| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Polizei Österreich TrojanerWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
17.09.2012, 11:40
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Polizei Österreich Trojaner Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
17.09.2012, 21:49
| #17 |
 | Polizei Österreich Trojaner OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 17.09.2012 22:35:14 - Run 5 OTL by OldTimer - Version 3.2.61.5 Folder = C:\Users\Lisi eingeschränkt\Desktop 64bit- Professional (Version = 6.1.7600) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000c07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,77 Gb Available Physical Memory | 71,57% Memory free 7,73 Gb Paging File | 6,39 Gb Available in Paging File | 82,69% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 296,10 Gb Total Space | 28,32 Gb Free Space | 9,57% Space Free | Partition Type: NTFS Computer Name: ELISABETH-PC | User Name: Elisabeth | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.17 22:31:20 | 000,600,064 | ---- | M] (OldTimer Tools) -- C:\Users\Lisi eingeschränkt\Desktop\OTL.exe PRC - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.07.18 18:04:31 | 000,086,992 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\program files (x86)\avira\antivir desktop\ipmGui.exe PRC - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.07.18 18:04:22 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.01.13 19:18:07 | 000,527,312 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe PRC - [2012.01.13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe PRC - [2011.10.27 22:49:07 | 000,253,952 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe PRC - [2010.09.03 16:18:00 | 000,319,488 | ---- | M] (E-MU Systems) -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe PRC - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2009.12.31 14:13:52 | 000,110,592 | ---- | M] (Huawei Technologies Co., Ltd.) -- C:\Users\Lisi eingeschränkt\AppData\Roaming\T-Mobile Internet Manager\ouc.exe PRC - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe ========== Modules (No Company Name) ========== MOD - [2007.09.17 12:36:04 | 001,720,320 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtCore4.dll MOD - [2006.10.20 20:25:18 | 003,969,024 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtGui4.dll MOD - [2006.10.20 20:20:14 | 000,204,800 | ---- | M] () -- C:\Program Files (x86)\Creative Professional\E-MU USB Audio\QtXml4.dll ========== Services (SafeList) ========== SRV:64bit: - [2010.10.06 23:40:30 | 000,026,624 | ---- | M] (E-MU Systems) [Auto | Running] -- C:\Windows\SysNative\emaudsv.exe -- (emaudsv) SRV:64bit: - [2009.07.14 03:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV - [2012.07.18 18:04:33 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.07.18 18:04:24 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.07.18 18:04:23 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.07.13 13:28:36 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.01.13 19:17:40 | 000,476,112 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe -- (vpnagent) SRV - [2010.12.07 22:19:04 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.12.07 22:17:28 | 001,038,088 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Programme\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe -- (FLEXnet Licensing Service 64) SRV - [2010.09.21 15:49:00 | 002,286,976 | ---- | M] (Microsoft Corp.) [Auto | Running] -- C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.08.24 18:07:24 | 000,517,488 | ---- | M] (Dell Inc.) [Auto | Running] -- C:\Programme\Dell\Dell System Manager\DCPSysMgrSvc.exe -- (dcpsysmgrsvc) SRV - [2010.07.31 09:27:36 | 000,235,624 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2010.07.19 19:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.07.19 18:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.03.18 14:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.01.08 17:59:56 | 000,919,328 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008.09.30 13:48:28 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.07.18 18:04:42 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.07.18 18:04:42 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.07.18 18:04:41 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.03.01 08:54:38 | 000,022,896 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.13 19:08:23 | 000,026,536 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2012.01.13 19:07:30 | 000,106,408 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\acsock64.sys -- (acsock) DRV:64bit: - [2011.03.11 08:22:41 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:22:40 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.02 14:05:40 | 000,321,576 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwampfl.sys -- (btwampfl) DRV:64bit: - [2010.12.02 14:05:40 | 000,135,720 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2010.12.02 14:05:40 | 000,102,440 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2010.12.02 14:05:40 | 000,039,464 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2010.12.02 14:05:40 | 000,021,544 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2010.10.06 23:42:06 | 000,215,000 | ---- | M] (E-MU Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\emusba10.sys -- (emusba10) DRV:64bit: - [2010.07.14 05:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.06.21 16:07:38 | 000,131,688 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.06.21 14:07:24 | 000,304,760 | ---- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Apfiltr.sys -- (ApfiltrService) DRV:64bit: - [2010.04.06 01:37:42 | 000,301,232 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.10.26 21:39:42 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.10.12 15:23:22 | 000,114,304 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbdev.sys -- (hwusbdev) DRV:64bit: - [2009.10.10 04:41:20 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2009.09.17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.09.10 15:31:56 | 000,117,248 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:47:48 | 000,077,888 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.06.27 08:51:10 | 000,088,632 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\adfs.sys -- (adfs) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2008.08.14 08:57:42 | 000,074,720 | ---- | M] (Adobe Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\SysWow64\drivers\adfs.sys -- (adfs) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.avira.com/?l=dis&o=APN10397&gct=hp&dc=EU&locale=de_AT IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-at IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FB 6B 3B F7 12 92 CB 01 [binary data] IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://at.msn.com/?ocid=iehp IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-AT IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CE 6D 28 A1 E0 85 CD 01 [binary data] IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..network.proxy.http: "journals.meduniwien.ac.at" FF - prefs.js..network.proxy.http_port: 3128 FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.1: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\new_plugin\npjp2.dll File not found FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.1: C:\Program Files (x86)\Oracle\JavaFX 2.1 Runtime\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2011.09.30 22:23:43 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.08.13 18:10:07 | 000,000,000 | ---D | M] [2010.12.02 13:05:24 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elisabeth\AppData\Roaming\Mozilla\Extensions [2010.12.02 19:41:01 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\vin0maa5.default\extensions [2010.12.24 14:28:37 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2010.12.24 14:28:37 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files (x86)\mozilla firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1} [2010.10.27 07:44:13 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2010.10.27 07:44:13 | 000,002,344 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2010.10.27 07:44:13 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2010.10.27 07:44:13 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2010.10.27 07:44:13 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4:64bit: - HKLM..\Run: [Apoint] C:\Programme\DellTPad\Apoint.exe (Alps Electric Co., Ltd.) O4:64bit: - HKLM..\Run: [NVHotkey] C:\Windows\SysNative\nvHotkey.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe () O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) O4 - HKLM..\Run: [DataCardMonitor] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\DataCardMonitor.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems) O4 - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001..\Run: [E-MU USB Audio Control Panel] C:\Program Files (x86)\Creative Professional\E-MU USB Audio\EmuUsbAudioCP.exe (E-MU Systems) O4 - HKU\S-1-5-21-2329778552-3089844880-3146377183-1001..\Run: [HW_OPENEYE_OUC_T-Mobile Internet Manager] C:\Program Files (x86)\T-Mobile\T-Mobile Internet Manager\UpdateDog\ouc.exe (Huawei Technologies Co., Ltd.) O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat () O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil10t_Plugin.exe (Adobe Systems, Inc.) O4 - HKU\S-1-5-21-2329778552-3089844880-3146377183-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~3\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: Senden an Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Senden an &Bluetooth-Gerät... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corp.) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab (Java Plug-in 1.7.0_05) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5AA7DD65-FE64-4C51-82B2-8C10723E7574}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5C4F54D3-E988-FFDD-D9EB-BCE36F6C9BCD} - Themes Setup ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F558AF21-5E13-BE7D-B03C-1A6CFC4E0B8A} - Offline Browsing Pack ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.12 22:10:04 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.12 22:09:23 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Elisabeth\Desktop\esetsmartinstaller_enu.exe [2012.09.05 23:50:53 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012.09.05 23:50:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012.09.02 18:02:10 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Avira [2012.08.31 23:46:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.08.31 23:45:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.08.31 23:45:28 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.08.31 23:45:28 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.08.31 23:45:28 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.08.31 23:45:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.08.31 23:45:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.08.31 20:56:51 | 000,000,000 | ---D | C] -- C:\Users\Elisabeth\AppData\Roaming\Malwarebytes [2012.08.31 20:56:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.08.31 20:56:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.08.31 20:56:12 | 000,024,904 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.08.31 20:56:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware ========== Files - Modified Within 30 Days ========== [2012.09.17 22:18:00 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.17 22:16:34 | 000,001,112 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.17 22:10:04 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 22:10:04 | 000,015,168 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.17 22:02:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.17 22:02:27 | 3112,562,688 | -HS- | M] () -- C:\hiberfil.sys [2012.09.16 00:31:32 | 000,000,098 | ---- | M] () -- C:\Windows\DeleteOnReboot.bat [2012.09.16 00:29:03 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.16 00:29:03 | 000,654,400 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.16 00:29:03 | 000,616,242 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.16 00:29:03 | 000,130,240 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.16 00:29:03 | 000,106,622 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.12 22:09:11 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Elisabeth\Desktop\esetsmartinstaller_enu.exe [2012.09.05 23:50:53 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012.08.31 23:46:19 | 000,001,994 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.31 21:06:54 | 000,000,000 | ---- | M] () -- C:\Users\Elisabeth\defogger_reenable [2012.08.31 20:56:17 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk ========== Files Created - No Company Name ========== [2012.09.16 00:31:30 | 000,000,098 | ---- | C] () -- C:\Windows\DeleteOnReboot.bat [2012.08.31 23:46:19 | 000,001,994 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2012.08.31 21:06:54 | 000,000,000 | ---- | C] () -- C:\Users\Elisabeth\defogger_reenable [2012.08.31 20:56:17 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.08.16 20:38:44 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf5 [2012.08.13 18:16:54 | 000,001,081 | ---- | C] () -- C:\Users\Elisabeth\Musik - Verknüpfung.lnk [2012.01.12 19:34:35 | 000,000,249 | ---- | C] () -- C:\Windows\SDSCalibrationStatus.ini [2011.01.23 11:04:00 | 000,000,016 | -H-- | C] () -- C:\ProgramData\obtf504 [2010.12.24 14:40:21 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2010.09.20 00:53:46 | 000,001,363 | ---- | C] () -- C:\Windows\emasio.dat ========== LOP Check ========== [2012.08.16 22:42:50 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\EndNote [2011.12.30 15:33:01 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\FlowJo7 [2011.01.23 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\GraphPad Software [2011.10.27 22:49:06 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\T-Mobile [2012.07.30 01:17:16 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\deluge [2012.08.16 21:58:59 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\EndNote [2011.12.30 15:44:36 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\FlowJo7 [2012.07.21 08:21:58 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\GoodSync [2011.01.23 12:09:02 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\GraphPad Software [2012.02.05 19:55:47 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\T-Mobile Internet Manager [2012.01.25 17:32:39 | 000,000,000 | ---D | M] -- C:\Users\Lisi eingeschränkt\AppData\Roaming\Windows Live Writer [2012.08.28 16:38:23 | 000,032,632 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2010.12.08 14:34:32 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Adobe [2012.09.02 18:02:10 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Avira [2012.08.16 22:42:50 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\EndNote [2011.12.30 15:33:01 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\FlowJo7 [2011.01.23 11:03:59 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\GraphPad Software [2010.12.02 12:44:45 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Identities [2010.12.02 12:57:06 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Intel [2010.12.02 19:41:18 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Macromedia [2012.08.31 20:56:51 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Malwarebytes [2012.02.26 22:34:23 | 000,000,000 | --SD | M] -- C:\Users\Elisabeth\AppData\Roaming\Microsoft [2010.12.02 13:05:24 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Mozilla [2012.09.12 22:02:34 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\Skype [2011.10.27 22:49:06 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\T-Mobile [2010.12.02 14:28:59 | 000,000,000 | ---D | M] -- C:\Users\Elisabeth\AppData\Roaming\vlc < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_9e6bb86c3b39a3e9\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_1a38e2b78a3fe5b8\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_a69a58a4286f0b22\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.20575_none_39c1885e54505643\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0033117673c16921\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_18cccb83b34e1453\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\SysNative\netlogon.dll [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\SysWOW64\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_5bde3fe2945bce9e\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_38e464dbe521cc7f\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\SysWOW64\scecli.dll [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\SysNative\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\SysNative\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\SysWOW64\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\SysWOW64\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\SysNative\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SoftwareDistribution\Download\488053cdbca3231eeb2c2af7236d09ed\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.07.03 13:46:42 | 000,217,672 | ---- | M] () MD5=8A7F34F0BBD076EC3815680A7309114F -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 09:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\SysNative\winlogon.exe [2009.10.28 08:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
|
17.09.2012, 21:49
| #18 |
| | Polizei Österreich Trojaner dankeschön. lisi
__________________Geändert von lisi_souris (17.09.2012 um 22:03 Uhr) |
|
19.09.2012, 10:48
| #19 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
O4 - HKLM..\RunOnce: [DeleteOnReboot] C:\Windows\DeleteOnReboot.bat ()
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKLM..\Run: [] File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O32 - HKLM CDRom: AutoRun - 1
:Files
C:\ProgramData\obtf5
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
19.09.2012, 22:29
| #20 |
| | Polizei Österreich TrojanerCode:
ATTFilter All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\RunOnce\\DeleteOnReboot deleted successfully.
C:\Windows\DeleteOnReboot.bat moved successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
========== FILES ==========
C:\ProgramData\obtf5 moved successfully.
< ipconfig /flushdns /c >
No captured output from command...
C:\Users\Lisi eingeschränkt\Desktop\cmd.bat deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 389192 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Elisabeth
->Temp folder emptied: 1970555904 bytes
->Temporary Internet Files folder emptied: 17750541 bytes
->Java cache emptied: 14067 bytes
->FireFox cache emptied: 106662049 bytes
->Flash cache emptied: 18210 bytes
User: Lisi eingeschränkt
->Temp folder emptied: 570220190 bytes
->Temporary Internet Files folder emptied: 17440260 bytes
->Java cache emptied: 494213 bytes
->FireFox cache emptied: 334460426 bytes
->Google Chrome cache emptied: 189830861 bytes
->Flash cache emptied: 1078 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 463392806 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 36028471 bytes
RecycleBin emptied: 11507 bytes
Total Files Cleaned = 3.536,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.61.5 log created on 09192012_232052
Files\Folders moved on Reboot...
File move failed. C:\Users\Lisi eingeschränkt\AppData\Local\Temp\FXSAPIDebugLogFile.txt scheduled to be moved on reboot.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
20.09.2012, 14:31
| #21 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ --> Polizei Österreich Trojaner |
|
21.09.2012, 19:51
| #22 |
| | Polizei Österreich Trojaner hoffe, ich hab das so richtig gemacht mit dem zippen! lg lisi |
|
21.09.2012, 22:02
| #23 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Bitte direkt posten wenn es hier auch rein passt, danke!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
30.09.2012, 07:12
| #24 |
| | Polizei Österreich Trojaner hallo cosinus, ich hab die meldung bekommen, dass das log zuviele zeichen enthält, daher habe ich es gezippt. |
|
01.10.2012, 12:13
| #25 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Das Archiv im Anhang in unbrauchbar, es enthält KEINE Dateien!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 21:19
| #26 |
| | Polizei Österreich TrojanerCode:
ATTFilter 22:15:28.0853 1788 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
22:15:28.0978 1788 ============================================================
22:15:28.0978 1788 Current date / time: 2012/10/05 22:15:28.0978
22:15:28.0978 1788 SystemInfo:
22:15:28.0978 1788
22:15:28.0978 1788 OS Version: 6.1.7600 ServicePack: 0.0
22:15:28.0978 1788 Product type: Workstation
22:15:28.0978 1788 ComputerName: ELISABETH-PC
22:15:28.0978 1788 UserName: Elisabeth
22:15:28.0978 1788 Windows directory: C:\Windows
22:15:28.0978 1788 System windows directory: C:\Windows
22:15:28.0978 1788 Running under WOW64
22:15:28.0978 1788 Processor architecture: Intel x64
22:15:28.0978 1788 Number of processors: 4
22:15:28.0978 1788 Page size: 0x1000
22:15:28.0978 1788 Boot type: Normal boot
22:15:28.0978 1788 ============================================================
22:15:31.0723 1788 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
22:15:31.0739 1788 ============================================================
22:15:31.0739 1788 \Device\Harddisk0\DR0:
22:15:31.0739 1788 MBR partitions:
22:15:31.0739 1788 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0x14000, BlocksNum 0x3E8000
22:15:31.0739 1788 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3FC000, BlocksNum 0x25032000
22:15:31.0739 1788 ============================================================
22:15:31.0755 1788 C: <-> \Device\Harddisk0\DR0\Partition2
22:15:31.0755 1788 ============================================================
22:15:31.0755 1788 Initialize success
22:15:31.0755 1788 ============================================================
22:15:45.0810 4432 ============================================================
22:15:45.0810 4432 Scan started
22:15:45.0810 4432 Mode: Manual; SigCheck; TDLFS;
22:15:45.0810 4432 ============================================================
22:15:46.0887 4432 ================ Scan system memory ========================
22:15:46.0887 4432 System memory - ok
22:15:46.0887 4432 ================ Scan services =============================
22:15:46.0996 4432 [ 1B00662092F9F9568B995902F0CC40D5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
22:15:47.0089 4432 1394ohci - ok
22:15:47.0121 4432 [ 6F11E88748CDEFD2F76AA215F97DDFE5 ] ACPI C:\Windows\system32\DRIVERS\ACPI.sys
22:15:47.0152 4432 ACPI - ok
22:15:47.0183 4432 [ 63B05A0420CE4BF0E4AF6DCC7CADA254 ] AcpiPmi C:\Windows\system32\DRIVERS\acpipmi.sys
22:15:47.0230 4432 AcpiPmi - ok
22:15:47.0308 4432 [ E42F90B27BDDDD611FA7040AFD256FDA ] acsock C:\Windows\system32\DRIVERS\acsock64.sys
22:15:47.0339 4432 acsock - ok
22:15:47.0370 4432 [ 2F0683FD2DF1D92E891CACA14B45A8C1 ] adfs C:\Windows\system32\drivers\adfs.sys
22:15:47.0401 4432 adfs - ok
22:15:47.0448 4432 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
22:15:47.0479 4432 adp94xx - ok
22:15:47.0495 4432 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
22:15:47.0511 4432 adpahci - ok
22:15:47.0526 4432 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
22:15:47.0557 4432 adpu320 - ok
22:15:47.0573 4432 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
22:15:47.0729 4432 AeLookupSvc - ok
22:15:47.0807 4432 [ DB9D6C6B2CD95A9CA414D045B627422E ] AFD C:\Windows\system32\drivers\afd.sys
22:15:47.0838 4432 AFD - ok
22:15:47.0854 4432 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\DRIVERS\agp440.sys
22:15:47.0885 4432 agp440 - ok
22:15:47.0885 4432 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
22:15:47.0963 4432 ALG - ok
22:15:47.0994 4432 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\DRIVERS\aliide.sys
22:15:48.0010 4432 aliide - ok
22:15:48.0025 4432 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\DRIVERS\amdide.sys
22:15:48.0057 4432 amdide - ok
22:15:48.0057 4432 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
22:15:48.0088 4432 AmdK8 - ok
22:15:48.0119 4432 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
22:15:48.0150 4432 AmdPPM - ok
22:15:48.0213 4432 [ EC7EBAB00A4D8448BAB68D1E49B4BEB9 ] amdsata C:\Windows\system32\drivers\amdsata.sys
22:15:48.0228 4432 amdsata - ok
22:15:48.0244 4432 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
22:15:48.0291 4432 amdsbs - ok
22:15:48.0306 4432 [ DB27766102C7BF7E95140A2AA81D042E ] amdxata C:\Windows\system32\drivers\amdxata.sys
22:15:48.0322 4432 amdxata - ok
22:15:48.0400 4432 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
22:15:48.0431 4432 AntiVirSchedulerService - ok
22:15:48.0462 4432 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
22:15:48.0478 4432 AntiVirService - ok
22:15:48.0509 4432 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
22:15:48.0525 4432 AntiVirWebService - ok
22:15:48.0556 4432 [ 8655A2983A86D6675135B1FF6892055D ] ApfiltrService C:\Windows\system32\DRIVERS\Apfiltr.sys
22:15:48.0571 4432 ApfiltrService - ok
22:15:48.0618 4432 [ 42FD751B27FA0E9C69BB39F39E409594 ] AppID C:\Windows\system32\drivers\appid.sys
22:15:48.0727 4432 AppID - ok
22:15:48.0743 4432 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
22:15:48.0837 4432 AppIDSvc - ok
22:15:48.0852 4432 [ D065BE66822847B7F127D1F90158376E ] Appinfo C:\Windows\System32\appinfo.dll
22:15:48.0899 4432 Appinfo - ok
22:15:48.0930 4432 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
22:15:48.0993 4432 AppMgmt - ok
22:15:49.0024 4432 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
22:15:49.0039 4432 arc - ok
22:15:49.0055 4432 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
22:15:49.0071 4432 arcsas - ok
22:15:49.0102 4432 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
22:15:49.0164 4432 AsyncMac - ok
22:15:49.0211 4432 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\DRIVERS\atapi.sys
22:15:49.0227 4432 atapi - ok
22:15:49.0273 4432 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
22:15:49.0367 4432 AudioEndpointBuilder - ok
22:15:49.0398 4432 [ 07721A77180EDD4D39CCB865BF63C7FD ] AudioSrv C:\Windows\System32\Audiosrv.dll
22:15:49.0476 4432 AudioSrv - ok
22:15:49.0523 4432 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
22:15:49.0539 4432 avgntflt - ok
22:15:49.0585 4432 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
22:15:49.0601 4432 avipbb - ok
22:15:49.0617 4432 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
22:15:49.0632 4432 avkmgr - ok
22:15:49.0648 4432 [ B20B5FA5CA050E9926E4D1DB81501B32 ] AxInstSV C:\Windows\System32\AxInstSV.dll
22:15:49.0710 4432 AxInstSV - ok
22:15:49.0804 4432 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
22:15:49.0866 4432 b06bdrv - ok
22:15:49.0897 4432 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
22:15:49.0929 4432 b57nd60a - ok
22:15:49.0975 4432 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
22:15:50.0022 4432 BDESVC - ok
22:15:50.0038 4432 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
22:15:50.0131 4432 Beep - ok
22:15:50.0178 4432 [ 4992C609A6315671463E30F6512BC022 ] BFE C:\Windows\System32\bfe.dll
22:15:50.0287 4432 BFE - ok
22:15:50.0334 4432 [ 7F0C323FE3DA28AA4AA1BDA3F575707F ] BITS C:\Windows\System32\qmgr.dll
22:15:50.0443 4432 BITS - ok
22:15:50.0475 4432 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
22:15:50.0506 4432 blbdrive - ok
22:15:50.0553 4432 [ 19D20159708E152267E53B66677A4995 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
22:15:50.0599 4432 bowser - ok
22:15:50.0615 4432 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
22:15:50.0662 4432 BrFiltLo - ok
22:15:50.0724 4432 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
22:15:50.0771 4432 BrFiltUp - ok
22:15:50.0802 4432 [ 6B054C67AAA87843504E8E3C09102009 ] Browser C:\Windows\System32\browser.dll
22:15:50.0865 4432 Browser - ok
22:15:50.0896 4432 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
22:15:50.0943 4432 Brserid - ok
22:15:50.0958 4432 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
22:15:50.0989 4432 BrSerWdm - ok
22:15:51.0005 4432 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
22:15:51.0052 4432 BrUsbMdm - ok
22:15:51.0067 4432 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
22:15:51.0099 4432 BrUsbSer - ok
22:15:51.0192 4432 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
22:15:51.0239 4432 BthEnum - ok
22:15:51.0255 4432 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
22:15:51.0286 4432 BTHMODEM - ok
22:15:51.0317 4432 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
22:15:51.0348 4432 BthPan - ok
22:15:51.0411 4432 [ D59773C7FDD3D795D6FE402EEEA8D71E ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
22:15:51.0442 4432 BTHPORT - ok
22:15:51.0489 4432 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
22:15:51.0567 4432 bthserv - ok
22:15:51.0582 4432 [ 8504842634DD144C075B6B0C982CCEC4 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
22:15:51.0598 4432 BTHUSB - ok
22:15:51.0645 4432 [ 2D19C44A9D0E175BC93D23C562A0AA01 ] btwampfl C:\Windows\system32\drivers\btwampfl.sys
22:15:51.0660 4432 btwampfl - ok
22:15:51.0691 4432 [ AD4B38BF35896778236B40CF453F58AA ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
22:15:51.0707 4432 btwaudio - ok
22:15:51.0723 4432 [ C2A11549E72841EF9FC5AF14C7F29233 ] btwavdt C:\Windows\system32\DRIVERS\btwavdt.sys
22:15:51.0738 4432 btwavdt - ok
22:15:51.0816 4432 [ 3D13849A1F9E7C61096294B955EFCDF2 ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
22:15:51.0863 4432 btwdins - ok
22:15:51.0925 4432 [ 06E96CF5C046F7CAB4AA131DF6E2B9BC ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
22:15:51.0941 4432 btwl2cap - ok
22:15:51.0957 4432 [ D8270F1D59DD10743C8E62D806AF85E2 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
22:15:51.0972 4432 btwrchid - ok
22:15:52.0003 4432 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
22:15:52.0066 4432 cdfs - ok
22:15:52.0113 4432 [ 83D2D75E1EFB81B3450C18131443F7DB ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
22:15:52.0128 4432 cdrom - ok
22:15:52.0175 4432 [ 312E2F82AF11E79906898AC3E3D58A1F ] CertPropSvc C:\Windows\System32\certprop.dll
22:15:52.0253 4432 CertPropSvc - ok
22:15:52.0284 4432 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
22:15:52.0331 4432 circlass - ok
22:15:52.0362 4432 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
22:15:52.0378 4432 CLFS - ok
22:15:52.0456 4432 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
22:15:52.0471 4432 clr_optimization_v2.0.50727_32 - ok
22:15:52.0518 4432 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
22:15:52.0534 4432 clr_optimization_v2.0.50727_64 - ok
22:15:52.0612 4432 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
22:15:52.0643 4432 clr_optimization_v4.0.30319_32 - ok
22:15:52.0737 4432 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
22:15:52.0752 4432 clr_optimization_v4.0.30319_64 - ok
22:15:52.0783 4432 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
22:15:52.0799 4432 CmBatt - ok
22:15:52.0815 4432 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\DRIVERS\cmdide.sys
22:15:52.0830 4432 cmdide - ok
22:15:52.0893 4432 [ CA7720B73446FDDEC5C69519C1174C98 ] CNG C:\Windows\system32\Drivers\cng.sys
22:15:52.0955 4432 CNG - ok
22:15:52.0986 4432 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
22:15:53.0002 4432 Compbatt - ok
22:15:53.0017 4432 [ F26B3A86F6FA87CA360B879581AB4123 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
22:15:53.0064 4432 CompositeBus - ok
22:15:53.0080 4432 COMSysApp - ok
22:15:53.0095 4432 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
22:15:53.0111 4432 crcdisk - ok
22:15:53.0173 4432 [ F02786B66375292E58C8777082D4396D ] CryptSvc C:\Windows\system32\cryptsvc.dll
22:15:53.0205 4432 CryptSvc - ok
22:15:53.0236 4432 [ 4A6173C2279B498CD8F57CAE504564CB ] CSC C:\Windows\system32\drivers\csc.sys
22:15:53.0283 4432 CSC - ok
22:15:53.0314 4432 [ 873FBF927C06E5CEE04DEC617502F8FD ] CscService C:\Windows\System32\cscsvc.dll
22:15:53.0376 4432 CscService - ok
22:15:53.0423 4432 [ 7266972E86890E2B30C0C322E906B027 ] DcomLaunch C:\Windows\system32\rpcss.dll
22:15:53.0501 4432 DcomLaunch - ok
22:15:53.0563 4432 [ 230BFB96A86AB29DA6DEB234F8985D34 ] dcpsysmgrsvc C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe
22:15:53.0595 4432 dcpsysmgrsvc - ok
22:15:53.0626 4432 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
22:15:53.0704 4432 defragsvc - ok
22:15:53.0751 4432 [ 9C253CE7311CA60FC11C774692A13208 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
22:15:53.0797 4432 DfsC - ok
22:15:53.0829 4432 [ CE3B9562D997F69B330D181A8875960F ] Dhcp C:\Windows\system32\dhcpcore.dll
22:15:53.0860 4432 Dhcp - ok
22:15:53.0891 4432 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
22:15:53.0969 4432 discache - ok
22:15:54.0000 4432 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
22:15:54.0016 4432 Disk - ok
22:15:54.0078 4432 [ 85CF424C74A1D5EC33533E1DBFF9920A ] Dnscache C:\Windows\System32\dnsrslvr.dll
22:15:54.0125 4432 Dnscache - ok
22:15:54.0141 4432 [ 14452ACDB09B70964C8C21BF80A13ACB ] dot3svc C:\Windows\System32\dot3svc.dll
22:15:54.0219 4432 dot3svc - ok
22:15:54.0234 4432 [ 8C2BA6BEA949EE6E68385F5692BAFB94 ] DPS C:\Windows\system32\dps.dll
22:15:54.0281 4432 DPS - ok
22:15:54.0297 4432 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
22:15:54.0328 4432 drmkaud - ok
22:15:54.0390 4432 [ 1633B9ABF52784A1331476397A48CBEF ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
22:15:54.0437 4432 DXGKrnl - ok
22:15:54.0468 4432 [ 60C5B36E07BE8B3AF3911C3D10303CFE ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
22:15:54.0484 4432 e1kexpress - ok
22:15:54.0515 4432 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
22:15:54.0562 4432 EapHost - ok
22:15:54.0671 4432 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
22:15:54.0858 4432 ebdrv - ok
22:15:54.0921 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] EFS C:\Windows\System32\lsass.exe
22:15:54.0967 4432 EFS - ok
22:15:55.0045 4432 [ 47C071994C3F649F23D9CD075AC9304A ] ehRecvr C:\Windows\ehome\ehRecvr.exe
22:15:55.0108 4432 ehRecvr - ok
22:15:55.0123 4432 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
22:15:55.0186 4432 ehSched - ok
22:15:55.0217 4432 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
22:15:55.0248 4432 elxstor - ok
22:15:55.0264 4432 emusba10 - ok
22:15:55.0279 4432 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\DRIVERS\errdev.sys
22:15:55.0311 4432 ErrDev - ok
22:15:55.0357 4432 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
22:15:55.0435 4432 EventSystem - ok
22:15:55.0529 4432 [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
22:15:55.0591 4432 EvtEng - ok
22:15:55.0623 4432 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
22:15:55.0669 4432 exfat - ok
22:15:55.0701 4432 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
22:15:55.0779 4432 fastfat - ok
22:15:55.0857 4432 [ D607B2F1BEE3992AA6C2C92C0A2F0855 ] Fax C:\Windows\system32\fxssvc.exe
22:15:55.0950 4432 Fax - ok
22:15:55.0966 4432 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
22:15:55.0981 4432 fdc - ok
22:15:55.0997 4432 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
22:15:56.0075 4432 fdPHost - ok
22:15:56.0075 4432 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
22:15:56.0122 4432 FDResPub - ok
22:15:56.0137 4432 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
22:15:56.0153 4432 FileInfo - ok
22:15:56.0169 4432 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
22:15:56.0247 4432 Filetrace - ok
22:15:56.0293 4432 [ 1F63900E2EB00101B9ACA2B7A870704E ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
22:15:56.0340 4432 FLEXnet Licensing Service - ok
22:15:56.0387 4432 [ 1C3FB052A0BB72EDAED90785C34D6EED ] FLEXnet Licensing Service 64 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe
22:15:56.0449 4432 FLEXnet Licensing Service 64 - ok
22:15:56.0465 4432 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
22:15:56.0496 4432 flpydisk - ok
22:15:56.0512 4432 [ F7866AF72ABBAF84B1FA5AA195378C59 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
22:15:56.0527 4432 FltMgr - ok
22:15:56.0605 4432 [ CB5E4B9C319E3C6BB363EB7E58A4A051 ] FontCache C:\Windows\system32\FntCache.dll
22:15:56.0699 4432 FontCache - ok
22:15:56.0746 4432 [ 8D89E3131C27FDD6932189CB785E1B7A ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
22:15:56.0761 4432 FontCache3.0.0.0 - ok
22:15:56.0761 4432 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
22:15:56.0777 4432 FsDepends - ok
22:15:56.0839 4432 [ D3E3F93D67821A2DB2B3D9FAC2DC2064 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
22:15:56.0855 4432 Fs_Rec - ok
22:15:56.0949 4432 [ AE87BA80D0EC3B57126ED2CDC15B24ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
22:15:56.0980 4432 fvevol - ok
22:15:57.0011 4432 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
22:15:57.0027 4432 gagp30kx - ok
22:15:57.0058 4432 [ FE5AB4525BC2EC68B9119A6E5D40128B ] gpsvc C:\Windows\System32\gpsvc.dll
22:15:57.0136 4432 gpsvc - ok
22:15:57.0261 4432 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:57.0276 4432 gupdate - ok
22:15:57.0292 4432 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
22:15:57.0307 4432 gupdatem - ok
22:15:57.0323 4432 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
22:15:57.0370 4432 hcw85cir - ok
22:15:57.0401 4432 [ 6410F6F415B2A5A9037224C41DA8BF12 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
22:15:57.0448 4432 HdAudAddService - ok
22:15:57.0479 4432 [ 0A49913402747A0B67DE940FB42CBDBB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
22:15:57.0510 4432 HDAudBus - ok
22:15:57.0541 4432 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
22:15:57.0557 4432 HECIx64 - ok
22:15:57.0573 4432 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
22:15:57.0619 4432 HidBatt - ok
22:15:57.0635 4432 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
22:15:57.0682 4432 HidBth - ok
22:15:57.0760 4432 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
22:15:57.0791 4432 HidIr - ok
22:15:57.0807 4432 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
22:15:57.0885 4432 hidserv - ok
22:15:57.0900 4432 [ B3BF6B5B50006DEF50B66306D99FCF6F ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
22:15:57.0947 4432 HidUsb - ok
22:15:57.0978 4432 [ EFA58EDE58DD74388FFD04CB32681518 ] hkmsvc C:\Windows\system32\kmsvc.dll
22:15:58.0056 4432 hkmsvc - ok
22:15:58.0087 4432 [ 046B2673767CA626E2CFB7FDF735E9E8 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
22:15:58.0119 4432 HomeGroupListener - ok
22:15:58.0150 4432 [ 06A7422224D9865A5613710A089987DF ] HomeGroupProvider C:\Windows\system32\provsvc.dll
22:15:58.0165 4432 HomeGroupProvider - ok
22:15:58.0181 4432 [ 0886D440058F203EBA0E1825E4355914 ] HpSAMD C:\Windows\system32\DRIVERS\HpSAMD.sys
22:15:58.0197 4432 HpSAMD - ok
22:15:58.0243 4432 [ CEE049CAC4EFA7F4E1E4AD014414A5D4 ] HTTP C:\Windows\system32\drivers\HTTP.sys
22:15:58.0337 4432 HTTP - ok
22:15:58.0368 4432 hwdatacard - ok
22:15:58.0384 4432 [ F17766A19145F111856378DF337A5D79 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
22:15:58.0399 4432 hwpolicy - ok
22:15:58.0415 4432 hwusbdev - ok
22:15:58.0446 4432 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
22:15:58.0462 4432 i8042prt - ok
22:15:58.0509 4432 [ B75E45C564E944A2657167D197AB29DA ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
22:15:58.0540 4432 iaStorV - ok
22:15:58.0587 4432 [ 2F2BE70D3E02B6FA877921AB9516D43C ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
22:15:58.0649 4432 idsvc - ok
22:15:58.0727 4432 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
22:15:58.0743 4432 iirsp - ok
22:15:58.0774 4432 [ C5B4683680DF085B57BC53E5EF34861F ] IKEEXT C:\Windows\System32\ikeext.dll
22:15:58.0867 4432 IKEEXT - ok
22:15:58.0914 4432 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
22:15:58.0945 4432 Impcd - ok
22:15:58.0977 4432 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\DRIVERS\intelide.sys
22:15:58.0992 4432 intelide - ok
22:15:59.0023 4432 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
22:15:59.0039 4432 intelppm - ok
22:15:59.0070 4432 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
22:15:59.0117 4432 IPBusEnum - ok
22:15:59.0133 4432 [ 722DD294DF62483CECAAE6E094B4D695 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
22:15:59.0179 4432 IpFilterDriver - ok
22:15:59.0211 4432 [ F8E058D17363EC580E4B7232778B6CB5 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
22:15:59.0304 4432 iphlpsvc - ok
22:15:59.0304 4432 [ E2B4A4494DB7CB9B89B55CA268C337C5 ] IPMIDRV C:\Windows\system32\DRIVERS\IPMIDrv.sys
22:15:59.0320 4432 IPMIDRV - ok
22:15:59.0335 4432 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
22:15:59.0413 4432 IPNAT - ok
22:15:59.0429 4432 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
22:15:59.0460 4432 IRENUM - ok
22:15:59.0476 4432 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\DRIVERS\isapnp.sys
22:15:59.0491 4432 isapnp - ok
22:15:59.0507 4432 [ FA4D2557DE56D45B0A346F93564BE6E1 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
22:15:59.0523 4432 iScsiPrt - ok
22:15:59.0554 4432 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
22:15:59.0569 4432 kbdclass - ok
22:15:59.0585 4432 [ 6DEF98F8541E1B5DCEB2C822A11F7323 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
22:15:59.0616 4432 kbdhid - ok
22:15:59.0632 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] KeyIso C:\Windows\system32\lsass.exe
22:15:59.0663 4432 KeyIso - ok
22:15:59.0725 4432 [ 4F4B5FDE429416877DE7143044582EB5 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
22:15:59.0757 4432 KSecDD - ok
22:15:59.0772 4432 [ 6F40465A44ECDC1731BEFAFEC5BDD03C ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
22:15:59.0788 4432 KSecPkg - ok
22:15:59.0803 4432 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
22:15:59.0866 4432 ksthunk - ok
22:15:59.0897 4432 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
22:15:59.0975 4432 KtmRm - ok
22:15:59.0991 4432 [ 81F1D04D4D0E433099365127375FD501 ] LanmanServer C:\Windows\system32\srvsvc.dll
22:16:00.0022 4432 LanmanServer - ok
22:16:00.0037 4432 [ 27026EAC8818E8A6C00A1CAD2F11D29A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
22:16:00.0100 4432 LanmanWorkstation - ok
22:16:00.0131 4432 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
22:16:00.0178 4432 lltdio - ok
22:16:00.0193 4432 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
22:16:00.0240 4432 lltdsvc - ok
22:16:00.0271 4432 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
22:16:00.0318 4432 lmhosts - ok
22:16:00.0349 4432 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
22:16:00.0349 4432 LSI_FC - ok
22:16:00.0365 4432 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
22:16:00.0381 4432 LSI_SAS - ok
22:16:00.0381 4432 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
22:16:00.0396 4432 LSI_SAS2 - ok
22:16:00.0412 4432 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
22:16:00.0427 4432 LSI_SCSI - ok
22:16:00.0443 4432 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
22:16:00.0490 4432 luafv - ok
22:16:00.0552 4432 [ F84C8F1000BC11E3B7B23CBD3BAFF111 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
22:16:00.0583 4432 Mcx2Svc - ok
22:16:00.0599 4432 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
22:16:00.0630 4432 megasas - ok
22:16:00.0661 4432 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
22:16:00.0677 4432 MegaSR - ok
22:16:00.0864 4432 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
22:16:00.0880 4432 Microsoft Office Groove Audit Service - ok
22:16:00.0911 4432 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
22:16:00.0989 4432 MMCSS - ok
22:16:00.0989 4432 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
22:16:01.0036 4432 Modem - ok
22:16:01.0051 4432 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
22:16:01.0067 4432 monitor - ok
22:16:01.0098 4432 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
22:16:01.0098 4432 mouclass - ok
22:16:01.0129 4432 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
22:16:01.0161 4432 mouhid - ok
22:16:01.0176 4432 [ 791AF66C4D0E7C90A3646066386FB571 ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
22:16:01.0192 4432 mountmgr - ok
22:16:01.0207 4432 [ 609D1D87649ECC19796F4D76D4C15CEA ] mpio C:\Windows\system32\DRIVERS\mpio.sys
22:16:01.0223 4432 mpio - ok
22:16:01.0239 4432 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
22:16:01.0285 4432 mpsdrv - ok
22:16:01.0317 4432 [ AECAB449567D1846DAD63ECE49E893E3 ] MpsSvc C:\Windows\system32\mpssvc.dll
22:16:01.0379 4432 MpsSvc - ok
22:16:01.0395 4432 [ 30524261BB51D96D6FCBAC20C810183C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
22:16:01.0441 4432 MRxDAV - ok
22:16:01.0488 4432 [ 040D62A9D8AD28922632137ACDD984F2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
22:16:01.0504 4432 mrxsmb - ok
22:16:01.0566 4432 [ F0067552F8F9B33D7C59403AB808A3CB ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
22:16:01.0613 4432 mrxsmb10 - ok
22:16:01.0629 4432 [ 3C142D31DE9F2F193218A53FE2632051 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
22:16:01.0660 4432 mrxsmb20 - ok
22:16:01.0753 4432 [ BCCF16D5FB1109162380E3E28DC9E4E5 ] msahci C:\Windows\system32\DRIVERS\msahci.sys
22:16:01.0769 4432 msahci - ok
22:16:01.0785 4432 [ 8D27B597229AED79430FB9DB3BCBFBD0 ] msdsm C:\Windows\system32\DRIVERS\msdsm.sys
22:16:01.0800 4432 msdsm - ok
22:16:01.0816 4432 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
22:16:01.0863 4432 MSDTC - ok
22:16:01.0878 4432 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
22:16:01.0925 4432 Msfs - ok
22:16:01.0941 4432 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
22:16:01.0987 4432 mshidkmdf - ok
22:16:02.0003 4432 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\DRIVERS\msisadrv.sys
22:16:02.0019 4432 msisadrv - ok
22:16:02.0050 4432 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
22:16:02.0112 4432 MSiSCSI - ok
22:16:02.0112 4432 msiserver - ok
22:16:02.0143 4432 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
22:16:02.0175 4432 MSKSSRV - ok
22:16:02.0190 4432 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
22:16:02.0237 4432 MSPCLOCK - ok
22:16:02.0237 4432 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
22:16:02.0284 4432 MSPQM - ok
22:16:02.0299 4432 [ 89CB141AA8616D8C6A4610FA26C60964 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
22:16:02.0315 4432 MsRPC - ok
22:16:02.0331 4432 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
22:16:02.0331 4432 mssmbios - ok
22:16:02.0346 4432 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
22:16:02.0377 4432 MSTEE - ok
22:16:02.0393 4432 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
22:16:02.0409 4432 MTConfig - ok
22:16:02.0424 4432 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
22:16:02.0440 4432 Mup - ok
22:16:02.0455 4432 [ 4987E079A4530FA737A128BE54B63B12 ] napagent C:\Windows\system32\qagentRT.dll
22:16:02.0549 4432 napagent - ok
22:16:02.0580 4432 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
22:16:02.0611 4432 NativeWifiP - ok
22:16:02.0643 4432 [ CAD515DBD07D082BB317D9928CE8962C ] NDIS C:\Windows\system32\drivers\ndis.sys
22:16:02.0689 4432 NDIS - ok
22:16:02.0721 4432 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
22:16:02.0799 4432 NdisCap - ok
22:16:02.0830 4432 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
22:16:02.0908 4432 NdisTapi - ok
22:16:02.0923 4432 [ F105BA1E22BF1F2EE8F005D4305E4BEC ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
22:16:02.0970 4432 Ndisuio - ok
22:16:02.0970 4432 [ 557DFAB9CA1FCB036AC77564C010DAD3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
22:16:03.0017 4432 NdisWan - ok
22:16:03.0017 4432 [ 659B74FB74B86228D6338D643CD3E3CF ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
22:16:03.0064 4432 NDProxy - ok
22:16:03.0189 4432 [ C7F5C284B6F46FCAF6910EA4E644700B ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
22:16:03.0235 4432 Nero BackItUp Scheduler 4.0 - ok
22:16:03.0251 4432 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
22:16:03.0329 4432 NetBIOS - ok
22:16:03.0345 4432 [ 9162B273A44AB9DCE5B44362731D062A ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
22:16:03.0407 4432 NetBT - ok
22:16:03.0423 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] Netlogon C:\Windows\system32\lsass.exe
22:16:03.0438 4432 Netlogon - ok
22:16:03.0469 4432 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
22:16:03.0547 4432 Netman - ok
22:16:03.0579 4432 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
22:16:03.0641 4432 netprofm - ok
22:16:03.0703 4432 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
22:16:03.0719 4432 NetTcpPortSharing - ok
22:16:03.0891 4432 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
22:16:04.0093 4432 NETwNs64 - ok
22:16:04.0125 4432 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
22:16:04.0156 4432 nfrd960 - ok
22:16:04.0171 4432 [ D9A0CE66046D6EFA0C61BAA885CBA0A8 ] NlaSvc C:\Windows\System32\nlasvc.dll
22:16:04.0249 4432 NlaSvc - ok
22:16:04.0281 4432 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
22:16:04.0343 4432 Npfs - ok
22:16:04.0359 4432 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
22:16:04.0421 4432 nsi - ok
22:16:04.0437 4432 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
22:16:04.0483 4432 nsiproxy - ok
22:16:04.0561 4432 [ 378E0E0DFEA67D98AE6EA53ADBBD76BC ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
22:16:04.0639 4432 Ntfs - ok
22:16:04.0686 4432 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
22:16:04.0764 4432 Null - ok
22:16:04.0811 4432 [ E20ABD5B229760158F753CA90B97E090 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
22:16:04.0827 4432 NVHDA - ok
22:16:05.0061 4432 [ CD0B2C7666E2A594127CBCCEAB7D0465 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
22:16:05.0232 4432 nvlddmkm - ok
22:16:05.0279 4432 [ A4D9C9A608A97F59307C2F2600EDC6A4 ] nvraid C:\Windows\system32\drivers\nvraid.sys
22:16:05.0310 4432 nvraid - ok
22:16:05.0357 4432 [ 6C1D5F70E7A6A3FD1C90D840EDC048B9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
22:16:05.0388 4432 nvstor - ok
22:16:05.0419 4432 [ D9679AB2EC2711CF2CA707AD08D5725F ] nvsvc C:\Windows\system32\nvvsvc.exe
22:16:05.0435 4432 nvsvc - ok
22:16:05.0466 4432 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\DRIVERS\nv_agp.sys
22:16:05.0482 4432 nv_agp - ok
22:16:05.0653 4432 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
22:16:05.0685 4432 odserv - ok
22:16:05.0716 4432 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
22:16:05.0731 4432 ohci1394 - ok
22:16:05.0856 4432 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
22:16:05.0872 4432 ose - ok
22:16:05.0903 4432 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
22:16:05.0965 4432 p2pimsvc - ok
22:16:05.0981 4432 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
22:16:06.0028 4432 p2psvc - ok
22:16:06.0075 4432 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
22:16:06.0106 4432 Parport - ok
22:16:06.0168 4432 [ 90061B1ACFE8CCAA5345750FFE08D8B8 ] partmgr C:\Windows\system32\drivers\partmgr.sys
22:16:06.0184 4432 partmgr - ok
22:16:06.0199 4432 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
22:16:06.0262 4432 PcaSvc - ok
22:16:06.0277 4432 [ F36F6504009F2FB0DFD1B17A116AD74B ] pci C:\Windows\system32\DRIVERS\pci.sys
22:16:06.0293 4432 pci - ok
22:16:06.0309 4432 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\DRIVERS\pciide.sys
22:16:06.0340 4432 pciide - ok
22:16:06.0355 4432 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
22:16:06.0371 4432 pcmcia - ok
22:16:06.0387 4432 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
22:16:06.0387 4432 pcw - ok
22:16:06.0402 4432 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
22:16:06.0465 4432 PEAUTH - ok
22:16:06.0511 4432 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
22:16:06.0589 4432 PeerDistSvc - ok
22:16:06.0683 4432 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
22:16:06.0699 4432 PerfHost - ok
22:16:06.0808 4432 [ 557E9A86F65F0DE18C9B6751DFE9D3F1 ] pla C:\Windows\system32\pla.dll
22:16:06.0917 4432 pla - ok
22:16:06.0995 4432 [ 98B1721B8718164293B9701B98C52D77 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
22:16:07.0042 4432 PlugPlay - ok
22:16:07.0057 4432 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
22:16:07.0089 4432 PNRPAutoReg - ok
22:16:07.0120 4432 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
22:16:07.0135 4432 PNRPsvc - ok
22:16:07.0151 4432 [ 166EB40D1F5B47E615DE3D0FFFE5F243 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
22:16:07.0213 4432 PolicyAgent - ok
22:16:07.0229 4432 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
22:16:07.0276 4432 Power - ok
22:16:07.0307 4432 [ 27CC19E81BA5E3403C48302127BDA717 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
22:16:07.0385 4432 PptpMiniport - ok
22:16:07.0385 4432 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
22:16:07.0416 4432 Processor - ok
22:16:07.0494 4432 [ 97293447431311C06703368AD0F6C4BE ] ProfSvc C:\Windows\system32\profsvc.dll
22:16:07.0541 4432 ProfSvc - ok
22:16:07.0557 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] ProtectedStorage C:\Windows\system32\lsass.exe
22:16:07.0572 4432 ProtectedStorage - ok
22:16:07.0588 4432 [ EE992183BD8EAEFD9973F352E587A299 ] Psched C:\Windows\system32\DRIVERS\pacer.sys
22:16:07.0650 4432 Psched - ok
22:16:07.0728 4432 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
22:16:07.0806 4432 ql2300 - ok
22:16:07.0822 4432 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
22:16:07.0822 4432 ql40xx - ok
22:16:07.0853 4432 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
22:16:07.0900 4432 QWAVE - ok
22:16:07.0915 4432 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
22:16:07.0931 4432 QWAVEdrv - ok
22:16:07.0947 4432 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
22:16:08.0025 4432 RasAcd - ok
22:16:08.0040 4432 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
22:16:08.0087 4432 RasAgileVpn - ok
22:16:08.0103 4432 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
22:16:08.0181 4432 RasAuto - ok
22:16:08.0196 4432 [ 87A6E852A22991580D6D39ADC4790463 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
22:16:08.0243 4432 Rasl2tp - ok
22:16:08.0274 4432 [ 47394ED3D16D053F5906EFE5AB51CC83 ] RasMan C:\Windows\System32\rasmans.dll
22:16:08.0368 4432 RasMan - ok
22:16:08.0383 4432 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
22:16:08.0461 4432 RasPppoe - ok
22:16:08.0477 4432 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
22:16:08.0539 4432 RasSstp - ok
22:16:08.0555 4432 [ 3BAC8142102C15D59A87757C1D41DCE5 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
22:16:08.0602 4432 rdbss - ok
22:16:08.0617 4432 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
22:16:08.0633 4432 rdpbus - ok
22:16:08.0664 4432 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
22:16:08.0742 4432 RDPCDD - ok
22:16:08.0789 4432 [ 9706B84DBABFC4B4CA46C5A82B14DFA3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
22:16:08.0851 4432 RDPDR - ok
22:16:08.0867 4432 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
22:16:08.0945 4432 RDPENCDD - ok
22:16:08.0961 4432 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
22:16:08.0992 4432 RDPREFMP - ok
22:16:09.0054 4432 [ 447DE7E3DEA39D422C1504F245B668B1 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
22:16:09.0085 4432 RDPWD - ok
22:16:09.0132 4432 [ 634B9A2181D98F15941236886164EC8B ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
22:16:09.0148 4432 rdyboost - ok
22:16:09.0210 4432 [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
22:16:09.0257 4432 RegSrvc - ok
22:16:09.0273 4432 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
22:16:09.0335 4432 RemoteAccess - ok
22:16:09.0366 4432 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
22:16:09.0413 4432 RemoteRegistry - ok
22:16:09.0444 4432 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
22:16:09.0460 4432 RFCOMM - ok
22:16:09.0475 4432 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
22:16:09.0522 4432 RpcEptMapper - ok
22:16:09.0538 4432 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
22:16:09.0569 4432 RpcLocator - ok
22:16:09.0600 4432 [ 7266972E86890E2B30C0C322E906B027 ] RpcSs C:\Windows\system32\rpcss.dll
22:16:09.0663 4432 RpcSs - ok
22:16:09.0725 4432 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
22:16:09.0819 4432 rspndr - ok
22:16:09.0850 4432 [ 88AF6E02AB19DF7FD07ECDF9C91E9AF6 ] s3cap C:\Windows\system32\DRIVERS\vms3cap.sys
22:16:09.0881 4432 s3cap - ok
22:16:09.0881 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] SamSs C:\Windows\system32\lsass.exe
22:16:09.0897 4432 SamSs - ok
22:16:09.0912 4432 [ E3BBB89983DAF5622C1D50CF49F28227 ] sbp2port C:\Windows\system32\DRIVERS\sbp2port.sys
22:16:09.0943 4432 sbp2port - ok
22:16:09.0975 4432 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
22:16:10.0053 4432 SCardSvr - ok
22:16:10.0084 4432 [ C94DA20C7E3BA1DCA269BC8460D98387 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
22:16:10.0162 4432 scfilter - ok
22:16:10.0193 4432 [ 624D0F5FF99428BB90A5B8A4123E918E ] Schedule C:\Windows\system32\schedsvc.dll
22:16:10.0271 4432 Schedule - ok
22:16:10.0302 4432 [ 312E2F82AF11E79906898AC3E3D58A1F ] SCPolicySvc C:\Windows\System32\certprop.dll
22:16:10.0349 4432 SCPolicySvc - ok
22:16:10.0380 4432 [ 2C8D162EFAF73ABD36D8BCBB6340CAE7 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
22:16:10.0411 4432 sdbus - ok
22:16:10.0443 4432 [ 765A27C3279CE11D14CB9E4F5869FCA5 ] SDRSVC C:\Windows\System32\SDRSVC.dll
22:16:10.0489 4432 SDRSVC - ok
22:16:10.0521 4432 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
22:16:10.0599 4432 secdrv - ok
22:16:10.0614 4432 [ 463B386EBC70F98DA5DFF85F7E654346 ] seclogon C:\Windows\system32\seclogon.dll
22:16:10.0645 4432 seclogon - ok
22:16:10.0708 4432 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
22:16:10.0770 4432 SENS - ok
22:16:10.0770 4432 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
22:16:10.0817 4432 SensrSvc - ok
22:16:10.0833 4432 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
22:16:10.0848 4432 Serenum - ok
22:16:10.0864 4432 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
22:16:10.0879 4432 Serial - ok
22:16:10.0911 4432 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
22:16:10.0942 4432 sermouse - ok
22:16:10.0973 4432 [ C3BC61CE47FF6F4E88AB8A3B429A36AF ] SessionEnv C:\Windows\system32\sessenv.dll
22:16:11.0020 4432 SessionEnv - ok
22:16:11.0051 4432 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
22:16:11.0082 4432 sffdisk - ok
22:16:11.0098 4432 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\DRIVERS\sffp_mmc.sys
22:16:11.0129 4432 sffp_mmc - ok
22:16:11.0145 4432 [ 178298F767FE638C9FEDCBDEF58BB5E4 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
22:16:11.0160 4432 sffp_sd - ok
22:16:11.0176 4432 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
22:16:11.0207 4432 sfloppy - ok
22:16:11.0254 4432 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
22:16:11.0332 4432 SharedAccess - ok
22:16:11.0347 4432 [ 0298AC45D0EFFFB2DB4BAA7DD186E7BF ] ShellHWDetection C:\Windows\System32\shsvcs.dll
22:16:11.0379 4432 ShellHWDetection - ok
22:16:11.0394 4432 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
22:16:11.0410 4432 SiSRaid2 - ok
22:16:11.0425 4432 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
22:16:11.0425 4432 SiSRaid4 - ok
22:16:11.0503 4432 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
22:16:11.0535 4432 SkypeUpdate - ok
22:16:11.0535 4432 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
22:16:11.0613 4432 Smb - ok
22:16:11.0644 4432 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
22:16:11.0675 4432 SNMPTRAP - ok
22:16:11.0691 4432 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
22:16:11.0691 4432 spldr - ok
22:16:11.0769 4432 [ 567977DC43CC13C4C35ED7084C0B84D5 ] Spooler C:\Windows\System32\spoolsv.exe
22:16:11.0815 4432 Spooler - ok
22:16:11.0909 4432 [ 913D843498553A1BC8F8DBAD6358E49F ] sppsvc C:\Windows\system32\sppsvc.exe
22:16:12.0081 4432 sppsvc - ok
22:16:12.0096 4432 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
22:16:12.0159 4432 sppuinotify - ok
22:16:12.0205 4432 [ 2408C0366D96BCDF63E8F1C78E4A29C5 ] srv C:\Windows\system32\DRIVERS\srv.sys
22:16:12.0252 4432 srv - ok
22:16:12.0283 4432 [ 76548F7B818881B47D8D1AE1BE9C11F8 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
22:16:12.0315 4432 srv2 - ok
22:16:12.0377 4432 [ 0AF6E19D39C70844C5CAA8FB0183C36E ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
22:16:12.0408 4432 srvnet - ok
22:16:12.0439 4432 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
22:16:12.0517 4432 SSDPSRV - ok
22:16:12.0533 4432 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
22:16:12.0580 4432 SstpSvc - ok
22:16:12.0611 4432 [ A1B5EE7F471C52B41EF3ECC57492D942 ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
22:16:12.0642 4432 Stereo Service - ok
22:16:12.0720 4432 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
22:16:12.0751 4432 stexstor - ok
22:16:12.0783 4432 [ 52D0E33B681BD0F33FDC08812FEE4F7D ] stisvc C:\Windows\System32\wiaservc.dll
22:16:12.0845 4432 stisvc - ok
22:16:12.0876 4432 [ FFD7A6F15B14234B5B0E5D49E7961895 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
22:16:12.0892 4432 storflt - ok
22:16:12.0907 4432 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
22:16:12.0954 4432 StorSvc - ok
22:16:12.0970 4432 [ 8FCCBEFC5C440B3C23454656E551B09A ] storvsc C:\Windows\system32\DRIVERS\storvsc.sys
22:16:12.0985 4432 storvsc - ok
22:16:13.0001 4432 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
22:16:13.0017 4432 swenum - ok
22:16:13.0048 4432 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
22:16:13.0110 4432 swprv - ok
22:16:13.0157 4432 [ 3C1284516A62078FB68F768DE4F1A7BE ] SysMain C:\Windows\system32\sysmain.dll
22:16:13.0251 4432 SysMain - ok
22:16:13.0266 4432 [ 238935C3CF2854886DC7CBB2A0E2CC66 ] TabletInputService C:\Windows\System32\TabSvc.dll
22:16:13.0297 4432 TabletInputService - ok
22:16:13.0329 4432 [ 884264AC597B690C5707C89723BB8E7B ] TapiSrv C:\Windows\System32\tapisrv.dll
22:16:13.0391 4432 TapiSrv - ok
22:16:13.0407 4432 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
22:16:13.0453 4432 TBS - ok
22:16:13.0547 4432 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
22:16:13.0625 4432 Tcpip - ok
22:16:13.0750 4432 [ 624C5B3AA4C99B3184BB922D9ECE3FF0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
22:16:13.0797 4432 TCPIP6 - ok
22:16:13.0828 4432 [ 76D078AF6F587B162D50210F761EB9ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
22:16:13.0859 4432 tcpipreg - ok
22:16:13.0875 4432 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
22:16:13.0921 4432 TDPIPE - ok
22:16:13.0984 4432 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
22:16:14.0015 4432 TDTCP - ok
22:16:14.0046 4432 [ 079125C4B17B01FCAEEBCE0BCB290C0F ] tdx C:\Windows\system32\DRIVERS\tdx.sys
22:16:14.0124 4432 tdx - ok
22:16:14.0124 4432 [ C448651339196C0E869A355171875522 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
22:16:14.0140 4432 TermDD - ok
22:16:14.0171 4432 [ 0F05EC2887BFE197AD82A13287D2F404 ] TermService C:\Windows\System32\termsrv.dll
22:16:14.0249 4432 TermService - ok
22:16:14.0265 4432 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
22:16:14.0296 4432 Themes - ok
22:16:14.0311 4432 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
22:16:14.0358 4432 THREADORDER - ok
22:16:14.0374 4432 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
22:16:14.0452 4432 TrkWks - ok
22:16:14.0499 4432 [ 840F7FB849F5887A49BA18C13B2DA920 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
22:16:14.0545 4432 TrustedInstaller - ok
22:16:14.0577 4432 [ 61B96C26131E37B24E93327A0BD1FB95 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
22:16:14.0639 4432 tssecsrv - ok
22:16:14.0717 4432 [ 3836171A2CDF3AF8EF10856DB9835A70 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
22:16:14.0795 4432 tunnel - ok
22:16:14.0811 4432 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
22:16:14.0811 4432 uagp35 - ok
22:16:14.0842 4432 [ 31BA4A33AFAB6A69EA092B18017F737F ] udfs C:\Windows\system32\DRIVERS\udfs.sys
22:16:14.0889 4432 udfs - ok
22:16:14.0920 4432 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
22:16:14.0951 4432 UI0Detect - ok
22:16:14.0967 4432 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\DRIVERS\uliagpkx.sys
22:16:14.0982 4432 uliagpkx - ok
22:16:15.0013 4432 [ EAB6C35E62B1B0DB0D1B48B671D3A117 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
22:16:15.0045 4432 umbus - ok
22:16:15.0076 4432 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
22:16:15.0091 4432 UmPass - ok
22:16:15.0107 4432 [ AF0AC98EE5077EB844413EB54287FDE3 ] UmRdpService C:\Windows\System32\umrdp.dll
22:16:15.0138 4432 UmRdpService - ok
22:16:15.0169 4432 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
22:16:15.0263 4432 upnphost - ok
22:16:15.0310 4432 [ 537A4E03D7103C12D42DFD8FFDB5BDC9 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
22:16:15.0341 4432 usbccgp - ok
22:16:15.0357 4432 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\DRIVERS\usbcir.sys
22:16:15.0388 4432 usbcir - ok
22:16:15.0403 4432 [ FBB21EBE49F6D560DB37AC25FBC68E66 ] usbehci C:\Windows\system32\drivers\usbehci.sys
22:16:15.0435 4432 usbehci - ok
22:16:15.0466 4432 [ 6B7A8A99C4A459E73C286A6763EA24CC ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
22:16:15.0497 4432 usbhub - ok
22:16:15.0544 4432 [ 8C88AA7617B4CBC2E4BED61D26B33A27 ] usbohci C:\Windows\system32\drivers\usbohci.sys
22:16:15.0575 4432 usbohci - ok
22:16:15.0591 4432 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
22:16:15.0606 4432 usbprint - ok
22:16:15.0669 4432 [ F39983647BC1F3E6100778DDFE9DCE29 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
22:16:15.0778 4432 USBSTOR - ok
22:16:15.0793 4432 [ 0B5B3B2DF3FD1709618ACFA50B8392B0 ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
22:16:15.0825 4432 usbuhci - ok
22:16:15.0856 4432 [ 7CB8C573C6E4A2714402CC0A36EAB4FE ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
22:16:15.0887 4432 usbvideo - ok
22:16:15.0903 4432 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
22:16:15.0965 4432 UxSms - ok
22:16:15.0996 4432 [ 156F6159457D0AA7E59B62681B56EB90 ] VaultSvc C:\Windows\system32\lsass.exe
22:16:15.0996 4432 VaultSvc - ok
22:16:16.0027 4432 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\DRIVERS\vdrvroot.sys
22:16:16.0027 4432 vdrvroot - ok
22:16:16.0043 4432 [ 44D73E0BBC1D3C8981304BA15135C2F2 ] vds C:\Windows\System32\vds.exe
22:16:16.0090 4432 vds - ok
22:16:16.0105 4432 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
22:16:16.0137 4432 vga - ok
22:16:16.0152 4432 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
22:16:16.0199 4432 VgaSave - ok
22:16:16.0230 4432 [ C82E748660F62A242B2DFAC1442F22A4 ] vhdmp C:\Windows\system32\DRIVERS\vhdmp.sys
22:16:16.0246 4432 vhdmp - ok
22:16:16.0246 4432 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\DRIVERS\viaide.sys
22:16:16.0261 4432 viaide - ok
22:16:16.0293 4432 [ 1501699D7EDA984ABC4155A7DA5738D1 ] vmbus C:\Windows\system32\DRIVERS\vmbus.sys
22:16:16.0308 4432 vmbus - ok
22:16:16.0324 4432 [ AE10C35761889E65A6F7176937C5592C ] VMBusHID C:\Windows\system32\DRIVERS\VMBusHID.sys
22:16:16.0324 4432 VMBusHID - ok
22:16:16.0339 4432 [ 2B1A3DAE2B4E70DBBA822B7A03FBD4A3 ] volmgr C:\Windows\system32\DRIVERS\volmgr.sys
22:16:16.0355 4432 volmgr - ok
22:16:16.0371 4432 [ 99B0CBB569CA79ACAED8C91461D765FB ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
22:16:16.0386 4432 volmgrx - ok
22:16:16.0402 4432 [ 58F82EED8CA24B461441F9C3E4F0BF5C ] volsnap C:\Windows\system32\DRIVERS\volsnap.sys
22:16:16.0433 4432 volsnap - ok
22:16:16.0527 4432 [ D9CC6202D8A3EC84F1516F6CC3E2E6ED ] vpnagent C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
22:16:16.0542 4432 vpnagent - ok
22:16:16.0605 4432 [ 845DAE50510383B7F6ACA73CE2099048 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
22:16:16.0620 4432 vpnva - ok
22:16:16.0636 4432 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
22:16:16.0667 4432 vsmraid - ok
22:16:16.0776 4432 [ 787898BF9FB6D7BD87A36E2D95C899BA ] VSS C:\Windows\system32\vssvc.exe
22:16:16.0854 4432 VSS - ok
22:16:16.0870 4432 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
22:16:16.0901 4432 vwifibus - ok
22:16:16.0917 4432 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
22:16:16.0948 4432 vwififlt - ok
22:16:16.0963 4432 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
22:16:17.0010 4432 vwifimp - ok
22:16:17.0026 4432 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
22:16:17.0088 4432 W32Time - ok
22:16:17.0088 4432 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
22:16:17.0119 4432 WacomPen - ok
22:16:17.0151 4432 [ 47CA49400643EFFD3F1C9A27E1D69324 ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
22:16:17.0229 4432 WANARP - ok
22:16:17.0229 4432 [ 47CA49400643EFFD3F1C9A27E1D69324 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
22:16:17.0275 4432 Wanarpv6 - ok
22:16:17.0322 4432 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
22:16:17.0400 4432 WatAdminSvc - ok
22:16:17.0447 4432 [ 5AB1BB85BD8B5089CC5D64200DEDAE68 ] wbengine C:\Windows\system32\wbengine.exe
22:16:17.0525 4432 wbengine - ok
22:16:17.0541 4432 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
22:16:17.0572 4432 WbioSrvc - ok
22:16:17.0634 4432 [ DD1BAE8EBFC653824D29CCF8C9054D68 ] wcncsvc C:\Windows\System32\wcncsvc.dll
22:16:17.0681 4432 wcncsvc - ok
22:16:17.0697 4432 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
22:16:17.0743 4432 WcsPlugInService - ok
22:16:17.0821 4432 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
22:16:17.0853 4432 Wd - ok
22:16:17.0868 4432 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
22:16:17.0915 4432 Wdf01000 - ok
22:16:17.0915 4432 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
22:16:17.0962 4432 WdiServiceHost - ok
22:16:17.0962 4432 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
22:16:17.0977 4432 WdiSystemHost - ok
22:16:18.0024 4432 [ 733006127F235BE7C35354EBEE7B9A7B ] WebClient C:\Windows\System32\webclnt.dll
22:16:18.0071 4432 WebClient - ok
22:16:18.0087 4432 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
22:16:18.0149 4432 Wecsvc - ok
22:16:18.0180 4432 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
22:16:18.0227 4432 wercplsupport - ok
22:16:18.0258 4432 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
22:16:18.0321 4432 WerSvc - ok
22:16:18.0352 4432 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
22:16:18.0383 4432 WfpLwf - ok
22:16:18.0414 4432 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
22:16:18.0430 4432 WIMMount - ok
22:16:18.0445 4432 WinDefend - ok
22:16:18.0445 4432 WinHttpAutoProxySvc - ok
22:16:18.0508 4432 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
22:16:18.0570 4432 Winmgmt - ok
22:16:18.0617 4432 [ 41FBB751936B387F9179E7F03A74FE29 ] WinRM C:\Windows\system32\WsmSvc.dll
22:16:18.0726 4432 WinRM - ok
22:16:18.0789 4432 [ 4D52C872018AF7E18D078978DCC3F6F2 ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
22:16:18.0835 4432 WinUsb - ok
22:16:18.0867 4432 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
22:16:18.0929 4432 Wlansvc - ok
22:16:19.0054 4432 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
22:16:19.0147 4432 wlidsvc - ok
22:16:19.0163 4432 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
22:16:19.0179 4432 WmiAcpi - ok
22:16:19.0210 4432 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
22:16:19.0257 4432 wmiApSrv - ok
22:16:19.0272 4432 WMPNetworkSvc - ok
22:16:19.0288 4432 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
22:16:19.0319 4432 WPCSvc - ok
22:16:19.0366 4432 [ 2E57DDF2880A7E52E76F41C7E96D327B ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
22:16:19.0381 4432 WPDBusEnum - ok
22:16:19.0413 4432 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
22:16:19.0475 4432 ws2ifsl - ok
22:16:19.0522 4432 [ 8F9F3969933C02DA96EB0F84576DB43E ] wscsvc C:\Windows\System32\wscsvc.dll
22:16:19.0569 4432 wscsvc - ok
22:16:19.0569 4432 WSearch - ok
22:16:19.0678 4432 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
22:16:19.0881 4432 wuauserv - ok
22:16:19.0881 4432 [ 7CADC74271DD6461C452C271B30BD378 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
22:16:19.0943 4432 WudfPf - ok
22:16:19.0959 4432 [ 3B197AF0FFF08AA66B6B2241CA538D64 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
22:16:20.0005 4432 WUDFRd - ok
22:16:20.0037 4432 [ B551D6637AA0E132C18AC6E504F7B79B ] wudfsvc C:\Windows\System32\WUDFSvc.dll
22:16:20.0083 4432 wudfsvc - ok
22:16:20.0115 4432 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
22:16:20.0146 4432 WwanSvc - ok
22:16:20.0193 4432 ================ Scan global ===============================
22:16:20.0224 4432 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
22:16:20.0271 4432 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:16:20.0286 4432 [ 0CB6EBF4B461A6043353C570BD72A1E1 ] C:\Windows\system32\winsrv.dll
22:16:20.0317 4432 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
22:16:20.0333 4432 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
22:16:20.0349 4432 [Global] - ok
22:16:20.0349 4432 ================ Scan MBR ==================================
22:16:20.0349 4432 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
22:16:20.0832 4432 \Device\Harddisk0\DR0 - ok
22:16:20.0832 4432 ================ Scan VBR ==================================
22:16:20.0848 4432 [ A0926894B24415A013AE8F49A87B23FD ] \Device\Harddisk0\DR0\Partition1
22:16:20.0848 4432 \Device\Harddisk0\DR0\Partition1 - ok
22:16:20.0879 4432 [ 08F7B947D99B839BF962455E1849228A ] \Device\Harddisk0\DR0\Partition2
22:16:20.0879 4432 \Device\Harddisk0\DR0\Partition2 - ok
22:16:20.0879 4432 ============================================================
22:16:20.0879 4432 Scan finished
22:16:20.0879 4432 ============================================================
22:16:20.0895 4492 Detected object count: 0
22:16:20.0895 4492 Actual detected object count: 0
|
|
07.10.2012, 04:56
| #27 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 10:00
| #28 |
| | Polizei Österreich TrojanerCode:
ATTFilter ComboFix 12-10-04.02 - Elisabeth 07.10.2012 10:49:41.1.4 - x64
Microsoft Windows 7 Professional N 6.1.7600.0.1252.43.1031.18.3958.2793 [GMT 2:00]
ausgeführt von:: c:\users\Lisi eingeschrõnkt\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-07 bis 2012-10-07 ))))))))))))))))))))))))))))))
.
.
2012-10-07 08:54 . 2012-10-07 08:54 -------- d-----w- c:\users\Elisabeth\AppData\Local\temp
2012-10-07 08:54 . 2012-10-07 08:54 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-05 19:53 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{53810073-7FF6-46E5-B362-CFD5D1FBBAB6}\mpengine.dll
2012-09-19 21:20 . 2012-09-19 21:20 -------- d-----w- C:\_OTL
2012-09-12 20:10 . 2012-09-12 20:10 -------- d-----w- c:\program files (x86)\ESET
2012-09-12 19:35 . 2012-08-02 17:55 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 19:35 . 2012-08-02 17:05 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-09-12 22:09 . 2010-12-02 11:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 17:31 . 2012-08-16 18:40 3146752 ----a-w- c:\windows\system32\win32k.sys
2012-07-18 16:04 . 2012-08-31 21:45 27760 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-07-18 16:04 . 2012-08-31 21:45 132832 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-07-18 16:04 . 2012-08-31 21:45 98848 ----a-w- c:\windows\system32\drivers\avgntflt.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2012-07-13 17418928]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" [2010-11-10 35736]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-11-10 932288]
"AdobeCS4ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" [2008-08-14 611712]
"GrooveMonitor"="c:\program files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" [2009-02-26 30040]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-07-05 421888]
"Cisco AnyConnect Secure Mobility Agent for Windows"="c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" [2012-01-13 527312]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-07-18 348664]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2010-1-8 1121568]
Dell System Manager.lnk - c:\program files\Dell\Dell System Manager\DCPSysMgr.exe [2010-8-24 1549680]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-13 160944]
R3 acsock;acsock;c:\windows\system32\DRIVERS\acsock64.sys [2012-01-13 106408]
R3 btwampfl;Bluetooth AMP USB Filter;c:\windows\system32\drivers\btwampfl.sys [2010-12-02 321576]
R3 btwl2cap;Bluetooth L2CAP Service;c:\windows\system32\DRIVERS\btwl2cap.sys [2010-12-02 39464]
R3 emusba10;E-MU USB-Audio 1.0 Driver;c:\windows\system32\DRIVERS\emusba10.sys [x]
R3 FLEXnet Licensing Service 64;FLEXnet Licensing Service 64;c:\program files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe [2010-12-07 1038088]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 136176]
R3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
R3 hwusbdev;Huawei DataCard USB PNP Device;c:\windows\system32\DRIVERS\ewusbdev.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2010-12-02 1255736]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-07-18 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-07-18 86224]
S2 AntiVirWebService;Avira Browser Schutz;c:\program files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE [2012-07-18 465360]
S2 dcpsysmgrsvc;Dell System Manager Service;c:\program files\Dell\Dell System Manager\DCPSysMgrSvc.exe [2010-08-24 517488]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2010-07-31 235624]
S2 vpnagent;Cisco AnyConnect Secure Mobility Agent;c:\program files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [2012-01-13 476112]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2010-04-05 301232]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2009-10-26 151936]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link der Serie 5000 Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 NVHDA;Service for NVIDIA High Definition Audio Driver;c:\windows\system32\drivers\nvhda64v.sys [2010-06-21 131688]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 12:28]
.
2012-10-07 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2010-12-24 12:28]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-07-28 1875048]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2010-07-31 283240]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2010-06-04 392048]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Bild an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~3\Office12\EXCEL.EXE/3000
IE: Seite an &Bluetooth-Gerät senden... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
LSP: c:\program files (x86)\Avira\AntiVir Desktop\avsda.dll
TCP: DhcpNameServer = 192.168.1.1
FF - ProfilePath - c:\users\Elisabeth\AppData\Roaming\Mozilla\Firefox\Profiles\vin0maa5.default\
FF - prefs.js: network.proxy.http - journals.meduniwien.ac.at
FF - prefs.js: network.proxy.http_port - 3128
FF - prefs.js: network.proxy.type - 0
FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files (x86)\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
FF - Ext: Skype extension: {AB2CE124-6272-4b12-94A9-7303C7397BD1} - c:\program files (x86)\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2329778552-3089844880-3146377183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2329778552-3089844880-3146377183-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil11f_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash11f.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-07 10:57:34
ComboFix-quarantined-files.txt 2012-10-07 08:57
.
Vor Suchlauf: 13 Verzeichnis(se), 39.108.534.272 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 38.826.676.224 Bytes frei
.
- - End Of File - - C666CB6B164A25996ECF33C4F634DC81
|
|
07.10.2012, 18:23
| #29 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Polizei Österreich Trojaner Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
15.10.2012, 06:07
| #30 |
| | Polizei Österreich Trojaner GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - GMER - Rootkit Detector and Remover
Rootkit scan 2012-10-10 00:48:20
Windows 6.1.7600
Running: 6ko8cd07.exe
---- Registry - GMER 1.0.15 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\1c659d4f87fc
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\1c659d4f87fc (not active ControlSet)
---- EOF - GMER 1.0.15 ----
OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 07:25:19 on 10.10.2012 OS: Windows 7 (Build 7600), 64-bit Default Browser: Mozilla Corporation Firefox 3.6.20 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( %SystemRoot%\system32 )----- "nvcpl.cpl" - "NVIDIA Corporation" - C:\Windows\system32\nvcpl.cpl -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "mlcfg32.cpl" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\MLCFG32.CPL "Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "acsock" (acsock) - "Cisco Systems, Inc." - C:\Windows\System32\DRIVERS\acsock64.sys "adfs" (adfs) - "Adobe Systems, Inc." - C:\Windows\system32\drivers\adfs.sys "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "E-MU USB-Audio 1.0 Driver" (emusba10) - ? - C:\Windows\System32\DRIVERS\emusba10.sys (File not found) "Huawei DataCard USB Modem and USB Serial" (hwdatacard) - ? - C:\Windows\System32\DRIVERS\ewusbmdm.sys (File not found) "Huawei DataCard USB PNP Device" (hwusbdev) - ? - C:\Windows\System32\DRIVERS\ewusbdev.sys (File not found) "Intel(R) Management Engine Interface" (HECIx64) - "Intel Corporation" - C:\Windows\System32\DRIVERS\HECIx64.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Filter )----- {807563E5-5146-11D5-A672-00B0D022E945} "Microsoft Office InfoPath XML Mime Filter" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {314111c7-a502-11d2-bbca-00c04f8ec294} "HxProtocol Class" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Help\hxds.dll {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {88FED34C-F0CA-4636-A375-3CB6248B04CD} "Local Groove Web Services Protocol" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveSystemServices.dll {91774881-D725-4E58-B298-07617B9B86A8} "Skype IE add-on Pluggable Protocol" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks )----- {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {99FD978C-D287-4F50-827F-B2C658EDA8E7} "Groove Explorer Icon Overlay 1 (GFS Unread Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AB5C5600-7E6E-4B06-9197-9ECEF74D31CC} "Groove Explorer Icon Overlay 2 (GFS Stub)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {920E6DB1-9907-4370-B3A0-BAFC03D81399} "Groove Explorer Icon Overlay 2.5 (GFS Unread Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {16F3DD56-1AF5-4347-846D-7C10C4192619} "Groove Explorer Icon Overlay 3 (GFS Folder)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2916C86E-86A6-43FE-8112-43ABE6BF8DCC} "Groove Explorer Icon Overlay 4 (GFS Unread Mark)" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {2A541AE1-5BF6-4665-A8A3-CFA9672E4291} "Groove Folder Synchronization" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {6C467336-8281-4E60-8204-430CED96822D} "Groove GFS Context Menu Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {B5A7F190-DDA6-4420-B3BA-52453494E6CD} "Groove GFS Stub Execution Hook" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {A449600E-1DC6-4232-B948-9BD794D62056} "Groove GFS Stub Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {387E725D-DC16-4D76-B310-2C93ED4752A0} "Groove XML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\msohevi.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {5858A72C-C2B4-4dd7-B2BF-B76DB1BD9F6C} "Microsoft Office OneNote Namespace Extension for Windows Desktop Search" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\ONFILTER.DLL {00020D75-0000-0000-C000-000000000046} "Microsoft Office Outlook" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\MLSHEXT.DLL {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook File Icon Extension" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\OLKFSTUB.DLL {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0005-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_05" - ? - tò(w°y\bin\npjpi170_05.dll (File not found) / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.5.0" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_05-windows-i586.cab {D27CDB6E-AE6D-11CF-96B8-444553540000} "Shockwave Flash Object" - "Adobe Systems, Inc." - C:\Windows\SysWOW64\Macromed\Flash\Flash11f.ocx / hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab {17492023-C23A-453E-A040-C7C580BBF700} "Windows Genuine Advantage Validation Tool" - "Microsoft Corporation" - C:\Windows\SysWow64\LegitCheckControl.DLL / hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll {48E73304-E1D6-4330-914C-F5F514E3486C} "An OneNote senden" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\ONBttnIE.dll {FF059E31-CC5A-4E2E-BF3B-96E929D65503} "Research" - "Microsoft Corporation" - C:\PROGRA~2\MICROS~3\Office12\REFIEBAR.DLL "Senden an Bluetooth" - ? - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm {898EA8C8-E7FF-479B-8935-AEC46303B9E5} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {72853161-30C5-4D22-B7F9-0BBC1D38A37E} "Groove GFS Browser Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} "Skype Plug-In" - "Skype Technologies S.A." - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Elisabeth\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Dell System Manager.lnk" - ? - C:\Program Files (x86)\Dell\Dell System Manager\DCPSysMgr.exe (Shortcut exists | File not found) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Bluetooth.lnk" - ? - C:\Program Files (x86)\WIDCOMM\Bluetooth Software\BTTray.exe (Shortcut exists | File not found) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Skype" - "Skype Technologies S.A." - "C:\Program Files (x86)\Skype\Phone\Skype.exe" /nosplash /minimized -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" "AdobeCS4ServiceManager" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe" -launchedbylogin "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "Cisco AnyConnect Secure Mobility Agent for Windows" - "Cisco Systems, Inc." - "C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe" -minimized "GrooveMonitor" - "Microsoft Corporation" - "C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime [Network Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\NetworkProvider\Order )----- "Adobe Drive CS4 Network" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Adobe Drive CS4\AdobeDriveCS4_NP.dll [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Avira Browser Schutz" (AntiVirWebService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "Bluetooth Service" (btwdins) - "Broadcom Corporation." - C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe "Cisco AnyConnect Secure Mobility Agent" (vpnagent) - "Cisco Systems, Inc." - C:\Program Files (x86)\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe "Dell System Manager Service" (dcpsysmgrsvc) - "Dell Inc." - C:\Program Files\Dell\Dell System Manager\DCPSysMgrSvc.exe "FLEXnet Licensing Service" (FLEXnet Licensing Service) - "Acresso Software Inc." - C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe "FLEXnet Licensing Service 64" (FLEXnet Licensing Service 64) - "Acresso Software Inc." - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService64.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Microsoft Office Diagnostics Service" (odserv) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE "Microsoft Office Groove Audit Service" (Microsoft Office Groove Audit Service) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe "NVIDIA Display Driver Service" (nvsvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Stereoscopic 3D Driver Service" (Stereo Service) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\Protocol_Catalog9\Catalog_Entries )----- "AVSDA" - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/log] Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-10 07:26:27
-----------------------------
07:26:27.856 OS Version: Windows x64 6.1.7600
07:26:27.856 Number of processors: 4 586 0x2505
07:26:27.856 ComputerName: ELISABETH-PC UserName: Elisabeth
07:26:30.882 Initialize success
07:29:19.469 AVAST engine defs: 12100901
07:29:27.144 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
07:29:27.144 Disk 0 Vendor: ST932042 D005 Size: 305245MB BusType: 8
07:29:27.159 Disk 0 MBR read successfully
07:29:27.175 Disk 0 MBR scan
07:29:27.175 Disk 0 Windows 7 default MBR code
07:29:27.175 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 39 MB offset 63
07:29:27.191 Disk 0 Partition 2 80 (A) 0B FAT32 Null 4.1 2000 MB offset 81920
07:29:27.206 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 303204 MB offset 4177920
07:29:27.237 Disk 0 scanning C:\Windows\system32\drivers
07:29:39.764 Service scanning
07:30:01.121 Modules scanning
07:30:01.121 Disk 0 trace - called modules:
07:30:01.168 ntoskrnl.exe CLASSPNP.SYS disk.sys iaStorV.sys hal.dll
07:30:01.682 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005442060]
07:30:01.682 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa800428e050]
07:30:03.055 AVAST engine scan C:\Windows
07:30:05.894 AVAST engine scan C:\Windows\system32
07:33:16.776 AVAST engine scan C:\Windows\system32\drivers
07:33:30.239 AVAST engine scan C:\Users\Elisabeth
07:33:49.474 AVAST engine scan C:\ProgramData
07:35:04.916 Scan finished successfully
07:49:12.606 Disk 0 MBR has been saved successfully to "C:\Users\Elisabeth\Desktop\MBR.dat"
07:49:12.621 The log file has been saved successfully to "C:\Users\Elisabeth\Desktop\aswMBR.txt"
Geändert von cosinus (15.10.2012 um 14:17 Uhr) Grund: CODE-Tags... |
|
| Themen zu Polizei Österreich Trojaner |
| adobe, antivir, autorun, avira, avira searchfree toolbar, bho, explorer, firefox, format, helper, langs, logfile, malwarebytes, microsoft, musik, nvidia, object, opera, plug-in, port, programme, registry, scan, schädling, software, t-mobile, trojaner, usb, windows |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
