| |
| |||||||
Log-Analyse und Auswertung: Rechner nach Virusfund sauber?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
04.07.2012, 14:16
| #1 | ||||||
 |  Rechner nach Virusfund sauber? Hallo, ich hatte gestern einen Routine-Systemscan von Avira machen lassen und der ergab 9 Funde, z.B. EXP/2011-3544.DL.1 und EXP/CVE-2012-0507, beide in einem Java Ordner (s.Logfile). Ich habe alle Dateien gelöscht und Java deinstalliert und neu installiert, weil ich noch die alte Version 6 hatte. Jetzt ist die neueste drauf. Habe dann einen weiteren Scan (auch aller USB-Sticks) gemacht, bei dem dann nichts mehr von Avira gefunden wurde. (s.Logfile) Leider habe ich aber keine Ahnung davon, was diese Exploits anrichten können oder wie sie sich verstecken und verbreiten, und ich würde gerne wissen, ob mein System nun wieder sauber ist. Betriebssystem ist Win 7 Professional (32bit) mit SP1. Hier das Log vom ersten Avira-Scan: Zitat:
Und hier das vom zweiten Scan nach Löschen der Funde: Zitat:
Ich habe dann noch OTL laufen lassen: Zitat:
Zitat:
Und Malwarebytes als Vollscan: Zitat:
Gmer ist beim ersten Mal abgestürzt kurz nach Beginn des Scans, beim darauffolgenden Versuch hat es aber funktioniert: Zitat:
Danke schonmal für Hilfe damit! Gruß, Blobbit |
|
05.07.2012, 15:08
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Rechner nach Virusfund sauber? Malwarebytes erstellt bei jedem Scanvorgang genau ein Log. Hast du in der Vergangenheit schonmal mit Malwarebytes gescannt?
__________________Wenn ja dann stehen auch alle Logs zu jedem Scanvorgang im Reiter Logdateien. Bitte alle posten, die dort sichtbar sind.
__________________ |
|
05.07.2012, 15:50
| #3 | |
| | Rechner nach Virusfund sauber? Hallo, und danke für die schnelle Antwort.
__________________ich habe Malwarebytes erst als Alternative zu Avira benutzt, als ich die Funde schon hatte (also danach), um zu gucken, ob ein anderes Programm als Avira auch nichts findet. Ich habe vor dem Vollscan noch einen Quickscan gemacht, bei dem aber nichts gefunden wurde: Zitat:
|
|
05.07.2012, 16:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Führ bitte auch ESET aus, danach sehen wir weiter. Hinweis: ESET zeigt durchaus öfter ein paar Fehlalarme. Deswegen soll auch von ESET immer nur erst das Log gepostet und nichts entfernt werden. ESET Online Scanner Bitte während der Online-Scans evtl. vorhandene externe Festplatten einschalten! Bitte während der Scans alle Hintergrundwächter (Anti-Virus-Programm, Firewall, Skriptblocking und ähnliches) abstellen und nicht vergessen, alles hinterher wieder einzuschalten.
 + R Taste und kopiere folgenden Text in das Ausführen Fenster.Code:
ATTFilter "%PROGRAMFILES%\Eset\Eset Online Scanner\log.txt"
Code:
ATTFilter "%PROGRAMFILES(X86)%\Eset\Eset Online Scanner\log.txt"
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
05.07.2012, 20:28
| #5 | |
| | Rechner nach Virusfund sauber? Habe ESET ausgeführt, hat nichts gefunden: Zitat:
Grüße Blobbit -- edit: Defender abstellen hab ich gefunden. Sorry für die Nachfrage! Ist nur noch die Frage, ob ich den ESET Scan nochmal laufen lassen soll. Liebe Grüße! Geändert von Blobbit (05.07.2012 um 20:51 Uhr) |
|
05.07.2012, 20:57
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Hätte da mal zwei Fragen bevor es weiter geht 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ --> Rechner nach Virusfund sauber? |
|
05.07.2012, 21:01
| #7 |
| | Rechner nach Virusfund sauber? Der normale Modus ging eigentlich die ganze Zeit (für meine Begriffe) uneingeschränkt. War ja nur beim Routinescan auf die Funde gestoßen, nicht, weil irgendwas komisch war. Eine Zeit lang hat sich der Rechner mal öfters aufgehängt, als ich ihn in den Ruhezustand fahren wollte, sodass ich ihn dann per Knopfdruck ausmachen musste. Da habe ich aber auch schonmal gescannt und nicht gefunden. Nun geht es auch schon seit längerem wieder ohne Probleme. Im Startmenu fehlt mir auf den ersten Blick nichts (nutze es aber auch nicht oft), nur der Autostart-Ordner ist leer. Keine Ahnung, ob das vorher auch schon so war. Gruß Blobbit |
|
05.07.2012, 21:19
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.07.2012, 22:00
| #9 |
| | Rechner nach Virusfund sauber? So, hier die Logfile von OTL: Code:
ATTFilter OTL logfile created on: 05.07.2012 22:32:26 - Run 3 OTL by OldTimer - Version 3.2.53.1 Folder = C:\Users\***\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,00 Gb Total Physical Memory | 2,10 Gb Available Physical Memory | 70,11% Memory free 5,99 Gb Paging File | 4,98 Gb Available in Paging File | 83,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 48,83 Gb Total Space | 6,92 Gb Free Space | 14,17% Space Free | Partition Type: NTFS Drive D: | 62,86 Gb Total Space | 3,26 Gb Free Space | 5,18% Space Free | Partition Type: NTFS Computer Name: KATHISLÄPPI | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Adobe\Acrobat 9.0\Acrobat\acrotray.exe (Adobe Systems Inc.) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) PRC - C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) ========== Modules (No Company Name) ========== MOD - C:\Programme\Adobe\Acrobat 9.0\Acrobat\AcroTray.DEU () MOD - C:\Programme\Filzip\fzshext.dll () ========== Win32 Services (SafeList) ========== SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (FLEXnet Licensing Service) -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe (Acresso Software Inc.) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Programme\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (Adobe Version Cue CS4) -- C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe (Adobe Systems Incorporated) SRV - (WcesComm) -- C:\Windows\WindowsMobile\wcescomm.dll (Microsoft Corporation) SRV - (RapiMgr) -- C:\Windows\WindowsMobile\rapimgr.dll (Microsoft Corporation) SRV - (WMIService) -- C:\Acer\Empowering Technology\ePower\ePowerSvc.exe (acer) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (ESMCR) -- C:\Windows\System32\drivers\ESM7SK.sys (ENE Technology Inc.) DRV - (EMSCR) -- C:\Windows\System32\drivers\EMS7SK.sys (ENE Technology Inc.) DRV - (ESDCR) -- C:\Windows\System32\drivers\ESD7SK.sys (ENE Technology Inc.) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (netw5v32) Intel(R) -- C:\Windows\System32\drivers\netw5v32.sys (Intel Corporation) DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (SMSCIRDA) -- C:\Windows\System32\drivers\smscirda.sys (SMSC) DRV - (XAudio) -- C:\Windows\System32\drivers\XAudio.sys (Conexant Systems, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://de.ask.com/?l=dis&o=14597 IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 7C 33 86 9D 94 CC 01 [binary data] IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=9621eb39-4e86-4b99-8445-36f6e6688379&apn_sauid=29707ED1-A83A-4FD0-B7C1-FF640792C608 IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Google" FF - prefs.js..browser.search.defaultenginename: "Google" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.6 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24 FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6 FF - prefs.js..extensions.enabledItems: {ff356687-aa08-463d-a46c-11c451824939}:5.5.0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Acrobat: C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Air\nppdf32.dll (Adobe Systems Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 16:15:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2012.06.22 13:10:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.16 21:36:55 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.07.04 16:15:47 | 000,000,000 | ---D | M] [2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2011.02.22 21:05:39 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2012.07.04 15:48:37 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions [2012.03.30 15:49:36 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\bew6pf6y.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.06.23 18:27:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions [2012.06.23 18:27:10 | 000,000,000 | ---D | M] (TT DeepDark) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\{9ed238c0-af95-11e0-9f1c-0800200c9a66} [2011.02.22 21:00:57 | 000,000,000 | ---D | M] (Leopard Mail-Default-Aqua) -- C:\Users\***\AppData\Roaming\mozilla\Thunderbird\Profiles\y2qjhrun.default\extensions\LeopardMailDefaultAqua@reo-2007 [2012.03.17 17:37:35 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.07.04 15:48:37 | 000,743,290 | ---- | M] () (No name found) -- C:\USERS\***\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\BEW6PF6Y.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI [2012.06.16 21:36:54 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.16 21:36:51 | 000,001,525 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazon-en-GB.xml [2012.06.16 21:36:51 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.16 21:36:51 | 000,000,935 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\chambers-en-GB.xml [2012.06.16 21:36:51 | 000,001,166 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-en-GB.xml [2012.06.16 21:36:51 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml [2012.06.16 21:36:51 | 000,001,121 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-en-GB.xml O1 HOSTS File: ([2009.06.10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O3 - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.) O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8 - Extra context menu item: An vorhandene PDF-Datei anfügen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: In Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel an vorhandene PDF-Datei anhängen - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Linkziel in Adobe PDF konvertieren - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated) O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~1\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Programme\ICQ7.4\ICQ.exe (ICQ, LLC.) O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{0A4C0B1F-A49B-44EC-91CD-4CE0601981A0}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{E80286E2-5580-4D5A-95FF-00D11B587DE9}: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk - C:\Acer\Empowering Technology\eAPLauncher.exe - (Acer Inc.) MsConfig - StartUpReg: Adobe_ID0ENQBO - hkey= - key= - C:\Programme\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4Tray.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: ControlCenter3 - hkey= - key= - C:\Program Files\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) MsConfig - StartUpReg: ICQ - hkey= - key= - C:\Program Files\ICQ7.4\ICQ.exe (ICQ, LLC.) MsConfig - StartUpReg: RocketDock - hkey= - key= - File not found MsConfig - State: "startup" - 2 MsConfig - State: "bootini" - 2 SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {D456C702-E045-F1A9-4056-6BA1D13F4274} - Browser Customizations ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.07.05 22:23:07 | 000,595,968 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.05 17:39:46 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.07.05 17:39:27 | 002,322,184 | ---- | C] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.04 15:42:03 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.07.04 10:28:43 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Malwarebytes [2012.07.04 10:28:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.07.04 10:28:37 | 000,022,344 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.07.04 10:28:37 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.07.03 19:46:25 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java [2012.07.03 19:45:23 | 000,000,000 | ---D | C] -- C:\Program Files\Java [2012.06.25 09:30:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\Macromedia ========== Files - Modified Within 30 Days ========== [2012.07.05 22:23:10 | 000,595,968 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012.07.05 22:00:01 | 000,001,118 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.07.05 18:00:07 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.07.05 17:39:28 | 002,322,184 | ---- | M] (ESET) -- C:\Users\***\Desktop\esetsmartinstaller_enu.exe [2012.07.05 14:29:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.07.04 16:28:17 | 000,654,166 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.07.04 16:28:17 | 000,616,008 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.07.04 16:28:17 | 000,130,006 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.07.04 16:28:17 | 000,106,388 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.07.04 14:13:24 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 14:13:24 | 000,016,560 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.07.04 14:05:43 | 2414,436,352 | -HS- | M] () -- C:\hiberfil.sys [2012.06.13 18:14:02 | 002,313,128 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.06.12 23:00:27 | 000,005,632 | ---- | M] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.06.10 17:30:49 | 000,001,580 | ---- | M] () -- C:\Users\***\Desktop\Brother Control Center.lnk ========== Files Created - No Company Name ========== [2012.07.04 16:15:47 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader X.lnk [2012.06.10 17:30:49 | 000,001,580 | ---- | C] () -- C:\Users\***\Desktop\Brother Control Center.lnk [2012.04.15 15:12:53 | 000,000,892 | ---- | C] () -- C:\Users\***\AppData\Roaming\burnaware.ini [2012.04.04 18:55:24 | 000,005,632 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.12.14 13:20:49 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll [2011.12.14 13:20:49 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll [2011.02.23 18:07:25 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2011.02.16 20:02:36 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.01.31 16:32:01 | 000,007,603 | ---- | C] () -- C:\Users\***\AppData\Local\Resmon.ResmonCfg [2011.01.11 20:06:31 | 000,004,096 | -H-- | C] () -- C:\Users\***\AppData\Local\keyfile3.drm [2010.11.21 17:49:52 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2010.11.21 17:48:36 | 000,000,050 | ---- | C] () -- C:\Windows\System32\BRIDF10A.DAT [2010.11.19 10:26:54 | 000,331,776 | ---- | C] () -- C:\Windows\System32\ScrollBarLib.dll [2010.11.19 10:26:54 | 000,053,248 | ---- | C] ( ) -- C:\Windows\System32\Interop.Shell32.dll [2010.11.18 10:44:35 | 000,356,352 | ---- | C] () -- C:\Windows\EMCRI.dll [2010.11.18 02:55:56 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI ========== LOP Check ========== [2011.10.22 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2012.04.16 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.04.15 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2011.04.07 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2011.03.08 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2010.11.20 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2011.10.22 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2011.02.22 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2011.10.27 14:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode [2012.02.14 09:43:22 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.07.04 16:01:03 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Adobe [2012.05.22 11:04:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Apple Computer [2011.10.15 09:04:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Avira [2010.11.21 17:54:12 | 000,000,000 | R--D | M] -- C:\Users\***\AppData\Roaming\Brother [2011.10.22 15:32:30 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Downloaded Installations [2011.03.15 10:54:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dvdcss [2012.04.16 17:36:17 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012.04.15 19:10:06 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\HandBrake [2011.04.07 13:24:46 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\ICQ [2010.11.18 01:08:49 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Identities [2011.03.08 19:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InfraRecorder [2010.11.21 17:45:32 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\InstallShield [2010.11.20 12:29:55 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\IrfanView [2010.11.19 10:50:33 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Macromedia [2012.07.04 10:28:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Malwarebytes [2009.07.14 10:56:56 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Center Programs [2011.03.27 18:58:21 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Media Player Classic [2012.06.25 09:30:06 | 000,000,000 | --SD | M] -- C:\Users\***\AppData\Roaming\Microsoft [2011.02.22 21:01:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Mozilla [2011.10.22 15:36:23 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Nitro PDF [2012.06.01 11:28:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Skype [2012.06.01 11:28:02 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\skypePM [2011.02.22 21:04:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Thunderbird [2012.01.31 23:32:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\vlc [2011.10.27 14:18:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\XMedia Recode < %APPDATA%\*.exe /s > [2012.05.05 13:25:07 | 000,053,632 | ---- | M] (Adobe Systems Inc.) -- C:\Users\***\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\airappinstaller\airappinstaller.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys [2009.07.14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys [2009.07.14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: IASTORV.SYS > [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011.03.11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys [2011.03.11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2009.07.14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys [2011.03.11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011.03.11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys [2011.03.11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2011.03.11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys [2009.07.14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2009.07.14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll [2010.11.20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2012.04.04 15:56:38 | 000,199,240 | ---- | M] () MD5=097D0E812D7A9A3101CE46CB2BE0474D -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe [2009.10.28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe [2010.11.20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe [2009.07.14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys [2009.07.14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < > < End of report > |
|
06.07.2012, 08:14
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://de.ask.com/?l=dis&o=14597
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://de.msn.com/?ocid=iehp
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 86 7C 33 86 9D 94 CC 01 [binary data]
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\..\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}: "URL" = http://websearch.ask.com/redirect?client=ie&tb=FF&o=14594&src=crm&q={searchTerms}&locale=&apn_ptnrs=FV&apn_dtid=YYYYYYYYDE&apn_uid=9621eb39-4e86-4b99-8445-36f6e6688379&apn_sauid=29707ED1-A83A-4FD0-B7C1-FF640792C608
FF - prefs.js..browser.search.order.1: "Ask.com"
FF - prefs.js..browser.search.selectedEngine: "Ask.com"
FF - user.js - File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 255
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2012, 09:38
| #11 |
| | Rechner nach Virusfund sauber? Hallo, ist ohne Probleme durchgelaufen, gab einen Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache AcceptLangs| /E : value set successfully!
HKU\S-1-5-21-3905438483-2618847446-3028115750-1001\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache_TIMESTAMP| /E : value set successfully!
HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\\DefaultScope| /E : value set successfully!
Registry key HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}\ not found.
Registry key HKEY_USERS\S-1-5-21-3905438483-2618847446-3028115750-1001\Software\Microsoft\Internet Explorer\SearchScopes\{64D07A23-70CA-4B42-A153-A748A482741C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{64D07A23-70CA-4B42-A153-A748A482741C}\ not found.
Prefs.js: "Ask.com" removed from browser.search.order.1
Prefs.js: "Ask.com" removed from browser.search.selectedEngine
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveAutoRun deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorAdmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\ConsentPromptBehaviorUser deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrator
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: ***
->Temp folder emptied: 310207326 bytes
->Temporary Internet Files folder emptied: 76307344 bytes
->Java cache emptied: 12895871 bytes
->FireFox cache emptied: 594885756 bytes
->Flash cache emptied: 71456 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 132863870 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.075,00 mb
[EMPTYFLASH]
User: Administrator
User: All Users
User: Default
->Flash cache emptied: 0 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: ***
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.53.1 log created on 07062012_102549
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Blobbit |
|
06.07.2012, 10:44
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2012, 11:00
| #13 |
| | Rechner nach Virusfund sauber? Hier der Report, hab mit den zwei Funden noch nichts gemacht. Code:
ATTFilter 11:55:49.0489 3836 TDSS rootkit removing tool 2.7.44.0 Jul 2 2012 20:01:08
11:55:49.0505 3836 ============================================================
11:55:49.0505 3836 Current date / time: 2012/07/06 11:55:49.0505
11:55:49.0505 3836 SystemInfo:
11:55:49.0505 3836
11:55:49.0505 3836 OS Version: 6.1.7601 ServicePack: 1.0
11:55:49.0505 3836 Product type: Workstation
11:55:49.0505 3836 ComputerName: KATHISLÄPPI
11:55:49.0505 3836 UserName: Katharina Therre
11:55:49.0505 3836 Windows directory: C:\Windows
11:55:49.0505 3836 System windows directory: C:\Windows
11:55:49.0505 3836 Processor architecture: Intel x86
11:55:49.0505 3836 Number of processors: 2
11:55:49.0505 3836 Page size: 0x1000
11:55:49.0505 3836 Boot type: Normal boot
11:55:49.0505 3836 ============================================================
11:55:50.0706 3836 Drive \Device\Harddisk0\DR0 - Size: 0x1BF2976000 (111.79 Gb), SectorSize: 0x200, Cylinders: 0x3901, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
11:55:50.0722 3836 ============================================================
11:55:50.0722 3836 \Device\Harddisk0\DR0:
11:55:50.0722 3836 MBR partitions:
11:55:50.0722 3836 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
11:55:50.0722 3836 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x61A7800
11:55:50.0722 3836 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x61DA000, BlocksNum 0x7DBA000
11:55:50.0722 3836 ============================================================
11:55:50.0737 3836 C: <-> \Device\Harddisk0\DR0\Partition1
11:55:50.0768 3836 D: <-> \Device\Harddisk0\DR0\Partition2
11:55:50.0768 3836 ============================================================
11:55:50.0768 3836 Initialize success
11:55:50.0768 3836 ============================================================
11:56:15.0572 2912 ============================================================
11:56:15.0572 2912 Scan started
11:56:15.0572 2912 Mode: Manual; SigCheck; TDLFS;
11:56:15.0572 2912 ============================================================
11:56:16.0306 2912 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
11:56:16.0430 2912 1394ohci - ok
11:56:16.0462 2912 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
11:56:16.0493 2912 ACPI - ok
11:56:16.0524 2912 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
11:56:16.0602 2912 AcpiPmi - ok
11:56:16.0665 2912 adfs (6d7f09cd92a9fef3a8efce66231fdd79) C:\Windows\system32\drivers\adfs.sys
11:56:16.0696 2912 adfs - ok
11:56:16.0852 2912 Adobe Version Cue CS4 (57a3b9a69f14414ace12afd6ba701773) C:\Program Files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe
11:56:16.0883 2912 Adobe Version Cue CS4 - ok
11:56:16.0992 2912 AdobeARMservice (62b7936f9036dd6ed36e6a7efa805dc0) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
11:56:17.0008 2912 AdobeARMservice - ok
11:56:17.0133 2912 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
11:56:17.0179 2912 adp94xx - ok
11:56:17.0226 2912 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
11:56:17.0242 2912 adpahci - ok
11:56:17.0273 2912 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
11:56:17.0289 2912 adpu320 - ok
11:56:17.0320 2912 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
11:56:17.0382 2912 AeLookupSvc - ok
11:56:17.0460 2912 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
11:56:17.0523 2912 AFD - ok
11:56:17.0569 2912 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
11:56:17.0585 2912 agp440 - ok
11:56:17.0616 2912 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
11:56:17.0647 2912 aic78xx - ok
11:56:17.0694 2912 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
11:56:17.0741 2912 ALG - ok
11:56:17.0772 2912 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
11:56:17.0788 2912 aliide - ok
11:56:17.0803 2912 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
11:56:17.0819 2912 amdagp - ok
11:56:17.0850 2912 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
11:56:17.0866 2912 amdide - ok
11:56:17.0913 2912 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
11:56:17.0944 2912 AmdK8 - ok
11:56:17.0959 2912 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
11:56:18.0006 2912 AmdPPM - ok
11:56:18.0069 2912 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
11:56:18.0084 2912 amdsata - ok
11:56:18.0115 2912 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
11:56:18.0131 2912 amdsbs - ok
11:56:18.0147 2912 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
11:56:18.0162 2912 amdxata - ok
11:56:18.0271 2912 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
11:56:18.0287 2912 AntiVirSchedulerService - ok
11:56:18.0349 2912 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
11:56:18.0365 2912 AntiVirService - ok
11:56:18.0412 2912 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
11:56:18.0568 2912 AppID - ok
11:56:18.0615 2912 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
11:56:18.0708 2912 AppIDSvc - ok
11:56:18.0755 2912 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
11:56:18.0817 2912 Appinfo - ok
11:56:18.0849 2912 AppMgmt (a45d184df6a8803da13a0b329517a64a) C:\Windows\System32\appmgmts.dll
11:56:18.0880 2912 AppMgmt - ok
11:56:18.0911 2912 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
11:56:18.0927 2912 arc - ok
11:56:18.0958 2912 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
11:56:18.0973 2912 arcsas - ok
11:56:19.0005 2912 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
11:56:19.0051 2912 AsyncMac - ok
11:56:19.0083 2912 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
11:56:19.0098 2912 atapi - ok
11:56:19.0176 2912 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:56:19.0239 2912 AudioEndpointBuilder - ok
11:56:19.0254 2912 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
11:56:19.0301 2912 Audiosrv - ok
11:56:19.0363 2912 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
11:56:19.0410 2912 avgntflt - ok
11:56:19.0473 2912 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
11:56:19.0488 2912 avipbb - ok
11:56:19.0535 2912 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
11:56:19.0551 2912 avkmgr - ok
11:56:19.0597 2912 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
11:56:19.0644 2912 AxInstSV - ok
11:56:19.0707 2912 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
11:56:19.0753 2912 b06bdrv - ok
11:56:19.0800 2912 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
11:56:19.0816 2912 b57nd60x - ok
11:56:19.0863 2912 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
11:56:19.0909 2912 BDESVC - ok
11:56:19.0925 2912 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
11:56:19.0987 2912 Beep - ok
11:56:20.0065 2912 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
11:56:20.0128 2912 BFE - ok
11:56:20.0190 2912 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
11:56:20.0253 2912 BITS - ok
11:56:20.0284 2912 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
11:56:20.0315 2912 blbdrive - ok
11:56:20.0346 2912 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
11:56:20.0393 2912 bowser - ok
11:56:20.0424 2912 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
11:56:20.0487 2912 BrFiltLo - ok
11:56:20.0502 2912 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
11:56:20.0533 2912 BrFiltUp - ok
11:56:20.0580 2912 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
11:56:20.0674 2912 Browser - ok
11:56:20.0721 2912 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
11:56:20.0752 2912 Brserid - ok
11:56:20.0767 2912 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
11:56:20.0814 2912 BrSerWdm - ok
11:56:20.0830 2912 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
11:56:20.0877 2912 BrUsbMdm - ok
11:56:20.0877 2912 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
11:56:20.0908 2912 BrUsbSer - ok
11:56:21.0001 2912 BrYNSvc (ea7e57f87d6fee5fd6c5f813c04e8cd2) C:\Program Files\Browny02\BrYNSvc.exe
11:56:21.0017 2912 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
11:56:21.0017 2912 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
11:56:21.0095 2912 BthEnum (2865a5c8e98c70c605f417908cebb3a4) C:\Windows\system32\drivers\BthEnum.sys
11:56:21.0142 2912 BthEnum - ok
11:56:21.0173 2912 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
11:56:21.0189 2912 BTHMODEM - ok
11:56:21.0220 2912 BthPan (ad1872e5829e8a2c3b5b4b641c3eab0e) C:\Windows\system32\DRIVERS\bthpan.sys
11:56:21.0251 2912 BthPan - ok
11:56:21.0329 2912 BTHPORT (c2fbf6d271d9a94d839c416bf186ead9) C:\Windows\System32\Drivers\BTHport.sys
11:56:21.0376 2912 BTHPORT - ok
11:56:21.0423 2912 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
11:56:21.0469 2912 bthserv - ok
11:56:21.0485 2912 BTHUSB (c81e9413a25a439f436b1d4b6a0cf9e9) C:\Windows\System32\Drivers\BTHUSB.sys
11:56:21.0516 2912 BTHUSB - ok
11:56:21.0563 2912 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
11:56:21.0610 2912 cdfs - ok
11:56:21.0672 2912 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
11:56:21.0719 2912 cdrom - ok
11:56:21.0766 2912 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:56:21.0828 2912 CertPropSvc - ok
11:56:21.0859 2912 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
11:56:21.0875 2912 circlass - ok
11:56:21.0922 2912 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
11:56:21.0937 2912 CLFS - ok
11:56:22.0015 2912 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
11:56:22.0031 2912 clr_optimization_v2.0.50727_32 - ok
11:56:22.0125 2912 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
11:56:22.0140 2912 clr_optimization_v4.0.30319_32 - ok
11:56:22.0156 2912 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
11:56:22.0171 2912 CmBatt - ok
11:56:22.0203 2912 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
11:56:22.0218 2912 cmdide - ok
11:56:22.0265 2912 CNG (6427525d76f61d0c519b008d3680e8e7) C:\Windows\system32\Drivers\cng.sys
11:56:22.0296 2912 CNG - ok
11:56:22.0327 2912 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
11:56:22.0343 2912 Compbatt - ok
11:56:22.0390 2912 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
11:56:22.0421 2912 CompositeBus - ok
11:56:22.0421 2912 COMSysApp - ok
11:56:22.0452 2912 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
11:56:22.0483 2912 crcdisk - ok
11:56:22.0530 2912 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
11:56:22.0561 2912 CryptSvc - ok
11:56:22.0624 2912 CSC (3c2177a897b4ca2788c6fb0c3fd81d4b) C:\Windows\system32\drivers\csc.sys
11:56:22.0686 2912 CSC - ok
11:56:22.0733 2912 CscService (15f93b37f6801943360d9eb42485d5d3) C:\Windows\System32\cscsvc.dll
11:56:22.0795 2912 CscService - ok
11:56:22.0842 2912 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:56:22.0905 2912 DcomLaunch - ok
11:56:22.0936 2912 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
11:56:22.0998 2912 defragsvc - ok
11:56:23.0076 2912 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
11:56:23.0139 2912 DfsC - ok
11:56:23.0232 2912 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
11:56:23.0295 2912 Dhcp - ok
11:56:23.0326 2912 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
11:56:23.0373 2912 discache - ok
11:56:23.0435 2912 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
11:56:23.0451 2912 Disk - ok
11:56:23.0482 2912 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
11:56:23.0513 2912 Dnscache - ok
11:56:23.0575 2912 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
11:56:23.0638 2912 dot3svc - ok
11:56:23.0700 2912 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
11:56:23.0763 2912 DPS - ok
11:56:23.0794 2912 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
11:56:23.0825 2912 drmkaud - ok
11:56:23.0887 2912 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
11:56:23.0934 2912 DXGKrnl - ok
11:56:23.0981 2912 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
11:56:24.0028 2912 EapHost - ok
11:56:24.0262 2912 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
11:56:24.0371 2912 ebdrv - ok
11:56:24.0480 2912 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
11:56:24.0511 2912 EFS - ok
11:56:24.0605 2912 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
11:56:24.0652 2912 ehRecvr - ok
11:56:24.0683 2912 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
11:56:24.0714 2912 ehSched - ok
11:56:24.0823 2912 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
11:56:24.0870 2912 elxstor - ok
11:56:24.0901 2912 EMSCR (1fa3f9df8983873746fa6b72dd7e3c2c) C:\Windows\system32\DRIVERS\EMS7SK.sys
11:56:24.0933 2912 EMSCR - ok
11:56:24.0964 2912 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
11:56:25.0011 2912 ErrDev - ok
11:56:25.0042 2912 ESDCR (9c7487253aad6bf61f9bc83d50e32ccc) C:\Windows\system32\DRIVERS\ESD7SK.sys
11:56:25.0089 2912 ESDCR - ok
11:56:25.0120 2912 ESMCR (99589d975da04f8bd31f124428fcc797) C:\Windows\system32\DRIVERS\ESM7SK.sys
11:56:25.0167 2912 ESMCR - ok
11:56:25.0213 2912 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
11:56:25.0260 2912 EventSystem - ok
11:56:25.0291 2912 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
11:56:25.0338 2912 exfat - ok
11:56:25.0369 2912 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
11:56:25.0432 2912 fastfat - ok
11:56:25.0510 2912 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
11:56:25.0541 2912 Fax - ok
11:56:25.0557 2912 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
11:56:25.0572 2912 fdc - ok
11:56:25.0603 2912 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
11:56:25.0650 2912 fdPHost - ok
11:56:25.0666 2912 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
11:56:25.0728 2912 FDResPub - ok
11:56:25.0744 2912 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
11:56:25.0759 2912 FileInfo - ok
11:56:25.0791 2912 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
11:56:25.0837 2912 Filetrace - ok
11:56:25.0947 2912 FLEXnet Licensing Service (1f63900e2eb00101b9aca2b7a870704e) C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
11:56:25.0978 2912 FLEXnet Licensing Service - ok
11:56:25.0993 2912 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
11:56:26.0025 2912 flpydisk - ok
11:56:26.0040 2912 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
11:56:26.0071 2912 FltMgr - ok
11:56:26.0149 2912 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
11:56:26.0212 2912 FontCache - ok
11:56:26.0305 2912 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
11:56:26.0321 2912 FontCache3.0.0.0 - ok
11:56:26.0337 2912 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
11:56:26.0352 2912 FsDepends - ok
11:56:26.0399 2912 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
11:56:26.0415 2912 Fs_Rec - ok
11:56:26.0461 2912 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
11:56:26.0477 2912 fvevol - ok
11:56:26.0524 2912 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
11:56:26.0539 2912 gagp30kx - ok
11:56:26.0602 2912 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
11:56:26.0680 2912 gpsvc - ok
11:56:26.0851 2912 gupdate (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:26.0883 2912 gupdate - ok
11:56:26.0883 2912 gupdatem (f02a533f517eb38333cb12a9e8963773) C:\Program Files\Google\Update\GoogleUpdate.exe
11:56:26.0914 2912 gupdatem - ok
11:56:26.0929 2912 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
11:56:26.0961 2912 hcw85cir - ok
11:56:27.0007 2912 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
11:56:27.0054 2912 HdAudAddService - ok
11:56:27.0101 2912 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
11:56:27.0148 2912 HDAudBus - ok
11:56:27.0163 2912 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
11:56:27.0210 2912 HidBatt - ok
11:56:27.0241 2912 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
11:56:27.0273 2912 HidBth - ok
11:56:27.0304 2912 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
11:56:27.0335 2912 HidIr - ok
11:56:27.0366 2912 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
11:56:27.0413 2912 hidserv - ok
11:56:27.0475 2912 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\DRIVERS\hidusb.sys
11:56:27.0491 2912 HidUsb - ok
11:56:27.0522 2912 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
11:56:27.0585 2912 hkmsvc - ok
11:56:27.0616 2912 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
11:56:27.0663 2912 HomeGroupListener - ok
11:56:27.0694 2912 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
11:56:27.0741 2912 HomeGroupProvider - ok
11:56:27.0803 2912 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
11:56:27.0819 2912 HpSAMD - ok
11:56:27.0928 2912 HSF_DPV (53229dcf431d76434816cd29251168a0) C:\Windows\system32\DRIVERS\HSX_DPV.sys
11:56:28.0006 2912 HSF_DPV - ok
11:56:28.0084 2912 HSXHWAZL (31f949d452201f2f0af0c88d7db512cd) C:\Windows\system32\DRIVERS\HSXHWAZL.sys
11:56:28.0131 2912 HSXHWAZL - ok
11:56:28.0224 2912 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
11:56:28.0287 2912 HTTP - ok
11:56:28.0318 2912 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
11:56:28.0333 2912 hwpolicy - ok
11:56:28.0380 2912 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
11:56:28.0427 2912 i8042prt - ok
11:56:28.0505 2912 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
11:56:28.0536 2912 iaStorV - ok
11:56:28.0708 2912 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
11:56:28.0755 2912 idsvc - ok
11:56:28.0801 2912 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
11:56:28.0817 2912 iirsp - ok
11:56:28.0926 2912 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
11:56:29.0004 2912 IKEEXT - ok
11:56:29.0035 2912 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
11:56:29.0051 2912 intelide - ok
11:56:29.0098 2912 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
11:56:29.0129 2912 intelppm - ok
11:56:29.0160 2912 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
11:56:29.0207 2912 IPBusEnum - ok
11:56:29.0223 2912 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
11:56:29.0285 2912 IpFilterDriver - ok
11:56:29.0347 2912 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
11:56:29.0394 2912 iphlpsvc - ok
11:56:29.0441 2912 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
11:56:29.0488 2912 IPMIDRV - ok
11:56:29.0503 2912 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
11:56:29.0550 2912 IPNAT - ok
11:56:29.0597 2912 irda (9f7e491fb0ba0f9e370163834fc1fe31) C:\Windows\system32\DRIVERS\irda.sys
11:56:29.0644 2912 irda - ok
11:56:29.0659 2912 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
11:56:29.0691 2912 IRENUM - ok
11:56:29.0722 2912 Irmon (4220d2f03d5c4226d0a1aa4b84025e45) C:\Windows\System32\irmon.dll
11:56:29.0737 2912 Irmon - ok
11:56:29.0784 2912 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
11:56:29.0800 2912 isapnp - ok
11:56:29.0831 2912 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
11:56:29.0862 2912 iScsiPrt - ok
11:56:29.0893 2912 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\DRIVERS\kbdclass.sys
11:56:29.0909 2912 kbdclass - ok
11:56:29.0940 2912 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\DRIVERS\kbdhid.sys
11:56:29.0987 2912 kbdhid - ok
11:56:30.0018 2912 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:30.0034 2912 KeyIso - ok
11:56:30.0049 2912 KSecDD (f4647bb23db9038a7536cf6b68f4207f) C:\Windows\system32\Drivers\ksecdd.sys
11:56:30.0065 2912 KSecDD - ok
11:56:30.0096 2912 KSecPkg (e73cae53bbb72ba26918492c6b4c229d) C:\Windows\system32\Drivers\ksecpkg.sys
11:56:30.0112 2912 KSecPkg - ok
11:56:30.0143 2912 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
11:56:30.0205 2912 KtmRm - ok
11:56:30.0268 2912 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
11:56:30.0346 2912 LanmanServer - ok
11:56:30.0377 2912 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
11:56:30.0439 2912 LanmanWorkstation - ok
11:56:30.0486 2912 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
11:56:30.0549 2912 lltdio - ok
11:56:30.0580 2912 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
11:56:30.0627 2912 lltdsvc - ok
11:56:30.0642 2912 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
11:56:30.0689 2912 lmhosts - ok
11:56:30.0720 2912 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
11:56:30.0751 2912 LSI_FC - ok
11:56:30.0767 2912 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
11:56:30.0783 2912 LSI_SAS - ok
11:56:30.0814 2912 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
11:56:30.0829 2912 LSI_SAS2 - ok
11:56:30.0829 2912 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
11:56:30.0861 2912 LSI_SCSI - ok
11:56:30.0892 2912 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
11:56:30.0939 2912 luafv - ok
11:56:30.0970 2912 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
11:56:30.0985 2912 Mcx2Svc - ok
11:56:31.0017 2912 mdmxsdk (0cea2d0d3fa284b85ed5b68365114f76) C:\Windows\system32\DRIVERS\mdmxsdk.sys
11:56:31.0048 2912 mdmxsdk - ok
11:56:31.0079 2912 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
11:56:31.0095 2912 megasas - ok
11:56:31.0141 2912 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
11:56:31.0173 2912 MegaSR - ok
11:56:31.0204 2912 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:56:31.0266 2912 MMCSS - ok
11:56:31.0282 2912 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
11:56:31.0344 2912 Modem - ok
11:56:31.0375 2912 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
11:56:31.0391 2912 monitor - ok
11:56:31.0453 2912 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\DRIVERS\mouclass.sys
11:56:31.0469 2912 mouclass - ok
11:56:31.0500 2912 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
11:56:31.0516 2912 mouhid - ok
11:56:31.0563 2912 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
11:56:31.0578 2912 mountmgr - ok
11:56:31.0687 2912 MozillaMaintenance (15d5398eed42c2504bb3d4fc875c15d1) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
11:56:31.0719 2912 MozillaMaintenance - ok
11:56:31.0750 2912 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
11:56:31.0765 2912 mpio - ok
11:56:31.0812 2912 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
11:56:31.0859 2912 mpsdrv - ok
11:56:31.0921 2912 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
11:56:31.0999 2912 MpsSvc - ok
11:56:32.0046 2912 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
11:56:32.0077 2912 MRxDAV - ok
11:56:32.0140 2912 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
11:56:32.0187 2912 mrxsmb - ok
11:56:32.0233 2912 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
11:56:32.0265 2912 mrxsmb10 - ok
11:56:32.0296 2912 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
11:56:32.0327 2912 mrxsmb20 - ok
11:56:32.0374 2912 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
11:56:32.0389 2912 msahci - ok
11:56:32.0421 2912 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
11:56:32.0452 2912 msdsm - ok
11:56:32.0483 2912 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
11:56:32.0514 2912 MSDTC - ok
11:56:32.0530 2912 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
11:56:32.0577 2912 Msfs - ok
11:56:32.0592 2912 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
11:56:32.0655 2912 mshidkmdf - ok
11:56:32.0670 2912 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
11:56:32.0686 2912 msisadrv - ok
11:56:32.0748 2912 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
11:56:32.0795 2912 MSiSCSI - ok
11:56:32.0811 2912 msiserver - ok
11:56:32.0857 2912 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
11:56:32.0904 2912 MSKSSRV - ok
11:56:32.0920 2912 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
11:56:32.0967 2912 MSPCLOCK - ok
11:56:32.0982 2912 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
11:56:33.0045 2912 MSPQM - ok
11:56:33.0076 2912 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
11:56:33.0091 2912 MsRPC - ok
11:56:33.0123 2912 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
11:56:33.0138 2912 mssmbios - ok
11:56:33.0169 2912 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
11:56:33.0216 2912 MSTEE - ok
11:56:33.0232 2912 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
11:56:33.0247 2912 MTConfig - ok
11:56:33.0263 2912 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
11:56:33.0279 2912 Mup - ok
11:56:33.0341 2912 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
11:56:33.0403 2912 napagent - ok
11:56:33.0435 2912 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
11:56:33.0466 2912 NativeWifiP - ok
11:56:33.0559 2912 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
11:56:33.0606 2912 NDIS - ok
11:56:33.0622 2912 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
11:56:33.0684 2912 NdisCap - ok
11:56:33.0715 2912 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
11:56:33.0762 2912 NdisTapi - ok
11:56:33.0809 2912 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
11:56:33.0856 2912 Ndisuio - ok
11:56:33.0903 2912 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
11:56:33.0965 2912 NdisWan - ok
11:56:33.0996 2912 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
11:56:34.0027 2912 NDProxy - ok
11:56:34.0074 2912 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
11:56:34.0121 2912 NetBIOS - ok
11:56:34.0168 2912 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
11:56:34.0199 2912 NetBT - ok
11:56:34.0246 2912 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:34.0261 2912 Netlogon - ok
11:56:34.0308 2912 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
11:56:34.0386 2912 Netman - ok
11:56:34.0417 2912 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
11:56:34.0480 2912 netprofm - ok
11:56:34.0573 2912 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
11:56:34.0605 2912 NetTcpPortSharing - ok
11:56:34.0901 2912 netw5v32 (58218ec6b61b1169cf54aab0d00f5fe2) C:\Windows\system32\DRIVERS\netw5v32.sys
11:56:35.0041 2912 netw5v32 - ok
11:56:35.0166 2912 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
11:56:35.0197 2912 nfrd960 - ok
11:56:35.0244 2912 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
11:56:35.0322 2912 NlaSvc - ok
11:56:35.0338 2912 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
11:56:35.0400 2912 Npfs - ok
11:56:35.0416 2912 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
11:56:35.0478 2912 nsi - ok
11:56:35.0494 2912 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
11:56:35.0556 2912 nsiproxy - ok
11:56:35.0697 2912 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
11:56:35.0759 2912 Ntfs - ok
11:56:35.0790 2912 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
11:56:35.0853 2912 Null - ok
11:56:36.0352 2912 nvlddmkm (05b288b25c2ebd9a4e9e5114ae790876) C:\Windows\system32\DRIVERS\nvlddmkm.sys
11:56:36.0835 2912 nvlddmkm - ok
11:56:36.0991 2912 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
11:56:37.0023 2912 nvraid - ok
11:56:37.0038 2912 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
11:56:37.0069 2912 nvstor - ok
11:56:37.0116 2912 nvsvc (e937a615d4289e83e234c3ec26092431) C:\Windows\system32\nvvsvc.exe
11:56:37.0132 2912 nvsvc - ok
11:56:37.0179 2912 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
11:56:37.0194 2912 nv_agp - ok
11:56:37.0303 2912 odserv (84de1dd996b48b05ace31ad015fa108a) C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
11:56:37.0350 2912 odserv - ok
11:56:37.0366 2912 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
11:56:37.0397 2912 ohci1394 - ok
11:56:37.0444 2912 ose (5a432a042dae460abe7199b758e8606c) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
11:56:37.0475 2912 ose - ok
11:56:37.0522 2912 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:56:37.0553 2912 p2pimsvc - ok
11:56:37.0584 2912 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
11:56:37.0615 2912 p2psvc - ok
11:56:37.0647 2912 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
11:56:37.0678 2912 Parport - ok
11:56:37.0709 2912 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
11:56:37.0725 2912 partmgr - ok
11:56:37.0740 2912 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
11:56:37.0756 2912 Parvdm - ok
11:56:37.0787 2912 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
11:56:37.0803 2912 PcaSvc - ok
11:56:37.0849 2912 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
11:56:37.0865 2912 pci - ok
11:56:37.0881 2912 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
11:56:37.0896 2912 pciide - ok
11:56:37.0927 2912 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
11:56:37.0943 2912 pcmcia - ok
11:56:37.0959 2912 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
11:56:37.0974 2912 pcw - ok
11:56:38.0037 2912 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
11:56:38.0099 2912 PEAUTH - ok
11:56:38.0177 2912 PeerDistSvc (af4d64d2a57b9772cf3801950b8058a6) C:\Windows\system32\peerdistsvc.dll
11:56:38.0239 2912 PeerDistSvc - ok
11:56:38.0380 2912 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
11:56:38.0473 2912 pla - ok
11:56:38.0676 2912 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
11:56:38.0723 2912 PlugPlay - ok
11:56:38.0739 2912 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
11:56:38.0770 2912 PNRPAutoReg - ok
11:56:38.0801 2912 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
11:56:38.0832 2912 PNRPsvc - ok
11:56:38.0895 2912 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
11:56:38.0973 2912 PolicyAgent - ok
11:56:39.0019 2912 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
11:56:39.0051 2912 Power - ok
11:56:39.0129 2912 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
11:56:39.0191 2912 PptpMiniport - ok
11:56:39.0207 2912 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
11:56:39.0238 2912 Processor - ok
11:56:39.0269 2912 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
11:56:39.0300 2912 ProfSvc - ok
11:56:39.0347 2912 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:39.0363 2912 ProtectedStorage - ok
11:56:39.0394 2912 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
11:56:39.0441 2912 Psched - ok
11:56:39.0534 2912 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
11:56:39.0581 2912 ql2300 - ok
11:56:39.0721 2912 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
11:56:39.0753 2912 ql40xx - ok
11:56:39.0799 2912 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
11:56:39.0831 2912 QWAVE - ok
11:56:39.0862 2912 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
11:56:39.0877 2912 QWAVEdrv - ok
11:56:39.0955 2912 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
11:56:39.0971 2912 RapiMgr - ok
11:56:39.0987 2912 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
11:56:40.0033 2912 RasAcd - ok
11:56:40.0065 2912 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
11:56:40.0096 2912 RasAgileVpn - ok
11:56:40.0143 2912 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
11:56:40.0174 2912 RasAuto - ok
11:56:40.0205 2912 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
11:56:40.0252 2912 Rasl2tp - ok
11:56:40.0283 2912 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
11:56:40.0345 2912 RasMan - ok
11:56:40.0361 2912 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
11:56:40.0423 2912 RasPppoe - ok
11:56:40.0439 2912 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
11:56:40.0501 2912 RasSstp - ok
11:56:40.0548 2912 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
11:56:40.0611 2912 rdbss - ok
11:56:40.0611 2912 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
11:56:40.0642 2912 rdpbus - ok
11:56:40.0673 2912 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
11:56:40.0751 2912 RDPCDD - ok
11:56:40.0782 2912 RDPDR (b973fcfc50dc1434e1970a146f7e3885) C:\Windows\system32\drivers\rdpdr.sys
11:56:40.0798 2912 RDPDR - ok
11:56:40.0845 2912 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
11:56:40.0891 2912 RDPENCDD - ok
11:56:40.0907 2912 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
11:56:40.0954 2912 RDPREFMP - ok
11:56:41.0001 2912 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
11:56:41.0032 2912 RDPWD - ok
11:56:41.0094 2912 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
11:56:41.0110 2912 rdyboost - ok
11:56:41.0141 2912 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
11:56:41.0203 2912 RemoteAccess - ok
11:56:41.0235 2912 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
11:56:41.0297 2912 RemoteRegistry - ok
11:56:41.0359 2912 RFCOMM (cb928d9e6daf51879dd6ba8d02f01321) C:\Windows\system32\DRIVERS\rfcomm.sys
11:56:41.0406 2912 RFCOMM - ok
11:56:41.0422 2912 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
11:56:41.0469 2912 RpcEptMapper - ok
11:56:41.0515 2912 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
11:56:41.0547 2912 RpcLocator - ok
11:56:41.0593 2912 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
11:56:41.0656 2912 RpcSs - ok
11:56:41.0687 2912 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
11:56:41.0718 2912 rspndr - ok
11:56:41.0749 2912 s3cap (7fa7f2e249a5dcbb7970630e15e1f482) C:\Windows\system32\drivers\vms3cap.sys
11:56:41.0781 2912 s3cap - ok
11:56:41.0812 2912 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:41.0843 2912 SamSs - ok
11:56:41.0874 2912 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
11:56:41.0890 2912 sbp2port - ok
11:56:41.0921 2912 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
11:56:41.0968 2912 SCardSvr - ok
11:56:41.0999 2912 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
11:56:42.0061 2912 scfilter - ok
11:56:42.0155 2912 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
11:56:42.0217 2912 Schedule - ok
11:56:42.0249 2912 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
11:56:42.0295 2912 SCPolicySvc - ok
11:56:42.0342 2912 sdbus (0328be1c7f1cba23848179f8762e391c) C:\Windows\system32\drivers\sdbus.sys
11:56:42.0373 2912 sdbus - ok
11:56:42.0405 2912 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
11:56:42.0420 2912 SDRSVC - ok
11:56:42.0467 2912 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
11:56:42.0514 2912 secdrv - ok
11:56:42.0545 2912 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
11:56:42.0607 2912 seclogon - ok
11:56:42.0623 2912 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
11:56:42.0670 2912 SENS - ok
11:56:42.0701 2912 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
11:56:42.0732 2912 SensrSvc - ok
11:56:42.0748 2912 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
11:56:42.0810 2912 Serenum - ok
11:56:42.0826 2912 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
11:56:42.0857 2912 Serial - ok
11:56:42.0888 2912 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
11:56:42.0919 2912 sermouse - ok
11:56:42.0966 2912 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
11:56:43.0013 2912 SessionEnv - ok
11:56:43.0060 2912 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
11:56:43.0091 2912 sffdisk - ok
11:56:43.0107 2912 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
11:56:43.0122 2912 sffp_mmc - ok
11:56:43.0138 2912 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
11:56:43.0153 2912 sffp_sd - ok
11:56:43.0185 2912 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
11:56:43.0216 2912 sfloppy - ok
11:56:43.0263 2912 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
11:56:43.0325 2912 SharedAccess - ok
11:56:43.0372 2912 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
11:56:43.0434 2912 ShellHWDetection - ok
11:56:43.0465 2912 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
11:56:43.0497 2912 sisagp - ok
11:56:43.0528 2912 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
11:56:43.0543 2912 SiSRaid2 - ok
11:56:43.0559 2912 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
11:56:43.0575 2912 SiSRaid4 - ok
11:56:43.0606 2912 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
11:56:43.0637 2912 Smb - ok
11:56:43.0684 2912 SMSCIRDA (d1bf7148144ad1851893e84363f78130) C:\Windows\system32\DRIVERS\SMSCirda.sys
11:56:43.0731 2912 SMSCIRDA - ok
11:56:43.0793 2912 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
11:56:43.0824 2912 SNMPTRAP - ok
11:56:43.0855 2912 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
11:56:43.0871 2912 spldr - ok
11:56:43.0933 2912 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
11:56:43.0980 2912 Spooler - ok
11:56:44.0214 2912 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
11:56:44.0339 2912 sppsvc - ok
11:56:44.0448 2912 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
11:56:44.0495 2912 sppuinotify - ok
11:56:44.0557 2912 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
11:56:44.0604 2912 srv - ok
11:56:44.0651 2912 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
11:56:44.0682 2912 srv2 - ok
11:56:44.0729 2912 SrvHsfHDA (e00fdfaff025e94f9821153750c35a6d) C:\Windows\system32\DRIVERS\VSTAZL3.SYS
11:56:44.0760 2912 SrvHsfHDA - ok
11:56:44.0838 2912 SrvHsfV92 (ceb4e3b6890e1e42dca6694d9e59e1a0) C:\Windows\system32\DRIVERS\VSTDPV3.SYS
11:56:44.0885 2912 SrvHsfV92 - ok
11:56:44.0963 2912 SrvHsfWinac (bc0c7ea89194c299f051c24119000e17) C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
11:56:44.0994 2912 SrvHsfWinac - ok
11:56:45.0041 2912 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
11:56:45.0057 2912 srvnet - ok
11:56:45.0103 2912 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
11:56:45.0150 2912 SSDPSRV - ok
11:56:45.0213 2912 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
11:56:45.0228 2912 ssmdrv - ok
11:56:45.0244 2912 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
11:56:45.0291 2912 SstpSvc - ok
11:56:45.0322 2912 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
11:56:45.0337 2912 stexstor - ok
11:56:45.0353 2912 StillCam (edb05bd63148796f23ea78506404a538) C:\Windows\system32\DRIVERS\serscan.sys
11:56:45.0400 2912 StillCam - ok
11:56:45.0447 2912 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
11:56:45.0493 2912 StiSvc - ok
11:56:45.0540 2912 storflt (472af0311073dceceaa8fa18ba2bdf89) C:\Windows\system32\drivers\vmstorfl.sys
11:56:45.0571 2912 storflt - ok
11:56:45.0587 2912 StorSvc (0bf669f0a910beda4a32258d363af2a5) C:\Windows\system32\storsvc.dll
11:56:45.0618 2912 StorSvc - ok
11:56:45.0634 2912 storvsc (dcaffd62259e0bdb433dd67b5bb37619) C:\Windows\system32\drivers\storvsc.sys
11:56:45.0649 2912 storvsc - ok
11:56:45.0665 2912 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
11:56:45.0681 2912 swenum - ok
11:56:45.0712 2912 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
11:56:45.0759 2912 swprv - ok
11:56:45.0821 2912 SynTP (6bef3acd6ee22eec55b68699e8aace09) C:\Windows\system32\DRIVERS\SynTP.sys
11:56:45.0837 2912 SynTP - ok
11:56:45.0946 2912 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
11:56:46.0008 2912 SysMain - ok
11:56:46.0039 2912 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
11:56:46.0071 2912 TabletInputService - ok
11:56:46.0133 2912 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
11:56:46.0180 2912 TapiSrv - ok
11:56:46.0211 2912 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
11:56:46.0258 2912 TBS - ok
11:56:46.0398 2912 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
11:56:46.0445 2912 Tcpip - ok
11:56:46.0476 2912 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
11:56:46.0523 2912 TCPIP6 - ok
11:56:46.0570 2912 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
11:56:46.0632 2912 tcpipreg - ok
11:56:46.0663 2912 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
11:56:46.0695 2912 TDPIPE - ok
11:56:46.0726 2912 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
11:56:46.0757 2912 TDTCP - ok
11:56:46.0804 2912 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
11:56:46.0897 2912 tdx - ok
11:56:46.0944 2912 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
11:56:46.0960 2912 TermDD - ok
11:56:47.0038 2912 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
11:56:47.0116 2912 TermService - ok
11:56:47.0147 2912 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
11:56:47.0178 2912 Themes - ok
11:56:47.0209 2912 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
11:56:47.0256 2912 THREADORDER - ok
11:56:47.0272 2912 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
11:56:47.0319 2912 TrkWks - ok
11:56:47.0397 2912 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
11:56:47.0475 2912 TrustedInstaller - ok
11:56:47.0490 2912 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
11:56:47.0521 2912 tssecsrv - ok
11:56:47.0553 2912 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
11:56:47.0584 2912 TsUsbFlt - ok
11:56:47.0631 2912 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
11:56:47.0693 2912 tunnel - ok
11:56:47.0724 2912 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
11:56:47.0740 2912 uagp35 - ok
11:56:47.0802 2912 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
11:56:47.0865 2912 udfs - ok
11:56:47.0896 2912 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
11:56:47.0927 2912 UI0Detect - ok
11:56:47.0974 2912 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
11:56:47.0989 2912 uliagpkx - ok
11:56:48.0036 2912 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
11:56:48.0052 2912 umbus - ok
11:56:48.0083 2912 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
11:56:48.0099 2912 UmPass - ok
11:56:48.0145 2912 UmRdpService (409994a8eaceee4e328749c0353527a0) C:\Windows\System32\umrdp.dll
11:56:48.0177 2912 UmRdpService - ok
11:56:48.0223 2912 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
11:56:48.0270 2912 upnphost - ok
11:56:48.0286 2912 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
11:56:48.0333 2912 usbccgp - ok
11:56:48.0379 2912 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
11:56:48.0411 2912 usbcir - ok
11:56:48.0442 2912 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
11:56:48.0457 2912 usbehci - ok
11:56:48.0504 2912 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
11:56:48.0535 2912 usbhub - ok
11:56:48.0551 2912 usbohci (a6fb7957ea7afb1165991e54ce934b74) C:\Windows\system32\DRIVERS\usbohci.sys
11:56:48.0567 2912 usbohci - ok
11:56:48.0598 2912 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
11:56:48.0629 2912 usbprint - ok
11:56:48.0660 2912 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
11:56:48.0691 2912 usbscan - ok
11:56:48.0723 2912 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
11:56:48.0738 2912 USBSTOR - ok
11:56:48.0769 2912 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
11:56:48.0785 2912 usbuhci - ok
11:56:48.0801 2912 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
11:56:48.0863 2912 UxSms - ok
11:56:48.0910 2912 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
11:56:48.0925 2912 VaultSvc - ok
11:56:48.0972 2912 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
11:56:48.0988 2912 vdrvroot - ok
11:56:49.0066 2912 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
11:56:49.0113 2912 vds - ok
11:56:49.0144 2912 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
11:56:49.0175 2912 vga - ok
11:56:49.0191 2912 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
11:56:49.0237 2912 VgaSave - ok
11:56:49.0284 2912 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
11:56:49.0300 2912 vhdmp - ok
11:56:49.0331 2912 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
11:56:49.0347 2912 viaagp - ok
11:56:49.0362 2912 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
11:56:49.0393 2912 ViaC7 - ok
11:56:49.0409 2912 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
11:56:49.0425 2912 viaide - ok
11:56:49.0456 2912 vmbus (c2f2911156fdc7817c52829c86da494e) C:\Windows\system32\drivers\vmbus.sys
11:56:49.0471 2912 vmbus - ok
11:56:49.0487 2912 VMBusHID (d4d77455211e204f370d08f4963063ce) C:\Windows\system32\drivers\VMBusHID.sys
11:56:49.0534 2912 VMBusHID - ok
11:56:49.0565 2912 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
11:56:49.0581 2912 volmgr - ok
11:56:49.0627 2912 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
11:56:49.0643 2912 volmgrx - ok
11:56:49.0690 2912 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
11:56:49.0705 2912 volsnap - ok
11:56:49.0737 2912 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
11:56:49.0768 2912 vsmraid - ok
11:56:49.0861 2912 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
11:56:49.0939 2912 VSS - ok
11:56:49.0955 2912 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\System32\drivers\vwifibus.sys
11:56:49.0986 2912 vwifibus - ok
11:56:50.0033 2912 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
11:56:50.0095 2912 W32Time - ok
11:56:50.0127 2912 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
11:56:50.0142 2912 WacomPen - ok
11:56:50.0189 2912 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:50.0251 2912 WANARP - ok
11:56:50.0267 2912 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
11:56:50.0298 2912 Wanarpv6 - ok
11:56:50.0392 2912 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
11:56:50.0454 2912 wbengine - ok
11:56:50.0485 2912 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
11:56:50.0517 2912 WbioSrvc - ok
11:56:50.0563 2912 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
11:56:50.0595 2912 WcesComm - ok
11:56:50.0641 2912 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
11:56:50.0688 2912 wcncsvc - ok
11:56:50.0704 2912 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
11:56:50.0735 2912 WcsPlugInService - ok
11:56:50.0782 2912 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
11:56:50.0797 2912 Wd - ok
11:56:50.0844 2912 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
11:56:50.0875 2912 Wdf01000 - ok
11:56:50.0907 2912 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:56:50.0922 2912 WdiServiceHost - ok
11:56:50.0938 2912 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
11:56:50.0953 2912 WdiSystemHost - ok
11:56:51.0000 2912 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
11:56:51.0047 2912 WebClient - ok
11:56:51.0078 2912 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
11:56:51.0125 2912 Wecsvc - ok
11:56:51.0141 2912 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
11:56:51.0203 2912 wercplsupport - ok
11:56:51.0219 2912 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
11:56:51.0265 2912 WerSvc - ok
11:56:51.0281 2912 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
11:56:51.0328 2912 WfpLwf - ok
11:56:51.0343 2912 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
11:56:51.0359 2912 WIMMount - ok
11:56:51.0421 2912 winachsf (6d2350bb6e77e800fc4be4e5b7a2e89a) C:\Windows\system32\DRIVERS\HSX_CNXT.sys
11:56:51.0453 2912 winachsf - ok
11:56:51.0577 2912 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
11:56:51.0624 2912 WinDefend - ok
11:56:51.0640 2912 WinHttpAutoProxySvc - ok
11:56:51.0780 2912 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
11:56:51.0827 2912 Winmgmt - ok
11:56:51.0952 2912 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
11:56:52.0030 2912 WinRM - ok
11:56:52.0123 2912 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
11:56:52.0170 2912 WinUsb - ok
11:56:52.0248 2912 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
11:56:52.0311 2912 Wlansvc - ok
11:56:52.0373 2912 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
11:56:52.0389 2912 WmiAcpi - ok
11:56:52.0467 2912 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
11:56:52.0513 2912 wmiApSrv - ok
11:56:52.0607 2912 WMIService (d4dbd5df926a2a16f6f148559e006075) C:\Acer\Empowering Technology\ePower\ePowerSvc.exe
11:56:52.0638 2912 WMIService ( UnsignedFile.Multi.Generic ) - warning
11:56:52.0638 2912 WMIService - detected UnsignedFile.Multi.Generic (1)
11:56:52.0825 2912 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
11:56:52.0872 2912 WMPNetworkSvc - ok
11:56:52.0981 2912 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
11:56:52.0997 2912 WPCSvc - ok
11:56:53.0044 2912 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
11:56:53.0075 2912 WPDBusEnum - ok
11:56:53.0122 2912 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
11:56:53.0169 2912 ws2ifsl - ok
11:56:53.0200 2912 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
11:56:53.0231 2912 wscsvc - ok
11:56:53.0247 2912 WSearch - ok
11:56:53.0434 2912 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
11:56:53.0512 2912 wuauserv - ok
11:56:53.0668 2912 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
11:56:53.0715 2912 WudfPf - ok
11:56:53.0746 2912 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
11:56:53.0777 2912 WUDFRd - ok
11:56:53.0824 2912 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
11:56:53.0871 2912 wudfsvc - ok
11:56:53.0902 2912 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
11:56:53.0933 2912 WwanSvc - ok
11:56:53.0964 2912 XAudio (5a7ff9a18ff6d7e0527fe3abf9204ef8) C:\Windows\system32\DRIVERS\xaudio.sys
11:56:53.0995 2912 XAudio - ok
11:56:54.0042 2912 XAudioService (28dc5d626e036a75a572556f0a6eb1f6) C:\Windows\system32\DRIVERS\xaudio.exe
11:56:54.0058 2912 XAudioService - ok
11:56:54.0105 2912 MBR (0x1B8) (a36c5e4f47e84449ff07ed3517b43a31) \Device\Harddisk0\DR0
11:56:54.0448 2912 \Device\Harddisk0\DR0 - ok
11:56:54.0448 2912 Boot (0x1200) (a0444e99c1e34d6dd371dc93c601125f) \Device\Harddisk0\DR0\Partition0
11:56:54.0463 2912 \Device\Harddisk0\DR0\Partition0 - ok
11:56:54.0479 2912 Boot (0x1200) (526638cd647cccf0b95d81b0b50b345a) \Device\Harddisk0\DR0\Partition1
11:56:54.0479 2912 \Device\Harddisk0\DR0\Partition1 - ok
11:56:54.0510 2912 Boot (0x1200) (575f68d1b17f2bb7351acb46a51aaaf1) \Device\Harddisk0\DR0\Partition2
11:56:54.0510 2912 \Device\Harddisk0\DR0\Partition2 - ok
11:56:54.0510 2912 ============================================================
11:56:54.0510 2912 Scan finished
11:56:54.0510 2912 ============================================================
11:56:54.0526 1160 Detected object count: 2
11:56:54.0526 1160 Actual detected object count: 2
11:57:19.0923 1160 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:19.0923 1160 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
11:57:19.0923 1160 WMIService ( UnsignedFile.Multi.Generic ) - skipped by user
11:57:19.0923 1160 WMIService ( UnsignedFile.Multi.Generic ) - User select action: Skip
Blobbit |
|
06.07.2012, 11:59
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Rechner nach Virusfund sauber? Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.07.2012, 12:52
| #15 |
| | Rechner nach Virusfund sauber? Hier der Report von ComboFix: Code:
ATTFilter ComboFix 12-07-06.01 - *** 06.07.2012 13:31:37.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3070.2261 [GMT 2:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-06-06 bis 2012-07-06 ))))))))))))))))))))))))))))))
.
.
2012-07-06 09:16 . 2012-05-31 03:41 6762896 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{377AE203-FFF0-4603-84D4-1B3001A1F4AF}\mpengine.dll
2012-07-06 08:25 . 2012-07-06 08:25 -------- d-----w- C:\_OTL
2012-07-05 15:39 . 2012-07-05 15:39 -------- d-----w- c:\program files\ESET
2012-07-04 08:28 . 2012-07-04 08:28 -------- d-----w- c:\users\***\AppData\Roaming\Malwarebytes
2012-07-04 08:28 . 2012-07-04 08:28 -------- d-----w- c:\programdata\Malwarebytes
2012-07-04 08:28 . 2012-07-04 08:28 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2012-07-04 08:28 . 2012-04-04 13:56 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-07-03 17:46 . 2012-07-03 17:46 -------- d-----w- c:\program files\Common Files\Java
2012-07-03 17:46 . 2012-07-03 17:45 772592 ----a-w- c:\windows\system32\npDeployJava1.dll
2012-07-03 17:45 . 2012-07-03 17:45 -------- d-----w- c:\program files\Java
2012-06-25 07:30 . 2012-06-25 07:30 -------- d-----w- c:\users\***\AppData\Local\Macromedia
2012-06-19 16:03 . 2012-06-02 22:19 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-19 16:03 . 2012-06-02 22:19 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-19 16:03 . 2012-06-02 22:12 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-19 16:03 . 2012-06-02 22:19 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-19 16:03 . 2012-06-02 22:19 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-19 16:03 . 2012-06-02 22:19 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-19 16:03 . 2012-06-02 22:12 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-19 16:03 . 2012-06-02 13:19 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-19 16:03 . 2012-06-02 13:12 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-06-16 19:36 . 2012-06-16 19:36 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-06-16 19:36 . 2012-06-16 19:36 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-06-13 15:12 . 2012-05-04 09:59 514560 ----a-w- c:\windows\system32\qdvd.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-03 17:45 . 2011-03-23 07:32 687600 ----a-w- c:\windows\system32\deployJava1.dll
2012-06-25 07:19 . 2012-04-04 14:25 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-06-25 07:19 . 2011-06-17 16:32 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-05-08 15:27 . 2011-10-15 07:03 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-08 15:27 . 2011-10-15 07:03 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-06-16 19:36 . 2011-05-06 14:18 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-03-06 13605408]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-03-06 92704]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-08-28 1557800]
"BrStsMon00"="c:\program files\Browny02\Brother\BrStMonW.exe" [2010-02-09 2621440]
"AdobeCS4ServiceManager"="c:\program files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"Adobe Acrobat Speed Launcher"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2012-03-27 40376]
"Acrobat Assistant 8.0"="c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2012-03-26 640440]
"Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-08 348624]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-17 252296]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKLM\~\startupfolder\C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Empowering Technology Launcher.lnk]
path=c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\Empowering Technology Launcher.lnk
backup=c:\windows\pss\Empowering Technology Launcher.lnk.CommonStartup
backupExtension=.CommonStartup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe_ID0ENQBO]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ControlCenter3]
2008-12-24 09:26 114688 ------w- c:\program files\Brother\ControlCenter3\BrCtrCen.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ICQ]
2011-04-06 07:01 119608 ----a-w- c:\program files\ICQ7.4\ICQ.exe
.
R2 gupdate;Google Update-Dienst (gupdate);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 Adobe Version Cue CS4;Adobe Version Cue CS4;c:\program files\Common Files\Adobe\Adobe Version Cue CS4\Server\bin\VersionCueCS4.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 SMSCIRDA;SMSC Infrared Device Driver;c:\windows\system32\DRIVERS\SMSCirda.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S3 BrYNSvc;BrYNSvc;c:\program files\Browny02\BrYNSvc.exe [x]
S3 netw5v32;Intel(R) Wireless WiFi Link 5000-Serie - Adaptertreiber für Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
.
Inhalt des "geplante Tasks" Ordners
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 17:54]
.
2012-07-06 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2011-12-09 17:54]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
IE: An vorhandene PDF-Datei anfügen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: In Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: Linkziel an vorhandene PDF-Datei anhängen - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Linkziel in Adobe PDF konvertieren - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Nach Microsoft &Excel exportieren - c:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\bew6pf6y.default\
FF - prefs.js: browser.search.selectedEngine -
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
MSConfigStartUp-RocketDock - c:\program files\RocketDock\RocketDock.exe
AddRemove-ESET Online Scanner - c:\program files\ESET\ESET Online Scanner\OnlineScannerUninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conhost.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\DRIVERS\xaudio.exe
c:\acer\Empowering Technology\ePower\ePowerSvc.exe
c:\windows\system32\taskhost.exe
c:\windows\system32\wbem\unsecapp.exe
c:\windows\system32\conhost.exe
c:\windows\System32\rundll32.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\windows\system32\sppsvc.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-07-06 13:44:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-07-06 11:44
.
Vor Suchlauf: 8.099.622.912 Bytes frei
Nach Suchlauf: 8.003.424.256 Bytes frei
.
- - End Of File - - 4C5CDAB31841D5A22C73C106CB5CAE69
Gruß Blobbit |
|
| Themen zu Rechner nach Virusfund sauber? |
| autorun, avg, avira, bho, dateien gelöscht, desktop, error, eudora, excel, firefox, firefox 13.0.1, flash player, google, google earth, heuristiks/extra, heuristiks/shuriken, hängen, install.exe, internet, ip-adresse, jokeapp.notfunny, juli 2012, langs, locker, microsoft office word, nt.dll, plug-in, programm, prozesse, pup.joke.langeweile, registry, rundll, searchscopes, security, server, services.exe, starten, svchost.exe, taskhost.exe, udp, verweise, warnung, windows |
Button.
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
