| |
| |||||||
Log-Analyse und Auswertung: Tr/trash.gen vollständig gelöscht? Bin mir nicht sicherWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
31.07.2012, 11:05
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Tr/trash.gen vollständig gelöscht? Bin mir nicht sicherCode:
ATTFilter OTL by OldTimer - Version 3.2.54.1
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
31.07.2012, 12:05
| #17 |
 | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Shit, nein habe ich nicht...mache ich aber...gibt schon eine neue Version
__________________...neuer Logfile kommt heute nachmittag...once again :-) Code:
ATTFilter OTL logfile created on: 7/31/2012 2:35:39 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Nicole\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.74% Memory free
5.99 Gb Paging File | 4.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 306.03 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/31 14:33:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL(1).exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/24 19:45:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 19:45:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 19:44:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 19:44:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/24 19:44:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 19:44:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/24 19:44:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/24 19:44:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
========== Win32 Services (SafeList) ==========
|
|
31.07.2012, 13:58
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Log ist leider unvollständig
__________________
__________________ |
|
31.07.2012, 14:33
| #19 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Das ist heute definitiv nicht mein Tag: Entschuldige meine Blödheit!! Code:
ATTFilter OTL logfile created on: 7/31/2012 2:35:39 PM - Run 3
OTL by OldTimer - Version 3.2.55.0 Folder = C:\Users\Nicole\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7601.17514)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.00 Gb Total Physical Memory | 2.03 Gb Available Physical Memory | 67.74% Memory free
5.99 Gb Paging File | 4.93 Gb Available in Paging File | 82.28% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 434.66 Gb Total Space | 306.03 Gb Free Space | 70.41% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 13.29 Gb Free Space | 44.30% Space Free | Partition Type: NTFS
Computer Name: NICOLE-PC | User Name: Nicole | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2012/07/31 14:33:55 | 000,597,504 | ---- | M] (OldTimer Tools) -- C:\Users\Nicole\Downloads\OTL(1).exe
PRC - [2012/05/30 20:06:18 | 000,059,280 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
PRC - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2012/05/18 12:17:19 | 000,348,624 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2012/05/18 12:17:19 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012/02/24 04:29:58 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
PRC - [2012/02/23 13:30:40 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\ubd.exe
PRC - [2012/02/23 13:22:56 | 000,059,240 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
PRC - [2011/12/08 18:26:29 | 005,529,208 | ---- | M] (SlySoft, Inc.) -- C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe
PRC - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE
PRC - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
PRC - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
PRC - [2011/08/12 13:18:42 | 000,205,336 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe
PRC - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
PRC - [2011/07/22 00:07:38 | 000,718,720 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE
PRC - [2011/06/24 06:22:20 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe
PRC - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011/02/25 07:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010/11/20 14:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2010/01/19 16:10:48 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files\CyberLink\Shared files\brs.exe
PRC - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
PRC - [2009/12/10 03:02:04 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
PRC - [2009/11/02 23:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe
PRC - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
========== Modules (No Company Name) ==========
MOD - [2012/07/24 19:45:30 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll
MOD - [2012/07/24 19:45:04 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll
MOD - [2012/07/24 19:44:58 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll
MOD - [2012/07/24 19:44:46 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll
MOD - [2012/07/24 19:44:42 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll
MOD - [2012/07/24 19:44:38 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll
MOD - [2012/07/24 19:44:37 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll
MOD - [2012/07/24 19:44:32 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll
MOD - [2011/08/22 16:47:44 | 000,336,408 | ---- | M] () -- C:\Program Files\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
MOD - [2011/08/12 13:19:40 | 000,680,984 | ---- | M] () -- C:\Program Files\Common Files\Logishrd\LQCVFX\COCIManager.exe
MOD - [2011/08/12 13:18:30 | 000,265,240 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\CameraHelperShell.exe
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/03/17 00:11:16 | 004,297,568 | ---- | M] () -- C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE14\Cultures\office.odf
MOD - [2010/11/13 02:02:21 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll
MOD - [2010/05/07 19:37:40 | 000,126,808 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
MOD - [2010/05/07 19:37:40 | 000,027,480 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
MOD - [2010/05/07 19:36:54 | 000,340,824 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtXml4.dll
MOD - [2010/05/07 19:35:56 | 007,954,776 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtGui4.dll
MOD - [2010/05/07 19:35:44 | 002,143,576 | ---- | M] () -- C:\Program Files\Logitech\LWS\Webcam Software\QtCore4.dll
MOD - [2009/11/02 23:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMLSvcPS.dll
MOD - [2009/11/02 23:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files\CyberLink\Power2Go\CLMediaLibrary.dll
========== Win32 Services (SafeList) ==========
SRV - [2012/07/30 15:13:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/07/28 19:38:20 | 000,250,056 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/05/18 12:17:20 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012/05/18 12:17:19 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/02/15 14:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2011/10/21 15:23:42 | 000,196,176 | ---- | M] (Microsoft Corporation.) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/10/13 17:21:52 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (BBUpdate)
SRV - [2011/08/19 11:26:50 | 000,450,848 | ---- | M] (Logitech Inc.) [Auto | Running] -- C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe -- (UMVPFSrv)
SRV - [2011/06/12 11:15:00 | 031,125,880 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2011/06/06 13:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2009/12/10 03:02:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc)
SRV - [2009/07/14 03:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009/07/14 03:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend)
SRV - [2007/05/31 17:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm)
SRV - [2007/05/31 17:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr)
SRV - [2001/11/12 23:31:48 | 000,020,480 | ---- | M] (X10) [Auto | Start_Pending] -- C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe -- (x10nets)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\vpnva.sys -- (vpnva)
DRV - [2012/05/18 12:17:20 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/05/18 12:17:20 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2011/12/04 23:23:51 | 000,121,464 | ---- | M] (SlySoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AnyDVD.sys -- (AnyDVD)
DRV - [2011/10/11 16:00:01 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011/08/19 11:26:50 | 004,334,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVUVC.sys -- (LVUVC)
DRV - [2011/08/19 11:26:46 | 000,315,808 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\lvrs.sys -- (LVRS)
DRV - [2010/11/20 12:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2010/11/20 11:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb)
DRV - [2010/06/17 16:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2010/05/07 19:43:30 | 000,025,824 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\LVPr2Mon.sys -- (LVPr2Mon)
DRV - [2010/04/03 22:55:32 | 011,573,800 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010/01/20 01:10:38 | 000,087,536 | ---- | M] (CyberLink Corp.) [2010/05/12 00:54:06] [Kernel | Auto | Running] -- C:\Program Files\CyberLink\PowerDVD9\000.fcl -- ({B154377D-700F-42cc-9474-23858FBDF4BD})
DRV - [2009/09/24 10:30:02 | 001,006,816 | ---- | M] (NXP Semiconductors Germany GmbH) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\3xHybrid.sys -- (3xHybrid)
DRV - [2009/07/14 01:52:10 | 000,014,336 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vwifimp.sys -- (vwifimp)
DRV - [2009/07/14 00:54:15 | 001,311,232 | ---- | M] (NXP Semiconductors) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\Ph3xIB32.sys -- (Ph3xIB32)
DRV - [2009/07/14 00:02:53 | 000,657,408 | ---- | M] (Ralink Technology Corp.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\netr28u.sys -- (netr28u)
DRV - [2009/06/05 12:12:34 | 000,219,352 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\e1e6232.sys -- (e1express)
DRV - [2009/05/13 22:47:30 | 000,027,160 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10ufx2.sys -- (XUIF)
DRV - [2009/05/13 22:26:26 | 000,013,720 | ---- | M] (X10 Wireless Technology, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\x10hid.sys -- (X10Hid)
DRV - [2008/11/28 14:34:56 | 000,035,840 | ---- | M] (CACE Technologies) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\npf_devolo.sys -- (NPF_devolo)
DRV - [2008/11/16 19:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | Disabled | Stopped] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE)
DRV - [2007/04/11 23:30:06 | 000,038,288 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTV.sys -- (IAMTV)
DRV - [2007/04/11 23:30:00 | 000,047,496 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMTXP.sys -- (IAMTXP)
DRV - [2007/04/11 23:29:58 | 000,040,848 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\IAMT03.sys -- (IAMT03)
DRV - [2007/01/18 21:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.medion.com
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.alice-dsl.de/selfcare/content/segment/kundencenter/
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes,DefaultScope = {3DF8413E-553F-4BB9-924B-7F68952C126F}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{2BC22A4E-8150-4885-A093-EB070CFD71C3}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\SearchScopes\{3DF8413E-553F-4BB9-924B-7F68952C126F}: "URL" = hxxp://www.google.de/search?q={searchTerms}
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.6
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {0545b830-f0aa-4d7e-8820-50a4629a56fe}:4.6.5
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: 2020Player@2020Technologies.com:5.0.4.0
FF - prefs.js..keyword.URL: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_3_300_268.dll ()
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012/03/30 11:08:37 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012/07/30 15:13:58 | 000,000,000 | ---D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012/05/18 16:35:18 | 000,000,000 | ---D | M]
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Extensions
[2012/05/02 14:56:07 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions
[2011/04/21 07:48:54 | 000,000,000 | ---D | M] (20-20 3D Viewer) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player@2020Technologies.com
[2012/02/18 10:22:14 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Nicole\AppData\Roaming\mozilla\Firefox\Profiles\s5ke6d7e.default\extensions\2020Player_IKEA@2020Technologies.com
[2012/03/30 11:27:14 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions
[2011/12/11 09:34:26 | 000,084,268 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{0545B830-F0AA-4D7E-8820-50A4629A56FE}.XPI
[2012/01/08 13:25:41 | 000,634,964 | ---- | M] () (No name found) -- C:\USERS\NICOLE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\S5KE6D7E.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2012/07/30 15:13:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2012/03/05 16:47:31 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2010/03/19 09:23:30 | 000,686,592 | ---- | M] (Synatix GmbH) -- C:\Program Files\mozilla firefox\plugins\npmieze.dll
[2012/07/30 15:13:56 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml
[2012/07/30 15:13:56 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2012/07/30 15:13:56 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
[2012/07/30 15:13:56 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml
[2012/07/30 15:13:56 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml
[2012/07/30 15:13:56 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml
O1 HOSTS File: ([2009/06/10 23:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation)
O4 - HKLM..\Run: [BDRegion] C:\Program Files\Cyberlink\Shared files\brs.exe (cyberlink)
O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink)
O4 - HKLM..\Run: [Family Tree Builder Update] C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe (MyHeritage)
O4 - HKLM..\Run: [IAStorIcon] C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation)
O4 - HKLM..\Run: [LWS] C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe (Logitech Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [AnyDVD] C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe (SlySoft, Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [ApplePhotoStreams] C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [iCloudServices] C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [MobileDocuments] C:\Program Files\Common Files\Apple\Internet Services\ubd.exe (Apple Inc.)
O4 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000..\Run: [OfficeSyncProcess] C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE (Microsoft Corporation)
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105 File not found
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000 File not found
O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O13 - gopher Prefix: missing
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2F46D5C4-40BB-4D49-BD63-CCE3004FD17D}: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C226EB25-A07D-4423-9DD0-A25930273625}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
NetSvcs: FastUserSwitchingCompatibility - File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla - File not found
NetSvcs: Ntmssvc - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: SRService - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: LogonHours - File not found
NetSvcs: PCAudit - File not found
NetSvcs: helpsvc - File not found
NetSvcs: uploadmgr - File not found
SafeBootMin: AppMgmt - Service
SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: BsScanner - Service
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: HelpSvc - Service
SafeBootMin: NTDS - File not found
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: sacsvr - Service
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vmms - Service
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
SafeBootNet: AppMgmt - Service
SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: BsScanner - Service
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: HelpSvc - Service
SafeBootNet: Messenger - Service
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: NTDS - File not found
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: rdsessmgr - Service
SafeBootNet: sacsvr - Service
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vmms - Service
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation)
SafeBootNet: WudfUsbccidDriver - Driver
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers
SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices
SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices
SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: MSVideo - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.i420 - i420vfw.dll File not found
Drivers32: vidc.yv12 - yv12vfw.dll File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
========== Files/Folders - Created Within 30 Days ==========
[2012/07/25 14:42:40 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2012/07/19 11:43:32 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays muxed
[2012/07/19 11:43:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\blue rays
[2012/07/18 12:41:21 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2012/07/18 12:40:31 | 000,000,000 | ---D | C] -- C:\ProgramData\AVS4YOU
[2012/07/18 12:20:00 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\VSOBlurayConverter
[2012/07/18 12:16:50 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/07/18 12:16:39 | 000,047,360 | ---- | C] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Roaming\Vso
[2012/07/18 12:16:39 | 000,000,000 | ---D | C] -- C:\Users\Public\Documents\PcSetup
[2012/07/18 12:16:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VSO
[2012/07/18 12:16:34 | 000,000,000 | ---D | C] -- C:\Program Files\vso
[2012/07/18 12:04:38 | 000,278,528 | ---- | C] (Real Networks, Inc) -- C:\Windows\System32\pncrt.dll
[2012/07/18 12:03:42 | 000,000,000 | ---D | C] -- C:\Program Files\eRightSoft
[2012/07/04 19:15:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\devolo
[2012/07/04 18:58:01 | 000,000,000 | ---D | C] -- C:\Users\Nicole\AppData\Local\Macromedia
[2012/05/27 18:37:55 | 543,234,792 | ---- | C] (Microsoft Corporation) -- C:\Users\Nicole\X12-30058.exe
========== Files - Modified Within 30 Days ==========
[2012/07/31 14:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 14:38:06 | 000,009,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2012/07/31 14:38:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job
[2012/07/31 14:28:58 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2012/07/31 14:28:42 | 2414,481,408 | -HS- | M] () -- C:\hiberfil.sys
[2012/07/31 07:00:03 | 000,001,095 | ---- | M] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung (2).lnk
[2012/07/31 06:35:12 | 000,668,850 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2012/07/31 06:35:12 | 000,630,126 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2012/07/31 06:35:12 | 000,134,562 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2012/07/31 06:35:12 | 000,110,786 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2012/07/30 14:52:51 | 000,001,164 | ---- | M] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | M] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:41:43 | 000,418,704 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012/07/24 19:04:13 | 000,001,146 | ---- | M] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | M] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | M] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | M] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | M] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | M] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:51:45 | 000,450,048 | ---- | M] (Cinema Squid) -- C:\Users\Nicole\Desktop\BDInfo.exe
[2012/07/19 11:15:51 | 000,001,029 | ---- | M] () -- C:\Users\Public\Desktop\XMedia Recode.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | M] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,047,360 | ---- | M] (VSO Software) -- C:\Users\Nicole\AppData\Roaming\pcouffin.sys
[2012/07/18 12:16:39 | 000,007,887 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | M] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/07/03 13:46:44 | 000,022,344 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
========== Files Created - No Company Name ==========
[2012/07/31 07:00:03 | 000,001,095 | ---- | C] () -- C:\Users\Nicole\Desktop\OTL - Verknüpfung (2).lnk
[2012/07/30 14:52:51 | 000,001,164 | ---- | C] () -- C:\Users\Nicole\Desktop\adwcleaner - Verknüpfung.lnk
[2012/07/25 18:46:28 | 000,001,110 | ---- | C] () -- C:\Users\Nicole\Desktop\ESET - Verknüpfung.lnk
[2012/07/24 19:04:13 | 000,001,146 | ---- | C] () -- C:\Users\Nicole\Desktop\jg7mxszu - Verknüpfung.lnk
[2012/07/24 19:02:43 | 000,001,130 | ---- | C] () -- C:\Users\Nicole\Desktop\Extras - Verknüpfung.lnk
[2012/07/24 18:44:46 | 000,000,739 | ---- | C] () -- C:\Users\Nicole\Desktop\Defogger - Verknüpfung.lnk
[2012/07/24 18:43:07 | 000,000,000 | ---- | C] () -- C:\Users\Nicole\defogger_reenable
[2012/07/23 20:49:03 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012/07/19 12:51:46 | 000,000,797 | ---- | C] () -- C:\Users\Nicole\Desktop\Ipad Iphone.lnk
[2012/07/19 12:50:44 | 000,001,231 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays muxed.lnk
[2012/07/19 12:50:27 | 000,001,177 | ---- | C] () -- C:\Users\Nicole\Desktop\blue rays.lnk
[2012/07/19 11:12:55 | 000,000,866 | ---- | C] () -- C:\Users\Nicole\Desktop\tsMuxerGUI - Verknüpfung.lnk
[2012/07/18 12:16:39 | 000,087,608 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2012/07/18 12:16:39 | 000,007,887 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.cat
[2012/07/18 12:16:39 | 000,001,144 | ---- | C] () -- C:\Users\Nicole\AppData\Roaming\pcouffin.inf
[2012/07/04 19:17:29 | 000,002,091 | ---- | C] () -- C:\Users\Nicole\Desktop\dLAN-Konfigurationsassistent.lnk
[2012/03/30 11:01:44 | 000,226,470 | ---- | C] () -- C:\Windows\hpoins18.dat
[2012/03/30 11:01:44 | 000,005,355 | ---- | C] () -- C:\Windows\hpomdl18.dat
[2012/02/17 09:49:26 | 000,000,559 | ---- | C] () -- C:\Windows\MyHeritage.INI
[2012/02/17 09:48:25 | 000,454,656 | ---- | C] () -- C:\Windows\System32\PaintX.dll
[2011/11/02 18:06:16 | 004,300,532 | ---- | C] () -- C:\Users\Nicole\Handbuch_FN12.pdf
[2011/11/02 16:20:48 | 001,456,640 | ---- | C] () -- C:\Program Files\Common Files\Falk Navi-Manager.msi
[2011/10/18 17:48:35 | 000,000,306 | RHS- | C] () -- C:\ProgramData\ntuser.pol
[2011/08/19 11:26:20 | 010,898,456 | ---- | C] () -- C:\Windows\System32\LogiDPP.dll
[2011/08/19 11:26:20 | 000,336,408 | ---- | C] () -- C:\Windows\System32\DevManagerCore.dll
[2011/08/19 11:26:20 | 000,104,472 | ---- | C] () -- C:\Windows\System32\LogiDPPApp.exe
[2011/08/12 13:20:14 | 000,015,896 | ---- | C] () -- C:\Windows\System32\drivers\iKeyLFT2.dll
[2011/07/26 08:48:54 | 000,028,418 | ---- | C] () -- C:\Windows\System32\lvcoinst.ini
[2010/11/15 18:34:31 | 000,000,076 | ---- | C] () -- C:\Windows\System32\Sun Clock 6.ini
[2010/09/19 18:43:21 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib
[2010/09/09 18:19:56 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat
========== LOP Check ==========
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
[2012/07/13 16:56:30 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT
========== Purity Check ==========
========== Custom Scans ==========
< %ALLUSERSPROFILE%\Application Data\*. >
< %ALLUSERSPROFILE%\Application Data\*.exe /s >
< %APPDATA%\*. >
[2011/04/05 14:16:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Adobe
[2010/10/29 16:01:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AliceHilfe
[2012/01/25 17:44:45 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Apple Computer
[2011/11/29 15:49:40 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Avira
[2012/07/18 12:41:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\AVS4YOU
[2010/11/16 19:34:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Cisco
[2010/10/08 16:37:02 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\CyberLink
[2012/01/15 18:07:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\DVDVideoSoft
[2010/11/20 19:11:53 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Free iPad Video Converter
[2012/03/05 18:00:06 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\gotomaxx
[2010/11/01 17:52:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
[2012/03/30 11:14:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HP
[2012/05/27 18:39:01 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\HpUpdate
[2010/09/09 17:59:03 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Identities
[2010/09/09 17:59:27 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Intel Corporation
[2010/12/24 09:17:43 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Leadertech
[2010/09/10 10:58:11 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Macromedia
[2012/04/14 08:53:57 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Malwarebytes
[2011/01/15 23:18:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Map Maker
[2009/07/14 09:48:18 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Media Center Programs
[2011/12/15 17:50:28 | 000,000,000 | --SD | M] -- C:\Users\Nicole\AppData\Roaming\Microsoft
[2010/09/09 18:15:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Mozilla
[2012/02/17 10:05:21 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\MyHeritage
[2012/07/18 12:16:50 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\NVIDIA
[2012/01/15 18:01:25 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Pavtube
[2012/07/31 14:35:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Skype
[2012/02/27 21:18:51 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\skypePM
[2010/11/01 17:55:58 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\SoftGrid Client
[2012/02/17 09:48:24 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\The Complete Genealogy Reporter - FTB
[2010/09/09 19:05:38 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\TP
[2010/11/16 19:21:14 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\vlc
[2012/07/19 11:10:23 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\Vso
[2010/09/19 18:53:54 | 000,000,000 | ---D | M] -- C:\Users\Nicole\AppData\Roaming\XMedia Recode
< %APPDATA%\*.exe /s >
[2012/07/18 12:16:39 | 000,087,608 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\inst.exe
[2010/06/10 14:19:22 | 000,825,856 | ---- | M] (Synatix GmbH) -- C:\Users\Nicole\AppData\Roaming\Gutscheinmieze\uninstall.exe
[2010/12/24 09:17:43 | 000,053,248 | R--- | M] (Acresso Software Inc.) -- C:\Users\Nicole\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
[2011/12/21 18:38:42 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\Convertor.exe
[2011/12/21 18:38:44 | 000,113,680 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\ConvertorFDB.exe
[2011/12/21 18:38:46 | 000,047,104 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\depcheck.exe
[2011/12/21 18:01:20 | 000,110,592 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Convert\gbtest.exe
[2011/12/21 18:01:34 | 000,058,896 | ---- | M] () -- C:\Users\Nicole\AppData\Roaming\MyHeritage\Bin\Detect\Detect.exe
< %SYSTEMDRIVE%\*.exe >
[2007/11/07 09:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
< MD5 for: AGP440.SYS >
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_b9e9435f20046eeb\AGP440.sys
[2009/07/14 03:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
< MD5 for: ATAPI.SYS >
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_dd0e7e3d82dd640d\atapi.sys
[2009/07/14 03:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
< MD5 for: CNGAUDIT.DLL >
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009/07/14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
< MD5 for: EVENTLOG.DLL >
[2008/06/06 23:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll
< MD5 for: IASTOR.SYS >
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\drivers\iaStor.sys
[2009/12/10 02:20:44 | 000,432,664 | ---- | M] (Intel Corporation) MD5=5A6C5876FB84418D08D67B8CAED5EFCF -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_x86_neutral_b8fa525561a80e4a\iaStor.sys
< MD5 for: IASTORV.SYS >
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011/03/11 07:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011/03/11 07:43:55 | 000,332,160 | ---- | M] (Intel Corporation) MD5=71F1A494FEDF4B33C02C4A6A28D6D9E9 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_aef580fde910b4b0\iaStorV.sys
[2011/03/11 07:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2009/07/14 03:20:36 | 000,332,352 | ---- | M] (Intel Corporation) MD5=934AF4D7C5F457B9F0743F4299B77B67 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_aee7a89be91b9000\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010/11/20 14:29:54 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
[2011/03/11 07:52:21 | 000,332,160 | ---- | M] (Intel Corporation) MD5=B9039A34C2F8769490DCC494E2402445 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_afae2d45020c148b\iaStorV.sys
< MD5 for: NETLOGON.DLL >
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010/11/20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
[2009/07/14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_fd8e0d66994d7dc8\netlogon.dll
< MD5 for: NVSTOR.SYS >
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011/03/11 07:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011/03/11 07:44:01 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4520B63899E867F354EE012D34E11536 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_39bef1ad20475e88\nvstor.sys
[2011/03/11 07:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2011/03/11 07:52:25 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=8A7583A3B58D3EEB28BB26626526BC91 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_3a779df43942be63\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010/11/20 14:30:06 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2009/07/14 03:20:44 | 000,142,416 | ---- | M] (NVIDIA Corporation) MD5=C99F251A5DE63C6F129CF71933ACED0F -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_39b1194b205239d8\nvstor.sys
< MD5 for: SCECLI.DLL >
[2009/07/14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_37e4387f3a6f0483\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010/11/20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
< MD5 for: USER32.DLL >
[2009/07/14 03:16:17 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=34B7E222E81FAFA885F0C5F2CFA56861 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_cd0ec264ceb014a3\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010/11/20 14:21:33 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
< MD5 for: USERINIT.EXE >
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010/11/20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
[2009/07/14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe
< MD5 for: WININIT.EXE >
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\System32\wininit.exe
[2009/07/14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
< MD5 for: WINLOGON.EXE >
[2009/10/28 08:17:59 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=37CDB7E72EB66BA85A87CBE37E7F03FD -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_6fc699643622d177\winlogon.exe
[2009/10/28 07:52:08 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=3BABE6767C78FBF5FB8435FEED187F30 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_703394514f56f7c2\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010/11/20 14:17:54 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2012/07/03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe
[2009/07/14 03:14:45 | 000,285,696 | ---- | M] (Microsoft Corporation) MD5=8EC6A4AB12B8F3759E21F8E3A388F2CF -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_6f99573a36451166\winlogon.exe
< MD5 for: WS2IFSL.SYS >
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009/07/14 01:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
< %systemroot%\system32\drivers\*.sys /lockedfiles >
< %systemroot%\System32\config\*.sav >
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/07/14 03:15:36 | 000,226,816 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\LocationApi.dll
< >
< End of report >
|
|
31.07.2012, 20:05
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.medion.com
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://medion.msn.com [binary data]
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.alice-dsl.de/selfcare/content/segment/kundencenter/
FF - prefs.js..browser.search.defaultenginename: "foxsearch"
FF - prefs.js..browser.search.order.1: "foxsearch"
FF - prefs.js..browser.search.selectedEngine: "foxsearch"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "https://www.bestsecret.com/index.htm"
FF - prefs.js..keyword.URL: "http://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q="
FF - user.js - File not found
[2010/10/07 19:01:55 | 000,000,143 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\foxsearch.src
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O3 - HKU\S-1-5-21-2369891443-1425051336-381616636-1000\..\Toolbar\WebBrowser: (no name) - {DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} - No CLSID value found.
O4 - HKLM..\Run: [] File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/06/10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell - "" = AutoRun
O33 - MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\J\Shell - "" = AutoRun
O33 - MountPoints2\J\Shell\AutoRun\command - "" = J:\LaunchU3.exe -a
:Files
C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe
C:\Users\Nicole\AppData\Roaming\inst.exe
C:\Users\Nicole\AppData\Roaming\Gutscheinmieze
c:\user.js
:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
31.07.2012, 20:28
| #21 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicherCode:
ATTFilter All processes killed
========== OTL ==========
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Default_Secondary_Page_URL| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\SearchDefaultBranded| /E : value set successfully!
HKU\S-1-5-21-2369891443-1425051336-381616636-1000\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
Prefs.js: "foxsearch" removed from browser.search.defaultenginename
Prefs.js: "foxsearch" removed from browser.search.order.1
Prefs.js: "foxsearch" removed from browser.search.selectedEngine
Prefs.js: true removed from browser.search.useDBForOrder
Prefs.js: "https://www.bestsecret.com/index.htm" removed from browser.startup.homepage
Prefs.js: "hxxp://www.finduny.com?client=mozilla-firefox&cd=UTF-8&search=1&q=" removed from keyword.URL
C:\Program Files\mozilla firefox\searchplugins\foxsearch.src moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_USERS\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-21-2369891443-1425051336-381616636-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-48514E463B27}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
C:\autoexec.bat moved successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{277fca80-8183-11e0-81a2-0024210f9ef9}\ not found.
File F:\LaunchU3.exe -a not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\J\ not found.
File J:\LaunchU3.exe -a not found.
========== FILES ==========
File\Folder C:\Users\Nicole\Downloads\vlc-1.1.4-win32.exe not found.
C:\Users\Nicole\AppData\Roaming\inst.exe moved successfully.
C:\Users\Nicole\AppData\Roaming\Gutscheinmieze folder moved successfully.
File\Folder c:\user.js not found.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Nicole
->Temp folder emptied: 53045771 bytes
->Temporary Internet Files folder emptied: 161932024 bytes
->Java cache emptied: 9809624 bytes
->FireFox cache emptied: 221974689 bytes
->Apple Safari cache emptied: 3724288 bytes
->Flash cache emptied: 84391 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 117424741 bytes
RecycleBin emptied: 2717960014 bytes
Total Files Cleaned = 3,134.00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Nicole
->Flash cache emptied: 0 bytes
User: Public
Total Flash Files Cleaned = 0.00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.55.0 log created on 07312012_211826
Files\Folders moved on Reboot...
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
01.08.2012, 19:22
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition (meistens Laufwerk C nach, da speichert der TDSS-Killer seine Logs.Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.08.2012, 20:11
| #23 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Hier der Logfile vom TDSS-Killer Code:
ATTFilter 21:03:27.0015 4924 TDSS rootkit removing tool 2.7.48.0 Jul 24 2012 13:16:32
21:03:27.0327 4924 ============================================================
21:03:27.0327 4924 Current date / time: 2012/08/01 21:03:27.0327
21:03:27.0327 4924 SystemInfo:
21:03:27.0327 4924
21:03:27.0327 4924 OS Version: 6.1.7601 ServicePack: 1.0
21:03:27.0327 4924 Product type: Workstation
21:03:27.0327 4924 ComputerName: NICOLE-PC
21:03:27.0327 4924 UserName: Nicole
21:03:27.0327 4924 Windows directory: C:\Windows
21:03:27.0327 4924 System windows directory: C:\Windows
21:03:27.0327 4924 Processor architecture: Intel x86
21:03:27.0327 4924 Number of processors: 2
21:03:27.0327 4924 Page size: 0x1000
21:03:27.0327 4924 Boot type: Normal boot
21:03:27.0327 4924 ============================================================
21:03:28.0669 4924 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
21:03:28.0700 4924 ============================================================
21:03:28.0700 4924 \Device\Harddisk0\DR0:
21:03:28.0700 4924 MBR partitions:
21:03:28.0700 4924 \Device\Harddisk0\DR0\Partition0: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
21:03:28.0700 4924 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x36553000
21:03:28.0700 4924 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x36585800, BlocksNum 0x3C00000
21:03:28.0700 4924 ============================================================
21:03:28.0778 4924 C: <-> \Device\Harddisk0\DR0\Partition1
21:03:28.0856 4924 D: <-> \Device\Harddisk0\DR0\Partition2
21:03:28.0856 4924 ============================================================
21:03:28.0856 4924 Initialize success
21:03:28.0856 4924 ============================================================
21:04:23.0206 1444 ============================================================
21:04:23.0206 1444 Scan started
21:04:23.0206 1444 Mode: Manual; SigCheck; TDLFS;
21:04:23.0206 1444 ============================================================
21:04:23.0534 1444 1394ohci (1b133875b8aa8ac48969bd3458afe9f5) C:\Windows\system32\drivers\1394ohci.sys
21:04:23.0628 1444 1394ohci - ok
21:04:23.0706 1444 3xHybrid (55e1acba424e14af3523df741d86f60a) C:\Windows\system32\DRIVERS\3xHybrid.sys
21:04:23.0768 1444 3xHybrid - ok
21:04:23.0830 1444 ACPI (cea80c80bed809aa0da6febc04733349) C:\Windows\system32\drivers\ACPI.sys
21:04:23.0830 1444 ACPI - ok
21:04:23.0862 1444 AcpiPmi (1efbc664abff416d1d07db115dcb264f) C:\Windows\system32\drivers\acpipmi.sys
21:04:23.0924 1444 AcpiPmi - ok
21:04:24.0064 1444 AdobeARMservice (11a52cf7b265631deeb24c6149309eff) C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
21:04:24.0064 1444 AdobeARMservice - ok
21:04:24.0142 1444 AdobeFlashPlayerUpdateSvc (6c40d5ed8951ab7b90d08af655224ee4) C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
21:04:24.0158 1444 AdobeFlashPlayerUpdateSvc - ok
21:04:24.0220 1444 adp94xx (21e785ebd7dc90a06391141aac7892fb) C:\Windows\system32\DRIVERS\adp94xx.sys
21:04:24.0267 1444 adp94xx - ok
21:04:24.0298 1444 adpahci (0c676bc278d5b59ff5abd57bbe9123f2) C:\Windows\system32\DRIVERS\adpahci.sys
21:04:24.0330 1444 adpahci - ok
21:04:24.0361 1444 adpu320 (7c7b5ee4b7b822ec85321fe23a27db33) C:\Windows\system32\DRIVERS\adpu320.sys
21:04:24.0361 1444 adpu320 - ok
21:04:24.0408 1444 AeLookupSvc (8b5eefeec1e6d1a72a06c526628ad161) C:\Windows\System32\aelupsvc.dll
21:04:24.0454 1444 AeLookupSvc - ok
21:04:24.0517 1444 AFD (9ebbba55060f786f0fcaa3893bfa2806) C:\Windows\system32\drivers\afd.sys
21:04:24.0595 1444 AFD - ok
21:04:24.0626 1444 agp440 (507812c3054c21cef746b6ee3d04dd6e) C:\Windows\system32\drivers\agp440.sys
21:04:24.0642 1444 agp440 - ok
21:04:24.0673 1444 aic78xx (8b30250d573a8f6b4bd23195160d8707) C:\Windows\system32\DRIVERS\djsvs.sys
21:04:24.0688 1444 aic78xx - ok
21:04:24.0720 1444 ALG (18a54e132947cd98fea9accc57f98f13) C:\Windows\System32\alg.exe
21:04:24.0751 1444 ALG - ok
21:04:24.0766 1444 aliide (0d40bcf52ea90fc7df2aeab6503dea44) C:\Windows\system32\drivers\aliide.sys
21:04:24.0782 1444 aliide - ok
21:04:24.0798 1444 amdagp (3c6600a0696e90a463771c7422e23ab5) C:\Windows\system32\drivers\amdagp.sys
21:04:24.0813 1444 amdagp - ok
21:04:24.0829 1444 amdide (cd5914170297126b6266860198d1d4f0) C:\Windows\system32\drivers\amdide.sys
21:04:24.0844 1444 amdide - ok
21:04:24.0844 1444 AmdK8 (00dda200d71bac534bf56a9db5dfd666) C:\Windows\system32\DRIVERS\amdk8.sys
21:04:24.0891 1444 AmdK8 - ok
21:04:24.0891 1444 AmdPPM (3cbf30f5370fda40dd3e87df38ea53b6) C:\Windows\system32\DRIVERS\amdppm.sys
21:04:24.0938 1444 AmdPPM - ok
21:04:24.0969 1444 amdsata (d320bf87125326f996d4904fe24300fc) C:\Windows\system32\drivers\amdsata.sys
21:04:24.0985 1444 amdsata - ok
21:04:25.0016 1444 amdsbs (ea43af0c423ff267355f74e7a53bdaba) C:\Windows\system32\DRIVERS\amdsbs.sys
21:04:25.0032 1444 amdsbs - ok
21:04:25.0047 1444 amdxata (46387fb17b086d16dea267d5be23a2f2) C:\Windows\system32\drivers\amdxata.sys
21:04:25.0063 1444 amdxata - ok
21:04:25.0156 1444 AntiVirSchedulerService (466a0d95960dad3222c896d2cea99993) C:\Program Files\Avira\AntiVir Desktop\sched.exe
21:04:25.0156 1444 AntiVirSchedulerService - ok
21:04:25.0203 1444 AntiVirService (a489be6bb0aa1ff406b488b60542314b) C:\Program Files\Avira\AntiVir Desktop\avguard.exe
21:04:25.0219 1444 AntiVirService - ok
21:04:25.0266 1444 AnyDVD (486cf73f183e7adc5575fcd47f9fb1af) C:\Windows\system32\Drivers\AnyDVD.sys
21:04:25.0266 1444 AnyDVD - ok
21:04:25.0297 1444 AppID (aea177f783e20150ace5383ee368da19) C:\Windows\system32\drivers\appid.sys
21:04:25.0406 1444 AppID - ok
21:04:25.0453 1444 AppIDSvc (62a9c86cb6085e20db4823e4e97826f5) C:\Windows\System32\appidsvc.dll
21:04:25.0500 1444 AppIDSvc - ok
21:04:25.0546 1444 Appinfo (fb1959012294d6ad43e5304df65e3c26) C:\Windows\System32\appinfo.dll
21:04:25.0593 1444 Appinfo - ok
21:04:25.0734 1444 Apple Mobile Device (f401929ee0cc92bfe7f15161ca535383) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
21:04:25.0734 1444 Apple Mobile Device - ok
21:04:25.0796 1444 arc (2932004f49677bd84dbc72edb754ffb3) C:\Windows\system32\DRIVERS\arc.sys
21:04:25.0796 1444 arc - ok
21:04:25.0843 1444 arcsas (5d6f36c46fd283ae1b57bd2e9feb0bc7) C:\Windows\system32\DRIVERS\arcsas.sys
21:04:25.0843 1444 arcsas - ok
21:04:25.0890 1444 AsyncMac (add2ade1c2b285ab8378d2daaf991481) C:\Windows\system32\DRIVERS\asyncmac.sys
21:04:25.0968 1444 AsyncMac - ok
21:04:26.0030 1444 atapi (338c86357871c167a96ab976519bf59e) C:\Windows\system32\drivers\atapi.sys
21:04:26.0030 1444 atapi - ok
21:04:26.0077 1444 AudioEndpointBuilder (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:26.0108 1444 AudioEndpointBuilder - ok
21:04:26.0124 1444 Audiosrv (ce3b4e731638d2ef62fcb419be0d39f0) C:\Windows\System32\Audiosrv.dll
21:04:26.0139 1444 Audiosrv - ok
21:04:26.0202 1444 avgntflt (d5541f0afb767e85fc412fc609d96a74) C:\Windows\system32\DRIVERS\avgntflt.sys
21:04:26.0202 1444 avgntflt - ok
21:04:26.0295 1444 avipbb (7d967a682d4694df7fa57d63a2db01fe) C:\Windows\system32\DRIVERS\avipbb.sys
21:04:26.0311 1444 avipbb - ok
21:04:26.0358 1444 avkmgr (271cfd1a989209b1964e24d969552bf7) C:\Windows\system32\DRIVERS\avkmgr.sys
21:04:26.0358 1444 avkmgr - ok
21:04:26.0404 1444 AxInstSV (6e30d02aac9cac84f421622e3a2f6178) C:\Windows\System32\AxInstSV.dll
21:04:26.0467 1444 AxInstSV - ok
21:04:26.0529 1444 b06bdrv (1a231abec60fd316ec54c66715543cec) C:\Windows\system32\DRIVERS\bxvbdx.sys
21:04:26.0592 1444 b06bdrv - ok
21:04:26.0623 1444 b57nd60x (bd8869eb9cde6bbe4508d869929869ee) C:\Windows\system32\DRIVERS\b57nd60x.sys
21:04:26.0670 1444 b57nd60x - ok
21:04:26.0794 1444 BBSvc (01a24b415926bb5f772dbe12459d97de) C:\Program Files\Microsoft\BingBar\BBSvc.EXE
21:04:26.0810 1444 BBSvc - ok
21:04:26.0857 1444 BBUpdate (785de7abda13309d6065305542829e76) C:\Program Files\Microsoft\BingBar\SeaPort.EXE
21:04:26.0872 1444 BBUpdate - ok
21:04:26.0904 1444 BDESVC (ee1e9c3bb8228ae423dd38db69128e71) C:\Windows\System32\bdesvc.dll
21:04:26.0966 1444 BDESVC - ok
21:04:26.0997 1444 Beep (505506526a9d467307b3c393dedaf858) C:\Windows\system32\drivers\Beep.sys
21:04:27.0028 1444 Beep - ok
21:04:27.0075 1444 BFE (1e2bac209d184bb851e1a187d8a29136) C:\Windows\System32\bfe.dll
21:04:27.0153 1444 BFE - ok
21:04:27.0231 1444 BITS (e585445d5021971fae10393f0f1c3961) C:\Windows\System32\qmgr.dll
21:04:27.0340 1444 BITS - ok
21:04:27.0387 1444 blbdrive (2287078ed48fcfc477b05b20cf38f36f) C:\Windows\system32\DRIVERS\blbdrive.sys
21:04:27.0403 1444 blbdrive - ok
21:04:27.0512 1444 Bonjour Service (db5bea73edaf19ac68b2c0fad0f92b1a) C:\Program Files\Bonjour\mDNSResponder.exe
21:04:27.0528 1444 Bonjour Service - ok
21:04:27.0543 1444 bowser (8f2da3028d5fcbd1a060a3de64cd6506) C:\Windows\system32\DRIVERS\bowser.sys
21:04:27.0574 1444 bowser - ok
21:04:27.0606 1444 BrFiltLo (9f9acc7f7ccde8a15c282d3f88b43309) C:\Windows\system32\DRIVERS\BrFiltLo.sys
21:04:27.0637 1444 BrFiltLo - ok
21:04:27.0668 1444 BrFiltUp (56801ad62213a41f6497f96dee83755a) C:\Windows\system32\DRIVERS\BrFiltUp.sys
21:04:27.0699 1444 BrFiltUp - ok
21:04:27.0730 1444 Browser (6e11f33d14d020f58d5e02e4d67dfa19) C:\Windows\System32\browser.dll
21:04:27.0762 1444 Browser - ok
21:04:27.0777 1444 Brserid (845b8ce732e67f3b4133164868c666ea) C:\Windows\System32\Drivers\Brserid.sys
21:04:27.0824 1444 Brserid - ok
21:04:27.0855 1444 BrSerWdm (203f0b1e73adadbbb7b7b1fabd901f6b) C:\Windows\System32\Drivers\BrSerWdm.sys
21:04:27.0886 1444 BrSerWdm - ok
21:04:27.0918 1444 BrUsbMdm (bd456606156ba17e60a04e18016ae54b) C:\Windows\System32\Drivers\BrUsbMdm.sys
21:04:27.0933 1444 BrUsbMdm - ok
21:04:27.0949 1444 BrUsbSer (af72ed54503f717a43268b3cc5faec2e) C:\Windows\System32\Drivers\BrUsbSer.sys
21:04:27.0980 1444 BrUsbSer - ok
21:04:27.0996 1444 BTHMODEM (ed3df7c56ce0084eb2034432fc56565a) C:\Windows\system32\DRIVERS\bthmodem.sys
21:04:28.0027 1444 BTHMODEM - ok
21:04:28.0074 1444 bthserv (1df19c96eef6c29d1c3e1a8678e07190) C:\Windows\system32\bthserv.dll
21:04:28.0105 1444 bthserv - ok
21:04:28.0152 1444 cdfs (77ea11b065e0a8ab902d78145ca51e10) C:\Windows\system32\DRIVERS\cdfs.sys
21:04:28.0183 1444 cdfs - ok
21:04:28.0214 1444 cdrom (be167ed0fdb9c1fa1133953c18d5a6c9) C:\Windows\system32\drivers\cdrom.sys
21:04:28.0245 1444 cdrom - ok
21:04:28.0276 1444 CertPropSvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:04:28.0308 1444 CertPropSvc - ok
21:04:28.0323 1444 circlass (3fe3fe94a34df6fb06e6418d0f6a0060) C:\Windows\system32\DRIVERS\circlass.sys
21:04:28.0370 1444 circlass - ok
21:04:28.0401 1444 CLFS (635181e0e9bbf16871bf5380d71db02d) C:\Windows\system32\CLFS.sys
21:04:28.0432 1444 CLFS - ok
21:04:28.0479 1444 clr_optimization_v2.0.50727_32 (d88040f816fda31c3b466f0fa0918f29) C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
21:04:28.0479 1444 clr_optimization_v2.0.50727_32 - ok
21:04:28.0542 1444 clr_optimization_v4.0.30319_32 (c5a75eb48e2344abdc162bda79e16841) C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
21:04:28.0588 1444 clr_optimization_v4.0.30319_32 - ok
21:04:28.0620 1444 CmBatt (dea805815e587dad1dd2c502220b5616) C:\Windows\system32\DRIVERS\CmBatt.sys
21:04:28.0651 1444 CmBatt - ok
21:04:28.0651 1444 cmdide (c537b1db64d495b9b4717b4d6d9edbf2) C:\Windows\system32\drivers\cmdide.sys
21:04:28.0666 1444 cmdide - ok
21:04:28.0713 1444 CNG (247b4ce2dab1160cd422d532d5241e1f) C:\Windows\system32\Drivers\cng.sys
21:04:28.0729 1444 CNG - ok
21:04:28.0760 1444 Compbatt (a6023d3823c37043986713f118a89bee) C:\Windows\system32\DRIVERS\compbatt.sys
21:04:28.0760 1444 Compbatt - ok
21:04:28.0807 1444 CompositeBus (cbe8c58a8579cfe5fccf809e6f114e89) C:\Windows\system32\drivers\CompositeBus.sys
21:04:28.0838 1444 CompositeBus - ok
21:04:28.0854 1444 COMSysApp - ok
21:04:28.0869 1444 crcdisk (2c4ebcfc84a9b44f209dff6c6e6c61d1) C:\Windows\system32\DRIVERS\crcdisk.sys
21:04:28.0885 1444 crcdisk - ok
21:04:28.0916 1444 CryptSvc (06e771aa596b8761107ab57e99f128d7) C:\Windows\system32\cryptsvc.dll
21:04:28.0947 1444 CryptSvc - ok
21:04:28.0994 1444 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\Windows\system32\DRIVERS\CVirtA.sys
21:04:29.0041 1444 CVirtA - ok
21:04:29.0072 1444 DcomLaunch (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:04:29.0088 1444 DcomLaunch - ok
21:04:29.0119 1444 defragsvc (8d6e10a2d9a5eed59562d9b82cf804e1) C:\Windows\System32\defragsvc.dll
21:04:29.0166 1444 defragsvc - ok
21:04:29.0197 1444 DfsC (f024449c97ec1e464aaffda18593db88) C:\Windows\system32\Drivers\dfsc.sys
21:04:29.0228 1444 DfsC - ok
21:04:29.0259 1444 Dhcp (e9e01eb683c132f7fa27cd607b8a2b63) C:\Windows\system32\dhcpcore.dll
21:04:29.0290 1444 Dhcp - ok
21:04:29.0306 1444 discache (1a050b0274bfb3890703d490f330c0da) C:\Windows\system32\drivers\discache.sys
21:04:29.0337 1444 discache - ok
21:04:29.0368 1444 Disk (565003f326f99802e68ca78f2a68e9ff) C:\Windows\system32\DRIVERS\disk.sys
21:04:29.0384 1444 Disk - ok
21:04:29.0400 1444 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\Windows\system32\DRIVERS\dne2000.sys
21:04:29.0415 1444 DNE - ok
21:04:29.0462 1444 Dnscache (33ef4861f19a0736b11314aad9ae28d0) C:\Windows\System32\dnsrslvr.dll
21:04:29.0493 1444 Dnscache - ok
21:04:29.0524 1444 dot3svc (366ba8fb4b7bb7435e3b9eacb3843f67) C:\Windows\System32\dot3svc.dll
21:04:29.0618 1444 dot3svc - ok
21:04:29.0680 1444 Dot4 (b5e479eb83707dd698f66953e922042c) C:\Windows\system32\DRIVERS\Dot4.sys
21:04:29.0712 1444 Dot4 - ok
21:04:29.0743 1444 Dot4Print (caefd09b6a6249c53a67d55a9a9fcabf) C:\Windows\system32\DRIVERS\Dot4Prt.sys
21:04:29.0774 1444 Dot4Print - ok
21:04:29.0805 1444 dot4usb (cf491ff38d62143203c065260567e2f7) C:\Windows\system32\DRIVERS\dot4usb.sys
21:04:29.0821 1444 dot4usb - ok
21:04:29.0852 1444 DPS (8ec04ca86f1d68da9e11952eb85973d6) C:\Windows\system32\dps.dll
21:04:29.0899 1444 DPS - ok
21:04:29.0930 1444 drmkaud (b918e7c5f9bf77202f89e1a9539f2eb4) C:\Windows\system32\drivers\drmkaud.sys
21:04:29.0946 1444 drmkaud - ok
21:04:30.0008 1444 DXGKrnl (23f5d28378a160352ba8f817bd8c71cb) C:\Windows\System32\drivers\dxgkrnl.sys
21:04:30.0024 1444 DXGKrnl - ok
21:04:30.0086 1444 e1express (0535bfbedb9378ddd15bdf9957d57d71) C:\Windows\system32\DRIVERS\e1e6232.sys
21:04:30.0102 1444 e1express - ok
21:04:30.0117 1444 EapHost (8600142fa91c1b96367d3300ad0f3f3a) C:\Windows\System32\eapsvc.dll
21:04:30.0180 1444 EapHost - ok
21:04:30.0460 1444 ebdrv (024e1b5cac09731e4d868e64dbfb4ab0) C:\Windows\system32\DRIVERS\evbdx.sys
21:04:30.0523 1444 ebdrv - ok
21:04:30.0632 1444 EFS (81951f51e318aecc2d68559e47485cc4) C:\Windows\System32\lsass.exe
21:04:30.0663 1444 EFS - ok
21:04:30.0772 1444 ehRecvr (a8c362018efc87beb013ee28f29c0863) C:\Windows\ehome\ehRecvr.exe
21:04:30.0850 1444 ehRecvr - ok
21:04:30.0897 1444 ehSched (d389bff34f80caede417bf9d1507996a) C:\Windows\ehome\ehsched.exe
21:04:30.0928 1444 ehSched - ok
21:04:31.0006 1444 ElbyCDIO (d71233d7ccc2e64f8715a20428d5a33b) C:\Windows\system32\Drivers\ElbyCDIO.sys
21:04:31.0022 1444 ElbyCDIO - ok
21:04:31.0084 1444 elxstor (0ed67910c8c326796faa00b2bf6d9d3c) C:\Windows\system32\DRIVERS\elxstor.sys
21:04:31.0116 1444 elxstor - ok
21:04:31.0147 1444 ErrDev (8fc3208352dd3912c94367a206ab3f11) C:\Windows\system32\drivers\errdev.sys
21:04:31.0162 1444 ErrDev - ok
21:04:31.0209 1444 EventSystem (f6916efc29d9953d5d0df06882ae8e16) C:\Windows\system32\es.dll
21:04:31.0240 1444 EventSystem - ok
21:04:31.0287 1444 exfat (2dc9108d74081149cc8b651d3a26207f) C:\Windows\system32\drivers\exfat.sys
21:04:31.0303 1444 exfat - ok
21:04:31.0350 1444 fastfat (7e0ab74553476622fb6ae36f73d97d35) C:\Windows\system32\drivers\fastfat.sys
21:04:31.0412 1444 fastfat - ok
21:04:31.0490 1444 Fax (967ea5b213e9984cbe270205df37755b) C:\Windows\system32\fxssvc.exe
21:04:31.0568 1444 Fax - ok
21:04:31.0584 1444 fdc (e817a017f82df2a1f8cfdbda29388b29) C:\Windows\system32\DRIVERS\fdc.sys
21:04:31.0615 1444 fdc - ok
21:04:31.0630 1444 fdPHost (f3222c893bd2f5821a0179e5c71e88fb) C:\Windows\system32\fdPHost.dll
21:04:31.0662 1444 fdPHost - ok
21:04:31.0708 1444 FDResPub (7dbe8cbfe79efbdeb98c9fb08d3a9a5b) C:\Windows\system32\fdrespub.dll
21:04:31.0755 1444 FDResPub - ok
21:04:31.0786 1444 FileInfo (6cf00369c97f3cf563be99be983d13d8) C:\Windows\system32\drivers\fileinfo.sys
21:04:31.0802 1444 FileInfo - ok
21:04:31.0818 1444 Filetrace (42c51dc94c91da21cb9196eb64c45db9) C:\Windows\system32\drivers\filetrace.sys
21:04:31.0833 1444 Filetrace - ok
21:04:31.0880 1444 flpydisk (87907aa70cb3c56600f1c2fb8841579b) C:\Windows\system32\DRIVERS\flpydisk.sys
21:04:31.0896 1444 flpydisk - ok
21:04:31.0927 1444 FltMgr (7520ec808e0c35e0ee6f841294316653) C:\Windows\system32\drivers\fltmgr.sys
21:04:31.0942 1444 FltMgr - ok
21:04:32.0005 1444 FontCache (b3a5ec6b6b6673db7e87c2bcdbddc074) C:\Windows\system32\FntCache.dll
21:04:32.0052 1444 FontCache - ok
21:04:32.0114 1444 FontCache3.0.0.0 (e56f39f6b7fda0ac77a79b0fd3de1a2f) C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
21:04:32.0130 1444 FontCache3.0.0.0 - ok
21:04:32.0145 1444 FsDepends (1a16b57943853e598cff37fe2b8cbf1d) C:\Windows\system32\drivers\FsDepends.sys
21:04:32.0145 1444 FsDepends - ok
21:04:32.0176 1444 Fs_Rec (7dae5ebcc80e45d3253f4923dc424d05) C:\Windows\system32\drivers\Fs_Rec.sys
21:04:32.0192 1444 Fs_Rec - ok
21:04:32.0223 1444 fvevol (8a73e79089b282100b9393b644cb853b) C:\Windows\system32\DRIVERS\fvevol.sys
21:04:32.0239 1444 fvevol - ok
21:04:32.0270 1444 gagp30kx (65ee0c7a58b65e74ae05637418153938) C:\Windows\system32\DRIVERS\gagp30kx.sys
21:04:32.0286 1444 gagp30kx - ok
21:04:32.0317 1444 GEARAspiWDM (8182ff89c65e4d38b2de4bb0fb18564e) C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
21:04:32.0332 1444 GEARAspiWDM - ok
21:04:32.0364 1444 gpsvc (e897eaf5ed6ba41e081060c9b447a673) C:\Windows\System32\gpsvc.dll
21:04:32.0395 1444 gpsvc - ok
21:04:32.0442 1444 hcw85cir (c44e3c2bab6837db337ddee7544736db) C:\Windows\system32\drivers\hcw85cir.sys
21:04:32.0473 1444 hcw85cir - ok
21:04:32.0535 1444 HdAudAddService (a5ef29d5315111c80a5c1abad14c8972) C:\Windows\system32\drivers\HdAudio.sys
21:04:32.0566 1444 HdAudAddService - ok
21:04:32.0582 1444 HDAudBus (9036377b8a6c15dc2eec53e489d159b5) C:\Windows\system32\drivers\HDAudBus.sys
21:04:32.0613 1444 HDAudBus - ok
21:04:32.0613 1444 HidBatt (1d58a7f3e11a9731d0eaaaa8405acc36) C:\Windows\system32\DRIVERS\HidBatt.sys
21:04:32.0629 1444 HidBatt - ok
21:04:32.0660 1444 HidBth (89448f40e6df260c206a193a4683ba78) C:\Windows\system32\DRIVERS\hidbth.sys
21:04:32.0691 1444 HidBth - ok
21:04:32.0722 1444 HidIr (cf50b4cf4a4f229b9f3c08351f99ca5e) C:\Windows\system32\DRIVERS\hidir.sys
21:04:32.0738 1444 HidIr - ok
21:04:32.0769 1444 hidserv (2bc6f6a1992b3a77f5f41432ca6b3b6b) C:\Windows\system32\hidserv.dll
21:04:32.0800 1444 hidserv - ok
21:04:32.0832 1444 HidUsb (10c19f8290891af023eaec0832e1eb4d) C:\Windows\system32\drivers\hidusb.sys
21:04:32.0847 1444 HidUsb - ok
21:04:32.0878 1444 hkmsvc (196b4e3f4cccc24af836ce58facbb699) C:\Windows\system32\kmsvc.dll
21:04:32.0910 1444 hkmsvc - ok
21:04:32.0925 1444 HomeGroupListener (6658f4404de03d75fe3ba09f7aba6a30) C:\Windows\system32\ListSvc.dll
21:04:32.0956 1444 HomeGroupListener - ok
21:04:32.0988 1444 HomeGroupProvider (dbc02d918fff1cad628acbe0c0eaa8e8) C:\Windows\system32\provsvc.dll
21:04:33.0003 1444 HomeGroupProvider - ok
21:04:33.0580 1444 hpqcxs08 (1dae5c46d42b02a6d5862e1482efb390) C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
21:04:33.0612 1444 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0612 1444 hpqcxs08 - detected UnsignedFile.Multi.Generic (1)
21:04:33.0643 1444 hpqddsvc (99e8eef42fe2f4af29b08c3355dd7685) C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
21:04:33.0658 1444 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0658 1444 hpqddsvc - detected UnsignedFile.Multi.Generic (1)
21:04:33.0690 1444 HpSAMD (295fdc419039090eb8b49ffdbb374549) C:\Windows\system32\drivers\HpSAMD.sys
21:04:33.0705 1444 HpSAMD - ok
21:04:33.0783 1444 HPSLPSVC (79737e0f7d25de8405cb34d4c9882253) C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL
21:04:33.0830 1444 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning
21:04:33.0830 1444 HPSLPSVC - detected UnsignedFile.Multi.Generic (1)
21:04:33.0877 1444 HTTP (871917b07a141bff43d76d8844d48106) C:\Windows\system32\drivers\HTTP.sys
21:04:33.0924 1444 HTTP - ok
21:04:33.0955 1444 hwpolicy (0c4e035c7f105f1299258c90886c64c5) C:\Windows\system32\drivers\hwpolicy.sys
21:04:33.0970 1444 hwpolicy - ok
21:04:34.0017 1444 i8042prt (f151f0bdc47f4a28b1b20a0818ea36d6) C:\Windows\system32\drivers\i8042prt.sys
21:04:34.0064 1444 i8042prt - ok
21:04:34.0142 1444 IAMT03 (c7a9cd6b23c13433bc35c829003b41fa) C:\Windows\system32\DRIVERS\IAMT03.sys
21:04:34.0142 1444 IAMT03 - ok
21:04:34.0173 1444 IAMTV (739757b5da9963f3effc4e4b42653949) C:\Windows\system32\DRIVERS\IAMTV.sys
21:04:34.0189 1444 IAMTV - ok
21:04:34.0220 1444 IAMTXP (31ebce32fa98e51e21747b7efb16f281) C:\Windows\system32\DRIVERS\IAMTXP.sys
21:04:34.0220 1444 IAMTXP - ok
21:04:34.0282 1444 iaStor (5a6c5876fb84418d08d67b8caed5efcf) C:\Windows\system32\DRIVERS\iaStor.sys
21:04:34.0298 1444 iaStor - ok
21:04:34.0376 1444 IAStorDataMgrSvc (de9560e9703bfe1bd08014a406be0033) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
21:04:34.0392 1444 IAStorDataMgrSvc - ok
21:04:34.0470 1444 iaStorV (5cd5f9a5444e6cdcb0ac89bd62d8b76e) C:\Windows\system32\drivers\iaStorV.sys
21:04:34.0501 1444 iaStorV - ok
21:04:34.0672 1444 idsvc (c521d7eb6497bb1af6afa89e322fb43c) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
21:04:34.0704 1444 idsvc - ok
21:04:34.0828 1444 iirsp (4173ff5708f3236cf25195fecd742915) C:\Windows\system32\DRIVERS\iirsp.sys
21:04:34.0844 1444 iirsp - ok
21:04:34.0938 1444 IKEEXT (f95622f161474511b8d80d6b093aa610) C:\Windows\System32\ikeext.dll
21:04:35.0000 1444 IKEEXT - ok
21:04:35.0203 1444 IntcAzAudAddService (f4427e5df32cde359b2e2e5512d18001) C:\Windows\system32\drivers\RTKVHDA.sys
21:04:35.0296 1444 IntcAzAudAddService - ok
21:04:35.0530 1444 intelide (a0f12f2c9ba6c72f3987ce780e77c130) C:\Windows\system32\drivers\intelide.sys
21:04:35.0546 1444 intelide - ok
21:04:35.0577 1444 intelppm (3b514d27bfc4accb4037bc6685f766e0) C:\Windows\system32\DRIVERS\intelppm.sys
21:04:35.0593 1444 intelppm - ok
21:04:35.0624 1444 IPBusEnum (acb364b9075a45c0736e5c47be5cae19) C:\Windows\system32\ipbusenum.dll
21:04:35.0686 1444 IPBusEnum - ok
21:04:35.0702 1444 IpFilterDriver (709d1761d3b19a932ff0238ea6d50200) C:\Windows\system32\DRIVERS\ipfltdrv.sys
21:04:35.0733 1444 IpFilterDriver - ok
21:04:35.0780 1444 iphlpsvc (4d65a07b795d6674312f879d09aa7663) C:\Windows\System32\iphlpsvc.dll
21:04:35.0827 1444 iphlpsvc - ok
21:04:35.0858 1444 IPMIDRV (4bd7134618c1d2a27466a099062547bf) C:\Windows\system32\drivers\IPMIDrv.sys
21:04:35.0889 1444 IPMIDRV - ok
21:04:35.0889 1444 IPNAT (a5fa468d67abcdaa36264e463a7bb0cd) C:\Windows\system32\drivers\ipnat.sys
21:04:35.0936 1444 IPNAT - ok
21:04:36.0076 1444 iPod Service (e6be7a41a28d8f2db174957454d32448) C:\Program Files\iPod\bin\iPodService.exe
21:04:36.0108 1444 iPod Service - ok
21:04:36.0123 1444 IRENUM (42996cff20a3084a56017b7902307e9f) C:\Windows\system32\drivers\irenum.sys
21:04:36.0170 1444 IRENUM - ok
21:04:36.0201 1444 isapnp (1f32bb6b38f62f7df1a7ab7292638a35) C:\Windows\system32\drivers\isapnp.sys
21:04:36.0217 1444 isapnp - ok
21:04:36.0232 1444 iScsiPrt (cb7a9abb12b8415bce5d74994c7ba3ae) C:\Windows\system32\drivers\msiscsi.sys
21:04:36.0264 1444 iScsiPrt - ok
21:04:36.0279 1444 kbdclass (adef52ca1aeae82b50df86b56413107e) C:\Windows\system32\drivers\kbdclass.sys
21:04:36.0295 1444 kbdclass - ok
21:04:36.0326 1444 kbdhid (9e3ced91863e6ee98c24794d05e27a71) C:\Windows\system32\drivers\kbdhid.sys
21:04:36.0357 1444 kbdhid - ok
21:04:36.0388 1444 KeyIso (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:36.0404 1444 KeyIso - ok
21:04:36.0435 1444 KSecDD (b7895b4182c0d16f6efadeb8081e8d36) C:\Windows\system32\Drivers\ksecdd.sys
21:04:36.0451 1444 KSecDD - ok
21:04:36.0466 1444 KSecPkg (d30159ac9237519fbc62c6ec247d2d46) C:\Windows\system32\Drivers\ksecpkg.sys
21:04:36.0482 1444 KSecPkg - ok
21:04:36.0529 1444 KtmRm (89a7b9cc98d0d80c6f31b91c0a310fcd) C:\Windows\system32\msdtckrm.dll
21:04:36.0591 1444 KtmRm - ok
21:04:36.0622 1444 LanmanServer (d64af876d53eca3668bb97b51b4e70ab) C:\Windows\system32\srvsvc.dll
21:04:36.0669 1444 LanmanServer - ok
21:04:36.0700 1444 LanmanWorkstation (58405e4f68ba8e4057c6e914f326aba2) C:\Windows\System32\wkssvc.dll
21:04:36.0747 1444 LanmanWorkstation - ok
21:04:36.0778 1444 lltdio (f7611ec07349979da9b0ae1f18ccc7a6) C:\Windows\system32\DRIVERS\lltdio.sys
21:04:36.0825 1444 lltdio - ok
21:04:36.0841 1444 lltdsvc (5700673e13a2117fa3b9020c852c01e2) C:\Windows\System32\lltdsvc.dll
21:04:36.0903 1444 lltdsvc - ok
21:04:36.0919 1444 lmhosts (55ca01ba19d0006c8f2639b6c045e08b) C:\Windows\System32\lmhsvc.dll
21:04:36.0934 1444 lmhosts - ok
21:04:36.0981 1444 LSI_FC (eb119a53ccf2acc000ac71b065b78fef) C:\Windows\system32\DRIVERS\lsi_fc.sys
21:04:36.0981 1444 LSI_FC - ok
21:04:37.0059 1444 LSI_SAS (8ade1c877256a22e49b75d1cc9161f9c) C:\Windows\system32\DRIVERS\lsi_sas.sys
21:04:37.0075 1444 LSI_SAS - ok
21:04:37.0106 1444 LSI_SAS2 (dc9dc3d3daa0e276fd2ec262e38b11e9) C:\Windows\system32\DRIVERS\lsi_sas2.sys
21:04:37.0106 1444 LSI_SAS2 - ok
21:04:37.0137 1444 LSI_SCSI (0a036c7d7cab643a7f07135ac47e0524) C:\Windows\system32\DRIVERS\lsi_scsi.sys
21:04:37.0153 1444 LSI_SCSI - ok
21:04:37.0168 1444 luafv (6703e366cc18d3b6e534f5cf7df39cee) C:\Windows\system32\drivers\luafv.sys
21:04:37.0200 1444 luafv - ok
21:04:37.0262 1444 LVPr2Mon (8be71d7edb8c7494913722059f760dd0) C:\Windows\system32\DRIVERS\LVPr2Mon.sys
21:04:37.0262 1444 LVPr2Mon - ok
21:04:37.0309 1444 LVRS (7521c0c58ee91be90b6cc33e792d10c7) C:\Windows\system32\DRIVERS\lvrs.sys
21:04:37.0324 1444 LVRS - ok
21:04:37.0605 1444 LVUVC (37e57c48af530df01cdd4e8a2ad77b51) C:\Windows\system32\DRIVERS\lvuvc.sys
21:04:37.0699 1444 LVUVC - ok
21:04:37.0980 1444 Mcx2Svc (bfb9ee8ee977efe85d1a3105abef6dd1) C:\Windows\system32\Mcx2Svc.dll
21:04:37.0995 1444 Mcx2Svc - ok
21:04:38.0026 1444 megasas (0fff5b045293002ab38eb1fd1fc2fb74) C:\Windows\system32\DRIVERS\megasas.sys
21:04:38.0042 1444 megasas - ok
21:04:38.0089 1444 MegaSR (dcbab2920c75f390caf1d29f675d03d6) C:\Windows\system32\DRIVERS\MegaSR.sys
21:04:38.0104 1444 MegaSR - ok
21:04:38.0198 1444 Microsoft SharePoint Workspace Audit Service - ok
21:04:38.0229 1444 MMCSS (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:04:38.0292 1444 MMCSS - ok
21:04:38.0307 1444 Modem (f001861e5700ee84e2d4e52c712f4964) C:\Windows\system32\drivers\modem.sys
21:04:38.0338 1444 Modem - ok
21:04:38.0370 1444 monitor (79d10964de86b292320e9dfe02282a23) C:\Windows\system32\DRIVERS\monitor.sys
21:04:38.0385 1444 monitor - ok
21:04:38.0401 1444 mouclass (fb18cc1d4c2e716b6b903b0ac0cc0609) C:\Windows\system32\drivers\mouclass.sys
21:04:38.0416 1444 mouclass - ok
21:04:38.0448 1444 mouhid (2c388d2cd01c9042596cf3c8f3c7b24d) C:\Windows\system32\DRIVERS\mouhid.sys
21:04:38.0463 1444 mouhid - ok
21:04:38.0479 1444 mountmgr (fc8771f45ecccfd89684e38842539b9b) C:\Windows\system32\drivers\mountmgr.sys
21:04:38.0494 1444 mountmgr - ok
21:04:38.0541 1444 MozillaMaintenance (46297fa8e30a6007f14118fc2b942fbc) C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
21:04:38.0557 1444 MozillaMaintenance - ok
21:04:38.0572 1444 mpio (2d699fb6e89ce0d8da14ecc03b3edfe0) C:\Windows\system32\drivers\mpio.sys
21:04:38.0588 1444 mpio - ok
21:04:38.0619 1444 mpsdrv (ad2723a7b53dd1aacae6ad8c0bfbf4d0) C:\Windows\system32\drivers\mpsdrv.sys
21:04:38.0666 1444 mpsdrv - ok
21:04:38.0728 1444 MpsSvc (9835584e999d25004e1ee8e5f3e3b881) C:\Windows\system32\mpssvc.dll
21:04:38.0775 1444 MpsSvc - ok
21:04:38.0806 1444 MRxDAV (ceb46ab7c01c9f825f8cc6babc18166a) C:\Windows\system32\drivers\mrxdav.sys
21:04:38.0838 1444 MRxDAV - ok
21:04:38.0884 1444 mrxsmb (5d16c921e3671636c0eba3bbaac5fd25) C:\Windows\system32\DRIVERS\mrxsmb.sys
21:04:38.0931 1444 mrxsmb - ok
21:04:38.0947 1444 mrxsmb10 (6d17a4791aca19328c685d256349fefc) C:\Windows\system32\DRIVERS\mrxsmb10.sys
21:04:38.0978 1444 mrxsmb10 - ok
21:04:39.0009 1444 mrxsmb20 (b81f204d146000be76651a50670a5e9e) C:\Windows\system32\DRIVERS\mrxsmb20.sys
21:04:39.0025 1444 mrxsmb20 - ok
21:04:39.0056 1444 msahci (012c5f4e9349e711e11e0f19a8589f0a) C:\Windows\system32\drivers\msahci.sys
21:04:39.0056 1444 msahci - ok
21:04:39.0072 1444 msdsm (55055f8ad8be27a64c831322a780a228) C:\Windows\system32\drivers\msdsm.sys
21:04:39.0087 1444 msdsm - ok
21:04:39.0118 1444 MSDTC (e1bce74a3bd9902b72599c0192a07e27) C:\Windows\System32\msdtc.exe
21:04:39.0134 1444 MSDTC - ok
21:04:39.0165 1444 Msfs (daefb28e3af5a76abcc2c3078c07327f) C:\Windows\system32\drivers\Msfs.sys
21:04:39.0196 1444 Msfs - ok
21:04:39.0212 1444 mshidkmdf (3e1e5767043c5af9367f0056295e9f84) C:\Windows\System32\drivers\mshidkmdf.sys
21:04:39.0259 1444 mshidkmdf - ok
21:04:39.0274 1444 msisadrv (0a4e5757ae09fa9622e3158cc1aef114) C:\Windows\system32\drivers\msisadrv.sys
21:04:39.0290 1444 msisadrv - ok
21:04:39.0306 1444 MSiSCSI (90f7d9e6b6f27e1a707d4a297f077828) C:\Windows\system32\iscsiexe.dll
21:04:39.0337 1444 MSiSCSI - ok
21:04:39.0337 1444 msiserver - ok
21:04:39.0352 1444 MSKSSRV (8c0860d6366aaffb6c5bb9df9448e631) C:\Windows\system32\drivers\MSKSSRV.sys
21:04:39.0384 1444 MSKSSRV - ok
21:04:39.0399 1444 MSPCLOCK (3ea8b949f963562cedbb549eac0c11ce) C:\Windows\system32\drivers\MSPCLOCK.sys
21:04:39.0446 1444 MSPCLOCK - ok
21:04:39.0462 1444 MSPQM (f456e973590d663b1073e9c463b40932) C:\Windows\system32\drivers\MSPQM.sys
21:04:39.0508 1444 MSPQM - ok
21:04:39.0524 1444 MsRPC (0e008fc4819d238c51d7c93e7b41e560) C:\Windows\system32\drivers\MsRPC.sys
21:04:39.0524 1444 MsRPC - ok
21:04:39.0540 1444 mssmbios (fc6b9ff600cc585ea38b12589bd4e246) C:\Windows\system32\drivers\mssmbios.sys
21:04:39.0555 1444 mssmbios - ok
21:04:39.0571 1444 MSTEE (b42c6b921f61a6e55159b8be6cd54a36) C:\Windows\system32\drivers\MSTEE.sys
21:04:39.0586 1444 MSTEE - ok
21:04:39.0602 1444 MTConfig (33599130f44e1f34631cea241de8ac84) C:\Windows\system32\DRIVERS\MTConfig.sys
21:04:39.0633 1444 MTConfig - ok
21:04:39.0633 1444 Mup (159fad02f64e6381758c990f753bcc80) C:\Windows\system32\Drivers\mup.sys
21:04:39.0649 1444 Mup - ok
21:04:39.0680 1444 napagent (61d57a5d7c6d9afe10e77dae6e1b445e) C:\Windows\system32\qagentRT.dll
21:04:39.0711 1444 napagent - ok
21:04:39.0758 1444 NativeWifiP (26384429fcd85d83746f63e798ab1480) C:\Windows\system32\DRIVERS\nwifi.sys
21:04:39.0789 1444 NativeWifiP - ok
21:04:39.0867 1444 NDIS (e7c54812a2aaf43316eb6930c1ffa108) C:\Windows\system32\drivers\ndis.sys
21:04:39.0883 1444 NDIS - ok
21:04:39.0898 1444 NdisCap (0e1787aa6c9191d3d319e8bafe86f80c) C:\Windows\system32\DRIVERS\ndiscap.sys
21:04:39.0930 1444 NdisCap - ok
21:04:39.0945 1444 NdisTapi (e4a8aec125a2e43a9e32afeea7c9c888) C:\Windows\system32\DRIVERS\ndistapi.sys
21:04:39.0992 1444 NdisTapi - ok
21:04:40.0039 1444 Ndisuio (d8a65dafb3eb41cbb622745676fcd072) C:\Windows\system32\DRIVERS\ndisuio.sys
21:04:40.0070 1444 Ndisuio - ok
21:04:40.0086 1444 NdisWan (38fbe267e7e6983311179230facb1017) C:\Windows\system32\DRIVERS\ndiswan.sys
21:04:40.0117 1444 NdisWan - ok
21:04:40.0132 1444 NDProxy (a4bdc541e69674fbff1a8ff00be913f2) C:\Windows\system32\drivers\NDProxy.sys
21:04:40.0164 1444 NDProxy - ok
21:04:40.0210 1444 Net Driver HPZ12 (a081cb6fb9a12668f233eb5414be3a0e) C:\Windows\system32\HPZinw12.dll
21:04:40.0242 1444 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:40.0242 1444 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:40.0257 1444 NetBIOS (80b275b1ce3b0e79909db7b39af74d51) C:\Windows\system32\DRIVERS\netbios.sys
21:04:40.0288 1444 NetBIOS - ok
21:04:40.0320 1444 NetBT (280122ddcf04b378edd1ad54d71c1e54) C:\Windows\system32\DRIVERS\netbt.sys
21:04:40.0366 1444 NetBT - ok
21:04:40.0398 1444 Netlogon (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:40.0398 1444 Netlogon - ok
21:04:40.0476 1444 Netman (7cccfca7510684768da22092d1fa4db2) C:\Windows\System32\netman.dll
21:04:40.0507 1444 Netman - ok
21:04:40.0522 1444 netprofm (8c338238c16777a802d6a9211eb2ba50) C:\Windows\System32\netprofm.dll
21:04:40.0538 1444 netprofm - ok
21:04:40.0616 1444 netr28u (27ee4b406e2f26f6117a9a420bd4cb65) C:\Windows\system32\DRIVERS\netr28u.sys
21:04:40.0678 1444 netr28u - ok
21:04:40.0741 1444 NetTcpPortSharing (f476ec40033cdb91efbe73eb99b8362d) C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
21:04:40.0756 1444 NetTcpPortSharing - ok
21:04:40.0788 1444 nfrd960 (1d85c4b390b0ee09c7a46b91efb2c097) C:\Windows\system32\DRIVERS\nfrd960.sys
21:04:40.0788 1444 nfrd960 - ok
21:04:40.0834 1444 NlaSvc (912084381d30d8b89ec4e293053f4710) C:\Windows\System32\nlasvc.dll
21:04:40.0881 1444 NlaSvc - ok
21:04:40.0897 1444 Npfs (1db262a9f8c087e8153d89bef3d2235f) C:\Windows\system32\drivers\Npfs.sys
21:04:40.0944 1444 Npfs - ok
21:04:40.0990 1444 NPF_devolo (75ac610a7481cb1f343dc971249bcb19) C:\Windows\system32\drivers\npf_devolo.sys
21:04:41.0006 1444 NPF_devolo ( UnsignedFile.Multi.Generic ) - warning
21:04:41.0006 1444 NPF_devolo - detected UnsignedFile.Multi.Generic (1)
21:04:41.0037 1444 nsi (ba387e955e890c8a88306d9b8d06bf17) C:\Windows\system32\nsisvc.dll
21:04:41.0068 1444 nsi - ok
21:04:41.0084 1444 nsiproxy (e9a0a4d07e53d8fea2bb8387a3293c58) C:\Windows\system32\drivers\nsiproxy.sys
21:04:41.0115 1444 nsiproxy - ok
21:04:41.0193 1444 Ntfs (81189c3d7763838e55c397759d49007a) C:\Windows\system32\drivers\Ntfs.sys
21:04:41.0224 1444 Ntfs - ok
21:04:41.0365 1444 Null (f9756a98d69098dca8945d62858a812c) C:\Windows\system32\drivers\Null.sys
21:04:41.0412 1444 Null - ok
21:04:42.0036 1444 nvlddmkm (c8cb6135884cbc2a10225c4c3cef0f95) C:\Windows\system32\DRIVERS\nvlddmkm.sys
21:04:42.0192 1444 nvlddmkm - ok
21:04:42.0535 1444 nvraid (b3e25ee28883877076e0e1ff877d02e0) C:\Windows\system32\drivers\nvraid.sys
21:04:42.0550 1444 nvraid - ok
21:04:42.0597 1444 nvstor (4380e59a170d88c4f1022eff6719a8a4) C:\Windows\system32\drivers\nvstor.sys
21:04:42.0613 1444 nvstor - ok
21:04:42.0660 1444 nvsvc (c1303870d5f9ead4beb68559aab7a87b) C:\Windows\system32\nvvsvc.exe
21:04:42.0660 1444 nvsvc - ok
21:04:42.0691 1444 nv_agp (5a0983915f02bae73267cc2a041f717d) C:\Windows\system32\drivers\nv_agp.sys
21:04:42.0691 1444 nv_agp - ok
21:04:42.0722 1444 ohci1394 (08a70a1f2cdde9bb49b885cb817a66eb) C:\Windows\system32\drivers\ohci1394.sys
21:04:42.0738 1444 ohci1394 - ok
21:04:42.0800 1444 ose (9d10f99a6712e28f8acd5641e3a7ea6b) C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
21:04:42.0800 1444 ose - ok
21:04:43.0221 1444 osppsvc (358a9cca612c68eb2f07ddad4ce1d8d7) C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
21:04:43.0330 1444 osppsvc - ok
21:04:43.0642 1444 p2pimsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:04:43.0674 1444 p2pimsvc - ok
21:04:43.0720 1444 p2psvc (59c3ddd501e39e006dac31bf55150d91) C:\Windows\system32\p2psvc.dll
21:04:43.0752 1444 p2psvc - ok
21:04:43.0814 1444 Parport (2ea877ed5dd9713c5ac74e8ea7348d14) C:\Windows\system32\DRIVERS\parport.sys
21:04:43.0861 1444 Parport - ok
21:04:43.0892 1444 partmgr (3f34a1b4c5f6475f320c275e63afce9b) C:\Windows\system32\drivers\partmgr.sys
21:04:43.0908 1444 partmgr - ok
21:04:43.0923 1444 Parvdm (eb0a59f29c19b86479d36b35983daadc) C:\Windows\system32\DRIVERS\parvdm.sys
21:04:43.0954 1444 Parvdm - ok
21:04:43.0954 1444 PcaSvc (358ab7956d3160000726574083dfc8a6) C:\Windows\System32\pcasvc.dll
21:04:43.0986 1444 PcaSvc - ok
21:04:44.0017 1444 pci (673e55c3498eb970088e812ea820aa8f) C:\Windows\system32\drivers\pci.sys
21:04:44.0032 1444 pci - ok
21:04:44.0048 1444 pciide (afe86f419014db4e5593f69ffe26ce0a) C:\Windows\system32\drivers\pciide.sys
21:04:44.0048 1444 pciide - ok
21:04:44.0079 1444 pcmcia (f396431b31693e71e8a80687ef523506) C:\Windows\system32\DRIVERS\pcmcia.sys
21:04:44.0095 1444 pcmcia - ok
21:04:44.0142 1444 pcw (250f6b43d2b613172035c6747aeeb19f) C:\Windows\system32\drivers\pcw.sys
21:04:44.0157 1444 pcw - ok
21:04:44.0204 1444 PEAUTH (9e0104ba49f4e6973749a02bf41344ed) C:\Windows\system32\drivers\peauth.sys
21:04:44.0266 1444 PEAUTH - ok
21:04:44.0407 1444 Ph3xIB32 (8b7aec0aba77de5d2feac1824c15a3fa) C:\Windows\system32\DRIVERS\Ph3xIB32.sys
21:04:44.0454 1444 Ph3xIB32 - ok
21:04:44.0688 1444 pla (414bba67a3ded1d28437eb66aeb8a720) C:\Windows\system32\pla.dll
21:04:44.0750 1444 pla - ok
21:04:44.0859 1444 PlugPlay (ec7bc28d207da09e79b3e9faf8b232ca) C:\Windows\system32\umpnpmgr.dll
21:04:44.0906 1444 PlugPlay - ok
21:04:44.0937 1444 Pml Driver HPZ12 (65bc271f337637731d3c71455ae1f476) C:\Windows\system32\HPZipm12.dll
21:04:44.0953 1444 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning
21:04:44.0953 1444 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1)
21:04:44.0984 1444 PNRPAutoReg (63ff8572611249931eb16bb8eed6afc8) C:\Windows\system32\pnrpauto.dll
21:04:45.0000 1444 PNRPAutoReg - ok
21:04:45.0015 1444 PNRPsvc (82a8521ddc60710c3d3d3e7325209bec) C:\Windows\system32\pnrpsvc.dll
21:04:45.0046 1444 PNRPsvc - ok
21:04:45.0078 1444 PolicyAgent (53946b69ba0836bd95b03759530c81ec) C:\Windows\System32\ipsecsvc.dll
21:04:45.0124 1444 PolicyAgent - ok
21:04:45.0156 1444 Power (f87d30e72e03d579a5199ccb3831d6ea) C:\Windows\system32\umpo.dll
21:04:45.0202 1444 Power - ok
21:04:45.0265 1444 PptpMiniport (631e3e205ad6d86f2aed6a4a8e69f2db) C:\Windows\system32\DRIVERS\raspptp.sys
21:04:45.0296 1444 PptpMiniport - ok
21:04:45.0327 1444 Processor (85b1e3a0c7585bc4aae6899ec6fcf011) C:\Windows\system32\DRIVERS\processr.sys
21:04:45.0343 1444 Processor - ok
21:04:45.0390 1444 ProfSvc (cadefac453040e370a1bdff3973be00d) C:\Windows\system32\profsvc.dll
21:04:45.0421 1444 ProfSvc - ok
21:04:45.0436 1444 ProtectedStorage (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:45.0452 1444 ProtectedStorage - ok
21:04:45.0483 1444 Psched (6270ccae2a86de6d146529fe55b3246a) C:\Windows\system32\DRIVERS\pacer.sys
21:04:45.0514 1444 Psched - ok
21:04:45.0592 1444 ql2300 (ab95ecf1f6659a60ddc166d8315b0751) C:\Windows\system32\DRIVERS\ql2300.sys
21:04:45.0655 1444 ql2300 - ok
21:04:45.0920 1444 ql40xx (b4dd51dd25182244b86737dc51af2270) C:\Windows\system32\DRIVERS\ql40xx.sys
21:04:45.0936 1444 ql40xx - ok
21:04:45.0982 1444 QWAVE (31ac809e7707eb580b2bdb760390765a) C:\Windows\system32\qwave.dll
21:04:46.0014 1444 QWAVE - ok
21:04:46.0045 1444 QWAVEdrv (584078ca1b95ca72df2a27c336f9719d) C:\Windows\system32\drivers\qwavedrv.sys
21:04:46.0060 1444 QWAVEdrv - ok
21:04:46.0170 1444 RapiMgr (8f97d374ad1857e1eed85a79f29a1d3d) C:\Windows\WindowsMobile\rapimgr.dll
21:04:46.0185 1444 RapiMgr - ok
21:04:46.0357 1444 RasAcd (30a81b53c766d0133bb86d234e5556ab) C:\Windows\system32\DRIVERS\rasacd.sys
21:04:46.0404 1444 RasAcd - ok
21:04:46.0435 1444 RasAgileVpn (57ec4aef73660166074d8f7f31c0d4fd) C:\Windows\system32\DRIVERS\AgileVpn.sys
21:04:46.0482 1444 RasAgileVpn - ok
21:04:46.0497 1444 RasAuto (a60f1839849c0c00739787fd5ec03f13) C:\Windows\System32\rasauto.dll
21:04:46.0513 1444 RasAuto - ok
21:04:46.0544 1444 Rasl2tp (d9f91eafec2815365cbe6d167e4e332a) C:\Windows\system32\DRIVERS\rasl2tp.sys
21:04:46.0575 1444 Rasl2tp - ok
21:04:46.0622 1444 RasMan (cb9e04dc05eacf5b9a36ca276d475006) C:\Windows\System32\rasmans.dll
21:04:46.0669 1444 RasMan - ok
21:04:46.0684 1444 RasPppoe (0fe8b15916307a6ac12bfb6a63e45507) C:\Windows\system32\DRIVERS\raspppoe.sys
21:04:46.0716 1444 RasPppoe - ok
21:04:46.0747 1444 RasSstp (44101f495a83ea6401d886e7fd70096b) C:\Windows\system32\DRIVERS\rassstp.sys
21:04:46.0778 1444 RasSstp - ok
21:04:46.0809 1444 rdbss (d528bc58a489409ba40334ebf96a311b) C:\Windows\system32\DRIVERS\rdbss.sys
21:04:46.0856 1444 rdbss - ok
21:04:46.0872 1444 rdpbus (0d8f05481cb76e70e1da06ee9f0da9df) C:\Windows\system32\DRIVERS\rdpbus.sys
21:04:46.0903 1444 rdpbus - ok
21:04:46.0934 1444 RDPCDD (23dae03f29d253ae74c44f99e515f9a1) C:\Windows\system32\DRIVERS\RDPCDD.sys
21:04:46.0950 1444 RDPCDD - ok
21:04:46.0981 1444 RDPENCDD (5a53ca1598dd4156d44196d200c94b8a) C:\Windows\system32\drivers\rdpencdd.sys
21:04:47.0012 1444 RDPENCDD - ok
21:04:47.0028 1444 RDPREFMP (44b0a53cd4f27d50ed461dae0c0b4e1f) C:\Windows\system32\drivers\rdprefmp.sys
21:04:47.0059 1444 RDPREFMP - ok
21:04:47.0090 1444 RDPWD (f031683e6d1fea157abb2ff260b51e61) C:\Windows\system32\drivers\RDPWD.sys
21:04:47.0121 1444 RDPWD - ok
21:04:47.0168 1444 rdyboost (518395321dc96fe2c9f0e96ac743b656) C:\Windows\system32\drivers\rdyboost.sys
21:04:47.0184 1444 rdyboost - ok
21:04:47.0215 1444 RemoteAccess (7b5e1419717fac363a31cc302895217a) C:\Windows\System32\mprdim.dll
21:04:47.0246 1444 RemoteAccess - ok
21:04:47.0308 1444 RemoteRegistry (cb9a8683f4ef2bf99e123d79950d7935) C:\Windows\system32\regsvc.dll
21:04:47.0371 1444 RemoteRegistry - ok
21:04:47.0480 1444 RichVideo (616f6e52cae254727a886ba8eda1beea) C:\Program Files\CyberLink\Shared files\RichVideo.exe
21:04:47.0496 1444 RichVideo - ok
21:04:47.0542 1444 RpcEptMapper (78d072f35bc45d9e4e1b61895c152234) C:\Windows\System32\RpcEpMap.dll
21:04:47.0574 1444 RpcEptMapper - ok
21:04:47.0589 1444 RpcLocator (94d36c0e44677dd26981d2bfeef2a29d) C:\Windows\system32\locator.exe
21:04:47.0605 1444 RpcLocator - ok
21:04:47.0667 1444 RpcSs (7660f01d3b38aca1747e397d21d790af) C:\Windows\system32\rpcss.dll
21:04:47.0683 1444 RpcSs - ok
21:04:47.0730 1444 rspndr (032b0d36ad92b582d869879f5af5b928) C:\Windows\system32\DRIVERS\rspndr.sys
21:04:47.0761 1444 rspndr - ok
21:04:47.0776 1444 SamSs (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:47.0792 1444 SamSs - ok
21:04:47.0854 1444 sbp2port (05d860da1040f111503ac416ccef2bca) C:\Windows\system32\drivers\sbp2port.sys
21:04:47.0870 1444 sbp2port - ok
21:04:47.0917 1444 SCardSvr (8fc518ffe9519c2631d37515a68009c4) C:\Windows\System32\SCardSvr.dll
21:04:47.0948 1444 SCardSvr - ok
21:04:47.0995 1444 scfilter (0693b5ec673e34dc147e195779a4dcf6) C:\Windows\system32\DRIVERS\scfilter.sys
21:04:48.0026 1444 scfilter - ok
21:04:48.0073 1444 Schedule (a04bb13f8a72f8b6e8b4071723e4e336) C:\Windows\system32\schedsvc.dll
21:04:48.0120 1444 Schedule - ok
21:04:48.0135 1444 SCPolicySvc (319c6b309773d063541d01df8ac6f55f) C:\Windows\System32\certprop.dll
21:04:48.0151 1444 SCPolicySvc - ok
21:04:48.0198 1444 SDRSVC (08236c4bce5edd0a0318a438af28e0f7) C:\Windows\System32\SDRSVC.dll
21:04:48.0229 1444 SDRSVC - ok
21:04:48.0276 1444 secdrv (90a3935d05b494a5a39d37e71f09a677) C:\Windows\system32\drivers\secdrv.sys
21:04:48.0307 1444 secdrv - ok
21:04:48.0338 1444 seclogon (a59b3a4442c52060cc7a85293aa3546f) C:\Windows\system32\seclogon.dll
21:04:48.0385 1444 seclogon - ok
21:04:48.0416 1444 SENS (dcb7fcdcc97f87360f75d77425b81737) C:\Windows\System32\sens.dll
21:04:48.0447 1444 SENS - ok
21:04:48.0463 1444 SensrSvc (50087fe1ee447009c9cc2997b90de53f) C:\Windows\system32\sensrsvc.dll
21:04:48.0494 1444 SensrSvc - ok
21:04:48.0541 1444 Serenum (9ad8b8b515e3df6acd4212ef465de2d1) C:\Windows\system32\DRIVERS\serenum.sys
21:04:48.0556 1444 Serenum - ok
21:04:48.0588 1444 Serial (5fb7fcea0490d821f26f39cc5ea3d1e2) C:\Windows\system32\DRIVERS\serial.sys
21:04:48.0603 1444 Serial - ok
21:04:48.0619 1444 sermouse (79bffb520327ff916a582dfea17aa813) C:\Windows\system32\DRIVERS\sermouse.sys
21:04:48.0634 1444 sermouse - ok
21:04:48.0666 1444 SessionEnv (4ae380f39a0032eab7dd953030b26d28) C:\Windows\system32\sessenv.dll
21:04:48.0712 1444 SessionEnv - ok
21:04:48.0728 1444 sffdisk (9f976e1eb233df46fce808d9dea3eb9c) C:\Windows\system32\drivers\sffdisk.sys
21:04:48.0759 1444 sffdisk - ok
21:04:48.0775 1444 sffp_mmc (932a68ee27833cfd57c1639d375f2731) C:\Windows\system32\drivers\sffp_mmc.sys
21:04:48.0790 1444 sffp_mmc - ok
21:04:48.0806 1444 sffp_sd (6d4ccaedc018f1cf52866bbbaa235982) C:\Windows\system32\drivers\sffp_sd.sys
21:04:48.0822 1444 sffp_sd - ok
21:04:48.0853 1444 sfloppy (db96666cc8312ebc45032f30b007a547) C:\Windows\system32\DRIVERS\sfloppy.sys
21:04:48.0868 1444 sfloppy - ok
21:04:48.0900 1444 SharedAccess (d1a079a0de2ea524513b6930c24527a2) C:\Windows\System32\ipnathlp.dll
21:04:48.0946 1444 SharedAccess - ok
21:04:48.0993 1444 ShellHWDetection (414da952a35bf5d50192e28263b40577) C:\Windows\System32\shsvcs.dll
21:04:49.0024 1444 ShellHWDetection - ok
21:04:49.0024 1444 sisagp (2565cac0dc9fe0371bdce60832582b2e) C:\Windows\system32\drivers\sisagp.sys
21:04:49.0040 1444 sisagp - ok
21:04:49.0087 1444 SiSRaid2 (a9f0486851becb6dda1d89d381e71055) C:\Windows\system32\DRIVERS\SiSRaid2.sys
21:04:49.0102 1444 SiSRaid2 - ok
21:04:49.0118 1444 SiSRaid4 (3727097b55738e2f554972c3be5bc1aa) C:\Windows\system32\DRIVERS\sisraid4.sys
21:04:49.0134 1444 SiSRaid4 - ok
21:04:49.0290 1444 SkypeUpdate (db0405d9aad62f0762e0876ac142b7e1) C:\Program Files\Skype\Updater\Updater.exe
21:04:49.0305 1444 SkypeUpdate - ok
21:04:49.0336 1444 Smb (3e21c083b8a01cb70ba1f09303010fce) C:\Windows\system32\DRIVERS\smb.sys
21:04:49.0352 1444 Smb - ok
21:04:49.0399 1444 SNMPTRAP (6a984831644eca1a33ffeae4126f4f37) C:\Windows\System32\snmptrap.exe
21:04:49.0414 1444 SNMPTRAP - ok
21:04:49.0414 1444 spldr (95cf1ae7527fb70f7816563cbc09d942) C:\Windows\system32\drivers\spldr.sys
21:04:49.0430 1444 spldr - ok
21:04:49.0461 1444 Spooler (866a43013535dc8587c258e43579c764) C:\Windows\System32\spoolsv.exe
21:04:49.0492 1444 Spooler - ok
21:04:49.0680 1444 sppsvc (cf87a1de791347e75b98885214ced2b8) C:\Windows\system32\sppsvc.exe
21:04:49.0758 1444 sppsvc - ok
21:04:49.0945 1444 sppuinotify (b0180b20b065d89232a78a40fe56eaa6) C:\Windows\system32\sppuinotify.dll
21:04:49.0976 1444 sppuinotify - ok
21:04:50.0024 1444 srv (e4c2764065d66ea1d2d3ebc28fe99c46) C:\Windows\system32\DRIVERS\srv.sys
21:04:50.0071 1444 srv - ok
21:04:50.0102 1444 srv2 (03f0545bd8d4c77fa0ae1ceedfcc71ab) C:\Windows\system32\DRIVERS\srv2.sys
21:04:50.0133 1444 srv2 - ok
21:04:50.0149 1444 srvnet (be6bd660caa6f291ae06a718a4fa8abc) C:\Windows\system32\DRIVERS\srvnet.sys
21:04:50.0164 1444 srvnet - ok
21:04:50.0195 1444 SSDPSRV (d887c9fd02ac9fa880f6e5027a43e118) C:\Windows\System32\ssdpsrv.dll
21:04:50.0211 1444 SSDPSRV - ok
21:04:50.0242 1444 ssmdrv (a36ee93698802cd899f98bfd553d8185) C:\Windows\system32\DRIVERS\ssmdrv.sys
21:04:50.0258 1444 ssmdrv - ok
21:04:50.0273 1444 SstpSvc (d318f23be45d5e3a107469eb64815b50) C:\Windows\system32\sstpsvc.dll
21:04:50.0289 1444 SstpSvc - ok
21:04:50.0320 1444 stexstor (db32d325c192b801df274bfd12a7e72b) C:\Windows\system32\DRIVERS\stexstor.sys
21:04:50.0320 1444 stexstor - ok
21:04:50.0383 1444 StiSvc (e1fb3706030fb4578a0d72c2fc3689e4) C:\Windows\System32\wiaservc.dll
21:04:50.0414 1444 StiSvc - ok
21:04:50.0445 1444 swenum (e58c78a848add9610a4db6d214af5224) C:\Windows\system32\drivers\swenum.sys
21:04:50.0445 1444 swenum - ok
21:04:50.0476 1444 swprv (a28bd92df340e57b024ba433165d34d7) C:\Windows\System32\swprv.dll
21:04:50.0523 1444 swprv - ok
21:04:50.0617 1444 SysMain (36650d618ca34c9d357dfd3d89b2c56f) C:\Windows\system32\sysmain.dll
21:04:50.0663 1444 SysMain - ok
21:04:50.0679 1444 TabletInputService (763fecdc3d30c815fe72dd57936c6cd1) C:\Windows\System32\TabSvc.dll
21:04:50.0726 1444 TabletInputService - ok
21:04:50.0757 1444 TapiSrv (613bf4820361543956909043a265c6ac) C:\Windows\System32\tapisrv.dll
21:04:50.0804 1444 TapiSrv - ok
21:04:50.0819 1444 TBS (b799d9fdb26111737f58288d8dc172d9) C:\Windows\System32\tbssvc.dll
21:04:50.0851 1444 TBS - ok
21:04:51.0101 1444 Tcpip (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\drivers\tcpip.sys
21:04:51.0148 1444 Tcpip - ok
21:04:51.0320 1444 TCPIP6 (7fa2e0f8b072bd04b77b421480b6cc22) C:\Windows\system32\DRIVERS\tcpip.sys
21:04:51.0351 1444 TCPIP6 - ok
21:04:51.0413 1444 tcpipreg (cca24162e055c3714ce5a88b100c64ed) C:\Windows\system32\drivers\tcpipreg.sys
21:04:51.0429 1444 tcpipreg - ok
21:04:51.0476 1444 TDPIPE (1cb91b2bd8f6dd367dfc2ef26fd751b2) C:\Windows\system32\drivers\tdpipe.sys
21:04:51.0491 1444 TDPIPE - ok
21:04:51.0507 1444 TDTCP (2c2c5afe7ee4f620d69c23c0617651a8) C:\Windows\system32\drivers\tdtcp.sys
21:04:51.0522 1444 TDTCP - ok
21:04:51.0554 1444 tdx (b459575348c20e8121d6039da063c704) C:\Windows\system32\DRIVERS\tdx.sys
21:04:51.0585 1444 tdx - ok
21:04:51.0632 1444 TermDD (04dbf4b01ea4bf25a9a3e84affac9b20) C:\Windows\system32\drivers\termdd.sys
21:04:51.0632 1444 TermDD - ok
21:04:51.0678 1444 TermService (382c804c92811be57829d8e550a900e2) C:\Windows\System32\termsrv.dll
21:04:51.0725 1444 TermService - ok
21:04:51.0741 1444 Themes (42fb6afd6b79d9fe07381609172e7ca4) C:\Windows\system32\themeservice.dll
21:04:51.0756 1444 Themes - ok
21:04:51.0788 1444 THREADORDER (146b6f43a673379a3c670e86d89be5ea) C:\Windows\system32\mmcss.dll
21:04:51.0803 1444 THREADORDER - ok
21:04:51.0834 1444 TrkWks (4792c0378db99a9bc2ae2de6cfff0c3a) C:\Windows\System32\trkwks.dll
21:04:51.0866 1444 TrkWks - ok
21:04:51.0881 1444 TrustedInstaller (2c49b175aee1d4364b91b531417fe583) C:\Windows\servicing\TrustedInstaller.exe
21:04:51.0912 1444 TrustedInstaller - ok
21:04:51.0944 1444 tssecsrv (254bb140eee3c59d6114c1a86b636877) C:\Windows\system32\DRIVERS\tssecsrv.sys
21:04:51.0975 1444 tssecsrv - ok
21:04:51.0990 1444 TsUsbFlt (fd1d6c73e6333be727cbcc6054247654) C:\Windows\system32\drivers\tsusbflt.sys
21:04:52.0038 1444 TsUsbFlt - ok
21:04:52.0069 1444 tunnel (b2fa25d9b17a68bb93d58b0556e8c90d) C:\Windows\system32\DRIVERS\tunnel.sys
21:04:52.0116 1444 tunnel - ok
21:04:52.0147 1444 uagp35 (750fbcb269f4d7dd2e420c56b795db6d) C:\Windows\system32\DRIVERS\uagp35.sys
21:04:52.0163 1444 uagp35 - ok
21:04:52.0210 1444 udfs (ee43346c7e4b5e63e54f927babbb32ff) C:\Windows\system32\DRIVERS\udfs.sys
21:04:52.0257 1444 udfs - ok
21:04:52.0272 1444 UI0Detect (8344fd4fce927880aa1aa7681d4927e5) C:\Windows\system32\UI0Detect.exe
21:04:52.0288 1444 UI0Detect - ok
21:04:52.0303 1444 uliagpkx (44e8048ace47befbfdc2e9be4cbc8880) C:\Windows\system32\drivers\uliagpkx.sys
21:04:52.0319 1444 uliagpkx - ok
21:04:52.0350 1444 umbus (d295bed4b898f0fd999fcfa9b32b071b) C:\Windows\system32\DRIVERS\umbus.sys
21:04:52.0366 1444 umbus - ok
21:04:52.0397 1444 UmPass (7550ad0c6998ba1cb4843e920ee0feac) C:\Windows\system32\DRIVERS\umpass.sys
21:04:52.0428 1444 UmPass - ok
21:04:52.0553 1444 UMVPFSrv (927754abf077aeb5504be4e0f2c60c1b) C:\Program Files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe
21:04:52.0569 1444 UMVPFSrv - ok
21:04:52.0600 1444 upnphost (833fbb672460efce8011d262175fad33) C:\Windows\System32\upnphost.dll
21:04:52.0615 1444 upnphost - ok
21:04:52.0678 1444 USBAAPL (eafe1e00739afe6c51487a050e772e17) C:\Windows\system32\Drivers\usbaapl.sys
21:04:52.0725 1444 USBAAPL - ok
21:04:52.0740 1444 usbaudio (1d9f2bd026e8e2d45033a4df3f16b78c) C:\Windows\system32\drivers\usbaudio.sys
21:04:52.0771 1444 usbaudio - ok
21:04:52.0818 1444 usbccgp (bd9c55d7023c5de374507acc7a14e2ac) C:\Windows\system32\DRIVERS\usbccgp.sys
21:04:52.0865 1444 usbccgp - ok
21:04:52.0896 1444 usbcir (04ec7cec62ec3b6d9354eee93327fc82) C:\Windows\system32\drivers\usbcir.sys
21:04:52.0927 1444 usbcir - ok
21:04:52.0959 1444 usbehci (f92de757e4b7ce9c07c5e65423f3ae3b) C:\Windows\system32\DRIVERS\usbehci.sys
21:04:52.0974 1444 usbehci - ok
21:04:53.0005 1444 usbhub (8dc94aec6a7e644a06135ae7506dc2e9) C:\Windows\system32\DRIVERS\usbhub.sys
21:04:53.0037 1444 usbhub - ok
21:04:53.0068 1444 usbohci (e185d44fac515a18d9deddc23c2cdf44) C:\Windows\system32\drivers\usbohci.sys
21:04:53.0068 1444 usbohci - ok
21:04:53.0115 1444 usbprint (797d862fe0875e75c7cc4c1ad7b30252) C:\Windows\system32\DRIVERS\usbprint.sys
21:04:53.0130 1444 usbprint - ok
21:04:53.0161 1444 usbscan (576096ccbc07e7c4ea4f5e6686d6888f) C:\Windows\system32\DRIVERS\usbscan.sys
21:04:53.0193 1444 usbscan - ok
21:04:53.0208 1444 USBSTOR (f991ab9cc6b908db552166768176896a) C:\Windows\system32\DRIVERS\USBSTOR.SYS
21:04:53.0224 1444 USBSTOR - ok
21:04:53.0255 1444 usbuhci (68df884cf41cdada664beb01daf67e3d) C:\Windows\system32\DRIVERS\usbuhci.sys
21:04:53.0271 1444 usbuhci - ok
21:04:53.0302 1444 usbvideo (45f4e7bf43db40a6c6b4d92c76cbc3f2) C:\Windows\System32\Drivers\usbvideo.sys
21:04:53.0302 1444 usbvideo - ok
21:04:53.0349 1444 UxSms (081e6e1c91aec36758902a9f727cd23c) C:\Windows\System32\uxsms.dll
21:04:53.0380 1444 UxSms - ok
21:04:53.0411 1444 VaultSvc (81951f51e318aecc2d68559e47485cc4) C:\Windows\system32\lsass.exe
21:04:53.0411 1444 VaultSvc - ok
21:04:53.0473 1444 vdrvroot (a059c4c3edb09e07d21a8e5c0aabd3cb) C:\Windows\system32\drivers\vdrvroot.sys
21:04:53.0473 1444 vdrvroot - ok
21:04:53.0520 1444 vds (c3cd30495687c2a2f66a65ca6fd89be9) C:\Windows\System32\vds.exe
21:04:53.0567 1444 vds - ok
21:04:53.0583 1444 vga (17c408214ea61696cec9c66e388b14f3) C:\Windows\system32\DRIVERS\vgapnp.sys
21:04:53.0614 1444 vga - ok
21:04:53.0629 1444 VgaSave (8e38096ad5c8570a6f1570a61e251561) C:\Windows\System32\drivers\vga.sys
21:04:53.0676 1444 VgaSave - ok
21:04:53.0692 1444 vhdmp (5461686cca2fda57b024547733ab42e3) C:\Windows\system32\drivers\vhdmp.sys
21:04:53.0707 1444 vhdmp - ok
21:04:53.0739 1444 viaagp (c829317a37b4bea8f39735d4b076e923) C:\Windows\system32\drivers\viaagp.sys
21:04:53.0754 1444 viaagp - ok
21:04:53.0770 1444 ViaC7 (e02f079a6aa107f06b16549c6e5c7b74) C:\Windows\system32\DRIVERS\viac7.sys
21:04:53.0785 1444 ViaC7 - ok
21:04:53.0817 1444 viaide (e43574f6a56a0ee11809b48c09e4fd3c) C:\Windows\system32\drivers\viaide.sys
21:04:53.0817 1444 viaide - ok
21:04:53.0832 1444 volmgr (4c63e00f2f4b5f86ab48a58cd990f212) C:\Windows\system32\drivers\volmgr.sys
21:04:53.0848 1444 volmgr - ok
21:04:53.0863 1444 volmgrx (b5bb72067ddddbbfb04b2f89ff8c3c87) C:\Windows\system32\drivers\volmgrx.sys
21:04:53.0879 1444 volmgrx - ok
21:04:53.0910 1444 volsnap (f497f67932c6fa693d7de2780631cfe7) C:\Windows\system32\drivers\volsnap.sys
21:04:53.0926 1444 volsnap - ok
21:04:53.0941 1444 vpnva - ok
21:04:53.0988 1444 vsmraid (9dfa0cc2f8855a04816729651175b631) C:\Windows\system32\DRIVERS\vsmraid.sys
21:04:54.0004 1444 vsmraid - ok
21:04:54.0066 1444 VSS (209a3b1901b83aeb8527ed211cce9e4c) C:\Windows\system32\vssvc.exe
21:04:54.0113 1444 VSS - ok
21:04:54.0129 1444 vwifibus (90567b1e658001e79d7c8bbd3dde5aa6) C:\Windows\system32\DRIVERS\vwifibus.sys
21:04:54.0129 1444 vwifibus - ok
21:04:54.0160 1444 vwififlt (7090d3436eeb4e7da3373090a23448f7) C:\Windows\system32\DRIVERS\vwififlt.sys
21:04:54.0191 1444 vwififlt - ok
21:04:54.0222 1444 vwifimp (a3f04cbea6c2a10e6cb01f8b47611882) C:\Windows\system32\DRIVERS\vwifimp.sys
21:04:54.0238 1444 vwifimp - ok
21:04:54.0269 1444 W32Time (55187fd710e27d5095d10a472c8baf1c) C:\Windows\system32\w32time.dll
21:04:54.0316 1444 W32Time - ok
21:04:54.0331 1444 WacomPen (de3721e89c653aa281428c8a69745d90) C:\Windows\system32\DRIVERS\wacompen.sys
21:04:54.0347 1444 WacomPen - ok
21:04:54.0378 1444 WANARP (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0409 1444 WANARP - ok
21:04:54.0409 1444 Wanarpv6 (3c3c78515f5ab448b022bdf5b8ffdd2e) C:\Windows\system32\DRIVERS\wanarp.sys
21:04:54.0425 1444 Wanarpv6 - ok
21:04:54.0503 1444 wbengine (691e3285e53dca558e1a84667f13e15a) C:\Windows\system32\wbengine.exe
21:04:54.0550 1444 wbengine - ok
21:04:54.0565 1444 WbioSrvc (9614b5d29dc76ac3c29f6d2d3aa70e67) C:\Windows\System32\wbiosrvc.dll
21:04:54.0597 1444 WbioSrvc - ok
21:04:54.0675 1444 WcesComm (59e19bd13c3bdb857646b9e436ba27f7) C:\Windows\WindowsMobile\wcescomm.dll
21:04:54.0690 1444 WcesComm - ok
21:04:54.0737 1444 wcncsvc (34eee0dfaadb4f691d6d5308a51315dc) C:\Windows\System32\wcncsvc.dll
21:04:54.0753 1444 wcncsvc - ok
21:04:54.0768 1444 WcsPlugInService (5d930b6357a6d2af4d7653bdabbf352f) C:\Windows\System32\WcsPlugInService.dll
21:04:54.0799 1444 WcsPlugInService - ok
21:04:54.0846 1444 Wd (1112a9badacb47b7c0bb0392e3158dff) C:\Windows\system32\DRIVERS\wd.sys
21:04:54.0862 1444 Wd - ok
21:04:54.0909 1444 Wdf01000 (9950e3d0f08141c7e89e64456ae7dc73) C:\Windows\system32\drivers\Wdf01000.sys
21:04:54.0924 1444 Wdf01000 - ok
21:04:54.0940 1444 WdiServiceHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:04:55.0018 1444 WdiServiceHost - ok
21:04:55.0018 1444 WdiSystemHost (46ef9dc96265fd0b423db72e7c38c2a5) C:\Windows\system32\wdi.dll
21:04:55.0033 1444 WdiSystemHost - ok
21:04:55.0080 1444 WebClient (a9d880f97530d5b8fee278923349929d) C:\Windows\System32\webclnt.dll
21:04:55.0111 1444 WebClient - ok
21:04:55.0127 1444 Wecsvc (760f0afe937a77cff27153206534f275) C:\Windows\system32\wecsvc.dll
21:04:55.0189 1444 Wecsvc - ok
21:04:55.0189 1444 wercplsupport (ac804569bb2364fb6017370258a4091b) C:\Windows\System32\wercplsupport.dll
21:04:55.0236 1444 wercplsupport - ok
21:04:55.0252 1444 WerSvc (08e420d873e4fd85241ee2421b02c4a4) C:\Windows\System32\WerSvc.dll
21:04:55.0283 1444 WerSvc - ok
21:04:55.0314 1444 WfpLwf (8b9a943f3b53861f2bfaf6c186168f79) C:\Windows\system32\DRIVERS\wfplwf.sys
21:04:55.0345 1444 WfpLwf - ok
21:04:55.0345 1444 WIMMount (5cf95b35e59e2a38023836fff31be64c) C:\Windows\system32\drivers\wimmount.sys
21:04:55.0361 1444 WIMMount - ok
21:04:55.0439 1444 WinDefend (3fae8f94296001c32eab62cd7d82e0fd) C:\Program Files\Windows Defender\mpsvc.dll
21:04:55.0470 1444 WinDefend - ok
21:04:55.0470 1444 WinHttpAutoProxySvc - ok
21:04:55.0564 1444 Winmgmt (f62e510b6ad4c21eb9fe8668ed251826) C:\Windows\system32\wbem\WMIsvc.dll
21:04:55.0595 1444 Winmgmt - ok
21:04:55.0704 1444 WinRM (1b91cd34ea3a90ab6a4ef0550174f4cc) C:\Windows\system32\WsmSvc.dll
21:04:55.0782 1444 WinRM - ok
21:04:55.0860 1444 WinUsb (a67e5f9a400f3bd1be3d80613b45f708) C:\Windows\system32\DRIVERS\WinUsb.sys
21:04:55.0876 1444 WinUsb - ok
21:04:55.0938 1444 Wlansvc (16935c98ff639d185086a3529b1f2067) C:\Windows\System32\wlansvc.dll
21:04:55.0969 1444 Wlansvc - ok
21:04:55.0985 1444 WmiAcpi (0217679b8fca58714c3bf2726d2ca84e) C:\Windows\system32\drivers\wmiacpi.sys
21:04:56.0016 1444 WmiAcpi - ok
21:04:56.0063 1444 wmiApSrv (6eb6b66517b048d87dc1856ddf1f4c3f) C:\Windows\system32\wbem\WmiApSrv.exe
21:04:56.0094 1444 wmiApSrv - ok
21:04:56.0203 1444 WMPNetworkSvc (3b40d3a61aa8c21b88ae57c58ab3122e) C:\Program Files\Windows Media Player\wmpnetwk.exe
21:04:56.0266 1444 WMPNetworkSvc - ok
21:04:56.0344 1444 WPCSvc (a2f0ec770a92f2b3f9de6d518e11409c) C:\Windows\System32\wpcsvc.dll
21:04:56.0359 1444 WPCSvc - ok
21:04:56.0391 1444 WPDBusEnum (aa53356d60af47eacc85bc617a4f3f66) C:\Windows\system32\wpdbusenum.dll
21:04:56.0422 1444 WPDBusEnum - ok
21:04:56.0500 1444 ws2ifsl (6db3276587b853bf886b69528fdb048c) C:\Windows\system32\drivers\ws2ifsl.sys
21:04:56.0531 1444 ws2ifsl - ok
21:04:56.0547 1444 wscsvc (6f5d49efe0e7164e03ae773a3fe25340) C:\Windows\System32\wscsvc.dll
21:04:56.0593 1444 wscsvc - ok
21:04:56.0593 1444 WSearch - ok
21:04:56.0749 1444 wuauserv (fc3ec24fce372c89423e015a2ac1a31e) C:\Windows\system32\wuaueng.dll
21:04:56.0843 1444 wuauserv - ok
21:04:57.0015 1444 WudfPf (e714a1c0354636837e20ccbf00888ee7) C:\Windows\system32\drivers\WudfPf.sys
21:04:57.0030 1444 WudfPf - ok
21:04:57.0077 1444 WUDFRd (1023ee888c9b47178c5293ed5336ab69) C:\Windows\system32\DRIVERS\WUDFRd.sys
21:04:57.0108 1444 WUDFRd - ok
21:04:57.0171 1444 wudfsvc (8d1e1e529a2c9e9b6a85b55a345f7629) C:\Windows\System32\WUDFSvc.dll
21:04:57.0202 1444 wudfsvc - ok
21:04:57.0280 1444 WwanSvc (ff2d745b560f7c71b31f30f4d49f73d2) C:\Windows\System32\wwansvc.dll
21:04:57.0311 1444 WwanSvc - ok
21:04:57.0389 1444 X10Hid (1f93fcb5bab3a921ecba522f63586f4a) C:\Windows\System32\Drivers\x10hid.sys
21:04:57.0389 1444 X10Hid - ok
21:04:57.0451 1444 x10nets (5a0c788c5bc5f2c993cb60940adcf95e) C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe
21:04:57.0483 1444 x10nets ( UnsignedFile.Multi.Generic ) - warning
21:04:57.0483 1444 x10nets - detected UnsignedFile.Multi.Generic (1)
21:04:57.0514 1444 XUIF (378dc1b0b1f62a7488ee8d31a3c6e949) C:\Windows\system32\Drivers\x10ufx2.sys
21:04:57.0514 1444 XUIF - ok
21:04:57.0639 1444 {B154377D-700F-42cc-9474-23858FBDF4BD} (74ec37b9eaf9fca015b933a526825c7a) C:\Program Files\CyberLink\PowerDVD9\000.fcl
21:04:57.0654 1444 {B154377D-700F-42cc-9474-23858FBDF4BD} - ok
21:04:57.0685 1444 MBR (0x1B8) (8a1c59e4dfef87510470928550466632) \Device\Harddisk0\DR0
21:05:00.0665 1444 \Device\Harddisk0\DR0 - ok
21:05:00.0743 1444 Boot (0x1200) (8ad828de918c42e830c0962d9840217b) \Device\Harddisk0\DR0\Partition0
21:05:00.0743 1444 \Device\Harddisk0\DR0\Partition0 - ok
21:05:00.0743 1444 Boot (0x1200) (4f6c05a284900ce0a89d402782e3a3f0) \Device\Harddisk0\DR0\Partition1
21:05:00.0759 1444 \Device\Harddisk0\DR0\Partition1 - ok
21:05:00.0868 1444 Boot (0x1200) (a474f720315e5c469854c11cae2a90fe) \Device\Harddisk0\DR0\Partition2
21:05:00.0868 1444 \Device\Harddisk0\DR0\Partition2 - ok
21:05:00.0868 1444 ============================================================
21:05:00.0868 1444 Scan finished
21:05:00.0868 1444 ============================================================
21:05:00.0868 0572 Detected object count: 7
21:05:00.0868 0572 Actual detected object count: 7
21:05:32.0193 0572 hpqcxs08 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 hpqcxs08 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 hpqddsvc ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 hpqddsvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 HPSLPSVC ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 HPSLPSVC ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 NPF_devolo ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 NPF_devolo ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip
21:05:32.0193 0572 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
21:05:32.0193 0572 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
C:\Windows\WinSxS\x86_....\COMCTL32.dll ist entweder nicht für die Ausführung unter Windows vorgesehen oder enthält einen Fehler. Installieren Sie das Programm mit den Originalinstallationsmedien erneut, oder wenden Sie sich an den Systemadministrator.... |
|
02.08.2012, 14:36
| #24 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.08.2012, 16:04
| #25 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Hier der Combofix-Logfile Code:
ATTFilter ComboFix 12-07-31.03 - Nicole 02.08.2012 16:47:53.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3070.2026 [GMT 2:00]
ausgeführt von:: c:\users\Nicole\Downloads\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\Install.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-07-02 bis 2012-08-02 ))))))))))))))))))))))))))))))
.
.
2012-08-02 14:54 . 2012-08-02 14:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-07-31 19:18 . 2012-07-31 19:18 -------- d-----w- C:\_OTL
2012-07-31 04:38 . 2012-07-16 00:41 6891424 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{57800DD0-8F48-43BC-93BB-DADAC61A25D3}\mpengine.dll
2012-07-30 13:13 . 2012-07-30 13:13 770384 ----a-w- c:\program files\Mozilla Firefox\msvcr100.dll
2012-07-30 13:13 . 2012-07-30 13:13 421200 ----a-w- c:\program files\Mozilla Firefox\msvcp100.dll
2012-07-25 12:42 . 2012-07-25 12:42 -------- d-----w- c:\program files\ESET
2012-07-24 16:48 . 2012-06-12 02:40 2345984 ----a-w- c:\windows\system32\win32k.sys
2012-07-24 16:41 . 2012-06-06 05:05 143360 ----a-w- c:\program files\Common Files\System\ado\msjro.dll
2012-07-19 09:43 . 2012-07-19 10:32 -------- d-----w- c:\users\Nicole\blue rays muxed
2012-07-19 09:43 . 2012-07-19 09:45 -------- d-----w- c:\users\Nicole\blue rays
2012-07-18 10:41 . 2012-07-18 10:41 -------- d-----w- c:\users\Nicole\AppData\Roaming\AVS4YOU
2012-07-18 10:40 . 2012-07-18 10:41 -------- d-----w- c:\programdata\AVS4YOU
2012-07-18 10:16 . 2012-07-18 10:16 -------- d-----w- c:\users\Nicole\AppData\Roaming\NVIDIA
2012-07-18 10:16 . 2012-07-19 09:10 -------- d-----w- c:\users\Nicole\AppData\Roaming\Vso
2012-07-18 10:16 . 2012-07-18 10:16 47360 ----a-w- c:\users\Nicole\AppData\Roaming\pcouffin.sys
2012-07-18 10:16 . 2012-07-18 10:16 -------- d-----w- c:\program files\vso
2012-07-18 10:04 . 2004-07-01 23:00 327749 ----a-w- c:\windows\system32\drvc.dll
2012-07-18 10:03 . 2012-07-18 10:11 -------- d-----w- c:\program files\eRightSoft
2012-07-04 16:58 . 2012-07-04 16:58 -------- d-----w- c:\users\Nicole\AppData\Local\Macromedia
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-07-28 17:38 . 2012-03-30 07:21 426184 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-07-28 17:38 . 2011-08-30 15:37 70344 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-07-03 11:46 . 2012-04-14 06:53 22344 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-06-25 14:04 . 2012-06-25 14:04 1394248 ----a-w- c:\windows\system32\msxml4.dll
2012-06-02 22:19 . 2012-06-22 13:52 53784 ----a-w- c:\windows\system32\wuauclt.exe
2012-06-02 22:19 . 2012-06-22 13:52 45080 ----a-w- c:\windows\system32\wups2.dll
2012-06-02 22:19 . 2012-06-22 13:52 35864 ----a-w- c:\windows\system32\wups.dll
2012-06-02 22:19 . 2012-06-22 13:52 577048 ----a-w- c:\windows\system32\wuapi.dll
2012-06-02 22:19 . 2012-06-22 13:52 1933848 ----a-w- c:\windows\system32\wuaueng.dll
2012-06-02 22:12 . 2012-06-22 13:52 2422272 ----a-w- c:\windows\system32\wucltux.dll
2012-06-02 22:12 . 2012-06-22 13:52 88576 ----a-w- c:\windows\system32\wudriver.dll
2012-06-02 13:19 . 2012-06-22 13:52 171904 ----a-w- c:\windows\system32\wuwebv.dll
2012-06-02 13:12 . 2012-06-22 13:52 33792 ----a-w- c:\windows\system32\wuapp.exe
2012-05-31 10:25 . 2010-05-12 07:21 237072 ------w- c:\windows\system32\MpSigStub.exe
2012-05-18 10:17 . 2011-11-29 13:49 83392 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-05-18 10:17 . 2011-11-29 13:49 137928 ----a-w- c:\windows\system32\drivers\avipbb.sys
2011-07-14 09:31 . 2011-11-02 14:20 1456640 ----a-w- c:\program files\Common Files\Falk Navi-Manager.msi
2012-07-31 19:24 . 2011-05-01 15:49 136672 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1174016]
"AnyDVD"="c:\program files\Any DVD\AnyDVD\AnyDVDtray.exe" [2011-12-08 5529208]
"OfficeSyncProcess"="c:\program files\Microsoft Office\Office14\MSOSYNC.EXE" [2011-07-21 718720]
"iCloudServices"="c:\program files\Common Files\Apple\Internet Services\iCloudServices.exe" [2012-02-23 59240]
"ApplePhotoStreams"="c:\program files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe" [2012-02-24 59240]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-29 17148552]
"MobileDocuments"="c:\program files\Common Files\Apple\Internet Services\ubd.exe" [2012-02-23 59240]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2009-12-10 284696]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RtHDVCpl.exe" [2010-04-07 8555040]
"CLMLServer"="c:\program files\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"BDRegion"="c:\program files\Cyberlink\Shared files\brs.exe" [2010-01-19 75048]
"BCSSync"="c:\program files\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-11-02 59240]
"LWS"="c:\program files\Logitech\LWS\Webcam Software\LWS.exe" [2011-08-12 205336]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-05-30 59280]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-05-18 348624]
"Family Tree Builder Update"="c:\program files\MyHeritage\Bin\FTBCheckUpdates.exe" [2011-12-21 229376]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2012-04-18 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-06-07 421776]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [x]
R3 IAMT03;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMT03.sys [x]
R3 IAMTV;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTV.sys [x]
R3 IAMTXP;Driver for Intel(R) Active Management Technology - KCS;c:\windows\system32\DRIVERS\IAMTXP.sys [x]
R3 Microsoft SharePoint Workspace Audit Service;Microsoft SharePoint Workspace Audit Service;c:\program files\Microsoft Office\Office14\GROOVE.EXE [x]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files\Mozilla Maintenance Service\maintenanceservice.exe [x]
R3 Ph3xIB32;Philips 713x Inbox PCI TV Card;c:\windows\system32\DRIVERS\Ph3xIB32.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [x]
S2 {B154377D-700F-42cc-9474-23858FBDF4BD};Power Control [2010/05/12 00:54];c:\program files\CyberLink\PowerDVD9\000.fcl [x]
S2 AdobeARMservice;Adobe Acrobat Update Service;c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\SeaPort.EXE [x]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
S2 NPF_devolo;NetGroup Packet Filter Driver (devolo);c:\windows\system32\drivers\npf_devolo.sys [x]
S2 UMVPFSrv;UMVPFSrv;c:\program files\Common Files\logishrd\LVMVFM\UMVPFSrv.exe [x]
S3 3xHybrid;CTX SAA713x PCI Card;c:\windows\system32\DRIVERS\3xHybrid.sys [x]
S3 netr28u;RT2870 USB Wireless LAN Card Driver for Vista;c:\windows\system32\DRIVERS\netr28u.sys [x]
S3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [x]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [x]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Inhalt des "geplante Tasks" Ordners
.
2012-08-02 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-30 17:38]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page =
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: {{0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\s5ke6d7e.default\
FF - prefs.js: browser.search.selectedEngine - Google
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\{B154377D-700F-42cc-9474-23858FBDF4BD}]
"ImagePath"="\??\c:\program files\CyberLink\PowerDVD9\000.fcl"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-08-02 16:56:47
ComboFix-quarantined-files.txt 2012-08-02 14:56
.
Vor Suchlauf: 7 Verzeichnis(se), 332.274.864.128 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 332.172.472.320 Bytes frei
.
- - End Of File - - 413F11C853110D9509380CA51578CDE3
|
|
03.08.2012, 15:12
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.08.2012, 19:20
| #27 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicherCode:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-08-03 18:52:28
Windows 6.1.7601 Service Pack 1 Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 WDC_WD50 rev.01.0
Running: hyqi66rr.exe; Driver: C:\Users\Nicole\AppData\Local\Temp\kxriqpog.sys
---- System - GMER 1.0.15 ----
SSDT 91288876 ZwCreateSection
SSDT 91288880 ZwRequestWaitReplyPort
SSDT 9128887B ZwSetContextThread
SSDT 91288885 ZwSetSecurityObject
SSDT 9128888A ZwSystemDebugControl
SSDT 91288817 ZwTerminateProcess
---- Kernel code sections - GMER 1.0.15 ----
.text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 82E913C9 1 Byte [06]
.text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 82ECAD52 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 82ED1EAC 4 Bytes [76, 88, 28, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1553 82ED2208 4 Bytes [80, 88, 28, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1597 82ED224C 4 Bytes [7B, 88, 28, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1613 82ED22C8 4 Bytes [85, 88, 28, 91]
.text ntkrnlpa.exe!KeRemoveQueueEx + 1667 82ED231C 4 Bytes [8A, 88, 28, 91]
.text ...
.text C:\Program Files\CyberLink\PowerDVD9\000.fcl section is writeable [0x82380000, 0x2892, 0xE8000020]
.vmp2 C:\Program Files\CyberLink\PowerDVD9\000.fcl entry point in ".vmp2" section [0x823A3050]
---- User IAT/EAT - GMER 1.0.15 ----
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipAlloc] [739B24CB] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusStartup] [7399562E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdiplusShutdown] [739956EC] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipFree] [739B2546] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDeleteGraphics] [739A85AA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDisposeImage] [739A4D5E] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageWidth] [739A5105] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipGetImageHeight] [739A51DA] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateBitmapFromHBITMAP] [739A6707] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCreateFromHDC] [739A8301] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetCompositingMode] [739A8850] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipSetInterpolationMode] [739A90B1] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipDrawImageRectI] [739AE254] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
IAT C:\Windows\Explorer.EXE[2880] @ C:\Windows\Explorer.EXE [gdiplus.dll!GdipCloneImage] [739A4C90] C:\Windows\WinSxS\x86_microsoft.windows.gdiplus_6595b64144ccf1df_1.1.7601.17825_none_72d273598668a06b\gdiplus.dll (Microsoft GDI+/Microsoft Corporation)
---- Devices - GMER 1.0.15 ----
AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\iaStor \Device\Ide\iaStor0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-0 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
Device \Driver\iaStor \Device\Ide\IAAStorageDevice-1 AnyDVD.sys (AnyDVD Filter Driver/SlySoft, Inc.)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume4 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume6 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume7 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume8 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
Device \Driver\ACPI_HAL \Device\0000004b halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation)
AttachedDevice \Driver\volmgr \Device\HarddiskVolume9 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation)
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Compatibility Assistant\Persisted@C:\Users\Nicole\AppData\Local\Logitech\xae Webcam-Software\Logishrd\LU2.0\LogitechUpdate.exe 1
---- EOF - GMER 1.0.15 ----
Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 19:04:42 on 03.08.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 32-bit Default Browser: Mozilla Corporation Firefox 14.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "FlashPlayerCPLApp.cpl" - "Adobe Systems Incorporated" - C:\Windows\system32\FlashPlayerCPLApp.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLCFG32.CPL "QuickTime" - "Apple Inc." - C:\Program Files\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "AnyDVD" (AnyDVD) - "SlySoft, Inc." - C:\Windows\System32\Drivers\AnyDVD.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\Users\Nicole\AppData\Local\Temp\catchme.sys (File not found) "Cisco AnyConnect VPN Virtual Miniport Adapter for Windows" (vpnva) - ? - C:\Windows\System32\DRIVERS\vpnva.sys (File not found) "ElbyCDIO Driver" (ElbyCDIO) - "Elaborate Bytes AG" - C:\Windows\System32\Drivers\ElbyCDIO.sys "kxriqpog" (kxriqpog) - ? - C:\Users\Nicole\AppData\Local\Temp\kxriqpog.sys (Hidden registry entry, rootkit activity | File not found) "NetGroup Packet Filter Driver (devolo)" (NPF_devolo) - "CACE Technologies" - C:\Windows\system32\drivers\npf_devolo.sys "ssmdrv" (ssmdrv) - "Avira GmbH" - C:\Windows\System32\DRIVERS\ssmdrv.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807573E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\PROGRA~1\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {3D60EDA7-9AB4-4DA8-864C-D9B5F2E7281D} "Arbeitsbereiche" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {D66DC78C-4F61-447F-942B-3FB6980118CF} "CInfoTipShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {0563DB41-F538-4B37-A92D-4659049B7766} "CLSID_WLMCMimeFilter" - "Microsoft Corporation" - C:\Program Files\Windows Live\Mail\mailcomm.dll {A70C977A-BF00-412C-90B7-034C51DA2439} "DesktopContext Class" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {506F4668-F13E-4AA1-BB04-B43203AB3CC0} "ImageExtractorShellExt Class" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\VISSHE.DLL {B9E1D2CB-CCFF-4AA6-9579-D7A4754030EF} "iTunes" - "Apple Inc." - C:\Program Files\iTunes\iTunesMiniPlayer.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\msoshext.dll {0875DCB6-C686-4243-9432-ADCCF0B9F2D7} "Microsoft OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Outlook" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\MLSHEXT.DLL {3D1975AF-48C6-4f8e-A182-BE0E08FA86A9} "NVIDIA CPL Context Menu Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvshext.dll {FFB699E0-306A-11d3-8BD1-00104B6F7516} "NVIDIA CPL Extension" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\OLKFSTUB.DLL {45AC2688-0253-4ED8-97DE-B5370FA7D48A} "Shell Extension for Malware scanning" - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\shlext.dll {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\PhotoViewerShim.dll {E0D79304-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79305-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79306-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {E0D79307-84BE-11CE-9641-444553540000} "WinZip" - "WinZip Computing, S.L." - C:\Program Files\WinZip\wzshlstb.dll {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {555D4D79-4BD2-4094-A395-CFC534424A05} "HP Smart Web Printing" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_bho.dll -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_31" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\npjpi160_31.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~1\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "@C:\Windows\WindowsMobile\INetRepl.dll,-222" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} "ClsidExtension" - "Microsoft Corporation" - C:\Windows\WindowsMobile\INetRepl.dll "eBay - Der weltweite Online-Marktplatz" - ? - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 (HTTP value) {DDE87865-83C5-48c4-8357-2F5B1AA84522} "HP Smart Web Printing ein- oder ausblenden" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "In Blog veröffentlichen" - "Microsoft Corporation" - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll {FFFDC614-B694-4AE6-AB38-5D6374584B52} "Verknüpfte &OneNote-Notizen" - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BingExt.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\GROOVEEX.DLL {0347C33E-8762-4905-BF09-768834316C61} "HP Print Enhancer" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} "HP Smart BHO Class" - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files\Java\jre6\bin\ssv.dll {B4F3A835-0E21-4959-BA22-42B3008E02FF} "Office Document Cache Handler" - "Microsoft Corporation" - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live Anmelde-Hilfsprogramm" - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Nicole\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "AnyDVD" - "SlySoft, Inc." - C:\Program Files\Any DVD\AnyDVD\AnyDVDtray.exe "ApplePhotoStreams" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe "iCloudServices" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe "MobileDocuments" - "Apple Inc." - C:\Program Files\Common Files\Apple\Internet Services\ubd.exe "OfficeSyncProcess" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\MSOSYNC.EXE" "Skype" - "Skype Technologies S.A." - "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "AppleSyncNotifier" - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe "APSDaemon" - "Apple Inc." - "C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min "BCSSync" - "Microsoft Corporation" - "C:\Program Files\Microsoft Office\Office14\BCSSync.exe" /DelayServices "BDRegion" - "cyberlink" - C:\Program Files\Cyberlink\Shared files\brs.exe "CLMLServer" - "CyberLink" - "C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe" "Family Tree Builder Update" - "MyHeritage" - C:\Program Files\MyHeritage\Bin\FTBCheckUpdates.exe "HP Software Update" - "Hewlett-Packard" - C:\Program Files\HP\HP Software Update\HPWuSchd2.exe "hpqSRMon" - "Hewlett-Packard" - C:\Program Files\HP\Digital Imaging\bin\hpqSRMon.exe "IAStorIcon" - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe "iTunesHelper" - "Apple Inc." - "C:\Program Files\iTunes\iTunesHelper.exe" "LWS" - "Logitech Inc." - C:\Program Files\Logitech\LWS\Webcam Software\LWS.exe -hide "QuickTime Task" - "Apple Inc." - "C:\Program Files\QuickTime\QTTask.exe" -atboottime "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files\Common Files\Java\Java Update\jusched.exe" [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "GEngine Port Monitor" - ? - C:\Windows\system32\gengpmon.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "Adobe Acrobat Update Service" (AdobeARMservice) - "Adobe Systems Incorporated" - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe "Apple Mobile Device" (Apple Mobile Device) - "Apple Inc." - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation" - C:\Program Files\Microsoft\BingBar\SeaPort.EXE "Bing Bar Update Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files\Microsoft\BingBar\BBSvc.EXE "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files\CyberLink\Shared files\RichVideo.exe "Dienst "Bonjour"" (Bonjour Service) - "Apple Inc." - C:\Program Files\Bonjour\mDNSResponder.exe "HP CUE DeviceDiscovery Service" (hpqddsvc) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll "HP Network Devices Support" (HPSLPSVC) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL "hpqcxs08" (hpqcxs08) - "Hewlett-Packard Co." - C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll "Intel(R) Rapid Storage Technology" (IAStorDataMgrSvc) - "Intel Corporation" - C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe "iPod-Dienst" (iPod Service) - "Apple Inc." - C:\Program Files\iPod\bin\iPodService.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft SharePoint Workspace Audit Service" (Microsoft SharePoint Workspace Audit Service) - "Microsoft Corporation" - C:\Program Files\Microsoft Office\Office14\GROOVE.EXE "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe "Net Driver HPZ12" (Net Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZinw12.dll "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "Pml Driver HPZ12" (Pml Driver HPZ12) - "Hewlett-Packard" - C:\Windows\system32\HPZipm12.dll "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files\Skype\Updater\Updater.exe "X10 Device Network Service" (x10nets) - "X10" - C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "mdnsNSP" - "Apple Inc." - C:\Program Files\Bonjour\mdnsNSP.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-03 20:00:04
-----------------------------
20:00:04.101 OS Version: Windows 6.1.7601 Service Pack 1
20:00:04.101 Number of processors: 2 586 0xF0B
20:00:04.101 ComputerName: NICOLE-PC UserName: Nicole
20:00:05.411 Initialize success
20:00:09.483 AVAST engine defs: 12080300
20:00:17.033 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
20:00:17.033 Disk 0 Vendor: WDC_WD50 01.0 Size: 476940MB BusType: 3
20:00:17.096 Disk 0 MBR read successfully
20:00:17.096 Disk 0 MBR scan
20:00:17.096 Disk 0 unknown MBR code
20:00:17.174 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:00:17.236 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 445094 MB offset 206848
20:00:17.330 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 911759360
20:00:17.455 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 974673920
20:00:17.564 Disk 0 scanning sectors +976771120
20:00:18.547 Disk 0 scanning C:\Windows\system32\drivers
20:03:41.124 Service scanning
20:03:59.690 Modules scanning
20:09:18.651 Disk 0 trace - called modules:
20:09:18.792 ntkrnlpa.exe CLASSPNP.SYS disk.sys AnyDVD.sys iaStor.sys halmacpi.dll
20:09:18.792 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87dc7720]
20:09:18.807 3 CLASSPNP.SYS[8b9ab59e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85edc028]
20:09:18.807 Scan finished successfully
20:11:09.599 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Downloads\MBR.dat"
20:11:09.599 The log file has been saved successfully to "C:\Users\Nicole\Downloads\aswMBR.txt"
|
|
03.08.2012, 20:57
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.08.2012, 08:11
| #29 |
| | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicherCode:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-08-04 09:09:26
-----------------------------
09:09:26.405 OS Version: Windows 6.1.7601 Service Pack 1
09:09:26.405 Number of processors: 2 586 0xF0B
09:09:26.405 ComputerName: NICOLE-PC UserName: Nicole
09:09:27.185 Initialize success
09:09:31.195 AVAST engine defs: 12080300
09:09:37.313 Verifying
09:09:47.329 Disk 0 Windows 601 MBR fixed successfully
09:09:55.597 Disk 0 MBR has been saved successfully to "C:\Users\Nicole\Downloads\MBR.dat"
09:09:55.597 The log file has been saved successfully to "C:\Users\Nicole\Downloads\aswMBR.txt"
|
|
04.08.2012, 14:17
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher Du solltest einen neuen Scan mit aswMBR machen, das ist nur das MBR-Fixlog!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Tr/trash.gen vollständig gelöscht? Bin mir nicht sicher |
| 32 bit, antivir, autorun, bho, bonjour, desktop, document, downloader, error, failed, firefox, flash player, gebraucht, home, install.exe, juli 2012, logfile, lws.exe, mozilla, nicht sicher, plug-in, programm, pup.adware.agent, realtek, recycle.bin, registry, registry cleaner, rundll, searchscopes, security, senden, svchost.exe, taskhost.exe, trojaner, windows, wuauclt.exe, zugriff verweigert |
Linear-Darstellung
