|
Plagegeister aller Art und deren Bekämpfung: Google/rocketnews.com ProblemWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
26.06.2012, 22:13 | #1 |
| Google/rocketnews.com Problem Hallo zusammen, hab hier einen Rechner von einem Nachbarn, der das gleiche Problem wie bei folgenden Threats hat: http://www.trojaner-board.de/116423-...ocketnews.html http://www.trojaner-board.de/117703-...ocketnews.html http://www.trojaner-board.de/117623-...gebnissen.html Hier 2 Logs von -Malwarebytes (Quickscan mit Fund) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Horst Falch :: ZUHAUSE [Administrator] Schutz: Aktiviert 26.06.2012 19:44:46 mbam-log-2012-06-26 (19-44-46).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 205065 Laufzeit: 3 Minute(n), 53 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 1 C:\winstackxx.exe (Trojan.SpyEyes.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 1 C:\winstackxx.exe\config.bin (Trojan.SpyEyes.Gen) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.61.0.1400 www.malwarebytes.org Datenbank Version: v2012.06.26.07 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 Horst Falch :: ZUHAUSE [Administrator] Schutz: Aktiviert 26.06.2012 21:22:03 mbam-log-2012-06-26 (21-22-03).txt Art des Suchlaufs: Vollständiger Suchlauf Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 346320 Laufzeit: 58 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter 21:16:24.0094 3204 TDSS rootkit removing tool 2.7.42.0 Jun 25 2012 21:18:44 21:16:24.0125 3204 ============================================================ 21:16:24.0125 3204 Current date / time: 2012/06/26 21:16:24.0125 21:16:24.0125 3204 SystemInfo: 21:16:24.0125 3204 21:16:24.0125 3204 OS Version: 6.1.7601 ServicePack: 1.0 21:16:24.0125 3204 Product type: Workstation 21:16:24.0125 3204 ComputerName: ZUHAUSE 21:16:24.0125 3204 UserName: Horst Falch 21:16:24.0125 3204 Windows directory: C:\Windows 21:16:24.0125 3204 System windows directory: C:\Windows 21:16:24.0125 3204 Processor architecture: Intel x86 21:16:24.0125 3204 Number of processors: 4 21:16:24.0125 3204 Page size: 0x1000 21:16:24.0125 3204 Boot type: Normal boot 21:16:24.0125 3204 ============================================================ 21:16:24.0608 3204 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:16:24.0640 3204 Drive \Device\Harddisk4\DR8 - Size: 0x7DDBFE00 (1.97 Gb), SectorSize: 0x200, Cylinders: 0x100, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 21:16:24.0640 3204 ============================================================ 21:16:24.0640 3204 \Device\Harddisk0\DR0: 21:16:24.0640 3204 MBR partitions: 21:16:24.0640 3204 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:16:24.0640 3204 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x71CD3000 21:16:24.0640 3204 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x71D05800, BlocksNum 0x2800000 21:16:24.0640 3204 \Device\Harddisk4\DR8: 21:16:24.0640 3204 MBR partitions: 21:16:24.0640 3204 ============================================================ 21:16:24.0671 3204 C: <-> \Device\Harddisk0\DR0\Partition1 21:16:24.0718 3204 D: <-> \Device\Harddisk0\DR0\Partition2 21:16:24.0718 3204 ============================================================ 21:16:24.0718 3204 Initialize success 21:16:24.0718 3204 ============================================================ 21:16:31.0940 3700 ============================================================ 21:16:31.0940 3700 Scan started 21:16:31.0940 3700 Mode: Manual; SigCheck; TDLFS; 21:16:31.0940 3700 ============================================================ 21:16:32.0268 3700 1394ohci (6d2aca41739bfe8cb86ee8e85f29697d) C:\Windows\system32\drivers\1394ohci.sys 21:16:32.0330 3700 1394ohci - ok 21:16:32.0471 3700 ABBYY.Licensing.FineReader.Sprint.9.0 (b33cf4de909a5b30f526d82053a63c8e) C:\Program Files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe 21:16:32.0502 3700 ABBYY.Licensing.FineReader.Sprint.9.0 - ok 21:16:32.0564 3700 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys 21:16:32.0580 3700 ACPI - ok 21:16:32.0611 3700 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys 21:16:32.0689 3700 AcpiPmi - ok 21:16:32.0767 3700 AdobeFlashPlayerUpdateSvc (990dc6edc9f933194d7cd4e65146bc94) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:16:32.0783 3700 AdobeFlashPlayerUpdateSvc - ok 21:16:32.0861 3700 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys 21:16:32.0908 3700 adp94xx - ok 21:16:32.0970 3700 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys 21:16:33.0017 3700 adpahci - ok 21:16:33.0048 3700 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys 21:16:33.0064 3700 adpu320 - ok 21:16:33.0095 3700 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll 21:16:33.0126 3700 AeLookupSvc - ok 21:16:33.0173 3700 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys 21:16:33.0266 3700 AFD - ok 21:16:33.0282 3700 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys 21:16:33.0298 3700 agp440 - ok 21:16:33.0329 3700 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys 21:16:33.0344 3700 aic78xx - ok 21:16:33.0376 3700 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe 21:16:33.0422 3700 ALG - ok 21:16:33.0422 3700 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys 21:16:33.0438 3700 aliide - ok 21:16:33.0454 3700 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys 21:16:33.0469 3700 amdagp - ok 21:16:33.0485 3700 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys 21:16:33.0500 3700 amdide - ok 21:16:33.0516 3700 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys 21:16:33.0547 3700 AmdK8 - ok 21:16:33.0563 3700 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys 21:16:33.0594 3700 AmdPPM - ok 21:16:33.0641 3700 amdsata (e7f4d42d8076ec60e21715cd11743a0d) C:\Windows\system32\drivers\amdsata.sys 21:16:33.0656 3700 amdsata - ok 21:16:33.0688 3700 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys 21:16:33.0719 3700 amdsbs - ok 21:16:33.0734 3700 amdxata (146459d2b08bfdcbfa856d9947043c81) C:\Windows\system32\drivers\amdxata.sys 21:16:33.0750 3700 amdxata - ok 21:16:33.0812 3700 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe 21:16:33.0828 3700 AntiVirSchedulerService - ok 21:16:33.0859 3700 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe 21:16:33.0890 3700 AntiVirService - ok 21:16:33.0922 3700 AntiVirWebService (676894fa57b671fec5c3f05f8929e03b) C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 21:16:33.0953 3700 AntiVirWebService - ok 21:16:33.0984 3700 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys 21:16:34.0093 3700 AppID - ok 21:16:34.0109 3700 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll 21:16:34.0156 3700 AppIDSvc - ok 21:16:34.0171 3700 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll 21:16:34.0234 3700 Appinfo - ok 21:16:34.0265 3700 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys 21:16:34.0280 3700 arc - ok 21:16:34.0312 3700 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys 21:16:34.0327 3700 arcsas - ok 21:16:34.0374 3700 aspnet_state (39cdcb109bf200cc8a05b9c7e6272d11) C:\Windows\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe 21:16:34.0390 3700 aspnet_state - ok 21:16:34.0390 3700 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys 21:16:34.0514 3700 AsyncMac - ok 21:16:34.0577 3700 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys 21:16:34.0592 3700 atapi - ok 21:16:34.0655 3700 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 21:16:34.0733 3700 AudioEndpointBuilder - ok 21:16:34.0748 3700 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll 21:16:34.0764 3700 Audiosrv - ok 21:16:34.0795 3700 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys 21:16:34.0826 3700 avgntflt - ok 21:16:34.0858 3700 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys 21:16:34.0873 3700 avipbb - ok 21:16:34.0873 3700 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys 21:16:34.0889 3700 avkmgr - ok 21:16:34.0920 3700 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll 21:16:34.0998 3700 AxInstSV - ok 21:16:35.0029 3700 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys 21:16:35.0092 3700 b06bdrv - ok 21:16:35.0123 3700 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys 21:16:35.0154 3700 b57nd60x - ok 21:16:35.0248 3700 BBSvc (483f1162eeebd10bf77fbb32db963370) C:\Program Files\Microsoft\BingBar\BBSvc.EXE 21:16:35.0263 3700 BBSvc - ok 21:16:35.0310 3700 BBUpdate (78779ee07231c658b483b1f38b5088df) C:\Program Files\Microsoft\BingBar\SeaPort.EXE 21:16:35.0341 3700 BBUpdate - ok 21:16:35.0388 3700 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll 21:16:35.0450 3700 BDESVC - ok 21:16:35.0466 3700 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys 21:16:35.0528 3700 Beep - ok 21:16:35.0591 3700 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll 21:16:35.0622 3700 BFE - ok 21:16:35.0684 3700 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll 21:16:35.0747 3700 BITS - ok 21:16:35.0778 3700 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys 21:16:35.0809 3700 blbdrive - ok 21:16:35.0965 3700 Bonjour Service (a065f048e9e23e6c026a7bb548d126a7) C:\Program Files\Bonjour\mDNSResponder.exe 21:16:35.0981 3700 Bonjour Service - ok 21:16:36.0012 3700 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys 21:16:36.0059 3700 bowser - ok 21:16:36.0074 3700 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:16:36.0152 3700 BrFiltLo - ok 21:16:36.0168 3700 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:16:36.0199 3700 BrFiltUp - ok 21:16:36.0230 3700 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll 21:16:36.0293 3700 Browser - ok 21:16:36.0324 3700 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys 21:16:36.0355 3700 Brserid - ok 21:16:36.0371 3700 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys 21:16:36.0386 3700 BrSerWdm - ok 21:16:36.0402 3700 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys 21:16:36.0449 3700 BrUsbMdm - ok 21:16:36.0464 3700 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys 21:16:36.0480 3700 BrUsbSer - ok 21:16:36.0480 3700 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys 21:16:36.0527 3700 BTHMODEM - ok 21:16:36.0542 3700 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll 21:16:36.0605 3700 bthserv - ok 21:16:36.0620 3700 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys 21:16:36.0667 3700 cdfs - ok 21:16:36.0698 3700 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys 21:16:36.0730 3700 cdrom - ok 21:16:36.0761 3700 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 21:16:36.0808 3700 CertPropSvc - ok 21:16:36.0839 3700 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys 21:16:36.0854 3700 circlass - ok 21:16:36.0886 3700 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys 21:16:36.0901 3700 CLFS - ok 21:16:36.0948 3700 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:16:36.0964 3700 clr_optimization_v2.0.50727_32 - ok 21:16:36.0979 3700 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys 21:16:37.0010 3700 CmBatt - ok 21:16:37.0026 3700 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys 21:16:37.0042 3700 cmdide - ok 21:16:37.0073 3700 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys 21:16:37.0120 3700 CNG - ok 21:16:37.0120 3700 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys 21:16:37.0135 3700 Compbatt - ok 21:16:37.0182 3700 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys 21:16:37.0213 3700 CompositeBus - ok 21:16:37.0229 3700 COMSysApp - ok 21:16:37.0244 3700 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys 21:16:37.0260 3700 crcdisk - ok 21:16:37.0291 3700 CryptSvc (a585bebf7d054bd9618eda0922d5484a) C:\Windows\system32\cryptsvc.dll 21:16:37.0338 3700 CryptSvc - ok 21:16:37.0369 3700 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 21:16:37.0416 3700 DcomLaunch - ok 21:16:37.0447 3700 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll 21:16:37.0478 3700 defragsvc - ok 21:16:37.0510 3700 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys 21:16:37.0556 3700 DfsC - ok 21:16:37.0619 3700 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll 21:16:37.0650 3700 Dhcp - ok 21:16:37.0666 3700 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys 21:16:37.0697 3700 discache - ok 21:16:37.0712 3700 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys 21:16:37.0712 3700 Disk - ok 21:16:37.0744 3700 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll 21:16:37.0775 3700 Dnscache - ok 21:16:37.0806 3700 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll 21:16:37.0853 3700 dot3svc - ok 21:16:37.0884 3700 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll 21:16:37.0915 3700 DPS - ok 21:16:37.0962 3700 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys 21:16:37.0993 3700 drmkaud - ok 21:16:38.0056 3700 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys 21:16:38.0087 3700 DXGKrnl - ok 21:16:38.0118 3700 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll 21:16:38.0149 3700 EapHost - ok 21:16:38.0321 3700 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys 21:16:38.0508 3700 ebdrv - ok 21:16:38.0617 3700 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe 21:16:38.0648 3700 EFS - ok 21:16:38.0711 3700 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe 21:16:38.0804 3700 ehRecvr - ok 21:16:38.0836 3700 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe 21:16:38.0867 3700 ehSched - ok 21:16:38.0929 3700 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys 21:16:38.0976 3700 elxstor - ok 21:16:38.0992 3700 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys 21:16:39.0023 3700 ErrDev - ok 21:16:39.0070 3700 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll 21:16:39.0116 3700 EventSystem - ok 21:16:39.0148 3700 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys 21:16:39.0210 3700 exfat - ok 21:16:39.0272 3700 Fabs - ok 21:16:39.0304 3700 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys 21:16:39.0335 3700 fastfat - ok 21:16:39.0413 3700 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe 21:16:39.0444 3700 Fax - ok 21:16:39.0460 3700 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys 21:16:39.0491 3700 fdc - ok 21:16:39.0506 3700 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll 21:16:39.0553 3700 fdPHost - ok 21:16:39.0584 3700 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll 21:16:39.0631 3700 FDResPub - ok 21:16:39.0647 3700 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys 21:16:39.0678 3700 FileInfo - ok 21:16:39.0740 3700 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys 21:16:39.0787 3700 Filetrace - ok 21:16:39.0943 3700 FirebirdServerMAGIXInstance (fff1130f7c9fa01d093a1edfc5cce8fc) C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 21:16:40.0115 3700 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 21:16:40.0115 3700 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 21:16:40.0193 3700 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys 21:16:40.0224 3700 flpydisk - ok 21:16:40.0255 3700 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys 21:16:40.0302 3700 FltMgr - ok 21:16:40.0380 3700 FontCache (fa6c66e4364d7da57aade5dcc03bb999) C:\Windows\system32\FntCache.dll 21:16:40.0427 3700 FontCache - ok 21:16:40.0474 3700 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:16:40.0505 3700 FontCache3.0.0.0 - ok 21:16:40.0520 3700 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys 21:16:40.0536 3700 FsDepends - ok 21:16:40.0567 3700 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys 21:16:40.0598 3700 Fs_Rec - ok 21:16:40.0630 3700 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys 21:16:40.0645 3700 fvevol - ok 21:16:40.0692 3700 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys 21:16:40.0723 3700 gagp30kx - ok 21:16:40.0786 3700 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll 21:16:40.0848 3700 gpsvc - ok 21:16:40.0926 3700 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:16:40.0942 3700 gupdate - ok 21:16:40.0957 3700 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe 21:16:40.0973 3700 gupdatem - ok 21:16:40.0988 3700 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys 21:16:41.0051 3700 hcw85cir - ok 21:16:41.0113 3700 HdAudAddService (3530cad25deba7dc7de8bb51632cbc5f) C:\Windows\system32\drivers\HdAudio.sys 21:16:41.0176 3700 HdAudAddService - ok 21:16:41.0207 3700 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys 21:16:41.0254 3700 HDAudBus - ok 21:16:41.0269 3700 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys 21:16:41.0285 3700 HidBatt - ok 21:16:41.0316 3700 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys 21:16:41.0363 3700 HidBth - ok 21:16:41.0378 3700 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys 21:16:41.0410 3700 HidIr - ok 21:16:41.0425 3700 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll 21:16:41.0472 3700 hidserv - ok 21:16:41.0472 3700 HidUsb (25072fb35ac90b25f9e4e3bacf774102) C:\Windows\system32\DRIVERS\hidusb.sys 21:16:41.0503 3700 HidUsb - ok 21:16:41.0519 3700 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll 21:16:41.0566 3700 hkmsvc - ok 21:16:41.0612 3700 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll 21:16:41.0659 3700 HomeGroupListener - ok 21:16:41.0690 3700 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll 21:16:41.0722 3700 HomeGroupProvider - ok 21:16:41.0737 3700 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys 21:16:41.0753 3700 HpSAMD - ok 21:16:41.0784 3700 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys 21:16:41.0831 3700 HTTP - ok 21:16:41.0878 3700 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys 21:16:41.0878 3700 hwpolicy - ok 21:16:41.0893 3700 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys 21:16:41.0924 3700 i8042prt - ok 21:16:41.0956 3700 iaStor (d5edb998656e6ecf1a17c78dab019a3c) C:\Windows\system32\DRIVERS\iaStor.sys 21:16:41.0971 3700 iaStor - ok 21:16:42.0049 3700 IAStorDataMgrSvc (7493ea4de41348f7d3edbf9db298f56a) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 21:16:42.0065 3700 IAStorDataMgrSvc - ok 21:16:42.0096 3700 iaStorV (a3cae5d281db4cff7cff8233507ee5ad) C:\Windows\system32\drivers\iaStorV.sys 21:16:42.0143 3700 iaStorV - ok 21:16:42.0268 3700 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:16:42.0346 3700 idsvc - ok 21:16:42.0424 3700 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys 21:16:42.0455 3700 iirsp - ok 21:16:42.0517 3700 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll 21:16:42.0564 3700 IKEEXT - ok 21:16:42.0704 3700 IntcAzAudAddService (3914ea9111dbeffaf1c68200817768ad) C:\Windows\system32\drivers\RTKVHDA.sys 21:16:42.0782 3700 IntcAzAudAddService - ok 21:16:42.0860 3700 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys 21:16:42.0876 3700 intelide - ok 21:16:42.0923 3700 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys 21:16:42.0938 3700 intelppm - ok 21:16:42.0954 3700 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll 21:16:43.0032 3700 IPBusEnum - ok 21:16:43.0048 3700 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:16:43.0094 3700 IpFilterDriver - ok 21:16:43.0157 3700 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll 21:16:43.0204 3700 iphlpsvc - ok 21:16:43.0219 3700 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys 21:16:43.0250 3700 IPMIDRV - ok 21:16:43.0266 3700 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys 21:16:43.0328 3700 IPNAT - ok 21:16:43.0344 3700 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys 21:16:43.0360 3700 IRENUM - ok 21:16:43.0391 3700 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys 21:16:43.0406 3700 isapnp - ok 21:16:43.0469 3700 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys 21:16:43.0500 3700 iScsiPrt - ok 21:16:43.0531 3700 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys 21:16:43.0547 3700 kbdclass - ok 21:16:43.0578 3700 kbdhid (3d9f0ebf350edcfd6498057301455964) C:\Windows\system32\DRIVERS\kbdhid.sys 21:16:43.0578 3700 kbdhid - ok 21:16:43.0594 3700 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:16:43.0594 3700 KeyIso - ok 21:16:43.0609 3700 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys 21:16:43.0625 3700 KSecDD - ok 21:16:43.0656 3700 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys 21:16:43.0672 3700 KSecPkg - ok 21:16:43.0718 3700 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll 21:16:43.0750 3700 KtmRm - ok 21:16:43.0781 3700 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll 21:16:43.0812 3700 LanmanServer - ok 21:16:43.0843 3700 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll 21:16:43.0874 3700 LanmanWorkstation - ok 21:16:43.0906 3700 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys 21:16:43.0937 3700 lltdio - ok 21:16:43.0968 3700 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll 21:16:43.0999 3700 lltdsvc - ok 21:16:44.0015 3700 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll 21:16:44.0046 3700 lmhosts - ok 21:16:44.0077 3700 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys 21:16:44.0093 3700 LSI_FC - ok 21:16:44.0108 3700 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys 21:16:44.0124 3700 LSI_SAS - ok 21:16:44.0124 3700 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:16:44.0140 3700 LSI_SAS2 - ok 21:16:44.0171 3700 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:16:44.0186 3700 LSI_SCSI - ok 21:16:44.0202 3700 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys 21:16:44.0233 3700 luafv - ok 21:16:44.0249 3700 MBAMProtector (fb097bbc1a18f044bd17bd2fccf97865) C:\Windows\system32\drivers\mbam.sys 21:16:44.0264 3700 MBAMProtector - ok 21:16:44.0374 3700 MBAMService (ba400ed640bca1eae5c727ae17c10207) C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe 21:16:44.0389 3700 MBAMService - ok 21:16:44.0420 3700 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll 21:16:44.0436 3700 Mcx2Svc - ok 21:16:44.0452 3700 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys 21:16:44.0467 3700 megasas - ok 21:16:44.0498 3700 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys 21:16:44.0514 3700 MegaSR - ok 21:16:44.0545 3700 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 21:16:44.0592 3700 MMCSS - ok 21:16:44.0608 3700 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys 21:16:44.0654 3700 Modem - ok 21:16:44.0670 3700 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys 21:16:44.0701 3700 monitor - ok 21:16:44.0748 3700 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys 21:16:44.0764 3700 mouclass - ok 21:16:44.0810 3700 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys 21:16:44.0842 3700 mouhid - ok 21:16:44.0857 3700 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys 21:16:44.0888 3700 mountmgr - ok 21:16:44.0935 3700 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:16:44.0951 3700 MozillaMaintenance - ok 21:16:44.0982 3700 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys 21:16:44.0998 3700 mpio - ok 21:16:45.0013 3700 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys 21:16:45.0060 3700 mpsdrv - ok 21:16:45.0107 3700 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll 21:16:45.0185 3700 MpsSvc - ok 21:16:45.0216 3700 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys 21:16:45.0247 3700 MRxDAV - ok 21:16:45.0263 3700 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys 21:16:45.0310 3700 mrxsmb - ok 21:16:45.0356 3700 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:16:45.0388 3700 mrxsmb10 - ok 21:16:45.0403 3700 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:16:45.0450 3700 mrxsmb20 - ok 21:16:45.0466 3700 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys 21:16:45.0481 3700 msahci - ok 21:16:45.0512 3700 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys 21:16:45.0544 3700 msdsm - ok 21:16:45.0575 3700 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe 21:16:45.0622 3700 MSDTC - ok 21:16:45.0637 3700 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys 21:16:45.0700 3700 Msfs - ok 21:16:45.0715 3700 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys 21:16:45.0762 3700 mshidkmdf - ok 21:16:45.0778 3700 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys 21:16:45.0793 3700 msisadrv - ok 21:16:45.0824 3700 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll 21:16:45.0856 3700 MSiSCSI - ok 21:16:45.0856 3700 msiserver - ok 21:16:45.0871 3700 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys 21:16:45.0902 3700 MSKSSRV - ok 21:16:45.0918 3700 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys 21:16:45.0980 3700 MSPCLOCK - ok 21:16:45.0996 3700 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys 21:16:46.0043 3700 MSPQM - ok 21:16:46.0058 3700 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys 21:16:46.0090 3700 MsRPC - ok 21:16:46.0090 3700 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys 21:16:46.0105 3700 mssmbios - ok 21:16:46.0105 3700 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys 21:16:46.0136 3700 MSTEE - ok 21:16:46.0168 3700 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys 21:16:46.0183 3700 MTConfig - ok 21:16:46.0199 3700 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys 21:16:46.0214 3700 Mup - ok 21:16:46.0261 3700 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll 21:16:46.0292 3700 napagent - ok 21:16:46.0339 3700 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys 21:16:46.0386 3700 NativeWifiP - ok 21:16:46.0464 3700 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys 21:16:46.0480 3700 NDIS - ok 21:16:46.0511 3700 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys 21:16:46.0526 3700 NdisCap - ok 21:16:46.0542 3700 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys 21:16:46.0573 3700 NdisTapi - ok 21:16:46.0604 3700 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys 21:16:46.0636 3700 Ndisuio - ok 21:16:46.0682 3700 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys 21:16:46.0745 3700 NdisWan - ok 21:16:46.0760 3700 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys 21:16:46.0792 3700 NDProxy - ok 21:16:46.0807 3700 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys 21:16:46.0838 3700 NetBIOS - ok 21:16:46.0870 3700 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys 21:16:46.0932 3700 NetBT - ok 21:16:46.0948 3700 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:16:46.0963 3700 Netlogon - ok 21:16:47.0026 3700 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll 21:16:47.0088 3700 Netman - ok 21:16:47.0104 3700 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll 21:16:47.0135 3700 netprofm - ok 21:16:47.0213 3700 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:16:47.0244 3700 NetTcpPortSharing - ok 21:16:47.0291 3700 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys 21:16:47.0306 3700 nfrd960 - ok 21:16:47.0338 3700 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll 21:16:47.0369 3700 NlaSvc - ok 21:16:47.0384 3700 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys 21:16:47.0416 3700 Npfs - ok 21:16:47.0416 3700 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll 21:16:47.0447 3700 nsi - ok 21:16:47.0462 3700 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys 21:16:47.0478 3700 nsiproxy - ok 21:16:47.0587 3700 Ntfs (33c3093d09017cfe2e219f2472bff6eb) C:\Windows\system32\drivers\Ntfs.sys 21:16:47.0634 3700 Ntfs - ok 21:16:47.0743 3700 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys 21:16:47.0790 3700 Null - ok 21:16:47.0821 3700 NVHDA (8571011b62ce0207fa1dc95d88308f1d) C:\Windows\system32\drivers\nvhda32v.sys 21:16:47.0837 3700 NVHDA - ok 21:16:48.0274 3700 nvlddmkm (19f5c4949b2e4cbd2e95b8ecdfc84d25) C:\Windows\system32\DRIVERS\nvlddmkm.sys 21:16:48.0664 3700 nvlddmkm - ok 21:16:48.0742 3700 nvraid (af2eec9580c1d32fb7eaf105d9784061) C:\Windows\system32\drivers\nvraid.sys 21:16:48.0773 3700 nvraid - ok 21:16:48.0788 3700 nvstor (9283c58ebaa2618f93482eb5dabcec82) C:\Windows\system32\drivers\nvstor.sys 21:16:48.0820 3700 nvstor - ok 21:16:48.0866 3700 nvsvc (7a68320fa236ed0479eff93540391568) C:\Windows\system32\nvvsvc.exe 21:16:48.0866 3700 nvsvc - ok 21:16:48.0882 3700 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys 21:16:48.0913 3700 nv_agp - ok 21:16:48.0991 3700 odserv (785f487a64950f3cb8e9f16253ba3b7b) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 21:16:49.0038 3700 odserv - ok 21:16:49.0069 3700 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys 21:16:49.0100 3700 ohci1394 - ok 21:16:49.0163 3700 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:16:49.0194 3700 ose - ok 21:16:49.0225 3700 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 21:16:49.0272 3700 p2pimsvc - ok 21:16:49.0319 3700 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll 21:16:49.0350 3700 p2psvc - ok 21:16:49.0381 3700 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys 21:16:49.0428 3700 Parport - ok 21:16:49.0459 3700 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys 21:16:49.0475 3700 partmgr - ok 21:16:49.0490 3700 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys 21:16:49.0522 3700 Parvdm - ok 21:16:49.0537 3700 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll 21:16:49.0553 3700 PcaSvc - ok 21:16:49.0600 3700 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys 21:16:49.0631 3700 pci - ok 21:16:49.0662 3700 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys 21:16:49.0678 3700 pciide - ok 21:16:49.0693 3700 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys 21:16:49.0724 3700 pcmcia - ok 21:16:49.0771 3700 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys 21:16:49.0787 3700 pcw - ok 21:16:49.0818 3700 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys 21:16:49.0912 3700 PEAUTH - ok 21:16:50.0021 3700 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll 21:16:50.0083 3700 pla - ok 21:16:50.0177 3700 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll 21:16:50.0239 3700 PlugPlay - ok 21:16:50.0255 3700 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll 21:16:50.0270 3700 PNRPAutoReg - ok 21:16:50.0286 3700 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll 21:16:50.0302 3700 PNRPsvc - ok 21:16:50.0348 3700 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll 21:16:50.0395 3700 PolicyAgent - ok 21:16:50.0426 3700 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll 21:16:50.0458 3700 Power - ok 21:16:50.0489 3700 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys 21:16:50.0520 3700 PptpMiniport - ok 21:16:50.0536 3700 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys 21:16:50.0567 3700 Processor - ok 21:16:50.0614 3700 ProfSvc (43ca4ccc22d52fb58e8988f0198851d0) C:\Windows\system32\profsvc.dll 21:16:50.0676 3700 ProfSvc - ok 21:16:50.0692 3700 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:16:50.0707 3700 ProtectedStorage - ok 21:16:50.0738 3700 ProtexisLicensing (f115af58abe5605d7d709cbfbd83f418) C:\Windows\system32\PSIService.exe 21:16:50.0738 3700 ProtexisLicensing - ok 21:16:50.0785 3700 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys 21:16:50.0832 3700 Psched - ok 21:16:50.0926 3700 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys 21:16:51.0004 3700 ql2300 - ok 21:16:51.0082 3700 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys 21:16:51.0113 3700 ql40xx - ok 21:16:51.0144 3700 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll 21:16:51.0160 3700 QWAVE - ok 21:16:51.0175 3700 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys 21:16:51.0191 3700 QWAVEdrv - ok 21:16:51.0206 3700 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys 21:16:51.0238 3700 RasAcd - ok 21:16:51.0253 3700 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys 21:16:51.0284 3700 RasAgileVpn - ok 21:16:51.0300 3700 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll 21:16:51.0316 3700 RasAuto - ok 21:16:51.0331 3700 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys 21:16:51.0378 3700 Rasl2tp - ok 21:16:51.0409 3700 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll 21:16:51.0456 3700 RasMan - ok 21:16:51.0472 3700 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys 21:16:51.0518 3700 RasPppoe - ok 21:16:51.0550 3700 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys 21:16:51.0596 3700 RasSstp - ok 21:16:51.0628 3700 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys 21:16:51.0674 3700 rdbss - ok 21:16:51.0690 3700 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys 21:16:51.0706 3700 rdpbus - ok 21:16:51.0737 3700 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys 21:16:51.0784 3700 RDPCDD - ok 21:16:51.0799 3700 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys 21:16:51.0830 3700 RDPENCDD - ok 21:16:51.0830 3700 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys 21:16:51.0862 3700 RDPREFMP - ok 21:16:51.0893 3700 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys 21:16:51.0955 3700 RDPWD - ok 21:16:52.0002 3700 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys 21:16:52.0033 3700 rdyboost - ok 21:16:52.0064 3700 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll 21:16:52.0111 3700 RemoteAccess - ok 21:16:52.0142 3700 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll 21:16:52.0189 3700 RemoteRegistry - ok 21:16:52.0220 3700 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll 21:16:52.0252 3700 RpcEptMapper - ok 21:16:52.0267 3700 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe 21:16:52.0283 3700 RpcLocator - ok 21:16:52.0330 3700 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll 21:16:52.0361 3700 RpcSs - ok 21:16:52.0392 3700 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys 21:16:52.0408 3700 rspndr - ok 21:16:52.0470 3700 RTL8167 (06bd46be6141556125f89df738333720) C:\Windows\system32\DRIVERS\Rt86win7.sys 21:16:52.0501 3700 RTL8167 - ok 21:16:52.0564 3700 RTL8192su (51adef77e4c929535fd50da153774e79) C:\Windows\system32\DRIVERS\RTL8192su.sys 21:16:52.0626 3700 RTL8192su - ok 21:16:52.0657 3700 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:16:52.0673 3700 SamSs - ok 21:16:52.0704 3700 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys 21:16:52.0720 3700 sbp2port - ok 21:16:52.0735 3700 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll 21:16:52.0766 3700 SCardSvr - ok 21:16:52.0782 3700 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys 21:16:52.0844 3700 scfilter - ok 21:16:52.0907 3700 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll 21:16:52.0954 3700 Schedule - ok 21:16:52.0985 3700 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll 21:16:53.0000 3700 SCPolicySvc - ok 21:16:53.0032 3700 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll 21:16:53.0078 3700 SDRSVC - ok 21:16:53.0094 3700 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys 21:16:53.0141 3700 secdrv - ok 21:16:53.0156 3700 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll 21:16:53.0219 3700 seclogon - ok 21:16:53.0234 3700 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll 21:16:53.0266 3700 SENS - ok 21:16:53.0281 3700 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll 21:16:53.0344 3700 SensrSvc - ok 21:16:53.0359 3700 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys 21:16:53.0390 3700 Serenum - ok 21:16:53.0437 3700 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys 21:16:53.0453 3700 Serial - ok 21:16:53.0484 3700 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys 21:16:53.0515 3700 sermouse - ok 21:16:53.0546 3700 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll 21:16:53.0578 3700 SessionEnv - ok 21:16:53.0609 3700 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys 21:16:53.0640 3700 sffdisk - ok 21:16:53.0656 3700 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys 21:16:53.0671 3700 sffp_mmc - ok 21:16:53.0687 3700 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys 21:16:53.0702 3700 sffp_sd - ok 21:16:53.0718 3700 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys 21:16:53.0734 3700 sfloppy - ok 21:16:53.0780 3700 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll 21:16:53.0827 3700 SharedAccess - ok 21:16:53.0858 3700 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll 21:16:53.0890 3700 ShellHWDetection - ok 21:16:53.0921 3700 SipIMNDI - ok 21:16:53.0952 3700 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys 21:16:53.0968 3700 sisagp - ok 21:16:53.0983 3700 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:16:53.0999 3700 SiSRaid2 - ok 21:16:54.0030 3700 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys 21:16:54.0046 3700 SiSRaid4 - ok 21:16:54.0077 3700 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys 21:16:54.0108 3700 Smb - ok 21:16:54.0108 3700 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe 21:16:54.0124 3700 SNMPTRAP - ok 21:16:54.0139 3700 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys 21:16:54.0155 3700 spldr - ok 21:16:54.0202 3700 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe 21:16:54.0248 3700 Spooler - ok 21:16:54.0420 3700 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe 21:16:54.0514 3700 sppsvc - ok 21:16:54.0654 3700 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll 21:16:54.0701 3700 sppuinotify - ok 21:16:54.0779 3700 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys 21:16:54.0826 3700 srv - ok 21:16:54.0857 3700 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys 21:16:54.0904 3700 srv2 - ok 21:16:54.0904 3700 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys 21:16:54.0919 3700 srvnet - ok 21:16:54.0950 3700 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll 21:16:54.0982 3700 SSDPSRV - ok 21:16:55.0013 3700 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys 21:16:55.0028 3700 ssmdrv - ok 21:16:55.0044 3700 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll 21:16:55.0091 3700 SstpSvc - ok 21:16:55.0106 3700 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys 21:16:55.0122 3700 stexstor - ok 21:16:55.0169 3700 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll 21:16:55.0200 3700 StiSvc - ok 21:16:55.0200 3700 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys 21:16:55.0216 3700 swenum - ok 21:16:55.0247 3700 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll 21:16:55.0278 3700 swprv - ok 21:16:55.0356 3700 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll 21:16:55.0372 3700 SysMain - ok 21:16:55.0418 3700 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll 21:16:55.0450 3700 TabletInputService - ok 21:16:55.0496 3700 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll 21:16:55.0528 3700 TapiSrv - ok 21:16:55.0543 3700 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll 21:16:55.0590 3700 TBS - ok 21:16:55.0684 3700 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys 21:16:55.0746 3700 Tcpip - ok 21:16:55.0871 3700 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys 21:16:55.0902 3700 TCPIP6 - ok 21:16:55.0949 3700 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys 21:16:56.0011 3700 tcpipreg - ok 21:16:56.0042 3700 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys 21:16:56.0089 3700 TDPIPE - ok 21:16:56.0105 3700 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys 21:16:56.0120 3700 TDTCP - ok 21:16:56.0152 3700 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys 21:16:56.0183 3700 tdx - ok 21:16:56.0183 3700 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys 21:16:56.0198 3700 TermDD - ok 21:16:56.0261 3700 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll 21:16:56.0308 3700 TermService - ok 21:16:56.0308 3700 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll 21:16:56.0323 3700 Themes - ok 21:16:56.0339 3700 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll 21:16:56.0370 3700 THREADORDER - ok 21:16:56.0401 3700 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll 21:16:56.0417 3700 TrkWks - ok 21:16:56.0464 3700 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe 21:16:56.0526 3700 TrustedInstaller - ok 21:16:56.0557 3700 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys 21:16:56.0573 3700 tssecsrv - ok 21:16:56.0604 3700 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys 21:16:56.0635 3700 TsUsbFlt - ok 21:16:56.0682 3700 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys 21:16:56.0744 3700 tunnel - ok 21:16:56.0776 3700 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys 21:16:56.0791 3700 uagp35 - ok 21:16:56.0838 3700 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys 21:16:56.0885 3700 udfs - ok 21:16:56.0900 3700 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe 21:16:56.0916 3700 UI0Detect - ok 21:16:56.0932 3700 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys 21:16:56.0932 3700 uliagpkx - ok 21:16:56.0963 3700 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\drivers\umbus.sys 21:16:56.0978 3700 umbus - ok 21:16:57.0025 3700 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys 21:16:57.0041 3700 UmPass - ok 21:16:57.0072 3700 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll 21:16:57.0103 3700 upnphost - ok 21:16:57.0119 3700 usbccgp (8455c4ed038efd09e99327f9d2d48ffa) C:\Windows\system32\DRIVERS\usbccgp.sys 21:16:57.0134 3700 usbccgp - ok 21:16:57.0166 3700 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys 21:16:57.0197 3700 usbcir - ok 21:16:57.0197 3700 usbehci (cfbce999c057d78979a181c9c60f208e) C:\Windows\system32\drivers\usbehci.sys 21:16:57.0228 3700 usbehci - ok 21:16:57.0259 3700 usbhub (9d22aad9ac6a07c691a1113e5f860868) C:\Windows\system32\drivers\usbhub.sys 21:16:57.0290 3700 usbhub - ok 21:16:57.0306 3700 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\drivers\usbohci.sys 21:16:57.0337 3700 usbohci - ok 21:16:57.0368 3700 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys 21:16:57.0400 3700 usbprint - ok 21:16:57.0431 3700 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys 21:16:57.0446 3700 usbscan - ok 21:16:57.0462 3700 USBSTOR (d8889d56e0d27e57ed4591837fe71d27) C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:16:57.0493 3700 USBSTOR - ok 21:16:57.0524 3700 usbuhci (78780c3ebce17405b1ccd07a3a8a7d72) C:\Windows\system32\drivers\usbuhci.sys 21:16:57.0540 3700 usbuhci - ok 21:16:57.0540 3700 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll 21:16:57.0571 3700 UxSms - ok 21:16:57.0602 3700 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe 21:16:57.0618 3700 VaultSvc - ok 21:16:57.0618 3700 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys 21:16:57.0634 3700 vdrvroot - ok 21:16:57.0680 3700 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe 21:16:57.0743 3700 vds - ok 21:16:57.0758 3700 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys 21:16:57.0774 3700 vga - ok 21:16:57.0790 3700 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys 21:16:57.0805 3700 VgaSave - ok 21:16:57.0836 3700 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys 21:16:57.0852 3700 vhdmp - ok 21:16:57.0883 3700 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys 21:16:57.0899 3700 viaagp - ok 21:16:57.0914 3700 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys 21:16:57.0930 3700 ViaC7 - ok 21:16:57.0946 3700 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys 21:16:57.0946 3700 viaide - ok 21:16:57.0977 3700 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys 21:16:57.0992 3700 volmgr - ok 21:16:58.0008 3700 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys 21:16:58.0008 3700 volmgrx - ok 21:16:58.0039 3700 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys 21:16:58.0055 3700 volsnap - ok 21:16:58.0070 3700 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys 21:16:58.0086 3700 vsmraid - ok 21:16:58.0164 3700 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe 21:16:58.0211 3700 VSS - ok 21:16:58.0226 3700 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys 21:16:58.0258 3700 vwifibus - ok 21:16:58.0289 3700 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys 21:16:58.0320 3700 vwififlt - ok 21:16:58.0351 3700 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll 21:16:58.0382 3700 W32Time - ok 21:16:58.0398 3700 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys 21:16:58.0414 3700 WacomPen - ok 21:16:58.0445 3700 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 21:16:58.0492 3700 WANARP - ok 21:16:58.0492 3700 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys 21:16:58.0523 3700 Wanarpv6 - ok 21:16:58.0601 3700 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe 21:16:58.0679 3700 wbengine - ok 21:16:58.0710 3700 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll 21:16:58.0741 3700 WbioSrvc - ok 21:16:58.0757 3700 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll 21:16:58.0804 3700 wcncsvc - ok 21:16:58.0819 3700 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll 21:16:58.0850 3700 WcsPlugInService - ok 21:16:58.0897 3700 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys 21:16:58.0913 3700 Wd - ok 21:16:58.0960 3700 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys 21:16:59.0006 3700 Wdf01000 - ok 21:16:59.0022 3700 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 21:16:59.0084 3700 WdiServiceHost - ok 21:16:59.0084 3700 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll 21:16:59.0116 3700 WdiSystemHost - ok 21:16:59.0147 3700 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll 21:16:59.0178 3700 WebClient - ok 21:16:59.0209 3700 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll 21:16:59.0240 3700 Wecsvc - ok 21:16:59.0256 3700 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll 21:16:59.0287 3700 wercplsupport - ok 21:16:59.0318 3700 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll 21:16:59.0350 3700 WerSvc - ok 21:16:59.0365 3700 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys 21:16:59.0396 3700 WfpLwf - ok 21:16:59.0412 3700 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys 21:16:59.0428 3700 WIMMount - ok 21:16:59.0506 3700 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll 21:16:59.0552 3700 WinDefend - ok 21:16:59.0552 3700 WinHttpAutoProxySvc - ok 21:16:59.0615 3700 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll 21:16:59.0708 3700 Winmgmt - ok 21:16:59.0771 3700 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll 21:16:59.0833 3700 WinRM - ok 21:16:59.0911 3700 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll 21:16:59.0942 3700 Wlansvc - ok 21:17:00.0114 3700 wlidsvc (d9250b31b353ee3322c1cad411997e38) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:17:00.0161 3700 wlidsvc - ok 21:17:00.0254 3700 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys 21:17:00.0286 3700 WmiAcpi - ok 21:17:00.0317 3700 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe 21:17:00.0332 3700 wmiApSrv - ok 21:17:00.0426 3700 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe 21:17:00.0488 3700 WMPNetworkSvc - ok 21:17:00.0535 3700 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll 21:17:00.0566 3700 WPCSvc - ok 21:17:00.0613 3700 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll 21:17:00.0676 3700 WPDBusEnum - ok 21:17:00.0691 3700 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys 21:17:00.0738 3700 ws2ifsl - ok 21:17:00.0769 3700 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll 21:17:00.0785 3700 wscsvc - ok 21:17:00.0785 3700 WSearch - ok 21:17:00.0910 3700 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll 21:17:00.0972 3700 wuauserv - ok 21:17:01.0034 3700 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys 21:17:01.0097 3700 WudfPf - ok 21:17:01.0112 3700 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys 21:17:01.0128 3700 WUDFRd - ok 21:17:01.0159 3700 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll 21:17:01.0175 3700 wudfsvc - ok 21:17:01.0206 3700 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll 21:17:01.0253 3700 WwanSvc - ok 21:17:01.0284 3700 MBR (0x1B8) (c79b30cb8852157f6f908e4698cfe0d0) \Device\Harddisk0\DR0 21:17:03.0624 3700 \Device\Harddisk0\DR0 - ok 21:17:03.0640 3700 MBR (0x1B8) (09c9d8ce5b6591cee5221ba76476bdf0) \Device\Harddisk4\DR8 21:17:08.0850 3700 \Device\Harddisk4\DR8 - ok 21:17:08.0866 3700 Boot (0x1200) (32e95ed9b9e62ab4f1dd17aa8b27a84c) \Device\Harddisk0\DR0\Partition0 21:17:08.0866 3700 \Device\Harddisk0\DR0\Partition0 - ok 21:17:08.0881 3700 Boot (0x1200) (568ccff13a57dd582e5ae8c4722b57b0) \Device\Harddisk0\DR0\Partition1 21:17:08.0881 3700 \Device\Harddisk0\DR0\Partition1 - ok 21:17:08.0912 3700 Boot (0x1200) (7c2d3ee2251e2dc9a7a223b94a914617) \Device\Harddisk0\DR0\Partition2 21:17:08.0912 3700 \Device\Harddisk0\DR0\Partition2 - ok 21:17:08.0912 3700 ============================================================ 21:17:08.0912 3700 Scan finished 21:17:08.0912 3700 ============================================================ 21:17:08.0928 3840 Detected object count: 1 21:17:08.0928 3840 Actual detected object count: 1 21:17:45.0541 3840 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 21:17:45.0541 3840 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip Code:
ATTFilter OTL logfile created on: 26.06.2012 22:32:18 - Run 2 OTL by OldTimer - Version 3.2.53.0 Folder = C:\Users\Horst Falch\Desktop\Rocketnews-Problem Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 1,87 Gb Available Physical Memory | 62,49% Memory free 5,98 Gb Paging File | 4,78 Gb Available in Paging File | 79,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 910,41 Gb Total Space | 878,78 Gb Free Space | 96,53% Space Free | Partition Type: NTFS Drive D: | 20,00 Gb Total Space | 11,70 Gb Free Space | 58,48% Space Free | Partition Type: NTFS Drive I: | 1,96 Gb Total Space | 1,96 Gb Free Space | 99,89% Space Free | Partition Type: FAT32 Computer Name: ZUHAUSE | User Name: Horst Falch | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.06.26 18:48:37 | 000,596,992 | ---- | M] (OldTimer Tools) -- C:\Users\Horst Falch\Desktop\Rocketnews-Problem\OTL.exe PRC - [2012.05.29 17:25:52 | 001,564,880 | ---- | M] (Ask) -- C:\Programme\Ask.com\Updater\Updater.exe PRC - [2012.05.09 23:28:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe PRC - [2012.05.09 23:28:57 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.05.09 23:28:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.09 23:28:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.09 23:28:57 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2011.06.24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE PRC - [2010.11.20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.11.20 14:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2010.05.21 01:52:06 | 011,312,128 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin PRC - [2010.05.21 01:52:04 | 011,318,784 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe PRC - [2009.12.03 10:12:12 | 000,976,320 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Programme\Epson Software\Event Manager\EEventManager.exe PRC - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.10.02 14:26:10 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2009.09.14 09:00:00 | 000,200,704 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Windows\System32\spool\drivers\w32x86\3\E_FATIGGE.EXE PRC - [2009.06.03 21:59:02 | 000,103,720 | ---- | M] (CyberLink) -- C:\Programme\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe PRC - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE PRC - [2009.03.30 17:28:36 | 000,183,152 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE PRC - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) -- C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe PRC - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () -- C:\Windows\System32\PSIService.exe ========== Modules (No Company Name) ========== MOD - [2012.06.13 13:53:16 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.06.13 13:53:11 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.05.12 18:08:02 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.05.12 18:07:24 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.05.12 18:07:18 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.05.12 18:07:15 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.05.12 18:07:14 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.05.12 18:07:09 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2010.11.13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.05.04 16:36:28 | 000,970,752 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll MOD - [2009.06.03 21:59:14 | 000,013,096 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.06.03 21:59:02 | 000,619,816 | ---- | M] () -- C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll ========== Win32 Services (SafeList) ========== SRV - [2012.06.23 14:09:18 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.06.23 10:09:32 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.09 23:28:57 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe -- (AntiVirWebService) SRV - [2012.05.09 23:28:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.05.09 23:28:57 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.04.04 15:56:40 | 000,654,408 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2011.07.20 05:18:24 | 000,440,696 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE -- (odserv) SRV - [2011.05.26 14:34:34 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Programme\Microsoft\BingBar\BBSvc.EXE -- (BBSvc) SRV - [2011.03.10 20:57:04 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate) SRV - [2010.11.20 14:17:56 | 001,121,792 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2009.10.02 14:26:12 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) Intel(R) SRV - [2009.07.14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2009.05.14 17:07:14 | 000,759,048 | ---- | M] (ABBYY) [Auto | Running] -- C:\Programme\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe -- (ABBYY.Licensing.FineReader.Sprint.9.0) SRV - [2009.03.30 17:28:36 | 001,533,808 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2009.02.03 15:53:00 | 001,155,072 | ---- | M] (MAGIX AG) [Auto | Running] -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe -- (Fabs) SRV - [2008.08.07 11:10:02 | 003,276,800 | ---- | M] (MAGIX®) [On_Demand | Stopped] -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe -- (FirebirdServerMAGIXInstance) SRV - [2007.06.05 14:20:32 | 000,177,704 | ---- | M] () [Auto | Running] -- C:\Windows\System32\PSIService.exe -- (ProtexisLicensing) SRV - [2006.10.26 15:03:08 | 000,145,184 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\SipIMNDI.sys -- (SipIMNDI) DRV - [2012.05.09 23:28:57 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.09 23:28:57 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012.04.04 15:56:40 | 000,022,344 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector) DRV - [2011.09.16 17:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2009.11.21 04:34:54 | 011,515,752 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2009.11.12 06:14:28 | 000,066,664 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA) DRV - [2009.10.08 17:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.09.22 15:34:44 | 000,579,072 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8192su.sys -- (RTL8192su) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.aldi.com IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes,DefaultScope = {2DA5029E-FBEA-4A02-8064-1006701CC60F} IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\SearchScopes\{2DA5029E-FBEA-4A02-8064-1006701CC60F}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.defaulturl: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-" FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-" FF - prefs.js..browser.search.update: false FF - prefs.js..browser.startup.homepage: "hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..keyword.URL: "hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=" FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 10:09:33 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 11:45:48 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.23 10:09:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.04.12 11:45:48 | 000,000,000 | ---D | M] [2010.05.18 15:03:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Extensions [2012.05.18 14:36:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions [2012.05.18 14:36:07 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} [2012.06.16 11:20:25 | 000,000,000 | ---D | M] (Avira SearchFree Toolbar plus Web Protection) -- C:\Users\Horst Falch\AppData\Roaming\mozilla\Firefox\Profiles\lv6qbu68.default\extensions\toolbar@ask.com [2012.04.17 21:34:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.06.23 10:09:33 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.03.23 20:11:53 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.06.23 10:09:31 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.23 10:09:31 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.23 10:09:31 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.23 10:09:31 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.23 10:09:31 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.23 10:09:31 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - default_search_provider: Google () CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms} O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (EpsonToolBandKicker Class) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKLM\..\Toolbar: (Easy Photo Print) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - C:\Programme\Epson Software\Easy Photo Print\EPTBL.dll (SEIKO EPSON CORPORATION / CyCom Technology Corp.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Programme\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000\..\Toolbar\WebBrowser: (EPSON Web-To-Page) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - C:\Programme\epson\EPSON Web-To-Page\EPSON Web-To-Page.dll (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION) O4 - HKLM..\Run: [IAStorIcon] C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [EPSON SX125 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIGGE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [MPATEN] C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll (Pgzkjbihy Onhugpjxhnm) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\Horst Falch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000029 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/C/0/C/C0CBBA88-A6F2-48D9-9B0E-1719D1177202/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {1E3F1348-4370-4BBE-A67A-CC7ED824CA85} hxxp://download.microsoft.com/download/7/4/9/749b0dc5-2175-4d5b-a6dd-9c4bc923683e/Selfhelpcontrol.cab (Microsoft Genuine Advantage Self Support Tool) O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{680700B6-0399-4F4F-BAA3-E06032E8987E}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.14.0.8089.0726.dll (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{f2b1107a-7489-11df-9fc1-4061867ecbba}\Shell - "" = AutoRun O33 - MountPoints2\{f2b1107a-7489-11df-9fc1-4061867ecbba}\Shell\AutoRun\command - "" = I:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.06.26 21:00:55 | 000,000,000 | ---D | C] -- C:\Windows\LastGood [2012.06.26 20:07:14 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.06.26 18:52:55 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\AppData\Roaming\Malwarebytes [2012.06.26 18:52:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.06.26 18:52:44 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.06.26 18:52:43 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.06.26 18:52:43 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.06.26 18:42:21 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\Desktop\Rocketnews-Problem [2012.06.16 12:33:51 | 000,155,648 | RHS- | C] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll [2012.06.10 19:31:53 | 000,000,000 | ---D | C] -- C:\Users\Horst Falch\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.06.26 22:09:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.06.26 21:53:00 | 000,001,108 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.06.26 21:17:26 | 000,654,096 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.06.26 21:17:26 | 000,615,760 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.06.26 21:17:26 | 000,130,952 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.06.26 21:17:26 | 000,107,396 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.06.26 21:07:42 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 21:07:42 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.06.26 21:00:21 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.06.26 21:00:19 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.06.26 21:00:13 | 2408,927,232 | -HS- | M] () -- C:\hiberfil.sys [2012.06.19 13:07:16 | 000,014,067 | ---- | M] () -- C:\Users\Horst Falch\Desktop\Documents\Renten.ods [2012.06.16 12:33:51 | 000,155,648 | RHS- | M] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll [2012.06.13 13:52:20 | 000,390,752 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.09 13:23:43 | 000,002,052 | ---- | M] () -- C:\Users\Horst Falch\AppData\Roaming\wklnhst.dat [2012.06.01 21:39:10 | 000,015,818 | ---- | M] () -- C:\Users\Horst Falch\Desktop\Documents\e-on Waldeck .odt ========== Files Created - No Company Name ========== [2012.06.01 21:35:43 | 000,015,818 | ---- | C] () -- C:\Users\Horst Falch\Desktop\Documents\e-on Waldeck .odt [2012.02.15 02:19:38 | 000,031,053 | ---- | C] () -- C:\Windows\System32\EPPICPattern131.dat [2012.02.15 02:19:38 | 000,027,417 | ---- | C] () -- C:\Windows\System32\EPPICPattern121.dat [2012.02.15 02:19:38 | 000,024,903 | ---- | C] () -- C:\Windows\System32\EPPICPattern3.dat [2012.02.15 02:19:38 | 000,021,390 | ---- | C] () -- C:\Windows\System32\EPPICPattern5.dat [2012.02.15 02:19:38 | 000,020,148 | ---- | C] () -- C:\Windows\System32\EPPICPattern2.dat [2012.02.15 02:19:38 | 000,011,811 | ---- | C] () -- C:\Windows\System32\EPPICPattern4.dat [2012.02.15 02:19:38 | 000,004,943 | ---- | C] () -- C:\Windows\System32\EPPICPattern6.dat [2012.02.15 02:19:38 | 000,001,146 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_DU.dat [2012.02.15 02:19:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_PT.dat [2012.02.15 02:19:38 | 000,001,139 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_BP.dat [2012.02.15 02:19:38 | 000,001,136 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_ES.dat [2012.02.15 02:19:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_FR.dat [2012.02.15 02:19:38 | 000,001,129 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_CF.dat [2012.02.15 02:19:38 | 000,001,120 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_IT.dat [2012.02.15 02:19:38 | 000,001,107 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_GE.dat [2012.02.15 02:19:38 | 000,001,104 | ---- | C] () -- C:\Windows\System32\EPPICPresetData_EN.dat [2012.02.12 17:57:51 | 000,003,584 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.02.12 17:57:39 | 000,003,764 | -HS- | C] () -- C:\Windows\System32\KGyGaAvL.sys [2012.02.12 17:57:39 | 000,000,008 | RHS- | C] () -- C:\Windows\System32\1C0C51EE85.sys [2011.07.01 13:44:12 | 000,000,000 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\{AF9324A6-B48B-4E37-B6B4-FDB5B215C616} [2011.04.15 03:59:50 | 000,000,099 | ---- | C] () -- C:\Users\Horst Falch\AppData\Local\fusioncache.dat [2010.11.11 11:17:01 | 000,000,032 | ---- | C] () -- C:\ProgramData\io.ini [2010.08.05 13:35:28 | 000,002,052 | ---- | C] () -- C:\Users\Horst Falch\AppData\Roaming\wklnhst.dat ========== LOP Check ========== [2011.03.03 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Atzy [2012.02.15 02:25:44 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Epson [2010.05.06 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\MAGIX [2010.11.22 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\OpenOffice.org [2010.09.27 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Smart Panel [2011.03.01 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Sosyz [2010.05.06 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\T-Online [2010.09.30 14:26:32 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Template [2010.05.24 08:50:09 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Windows Live Writer [2012.05.28 17:11:08 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.05.07 11:16:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Adobe [2010.05.18 14:38:48 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Apple Computer [2011.03.03 10:20:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Atzy [2012.02.16 17:10:45 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Avira [2012.02.12 17:57:40 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Corel [2010.12.04 17:07:07 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\CyberLink [2012.02.15 02:25:44 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Epson [2010.05.06 14:06:10 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Identities [2011.08.12 22:47:24 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\InstallShield [2010.05.06 14:06:33 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Intel Corporation [2010.05.06 17:59:11 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Macromedia [2010.05.06 22:54:26 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\MAGIX [2012.06.26 18:52:55 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Malwarebytes [2009.07.14 10:56:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Media Center Programs [2012.06.10 19:31:53 | 000,000,000 | --SD | M] -- C:\Users\Horst Falch\AppData\Roaming\Microsoft [2010.05.18 15:03:00 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Mozilla [2010.11.22 15:14:27 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\OpenOffice.org [2010.09.27 12:33:53 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Smart Panel [2011.03.01 19:08:41 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Sosyz [2010.05.06 17:59:23 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\T-Online [2010.09.30 14:26:32 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Template [2012.05.23 16:05:40 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\U3 [2010.05.24 08:50:09 | 000,000,000 | ---D | M] -- C:\Users\Horst Falch\AppData\Roaming\Windows Live Writer < %APPDATA%\*.exe /s > [2010.11.20 15:00:01 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Horst Falch\AppData\Roaming\Microsoft\Installer\{41B55736-84CD-42B0-8C49-1729B178EAE0}\NewShortcut1_41B5573684CD42B08C491729B178EAE0.exe [2010.11.20 15:00:01 | 000,040,960 | R--- | M] (InstallShield Software Corp.) -- C:\Users\Horst Falch\AppData\Roaming\Microsoft\Installer\{41B55736-84CD-42B0-8C49-1729B178EAE0}\NewShortcut3_41B5573684CD42B08C491729B178EAE0.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTOR.SYS > [2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\drivers\iaStor.sys [2009.10.02 13:40:50 | 000,432,664 | ---- | M] (Intel Corporation) MD5=D5EDB998656E6ECF1A17C78DAB019A3C -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_c08288e6bf102290\iaStor.sys < MD5 for: IASTORV.SYS > [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\drivers\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\drivers\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > Vielen Dank im Voraus! MfG Jogibub |
27.06.2012, 12:06 | #2 |
/// Malware-holic | Google/rocketnews.com Problem hi
__________________dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL [2012.06.16 12:33:51 | 000,155,648 | RHS- | C] (Pgzkjbihy Onhugpjxhnm) -- C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll O4 - HKU\S-1-5-21-893424397-1668057907-3998358512-1000..\Run: [MPATEN] C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll (Pgzkjbihy Onhugpjxhnm) :Files :Commands [purity] [EMPTYFLASH] [emptytemp] [Reboot] • Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die + E Taste.
downloade get info: File-Upload.net - GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten.
__________________ |
27.06.2012, 17:35 | #3 |
/// Malware-holic | Google/rocketnews.com Problem danke, die getinfo datei noch ausführen bitte und log posten
__________________
__________________ |
27.06.2012, 17:47 | #4 |
| Google/rocketnews.com Problem Ja auf den Eintrag im Autostart hätte ich auch kommen können, aber manchmal sieht man halt vor lauter Bäumen den Wald nicht mehr. Das Zip-File hab ich rauf geladen, der Ordner war aber leer, somit ist es das File auch. Hier der Log vom OTL: Code:
ATTFilter All processes killed ========== OTL ========== C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll moved successfully. Registry value HKEY_USERS\S-1-5-21-893424397-1668057907-3998358512-1000\Software\Microsoft\Windows\CurrentVersion\Run\\MPATEN deleted successfully. File C:\Users\Horst Falch\AppData\Roaming\ReAgentb.dll not found. ========== COMMANDS ========== [EMPTYFLASH] User: Administrator User: All Users User: Default User: Default User User: Horst Falch ->Flash cache emptied: 190100 bytes User: Public Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: Administrator User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 33170 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Horst Falch ->Temp folder emptied: 672243871 bytes ->Temporary Internet Files folder emptied: 71672822 bytes ->Java cache emptied: 5136243 bytes ->FireFox cache emptied: 1094337450 bytes ->Google Chrome cache emptied: 819568 bytes ->Apple Safari cache emptied: 11771904 bytes ->Flash cache emptied: 0 bytes User: Public %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 317163443 bytes RecycleBin emptied: 9061142 bytes Total Files Cleaned = 2.081,00 mb OTL by OldTimer - Version 3.2.53.0 log created on 06272012_175024 Files\Folders moved on Reboot... File\Folder C:\Users\Horst Falch\AppData\Local\Temp\Brief Harburg 30.09 10 not found! PendingFileRenameOperations files... File C:\Users\Horst Falch\AppData\Local\Temp\Brief Harburg 30.09 10 not found! Registry entries deleted on Reboot... Code:
ATTFilter System volume information: dwHighDateTime = 0x1ca92db,dwLowDateTime = 0x838f5c08 System32: dwHighDateTime = 0x1ca042b,dwLowDateTime = 0xfb15659b dwSerialNumber = 0xe89683d7 MfG Jogibub |
27.06.2012, 17:56 | #5 | |
/// Malware-holic | Google/rocketnews.com Problem hi, Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
28.06.2012, 15:51 | #6 |
| Google/rocketnews.com Problem Hi markusg, vielen Dank, dass du mir weiterhin deine Hilfe anbietest, aber das Problem ist gelöst und ich habe den Rechner nicht mehr bei mir. Ich kann dir das Log von Combofix leider nicht mehr posten. Du darfst diesen Thread gern als gelöst schließen. MfG Jogibub |
29.06.2012, 18:13 | #7 |
/// Malware-holic | Google/rocketnews.com Problem der rechner hätte noch abgesichert werden müssen, so kann er sich wieder infizieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.07.2012, 10:09 | #8 |
| Google/rocketnews.com Problem Hi markusg, die Absicherung findet mit Hilfe von Combofix statt? Sorry für die späte Antwort, ich war in der Arbeit sehr eingespannt und hatte keinen Kopf für diese Angelegenheit. MfG Jogibub |
04.07.2012, 14:02 | #9 |
/// Malware-holic | Google/rocketnews.com Problem nein, weitere analyse mit cf dann absicherung :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
06.07.2012, 19:45 | #10 |
| Google/rocketnews.com Problem Hi markusg, hier der Combofix Log: Code:
ATTFilter ComboFix 12-07-06.02 - Horst Falch 06.07.2012 20:25:34.1.4 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3063.2113 [GMT 2:00] ausgeführt von:: c:\users\Horst Falch\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} * Neuer Wiederherstellungspunkt wurde erstellt . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\windows\IsUn0407.exe . . ((((((((((((((((((((((( Dateien erstellt von 2012-06-06 bis 2012-07-06 )))))))))))))))))))))))))))))) . . 2012-07-06 18:30 . 2012-07-06 18:30 -------- d-----w- c:\users\Horst Falch\AppData\Local\temp 2012-07-06 18:30 . 2012-07-06 18:30 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-06-27 15:50 . 2012-06-27 16:30 -------- d-----w- C:\_OTL 2012-06-26 18:07 . 2012-06-26 18:07 -------- d-----w- c:\program files\ESET 2012-06-26 16:52 . 2012-06-26 16:52 -------- d-----w- c:\users\Horst Falch\AppData\Roaming\Malwarebytes 2012-06-23 08:09 . 2012-06-23 08:09 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll 2012-06-23 08:09 . 2012-06-23 08:09 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll 2012-06-19 09:09 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe 2012-06-19 09:09 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll 2012-06-19 09:09 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll 2012-06-19 09:09 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll 2012-06-19 09:09 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll 2012-06-19 09:09 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll 2012-06-19 09:09 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll 2012-06-19 09:09 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll 2012-06-19 09:09 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe 2012-06-10 17:31 . 2012-06-10 17:31 -------- d-----w- c:\users\Horst Falch\AppData\Local\Macromedia . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-06-23 12:09 . 2012-05-05 08:26 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-06-23 12:09 . 2011-05-14 09:59 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-05-09 21:28 . 2012-02-16 15:05 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-05-09 21:28 . 2012-02-16 15:05 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-06-23 08:09 . 2012-04-17 19:34 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}] 2012-06-20 11:18 1519824 ----a-w- c:\program files\Ask.com\GenericAskToolbar.dll . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser] "{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2012-06-20 1519824] . [HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1] [HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}] [HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-10-02 284696] "CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-06-03 103720] "RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2009-08-04 7703072] "EEventManager"="c:\program files\Epson Software\Event Manager\EEventManager.exe" [2009-12-03 976320] "Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-03-27 37296] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-02 843712] "ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2012-06-20 1568976] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-09 348624] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\Horst Falch\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ OpenOffice.org 3.2.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-5-20 1195008] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa] Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp . R2 gupdate;Google Update Service (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x] R3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x] R3 FirebirdServerMAGIXInstance;Firebird Server - MAGIX Instance;c:\program files\Common Files\MAGIX Services\Database\bin\fbserver.exe [x] R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x] R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x] R3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda32v.sys [x] R3 SipIMNDI;T-Online Dialerschutz VoIP Service;c:\windows\system32\DRIVERS\SipIMNDI.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x] S2 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;c:\program files\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 AntiVirWebService;Avira Browser Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x] S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x] S2 Fabs;FABS - Helping agent for MAGIX media database;c:\program files\Common Files\MAGIX Services\Database\bin\FABS.exe [x] S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8192su;Realtek RTL8192SU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8192su.sys [x] . . Inhalt des "geplante Tasks" Ordners . 2012-07-06 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-05 12:09] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 18:08] . 2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-08-10 18:08] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = hxxp://www.aldi.com uInternet Settings,ProxyOverride = *.local IE: Nach Microsoft E&xel exportieren - c:\progra~1\MIF5BA~1\Office12\EXCEL.EXE/3000 IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll TCP: DhcpNameServer = 192.168.2.1 FF - ProfilePath - c:\users\Horst Falch\AppData\Roaming\Mozilla\Firefox\Profiles\lv6qbu68.default\ FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - prefs.js: browser.startup.homepage - hxxp://de.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:de:official FF - prefs.js: keyword.URL - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p= FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false FF - user.js: yahoo.ytff.general.dontshowhpoffer - true . - - - - Entfernte verwaiste Registrierungseinträge - - - - . Toolbar-Locked - (no file) AddRemove-_{ADDBE07D-95B8-4789-9C76-187FFF9624B4} - c:\program files\Corel\CorelDRAW Essential Edition 3\Programs\MSILauncher {ADDBE07D-95B8-4789-9C76-187FFF9624B4} . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . --------------------- Durch laufende Prozesse gestartete DLLs --------------------- . - - - - - - - > 'explorer.exe'(3360) c:\program files\Epson Software\Easy Photo Print\EPTBL.dll c:\program files\EPSON\EPSON Web-To-Page\EPSON Web-To-Page.dll c:\program files\Avira\AntiVir Desktop\avsda.dll . Zeit der Fertigstellung: 2012-07-06 20:39:35 ComboFix-quarantined-files.txt 2012-07-06 18:39 . Vor Suchlauf: 7 Verzeichnis(se), 940.888.023.040 Bytes frei Nach Suchlauf: 11 Verzeichnis(se), 940.670.742.528 Bytes frei . - - End Of File - - 4F21730F3C81D6B93ED8D1FA46223E19 |
06.07.2012, 19:50 | #11 |
/// Malware-holic | Google/rocketnews.com Problem lade den CCleaner standard: CCleaner Download - CCleaner 3.20.1750 falls der CCleaner bereits instaliert, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
Themen zu Google/rocketnews.com Problem |
4d36e972-e325-11ce-bfc1-08002be10318, administrator, autorun, avira, avira searchfree toolbar, bho, bingbar, dateisystem, defender, desktop, detected, explorer, firefox, firefox 13.0.1, firefox settings, format, google earth, helper, heuristiks/extra, heuristiks/shuriken, hängt, logfile, nvidia, object, opera, plug-in, problem, programme, realtek, rootkit, rundll, searchscopes, senden, sigcheck, software, trojan.spyeyes.gen, unsignedfile.multi.generic, version=1.0, wieder weg, winlogon.exe, wrapper, yahoo |