46.0495 4692 VMBusHID - ok
19:36:46.0521 4692 volmgr (384e5a2aa49934295171e499f86ba6f3) C:\Windows\system32\DRIVERS\volmgr.sys
19:36:46.0522 4692 volmgr - ok
19:36:46.0551 4692 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
19:36:46.0557 4692 volmgrx - ok
19:36:46.0600 4692 volsnap (58df9d2481a56edde167e51b334d44fd) C:\Windows\system32\DRIVERS\volsnap.sys
19:36:46.0605 4692 volsnap - ok
19:36:46.0627 4692 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
19:36:46.0639 4692 vsmraid - ok
19:36:46.0707 4692 VSS (7ea2bcd94d9cfaf4c556f5cc94532a6c) C:\Windows\system32\vssvc.exe
19:36:46.0721 4692 VSS - ok
19:36:46.0733 4692 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
19:36:46.0740 4692 vwifibus - ok
19:36:46.0776 4692 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
19:36:46.0784 4692 vwififlt - ok
19:36:46.0812 4692 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
19:36:46.0820 4692 W32Time - ok
19:36:46.0854 4692 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
19:36:46.0861 4692 WacomPen - ok
19:36:46.0889 4692 WANARP (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0898 4692 WANARP - ok
19:36:46.0903 4692 Wanarpv6 (692a712062146e96d28ba0b7d75de31b) C:\Windows\system32\DRIVERS\wanarp.sys
19:36:46.0907 4692 Wanarpv6 - ok
19:36:46.0988 4692 wbengine (7790b77fe1e5ee47dcc66247095bb4c9) C:\Windows\system32\wbengine.exe
19:36:47.0026 4692 wbengine - ok
19:36:47.0053 4692 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
19:36:47.0068 4692 WbioSrvc - ok
19:36:47.0097 4692 wcncsvc (d0f88aa11ee1a62bcc6d6a8a7783ca11) C:\Windows\System32\wcncsvc.dll
19:36:47.0115 4692 wcncsvc - ok
19:36:47.0126 4692 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
19:36:47.0137 4692 WcsPlugInService - ok
19:36:47.0197 4692 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
19:36:47.0204 4692 Wd - ok
19:36:47.0260 4692 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
19:36:47.0275 4692 Wdf01000 - ok
19:36:47.0316 4692 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0326 4692 WdiServiceHost - ok
19:36:47.0341 4692 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
19:36:47.0345 4692 WdiSystemHost - ok
19:36:47.0367 4692 WebClient (d87c7d2c517f82a5ab7a73e203063d9e) C:\Windows\System32\webclnt.dll
19:36:47.0383 4692 WebClient - ok
19:36:47.0395 4692 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
19:36:47.0411 4692 Wecsvc - ok
19:36:47.0423 4692 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
19:36:47.0426 4692 wercplsupport - ok
19:36:47.0448 4692 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
19:36:47.0460 4692 WerSvc - ok
19:36:47.0488 4692 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
19:36:47.0493 4692 WfpLwf - ok
19:36:47.0511 4692 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
19:36:47.0518 4692 WIMMount - ok
19:36:47.0612 4692 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
19:36:47.0624 4692 WinDefend - ok
19:36:47.0634 4692 WinHttpAutoProxySvc - ok
19:36:47.0706 4692 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
19:36:47.0714 4692 Winmgmt - ok
19:36:47.0839 4692 WinRM (c4f5d3901d1b41d602ddc196e0b95b51) C:\Windows\system32\WsmSvc.dll
19:36:47.0879 4692 WinRM - ok
19:36:47.0987 4692 WinUsb (30fc6e5448d0cbaaa95280eeef7fedae) C:\Windows\system32\DRIVERS\WinUsb.sys
19:36:47.0996 4692 WinUsb - ok
19:36:48.0064 4692 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
19:36:48.0079 4692 Wlansvc - ok
19:36:48.0115 4692 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\DRIVERS\wmiacpi.sys
19:36:48.0117 4692 WmiAcpi - ok
19:36:48.0178 4692 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
19:36:48.0192 4692 wmiApSrv - ok
19:36:48.0294 4692 WMPNetworkSvc (77fbd400984cf72ba0fc4b3489d65f74) C:\Program Files\Windows Media Player\wmpnetwk.exe
19:36:48.0314 4692 WMPNetworkSvc - ok
19:36:48.0336 4692 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
19:36:48.0345 4692 WPCSvc - ok
19:36:48.0362 4692 WPDBusEnum (b7f658a2ebc07129538ad9ab35212637) C:\Windows\system32\wpdbusenum.dll
19:36:48.0367 4692 WPDBusEnum - ok
19:36:48.0423 4692 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
19:36:48.0429 4692 ws2ifsl - ok
19:36:48.0453 4692 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
19:36:48.0457 4692 wscsvc - ok
19:36:48.0462 4692 WSearch - ok
19:36:48.0577 4692 wuauserv (a33408cc036f9c08142b11be5e93f0a1) C:\Windows\system32\wuaueng.dll
19:36:48.0612 4692 wuauserv - ok
19:36:48.0735 4692 WudfPf (6f9b6c0c93232cff47d0f72d6db1d21e) C:\Windows\system32\drivers\WudfPf.sys
19:36:48.0749 4692 WudfPf - ok
19:36:48.0792 4692 WUDFRd (f91ff1e51fca30b3c3981db7d5924252) C:\Windows\system32\DRIVERS\WUDFRd.sys
19:36:48.0795 4692 WUDFRd - ok
19:36:48.0836 4692 wudfsvc (ddee3682fe97037c45f4d7ab467cb8b6) C:\Windows\System32\WUDFSvc.dll
19:36:48.0840 4692 wudfsvc - ok
19:36:48.0861 4692 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
19:36:48.0866 4692 WwanSvc - ok
19:36:48.0932 4692 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
19:36:49.0051 4692 \Device\Harddisk0\DR0 - ok
19:36:49.0058 4692 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk1\DR2
19:36:49.0346 4692 \Device\Harddisk1\DR2 - ok
19:36:49.0351 4692 Boot (0x1200) (0240e780e79a5866a9e5851041deff99) \Device\Harddisk0\DR0\Partition0
19:36:49.0353 4692 \Device\Harddisk0\DR0\Partition0 - ok
19:36:49.0382 4692 Boot (0x1200) (a0099c69188ff40eabda59d0a172753e) \Device\Harddisk0\DR0\Partition1
19:36:49.0383 4692 \Device\Harddisk0\DR0\Partition1 - ok
19:36:49.0409 4692 Boot (0x1200) (2e3a799ebfa1419a7433e974f2de44d8) \Device\Harddisk0\DR0\Partition2
19:36:49.0410 4692 \Device\Harddisk0\DR0\Partition2 - ok
19:36:49.0416 4692 Boot (0x1200) (3dfe82a1be3cb83d4bed25a96848d3c9) \Device\Harddisk1\DR2\Partition0
19:36:49.0418 4692 \Device\Harddisk1\DR2\Partition0 - ok
19:36:49.0425 4692 Boot (0x1200) (40407dfc18bc1bc0e187c20d302538e6) \Device\Harddisk1\DR2\Partition1
19:36:49.0428 4692 \Device\Harddisk1\DR2\Partition1 - ok
19:36:49.0430 4692 ============================================================
19:36:49.0430 4692 Scan finished
19:36:49.0430 4692 ============================================================
19:36:49.0448 3140 Detected object count: 0
19:36:49.0448 3140 Actual detected object count: 0
|
|
25.06.2012, 18:47
| #4 | |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.comCombofix sollte ausschließlich ausgeführt werden, wenn dies von einem Teammitglied angewiesen wurde! Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.06.2012, 19:28
| #5 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com So, Combofixer konnte durchgeführt werden. Hier ist das Log Code:
ATTFilter ComboFix 12-06-25.03 - Flo 25.06.2012 20:11:46.1.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1983.1270 [GMT 2:00]
ausgeführt von:: F:\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-25 bis 2012-06-25 ))))))))))))))))))))))))))))))
.
.
2012-06-25 18:18 . 2012-06-25 18:18 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-06-21 16:40 . 2012-06-21 21:05 -------- d-----w- c:\users\Flo\AppData\Local\NPE
2012-06-21 16:40 . 2012-06-21 16:40 -------- d-----w- c:\programdata\Norton
2012-06-19 16:53 . 2012-06-19 16:53 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 16:53 . 2012-06-19 16:53 -------- d-----w- c:\program files\Java
2012-06-11 18:01 . 2012-06-11 18:01 159744 --sha-r- c:\windows\system32\spwizengp.dll
2012-05-29 19:16 . 2012-05-29 19:18 -------- d-----w- c:\users\Flo\AppData\Roaming\ReiseGenial
2012-05-29 19:16 . 2012-05-29 19:16 -------- d-----w- c:\program files\ReiseGenial
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 11:37 . 2012-04-16 11:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 11:37 . 2012-02-14 20:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 16:53 . 2012-02-16 19:55 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-29 11:09 . 2012-02-14 20:25 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 11:09 . 2012-04-15 13:24 29024 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-29 11:09 . 2012-02-14 20:25 21344 ----a-w- c:\windows\system32\authuitu.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-01-28 270176]
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-02-20 224096]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-02-20 102784]
R3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-02-20 11136]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-02-20 353280]
R3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-02-20 90112]
R3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-02-20 26624]
R3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-02-20 181760]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-02-20 13184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-02-20 73216]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-25 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:37]
.
2012-06-25 c:\windows\Tasks\KOYNZA.job
- c:\windows\system32\spwizengp.dll [2012-06-11 18:01]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{053CF95D-444B-4D97-BCD6-6827006F6E13}: NameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{0DB34FEC-0DEC-4F5D-B477-8CB0231FE7F1}: NameServer = 10.129.32.1 10.111.81.129
TCP: Interfaces\{F06EC670-4838-4825-A00E-F173CE4E650F}: NameServer = 10.129.32.1 10.111.81.129
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-06-25 20:24:38
ComboFix-quarantined-files.txt 2012-06-25 18:24
.
Vor Suchlauf: 7 Verzeichnis(se), 26.395.770.880 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 26.320.211.968 Bytes frei
.
- - End Of File - - ED5222B7E215FC9B501D730313E933E4
|
|
25.06.2012, 19:49
| #6 | |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Bitte lasse die Datei aus der Code-Box bei Virustotal überprüfen.
Zitat:
Warte bis unter Current status: Finished steht. Kopiere den Link aus deiner Adresszeile und poste ihn hier.
__________________ --> Nach Google Suche umleitung über Rocketnews zu safeseeking.com |
|
25.06.2012, 19:58
| #7 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com ich hab die datei spwizenp.dll nicht auf dem rechner im besagtem verzeichnis gefunden, sondern nur die datei spwizeng.dll... hier die analyse https://www.virustotal.com/file/3e732d4d16a9a48264544c0073a99d70e1e2b721fb7d8e544c15c3247d76e35e/analysis/1340650509/ |
|
25.06.2012, 20:01
| #8 |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Windows-Explorer öffnen (Windows-Taste + E) und unter => Extras => Ordneroptionen => im Reiter "Ansicht"
Sieh mal, ob du die Datei jetzt findest
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
25.06.2012, 20:18
| #9 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Das kopieren noch das hochladen der Datei wird unterbunden mit dem hinweis nicht die benötigten Rechte zu besitzen. Dabei bin ich an dem Computer als alleiniger Nutzer angemeldet mit Administratorrechten. Problem gelöst, hab mich für die Datei "freischalten" lassen Scan beginnt. Link folgt zeitnah es kam zu folgendem ergebnis: https://www.virustotal.com/file/b75e8f8847d4699db193b0d9f5539bf541ea45d8552d2cbde955400195c36fe1/analysis/1340652160/ |
|
26.06.2012, 06:34
| #10 |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Hinweis für Mitleser: Folgendes ComboFix Skript ist ausschließlich für diesen User in dieser Situtation erstellt worden. Auf keinen Fall auf anderen Rechnern anwenden, dass kann andere Systeme nachhaltig schädigen! Lösche die vorhandene Combofix.exe von deinem Desktop und lade das Programm von einem der folgenden Download-Spiegel neu herunter: BleepingComputer.com - ForoSpyware.comund speichere es erneut auf dem Desktop (nicht woanders hin, das ist wichtig)! Drücke die  + R Taste --> Notepad (hinein schreiben) --> OKKopiere nun den Text aus der folgenden Codebox komplett in das leere Textdokument. Code:
ATTFilter http://www.trojaner-board.de/117724-google-suche-umleitung-rocketnews-safeseeking-com.html#post851801
File::
c:\windows\Tasks\KOYNZA.job
Collect::
c:\windows\system32\spwizengp.dll
Wichtig:
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 17:39
| #11 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Hallo. Es scheint ganz gut funktioniert zu haben. Da der Rechner ein ziemlich alter ist hat es etwas gedauert. jedenfalls werden seiten von Google aus jetzt wieder korrekt weitergeleitet. Danke schon mal hierfür. Wäre die behandlung damit jetzt abgeschlossen oder ist noch was im log erkennbar Code:
ATTFilter ComboFix 12-06-26.01 - Flo 26.06.2012 17:36:34.2.2 - x86
Microsoft Windows 7 Ultimate 6.1.7600.0.1252.49.1031.18.1983.1399 [GMT 2:00]
ausgeführt von:: c:\users\Flo\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Flo\Desktop\CFScript.txt
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
FILE ::
"c:\windows\Tasks\KOYNZA.job"
.
file zipped: c:\windows\system32\spwizengp.dll
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Flo\AppData\Local\Temp\{CEA99475-00C7-4C70-8106-2913F0F7253C}\fpb.tmp
c:\windows\system32\spwizengp.dll
c:\windows\Tasks\KOYNZA.job
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-05-26 bis 2012-06-26 ))))))))))))))))))))))))))))))
.
.
2012-06-26 15:44 . 2012-06-26 16:14 -------- d-----w- c:\users\Flo\AppData\Local\temp
2012-06-21 16:40 . 2012-06-21 21:05 -------- d-----w- c:\users\Flo\AppData\Local\NPE
2012-06-21 16:40 . 2012-06-21 16:40 -------- d-----w- c:\programdata\Norton
2012-06-19 16:53 . 2012-06-19 16:53 476936 ----a-w- c:\windows\system32\npdeployJava1.dll
2012-06-19 16:53 . 2012-06-19 16:53 -------- d-----w- c:\program files\Java
2012-05-29 19:16 . 2012-05-29 19:18 -------- d-----w- c:\users\Flo\AppData\Roaming\ReiseGenial
2012-05-29 19:16 . 2012-05-29 19:16 -------- d-----w- c:\program files\ReiseGenial
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-06-23 11:37 . 2012-04-16 11:13 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-23 11:37 . 2012-02-14 20:03 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-06-19 16:53 . 2012-02-16 19:55 472840 ----a-w- c:\windows\system32\deployJava1.dll
2012-05-29 11:09 . 2012-02-14 20:25 31584 ----a-w- c:\windows\system32\TURegOpt.exe
2012-05-29 11:09 . 2012-04-15 13:24 29024 ----a-w- c:\windows\system32\uxtuneup.dll
2012-05-29 11:09 . 2012-02-14 20:25 21344 ----a-w- c:\windows\system32\authuitu.dll
.
.
((((((((((((((((((((((((((((( SnapShot@2012-06-25_18.19.06 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-02-09 20:06 . 2012-06-26 15:18 30020 c:\windows\System32\wdi\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2009-07-14 04:55 . 2012-06-26 16:16 44302 c:\windows\System32\wdi\BootPerformanceDiagnostics_SystemData.bin
- 2012-03-07 14:23 . 2012-06-21 15:20 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
+ 2012-03-07 14:23 . 2012-06-26 15:44 67584 c:\windows\System32\LogFiles\Srt\bootstat.dat
- 2012-02-14 19:05 . 2012-06-25 13:34 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
+ 2012-02-14 19:05 . 2012-06-26 15:27 16384 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\Cookies\index.dat
- 2012-02-14 19:05 . 2012-06-25 13:34 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
+ 2012-02-14 19:05 . 2012-06-26 15:27 32768 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\index.dat
- 2009-07-14 04:41 . 2012-06-25 13:34 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2009-07-14 04:41 . 2012-06-26 15:27 16384 c:\windows\System32\config\systemprofile\AppData\Local\Microsoft\Windows\History\History.IE5\index.dat
+ 2012-02-22 22:32 . 2012-06-25 20:36 4626 c:\windows\System32\wdi\ERCQueuedResolutions.dat
- 2012-02-22 22:32 . 2012-06-25 18:04 4626 c:\windows\System32\wdi\ERCQueuedResolutions.dat
+ 2012-02-14 19:31 . 2012-06-26 16:16 6854 c:\windows\System32\wdi\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-531737476-1573167394-3436089214-1000_UserData.bin
+ 2012-06-26 15:16 . 2012-06-26 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2012-06-25 18:06 . 2012-06-25 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2012-06-26 15:16 . 2012-06-26 16:14 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2012-06-25 18:06 . 2012-06-25 18:06 2048 c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2009-07-14 02:05 . 2012-06-25 18:11 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 02:05 . 2012-06-26 15:23 607190 c:\windows\System32\perfh009.dat
+ 2009-07-14 08:47 . 2012-06-26 15:23 643866 c:\windows\System32\perfh007.dat
- 2009-07-14 08:47 . 2012-06-25 18:11 643866 c:\windows\System32\perfh007.dat
+ 2009-07-14 02:05 . 2012-06-26 15:23 103568 c:\windows\System32\perfc009.dat
- 2009-07-14 02:05 . 2012-06-25 18:11 103568 c:\windows\System32\perfc009.dat
+ 2009-07-14 08:47 . 2012-06-26 15:23 126394 c:\windows\System32\perfc007.dat
- 2009-07-14 08:47 . 2012-06-25 18:11 126394 c:\windows\System32\perfc007.dat
- 2010-02-09 19:56 . 2012-06-25 13:34 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2010-02-09 19:56 . 2012-06-26 15:17 262144 c:\windows\System32\config\systemprofile\AppData\Roaming\Microsoft\Windows\IETldCache\index.dat
+ 2009-07-14 04:47 . 2012-06-25 20:36 387132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
- 2009-07-14 04:47 . 2012-06-25 18:04 387132 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-System.dat
+ 2009-07-14 02:03 . 2012-06-26 17:09 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
- 2009-07-14 02:03 . 2012-06-21 16:34 7077888 c:\windows\System32\SMI\Store\Machine\schema.dat
+ 2012-03-12 22:13 . 2012-06-25 20:36 3782456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-531737476-1573167394-3436089214-1000-4096.dat
- 2012-03-12 22:13 . 2012-06-25 18:04 3782456 c:\windows\ServiceProfiles\LocalService\AppData\Local\FontCache-S-1-5-21-531737476-1573167394-3436089214-1000-4096.dat
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Nero\Lib\NMBgMonitor.exe" [2007-08-03 202024]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-06-20 1316136]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-26 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-30 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-30 92704]
"QlbCtrl.exe"="c:\program files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2009-11-24 323640]
"NeroFilterCheck"="c:\program files\Common Files\Nero\Lib\NeroCheck.exe" [2007-03-01 153136]
"NBKeyScan"="c:\program files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe" [2007-08-08 1828136]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2010-03-25 2516296]
"CanonSolutionMenuEx"="c:\program files\Canon\Solution Menu EX\CNSEMAIN.EXE" [2010-04-02 1185112]
.
c:\users\Flo\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 98632]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe"
.
R2 Internet Manager. RunOuc;Internet Manager. OUC;c:\program files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe [2012-02-20 224096]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-23 250056]
R3 CFcatchme;CFcatchme;c:\users\Flo\AppData\Local\Temp\CFcatchme.sys [x]
R3 Com4QLBEx;Com4QLBEx;c:\program files\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-01-12 227896]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [2012-02-20 102784]
R3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [2012-02-20 353280]
S0 BMLoad;Bytemobile Boot Time Load Driver;c:\windows\system32\drivers\BMLoad.sys [2012-02-20 13184]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2012-02-14 239168]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-13 48128]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [2012-01-03 63928]
S2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [2011-01-28 270176]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe [2012-05-29 1528672]
S3 ATSwpWDF;AuthenTec TruePrint USB WBF WDF Driver;c:\windows\system32\Drivers\ATSwpWDF.sys [2009-12-03 625224]
S3 ew_usbenumfilter;huawei_CompositeFilter;c:\windows\system32\DRIVERS\ew_usbenumfilter.sys [2012-02-20 11136]
S3 huawei_cdcacm;huawei_cdcacm;c:\windows\system32\DRIVERS\ew_jucdcacm.sys [2012-02-20 90112]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [2012-02-20 73216]
S3 huawei_ext_ctrl;huawei_ext_ctrl;c:\windows\system32\DRIVERS\ew_juextctrl.sys [2012-02-20 26624]
S3 huawei_wwanecm;huawei_wwanecm;c:\windows\system32\DRIVERS\ew_juwwanecm.sys [2012-02-20 181760]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [2009-07-13 207360]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [2009-07-13 980992]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [2009-07-13 661504]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys [2012-02-09 10064]
.
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp
.
Inhalt des "geplante Tasks" Ordners
.
2012-06-26 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-16 11:37]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
TCP: Interfaces\{053CF95D-444B-4D97-BCD6-6827006F6E13}: NameServer = 10.74.210.210 10.74.210.211
TCP: Interfaces\{0DB34FEC-0DEC-4F5D-B477-8CB0231FE7F1}: NameServer = 10.129.32.1 10.111.81.129
TCP: Interfaces\{F06EC670-4838-4825-A00E-F173CE4E650F}: NameServer = 10.74.210.210 10.74.210.211
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\rundll32.exe
c:\program files\Canon\IJPLM\IJPLMSVC.EXE
c:\programdata\Internet Manager\OnlineUpdate\ouc.exe
c:\program files\Nero\Nero8\Nero BackItUp\NBService.exe
c:\program files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe
c:\windows\system32\conhost.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\programdata\DatacardService\DCSHelper.exe
c:\program files\T-Mobile\InternetManager_H\Internet Manager.exe
c:\windows\system32\WUDFHost.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-06-26 18:21:59 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-06-26 16:21
ComboFix2.txt 2012-06-25 18:24
.
Vor Suchlauf: 10 Verzeichnis(se), 26.317.967.360 Bytes frei
Nach Suchlauf: 11 Verzeichnis(se), 26.137.661.440 Bytes frei
.
- - End Of File - - 0C02B739BBA345609F390DD62F335362
Hochladen war erfolgreich
|
|
26.06.2012, 17:46
| #12 |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.comESET Online Scanner
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
26.06.2012, 20:50
| #13 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com hallo...scheint ja doch noch etwas drauf zu sein... hier das File Code:
ATTFilter C:\Qoobox\Quarantine\[4]-Submit_2012-06-26_17.36.15.zip a variant of Win32/Ponmocup.CX trojan
C:\Qoobox\Quarantine\C\Windows\System32\spwizengp.dll.vir a variant of Win32/Ponmocup.CX trojan
C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53\5dbb9af5-14470497 Java/Exploit.CVE-2012-0507.BU trojan
C:\Users\Flo\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54\744c8576-2b64f6e7 Java/Exploit.CVE-2012-0507.BS trojan
C:\Users\Flo\Desktop\BackUp_Flo\Downloads\registrybooster(1).exe Win32/RegistryBooster application
C:\Users\Flo\Desktop\BackUp_Flo\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Flo\Desktop\BackUp_Flo\Downloads\SoftonicDownloader_fuer_passport-photo.exe a variant of Win32/SoftonicDownloader.A application
C:\Users\Flo\Desktop\BackUp_Flo\Flo's\Downloads\registrybooster(1).exe Win32/RegistryBooster application
C:\Users\Flo\Desktop\BackUp_Flo\Flo's\Downloads\registrybooster.exe Win32/RegistryBooster application
C:\Users\Flo\Desktop\BackUp_Flo\Flo's\Downloads\SoftonicDownloader_fuer_passport-photo.exe a variant of Win32/SoftonicDownloader.A application
|
|
27.06.2012, 06:51
| #14 |
| /// Selecta Jahrusso | Nach Google Suche umleitung über Rocketnews zu safeseeking.com Nichts tragisches. Dein Java ist nicht mehr aktuell. Älter Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können.
Deinstalliere bitte Babylon Toolbar Ich sehe das Du sogenannte Registry Cleaner am System hast. In deinem Fall TuneUp. Wir empfehlen auf keinen Fall jegliche Art von Registry Cleaner. Der Grund ist ganz einfach: Die Registry ist das Hirn des Systems. Funktioniert das Hirn nicht, funktioniert der Rest nicht mehr wirklich. Wir lesen oft genug von Hilfesuchenden, dass deren System nach der Nutzung von Registry Cleanern nicht mehr booted.
Zerstörst Du die Registry, zerstörst Du Windows. Ich empfehle Dir hiermit die oben genannte Software zu deinstallieren und in Zukunft auf solche Art von Software zu verzichten. Besuche bitte die Microsoft-Update-Seite und lade Dir alle Updates unter Benutzerdefiniert herunter Mache das so lange bis du nichts mehr angeboten bekommst Du musst dafür mit den Internet Explorer ins Netz gehen Wenn du dies mit FireFox durchführen willst musst Du vorher das Addon IE View installieren Starte bitte OTL.exe. Wähle unter Extra Registrierung: Benutze Safe List und klicke auf den Scan Button. Poste die OTL.txt und die Extras.txt hier in deinen Thread. Berichte, ob der Rechner noch Probleme macht
__________________ mfg, Daniel ASAP & UNITE Member Alliance of Security Analysis Professionals Unified Network of Instructors and Trusted Eliminators Lerne, zurück zu schlagen und unterstütze uns! TB Akademie |
|
27.06.2012, 17:15
| #15 |
| | Nach Google Suche umleitung über Rocketnews zu safeseeking.com hallo Daniel, hab besagte Schritte getan: - Neue Java Version installiert und alte deinstalliert - Soweit es über das Softwaremenü möglich war die babylon toolbar deinstalliert bzw deaktiviert - Neue Windows Update runtergeladen bis zum Service Pack, hier gibt es ungereimtheiten. Beim Verlauf zeigt er an das es erfolgreich installiert wurde, direkt darüber allerdings das es fehlgeschlagen ist. Beim Suchen nach Update zeigt er auch nur noch das Service Pack 1 an und versucht es runterzuladen, es passiert allerdings nix, der Download Status bleibt unverändert bei 0,0% Ich habe den Kumpel auf besagten Registry Cleaner angesprochen und ihn nahegelegt diese Funktion von TuneUp nicht zu verwenden. Er meinte ich sollte erwähnen das der Rechner ziemlich unzuverlässig bootet, d.h. nach dem Bios etc erscheint kein "Windows wird geladen" Screen sondern einfach nur eine Blinkender Unterstrich in der oberen linken Ecke. Ich meinte daraufhin das mit seinem Bootsektor wohl nicht alles koscher ist, es benötigt schon gute 10 anläufe bis er endlich in das "Windows wird geladen " Fenster kommt. Danach fährt auch auch normal und zügig hoch. Ich habe am Schluß auch besagten OTL Scan duchgeführt. Das Log dazu gibs hier. Code:
ATTFilter OTL Extras logfile created on: 27.06.2012 17:58:49 - Run 2
OTL by OldTimer - Version 3.2.50.0 Folder = K:\
Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,94 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 50,51% Memory free
3,87 Gb Paging File | 2,89 Gb Available in Paging File | 74,61% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 141,56 Gb Total Space | 19,68 Gb Free Space | 13,90% Space Free | Partition Type: NTFS
Drive D: | 7,39 Gb Total Space | 2,23 Gb Free Space | 30,12% Space Free | Partition Type: NTFS
Drive I: | 66,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive K: | 1367,19 Gb Total Space | 109,71 Gb Free Space | 8,02% Space Free | Partition Type: NTFS
Drive L: | 30,07 Gb Total Space | 24,35 Gb Free Space | 80,95% Space Free | Partition Type: NTFS
Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{1190BB9B-606D-4EF1-8F21-ABF36DA63F8C}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{1CCFD6DA-FF8C-417C-BD22-E9ACE5A9D275}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{2E5F4BFE-F6F5-41BE-8F72-612EF862ED3D}" = rport=445 | protocol=6 | dir=out | app=system |
"{2F331CEE-929B-4664-97E6-5CC175C52401}" = lport=1900 | protocol=17 | dir=in | name=udp 1900 |
"{33EF73B1-E902-484E-BFA1-2F75CD9C122F}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{354289DC-F850-4B7B-A69B-FBED82E21AB6}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{36F8D272-878A-4E7F-80E9-7E6325EF1DD2}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{3DA1A1F0-CB04-4A2D-964D-C359935DD834}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{46C0B3CB-8C52-4BB7-AD63-113AEEFE5ECF}" = lport=139 | protocol=6 | dir=in | app=system |
"{59F254AE-2DB5-43FA-B1D9-8FA7442C00F3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{661E283A-C52A-40F6-8BF2-14D1F44FCF4A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{6BFC2280-972C-4FED-AB7F-4EB57E38ABC9}" = lport=2869 | protocol=6 | dir=in | name=tcp 2869 |
"{6D74C026-4FFD-4419-9B1B-15C63D3C4E2C}" = rport=139 | protocol=6 | dir=out | app=system |
"{6D7C2023-FBC6-4951-ABF1-471DC7F678D9}" = lport=10243 | protocol=6 | dir=in | app=system |
"{7298B709-EEB6-49AA-86FA-5805DF12ED29}" = lport=33289 | protocol=6 | dir=in | name=windows core service |
"{97E9BD87-60AB-43DE-A304-3FB9AA171997}" = lport=138 | protocol=17 | dir=in | app=system |
"{AABF92C7-288C-43E9-BA09-2375B9CA101E}" = lport=2869 | protocol=6 | dir=in | app=system |
"{ACB05DDE-92E7-4082-9946-0B700298FF2E}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{AD503196-6AD2-488D-B2A8-E143E0161981}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{BED63295-B1FD-4CBB-96B2-AAB81118351C}" = lport=445 | protocol=6 | dir=in | app=system |
"{C98589F5-2D27-4F3A-A2C1-0D708AEB1253}" = rport=137 | protocol=17 | dir=out | app=system |
"{CB661BED-BA14-49E9-AEC5-38C9B6C1C05D}" = rport=10243 | protocol=6 | dir=out | app=system |
"{CCD3315D-91F6-4F50-9025-5CD557CC6A82}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{F61BD7F8-33BB-4DE3-846A-FD955DE69DF6}" = rport=138 | protocol=17 | dir=out | app=system |
"{FA6533B1-372B-47E4-8E44-31684AF70BEC}" = lport=137 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04A699F7-689B-46CD-A4AA-B197DEBADEE4}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{06D28004-0B8D-41C0-9556-340C7D0B320C}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{160B4DF5-49A4-46EC-951C-E72E17785B97}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{1675BBEE-67A8-4029-A91D-EF1576A0B975}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{1B060A61-7604-4085-AA85-AAA823D9A744}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E205403-64DA-44FB-8A13-4742F8302F52}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2B57DD95-2484-4324-94B0-FFF9BF3CD57E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{30A7CD3A-0524-44FA-B261-F37A4F82CC4F}" = protocol=6 | dir=out | app=system |
"{377C2549-5AD9-419E-A218-58CE654D690D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{3E6E5F45-C09C-4EB9-88AF-402A1B9CDD9C}" = protocol=17 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{47F16B82-1310-49BF-B8B1-3A1BC770FA4C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{4E52D376-0035-4535-A07F-2F064819E95F}" = protocol=17 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{5005FDE5-7C1A-40B4-BCBD-D3F5F4BC3204}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{502BAC88-A49D-4837-BDC7-3A5EC05621E5}" = protocol=6 | dir=in | app=c:\windows\system32\xpsrchvw.exe |
"{55631FCB-F509-4F5C-BCCF-4ACAC288E6BB}" = protocol=6 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{5EA75D74-3400-461C-8C9E-3973001D2A98}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{866AE4EE-BF60-4BC3-921A-3DD3E1BFC2D2}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{9FE0CF8A-BF5D-4065-906A-BE45DAD77B2B}" = protocol=17 | dir=in | app=c:\program files\videolan\vlc\vlc.exe |
"{A4C2278D-B6E1-4302-AAEF-D7D08F0779EF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A75F03B0-2AB1-4160-91CC-DDFCC708E7C0}" = protocol=6 | dir=in | app=c:\program files\mozilla firefox\firefox.exe |
"{B5E8C4F9-A3DB-46AD-84C3-5EAA4706D502}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B80FF2A7-0455-4549-8B93-A84C7CEB79D5}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B9BCEFDA-C2DB-44E0-8A1C-34E289768416}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{E0172745-6D73-4019-A875-977634333C51}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{E4C46449-C3F8-431A-B6A3-476AD7C2C278}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{FF3D0E2B-76D6-4AAC-AF80-5F4147C44C56}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG5100_series" = Canon MG5100 series MP Drivers
"{26A24AE4-039D-4CA4-87B4-2F83217005FF}" = Java(TM) 7 Update 5
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{34D2AB40-150D-475D-AE32-BD23FB5EE355}" = HP Quick Launch Buttons
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5C83x/84x Flash Media Controller Driver Ver.3.51.01
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"{8AEA4BE2-2B52-41C0-BB7D-9F2D17AF1031}" = Nero 8
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F1D7AC58-554A-4A58-B784-B61558B1449A}" = QLBCASL
"{F5CC2EF8-20A4-4366-A681-3FE849E65809}" = RICOH Media Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Canon MG5100 series Benutzerregistrierung" = Canon MG5100 series Benutzerregistrierung
"CANONIJPLM100" = Canon Inkjet Printer/Scanner/Fax Extended Survey Program
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenuEX" = Canon Solution Menu EX
"CNXT_AUDIO_HDA" = Conexant HD Audio
"CNXT_MODEM_HDA_HSF" = HDAUDIO Soft Data Fax Modem with SmartCP
"DAEMON Tools Lite" = DAEMON Tools Lite
"Easy-PhotoPrint EX" = Canon Easy-PhotoPrint EX
"Easy-WebPrint EX" = Canon Easy-WebPrint EX
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"Internet Manager" = Internet Manager
"MP Navigator EX 4.0" = Canon MP Navigator EX 4.0
"NAVIGON Fresh" = NAVIGON Fresh 3.4.1
"NVIDIA Drivers" = NVIDIA Drivers
"ReiseGenial_is1" = ReiseGenial 3.6.5
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"VLC media player" = VLC media player 1.1.11
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 05.06.2012 15:29:26 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.06.2012 14:43:38 | Computer Name = Flo-PC | Source = Avira Antivirus | ID = 4110
Description =
Error - 06.06.2012 15:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 06.06.2012 15:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 11.06.2012 14:18:03 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 12.06.2012 14:50:02 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 21.06.2012 11:19:52 | Computer Name = Flo-PC | Source = Application Hang | ID = 1002
Description = Programm UninstallManager.exe, Version 12.0.3600.73 kann nicht mehr
unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
zu suchen. Prozess-ID: ea0 Startzeit: 01cd4fc12a1da240 Endzeit: 16 Anwendungspfad:
C:\Program Files\TuneUp Utilities 2012\UninstallManager.exe Berichts-ID: 86dbe191-bbb4-11e1-9fc1-001a737027a7
Error - 23.06.2012 07:27:59 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.06.2012 11:27:47 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
Error - 26.06.2012 11:27:47 | Computer Name = Flo-PC | Source = Microsoft-Windows-CAPI2 | ID = 4107
Description = Fehler beim Extrahieren der Drittanbieterstammliste aus der automatischen
Aktualisierungs-CAB-Datei bei <hxxp://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>.
Fehler: Ein erforderliches Zertifikat befindet sich nicht im Gültigkeitszeitraum
gemessen an der aktuellen Systemzeit oder dem Zeitstempel in der signierten Datei.
.
[ System Events ]
Error - 26.06.2012 12:32:04 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Internet Manager. OUC erreicht.
Error - 26.06.2012 12:32:04 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 26.06.2012 12:32:05 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimmptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 26.06.2012 12:32:05 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "rimsptsk" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1058
Error - 26.06.2012 12:32:05 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Ricoh xD-Picture Card Driver" wurde aufgrund folgenden
Fehlers nicht gestartet: %%1058
Error - 26.06.2012 12:32:16 | Computer Name = Flo-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
Error - 27.06.2012 05:57:30 | Computer Name = Flo-PC | Source = BugCheck | ID = 1001
Description =
Error - 27.06.2012 05:57:34 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Internet Manager. OUC erreicht.
Error - 27.06.2012 05:57:34 | Computer Name = Flo-PC | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Internet Manager. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 27.06.2012 05:57:36 | Computer Name = Flo-PC | Source = Microsoft-Windows-WHEA-Logger | ID = 18
Description = Schwerwiegender Hardwarefehler. Gemeldet von Komponente: Prozessorkern
Fehlerquelle:
3 Fehlertyp: 256 Prozessor-ID: 1 Die Detailansicht dieses Eintrags beinhaltet weitere
Informationen.
< End of report >
Code:
ATTFilter OTL logfile created on: 27.06.2012 17:58:49 - Run 2 OTL by OldTimer - Version 3.2.50.0 Folder = K:\ Ultimate Edition (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,94 Gb Total Physical Memory | 0,98 Gb Available Physical Memory | 50,51% Memory free 3,87 Gb Paging File | 2,89 Gb Available in Paging File | 74,61% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 141,56 Gb Total Space | 19,68 Gb Free Space | 13,90% Space Free | Partition Type: NTFS Drive D: | 7,39 Gb Total Space | 2,23 Gb Free Space | 30,12% Space Free | Partition Type: NTFS Drive I: | 66,88 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive K: | 1367,19 Gb Total Space | 109,71 Gb Free Space | 8,02% Space Free | Partition Type: NTFS Drive L: | 30,07 Gb Total Space | 24,35 Gb Free Space | 80,95% Space Free | Partition Type: NTFS Computer Name: FLO-PC | User Name: Flo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - K:\OTL.exe (OldTimer Tools) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Program Files\T-Mobile\InternetManager_H\bmop.exe (Bytemobile, Inc.) PRC - C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe () PRC - C:\ProgramData\Internet Manager\OnlineUpdate\ouc.exe () PRC - C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe () PRC - C:\Program Files\T-Mobile\InternetManager_H\bmctl.exe (Bytemobile, Inc.) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Program Files\Canon\IJPLM\ijplmsvc.exe () PRC - C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) PRC - C:\Program Files\Canon\MyPrinter\BJMYPRT.EXE (CANON INC.) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\Common Files\Nero\Lib\NMIndexStoreSvr.exe (Nero AG) PRC - C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) ========== Modules (No Company Name) ========== MOD - C:\Program Files\T-Mobile\InternetManager_H\SMSUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\SmsAppPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\USSDUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\StatusBarMgrPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\XFramePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\sdk.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\SmsSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\XCodec.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\USSDSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Trace.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\ServiceUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Win7Support.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\rdiff.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtGui4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtCore4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtNetwork4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NDISAPI.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\MiniFramePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\PluginContainer.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoUIExPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetSettingPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\QtXml4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Proxy.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetConnectPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoRecordUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetInfoSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\MenuMgrPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NDISPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NetConnectSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSDialup.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSNDIS.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSAdapt.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\NotifyServicePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qgif4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\plugins\imageformats\qico4.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\OSPowerMgr.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\mingwm10.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceMgrUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DialupUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\core.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceAppPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DeviceSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\LiveUpdateInterface.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Common.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DialUpPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\DataServicePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\HelpUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\LayoutPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\CompressRatePlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\libgcc_s_dw2-1.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookUIPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\Internet Manager.exe () MOD - C:\Program Files\T-Mobile\InternetManager_H\AddrBookSrvPlugin.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\AtCodec.dll () MOD - C:\Program Files\T-Mobile\InternetManager_H\bmsdk.exe () MOD - C:\Program Files\T-Mobile\InternetManager_H\ATR2SMgr.dll () MOD - C:\Program Files\WinRAR\RarExt.dll () MOD - C:\Program Files\Common Files\Nero\Lib\log4cxx.dll () ========== Win32 Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (Internet Manager. RunOuc) -- C:\Program Files\T-Mobile\InternetManager_H\UpdateDog\ouc.exe () SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (IJPLMSVC) -- C:\Program Files\Canon\IJPLM\ijplmsvc.exe () SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (CFcatchme) -- C:\Users\Flo\AppData\Local\Temp\CFcatchme.sys File not found DRV - (catchme) -- C:\Users\Flo\AppData\Local\Temp\catchme.sys File not found DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_wwanecm) -- C:\Windows\System32\drivers\ew_juwwanecm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_cdcacm) -- C:\Windows\System32\drivers\ew_jucdcacm.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_ext_ctrl) -- C:\Windows\System32\drivers\ew_juextctrl.sys (Huawei Technologies Co., Ltd.) DRV - (tcpipBM) -- C:\Windows\System32\drivers\tcpipBM.sys (Bytemobile, Inc.) DRV - (ew_usbenumfilter) -- C:\Windows\System32\drivers\ew_usbenumfilter.sys (Huawei Technologies Co., Ltd.) DRV - (BMLoad) -- C:\Windows\System32\drivers\BMLoad.sys (Bytemobile, Inc.) DRV - (dtsoftbus01) -- C:\Windows\System32\drivers\dtsoftbus01.sys (DT Soft Ltd) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files\TuneUp Utilities 2012\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (HBtnKey) -- C:\Windows\System32\drivers\CPQBTTN.sys (Hewlett-Packard Company) DRV - (ATSwpWDF) -- C:\Windows\System32\drivers\ATSwpWDF.sys (AuthenTec, Inc.) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (HpqKbFiltr) -- C:\Windows\System32\drivers\HpqKbFiltr.sys (Hewlett-Packard Development Company, L.P.) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (CnxtHdAudService) -- C:\Windows\System32\drivers\CHDRT32.sys (Conexant Systems Inc.) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) DRV - (NVENETFD) -- C:\Windows\System32\drivers\nvmfdx32.sys (NVIDIA Corporation) DRV - (nvsmu) -- C:\Windows\System32\drivers\nvsmu.sys (NVIDIA Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 00 22 D8 49 DE 18 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=109958&babsrc=SP_ss&mntrId=706feed6000000000000582c80139263 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\ff-bmboc@bytemobile.com: C:\Program Files\T-Mobile\InternetManager_H\OCx32\addon [2012.02.20 12:17:46 | 000,000,000 | ---D | M] [2012.06.21 17:19:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2012.06.19 18:54:00 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.04.18 18:38:39 | 000,002,310 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\babylon.xml O1 HOSTS File: ([2012.06.26 18:14:46 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.) O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.) O4 - HKLM..\Run: [CanonSolutionMenuEx] C:\Program Files\Canon\Solution Menu EX\CNSEMAIN.EXE (CANON INC.) O4 - HKLM..\Run: [NBKeyScan] C:\Program Files\Nero\Nero8\Nero BackItUp\NBKeyScan.exe (Nero AG) O4 - HKLM..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Nero\Lib\NeroCheck.exe (Nero AG) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKCU..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Nero\Lib\NMBgMonitor.exe (Nero AG) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{053CF95D-444B-4D97-BCD6-6827006F6E13}: NameServer = 10.111.81.129 10.129.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0DB34FEC-0DEC-4F5D-B477-8CB0231FE7F1}: NameServer = 10.129.32.1 10.111.81.129 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F06EC670-4838-4825-A00E-F173CE4E650F}: NameServer = 10.74.210.210 10.74.210.211 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2005.09.11 17:18:54 | 000,000,340 | -HS- | M] () - D:\AUTOMODE -- [ NTFS ] O32 - AutoRun File - [2010.12.30 21:56:05 | 000,147,808 | R--- | M] () - I:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2009.09.25 12:46:52 | 000,000,045 | R--- | M] () - I:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.06.27 17:09:49 | 000,000,000 | ---D | C] -- C:\Windows\System32\SPReview [2012.06.27 17:09:27 | 000,000,000 | ---D | C] -- C:\Windows\System32\EventProviders [2012.06.27 17:09:09 | 000,000,000 | ---D | C] -- C:\Windows\nvtmpinst [2012.06.27 16:17:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.06.27 16:17:07 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.06.27 16:17:07 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.06.27 16:17:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.06.27 16:17:06 | 001,800,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.06.27 16:17:06 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.06.27 16:17:05 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.06.27 16:14:32 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT [2012.06.27 16:13:35 | 000,190,976 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\ks.sys [2012.06.27 16:03:43 | 003,958,128 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.06.27 16:03:43 | 003,902,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.06.27 16:03:40 | 000,442,880 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2012.06.27 16:03:35 | 001,401,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssrch.dll [2012.06.27 16:03:34 | 001,553,920 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tquery.dll [2012.06.27 16:03:34 | 000,666,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssvp.dll [2012.06.27 16:03:34 | 000,337,408 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssph.dll [2012.06.27 16:03:34 | 000,197,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mssphtb.dll [2012.06.27 16:03:33 | 000,059,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msscntrs.dll [2012.06.27 16:03:29 | 000,826,368 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcore.dll [2012.06.27 16:03:27 | 002,614,784 | ---- | C] (Microsoft Corporation) -- C:\Windows\explorer.exe [2012.06.27 16:03:26 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\timedate.cpl [2012.06.27 16:03:09 | 000,288,256 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2012.06.27 16:03:08 | 001,170,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2012.06.27 16:03:08 | 001,074,176 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2012.06.27 16:03:08 | 000,739,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2012.06.27 16:03:08 | 000,218,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2012.06.27 16:03:08 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2012.06.27 16:01:00 | 000,284,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbport.sys [2012.06.27 16:00:59 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\prevhost.exe [2012.06.27 16:00:59 | 000,005,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usbd.sys [2012.06.27 16:00:55 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msdri.dll [2012.06.27 15:59:36 | 000,129,536 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpcorekmts.dll [2012.06.27 15:59:36 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdpwsx.dll [2012.06.27 15:59:36 | 000,008,192 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\rdrmemptylst.exe [2012.06.27 15:58:28 | 000,219,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\dxgmms1.sys [2012.06.27 15:58:28 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\cdd.dll [2012.06.27 15:58:10 | 000,026,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\Diskdump.sys [2012.06.27 15:58:05 | 000,146,304 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\storport.sys [2012.06.27 15:58:05 | 000,074,240 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\fsutil.exe [2012.06.27 15:57:50 | 002,342,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.06.27 15:56:28 | 000,051,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wscapi.dll [2012.06.27 15:56:28 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\slwga.dll [2012.06.27 15:46:34 | 002,422,272 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.27 15:46:34 | 000,045,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.27 15:46:28 | 000,577,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.27 15:46:28 | 000,088,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.27 15:46:28 | 000,035,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.27 15:46:25 | 000,171,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.27 15:46:25 | 000,033,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.06.27 15:23:26 | 000,000,000 | ---D | C] -- C:\Windows\System32\appmgmt [2012.06.27 15:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.06.26 19:09:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.26 18:24:36 | 000,000,000 | ---D | C] -- C:\Windows\temp [2012.06.26 18:20:50 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.06.26 17:44:09 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\temp [2012.06.25 20:10:02 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2012.06.25 20:10:02 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2012.06.25 20:10:02 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2012.06.25 19:59:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2012.06.25 19:58:47 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2012.06.21 18:40:29 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Local\NPE [2012.06.21 18:40:29 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.06.19 18:53:57 | 000,772,504 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\npdeployJava1.dll [2012.06.19 18:53:56 | 000,227,824 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.06.19 18:53:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.06.19 18:53:56 | 000,174,064 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.06.19 18:53:46 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\Users\Flo\AppData\Roaming\ReiseGenial [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ReiseGenial [2012.05.29 21:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\ReiseGenial ========== Files - Modified Within 30 Days ========== [2012.06.27 18:01:05 | 000,643,866 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.27 18:01:05 | 000,607,190 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.27 18:01:05 | 000,126,394 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.27 18:01:05 | 000,103,568 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.27 17:33:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.27 17:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 17:32:21 | 000,014,016 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.27 17:27:12 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.27 17:26:18 | 1559,433,216 | -HS- | M] () -- C:\hiberfil.sys [2012.06.27 16:34:22 | 000,412,744 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.27 16:24:38 | 000,000,000 | -H-- | M] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.06.27 15:20:52 | 000,227,824 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.06.27 15:20:52 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.06.27 15:20:51 | 000,174,064 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.06.26 18:14:46 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2012.06.23 13:37:35 | 000,426,184 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.06.23 13:37:35 | 000,070,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.06.21 18:41:36 | 013,466,490 | ---- | M] () -- C:\ProgramData\SMRBackup300.dat [2012.06.03 00:19:33 | 000,045,080 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups2.dll [2012.06.03 00:19:32 | 000,035,864 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wups.dll [2012.06.03 00:19:23 | 000,577,048 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapi.dll [2012.06.03 00:12:32 | 002,422,272 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wucltux.dll [2012.06.03 00:12:13 | 000,088,576 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wudriver.dll [2012.06.02 15:19:42 | 000,171,904 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuwebv.dll [2012.06.02 15:12:20 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wuapp.exe [2012.05.29 13:09:54 | 000,031,584 | ---- | M] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.05.29 13:09:50 | 000,029,024 | ---- | M] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.05.29 13:09:50 | 000,021,344 | ---- | M] (TuneUp Software) -- C:\Windows\System32\authuitu.dll ========== Files Created - No Company Name ========== [2012.06.27 16:24:38 | 000,000,000 | -H-- | C] () -- C:\Windows\System32\drivers\Msft_Kernel_SynTP_01009.Wdf [2012.06.25 20:10:02 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.06.25 20:10:02 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.06.25 20:10:02 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.06.25 20:10:02 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.06.25 20:10:02 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2012.06.21 18:40:57 | 013,466,490 | ---- | C] () -- C:\ProgramData\SMRBackup300.dat [2012.02.14 21:57:30 | 000,001,732 | ---- | C] () -- C:\Windows\System32\drivers\nvphy.bin [2011.09.15 02:11:16 | 001,048,576 | ---- | C] () -- C:\Windows\System32\syndata.bin < End of report > |
|
| Themen zu Nach Google Suche umleitung über Rocketnews zu safeseeking.com |
| allgemein, babylon toolbar, babylontoolbar, betrifft, browser, canon, folge, folgendes, google, hoffe, install.exe, kumpel, landet, langs, laptop, launch, malware, microsoft office word, plug-in, rocketnews, runtergeladen, scan, schei, script, searchscopes, seite, seiten, standard, starte, starten., suche, t-mobile, taskhost.exe, trojaner, umleitung |
Linear-Darstellung
