| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Neuer Tab wird mit "searchsafer" geöffnet FirefoxWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
01.10.2012, 09:04
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  Neuer Tab wird mit "searchsafer" geöffnet Firefox Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!) Code:
ATTFilter :OTL
FF - user.js - File not found
IE - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}: "URL" = http://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd
[2012.09.25 19:07:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-1.xml
[2011.09.12 23:14:07 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-10.xml
[2011.09.28 18:13:31 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-11.xml
[2011.10.06 16:15:06 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-12.xml
[2011.11.10 04:39:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-13.xml
[2011.11.11 17:05:33 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-14.xml
[2011.12.03 17:34:34 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-15.xml
[2011.12.25 07:07:01 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-16.xml
[2012.01.07 13:16:52 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-17.xml
[2012.02.03 18:23:17 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-18.xml
[2012.02.11 23:52:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-19.xml
[2011.03.24 18:16:40 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-2.xml
[2012.02.19 15:23:27 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-20.xml
[2012.03.08 20:41:39 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-21.xml
[2012.03.29 14:13:46 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-22.xml
[2011.04.30 04:06:56 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-3.xml
[2011.05.22 19:02:20 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-4.xml
[2011.06.24 05:05:45 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-5.xml
[2011.08.01 16:04:13 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-6.xml
[2011.08.17 02:32:15 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-7.xml
[2011.08.22 21:09:18 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-8.xml
[2011.09.06 11:58:57 | 000,000,950 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-9.xml
[2011.03.30 15:14:34 | 000,001,042 | ---- | M] () -- C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin.xml
O3 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell - "" = AutoRun
O33 - MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\Shell\AutoRun\command - "" = G:\MotoCastSetup.exe -a
:Files
C:\Users\Jasmin\Documents\pinfect.zip
C:\Users\Jasmin\Downloads\Progs\asc-setup.exe
C:\Windows\rundll16.exe
C:\Windows\rundl132.dll
C:\Windows\logo1_.exe
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
01.10.2012, 21:09
| #17 |
 | Neuer Tab wird mit "searchsafer" geöffnet Firefox So hier der Log vom OTL-Fix:
__________________Code:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{6552C7DD-90A4-4387-B795-F8F96747DE19}\ not found.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-1.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-10.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-11.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-12.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-13.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-14.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-15.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-16.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-17.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-18.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-19.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-2.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-20.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-21.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-22.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-3.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-4.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-5.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-6.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-7.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-8.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin-9.xml moved successfully.
C:\Users\Jasmin\AppData\Roaming\mozilla\firefox\profiles\354o56dh.default\searchplugins\icqplugin.xml moved successfully.
Registry value HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{21FA44EF-376D-4D53-9B0F-8A89D3229068} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{21FA44EF-376D-4D53-9B0F-8A89D3229068}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{342771a8-ef39-11e1-8bd6-c80aa93f9239}\ not found.
File G:\MotoCastSetup.exe -a not found.
========== FILES ==========
C:\Users\Jasmin\Documents\pinfect.zip moved successfully.
C:\Users\Jasmin\Downloads\Progs\asc-setup.exe moved successfully.
C:\Windows\rundll16.exe folder moved successfully.
C:\Windows\rundl132.dll folder moved successfully.
C:\Windows\logo1_.exe folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\Jasmin\Desktop\PC\Trojanerboard-prog\cmd.bat deleted successfully.
C:\Users\Jasmin\Desktop\PC\Trojanerboard-prog\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56466 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: DefaultAppPool
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Jasmin
->Temp folder emptied: 242064130 bytes
->Temporary Internet Files folder emptied: 10672444 bytes
->Java cache emptied: 908713 bytes
->FireFox cache emptied: 1110935163 bytes
->Google Chrome cache emptied: 6163291 bytes
->Flash cache emptied: 14918206 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 473077 bytes
%systemroot%\System32 (64bit) .tmp files removed: 2320896 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 1515803563 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67698 bytes
RecycleBin emptied: 1490038015 bytes
Total Files Cleaned = 4.191,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 10012012_214436
Files\Folders moved on Reboot...
C:\Users\Jasmin\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\300x250iframeintlv2[2].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\AdDisplayTrackerServlet[6].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\addons-tracker-v4[1].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\cms-2-frame[2].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\TFJRF15C\pd[3].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\RYUMU20E\AdDisplayTrackerServlet[6].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\AdDisplayTrackerServlet[7].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\adTagInfo[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\emily[1].htm not found!
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\index[1].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\F88G2A10\Pug[3].gif moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\AdDisplayTrackerServlet[1].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\addons-v4[3].htm moved successfully.
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\dppix[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\freq[3].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\g_u_if_c[1].htm moved successfully.
File\Folder C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\pd[1].htm not found!
C:\Users\Jasmin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\4RTJUS3D\syncuppixels[2].htm moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
02.10.2012, 14:40
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html
__________________Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ |
|
02.10.2012, 16:48
| #19 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox TDSS-Killer- Log: Code:
ATTFilter 17:44:04.0913 6016 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
17:44:05.0116 6016 ============================================================
17:44:05.0116 6016 Current date / time: 2012/10/02 17:44:05.0116
17:44:05.0116 6016 SystemInfo:
17:44:05.0116 6016
17:44:05.0116 6016 OS Version: 6.1.7601 ServicePack: 1.0
17:44:05.0116 6016 Product type: Workstation
17:44:05.0116 6016 ComputerName: JASMIN-PC
17:44:05.0116 6016 UserName: Jasmin
17:44:05.0116 6016 Windows directory: C:\Windows
17:44:05.0116 6016 System windows directory: C:\Windows
17:44:05.0116 6016 Running under WOW64
17:44:05.0116 6016 Processor architecture: Intel x64
17:44:05.0116 6016 Number of processors: 2
17:44:05.0116 6016 Page size: 0x1000
17:44:05.0116 6016 Boot type: Normal boot
17:44:05.0116 6016 ============================================================
17:44:06.0410 6016 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
17:44:06.0410 6016 ============================================================
17:44:06.0410 6016 \Device\Harddisk0\DR0:
17:44:06.0410 6016 MBR partitions:
17:44:06.0410 6016 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x63800
17:44:06.0410 6016 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x64000, BlocksNum 0x48C6A800
17:44:06.0410 6016 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x48CCE800, BlocksNum 0x1B55800
17:44:06.0410 6016 \Device\Harddisk0\DR0\Partition4: MBR, Type 0xC, StartLBA 0x4A824000, BlocksNum 0x33AB0
17:44:06.0410 6016 ============================================================
17:44:06.0426 6016 C: <-> \Device\Harddisk0\DR0\Partition2
17:44:06.0488 6016 D: <-> \Device\Harddisk0\DR0\Partition3
17:44:06.0504 6016 E: <-> \Device\Harddisk0\DR0\Partition4
17:44:06.0504 6016 ============================================================
17:44:06.0504 6016 Initialize success
17:44:06.0504 6016 ============================================================
17:45:03.0191 3080 ============================================================
17:45:03.0191 3080 Scan started
17:45:03.0191 3080 Mode: Manual; SigCheck; TDLFS;
17:45:03.0191 3080 ============================================================
17:45:04.0626 3080 ================ Scan system memory ========================
17:45:04.0626 3080 System memory - ok
17:45:04.0626 3080 ================ Scan services =============================
17:45:04.0829 3080 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:45:04.0954 3080 1394ohci - ok
17:45:05.0001 3080 [ 5C368F4B04ED2A923E6AFCA2D37BAFF5 ] Accelerometer C:\Windows\system32\DRIVERS\Accelerometer.sys
17:45:05.0063 3080 Accelerometer - ok
17:45:05.0110 3080 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:45:05.0141 3080 ACPI - ok
17:45:05.0188 3080 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:45:05.0281 3080 AcpiPmi - ok
17:45:05.0437 3080 [ B2B64AF436FACCFA854DD397027C5360 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
17:45:05.0469 3080 AdobeFlashPlayerUpdateSvc - ok
17:45:05.0531 3080 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:45:05.0562 3080 adp94xx - ok
17:45:05.0609 3080 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:45:05.0625 3080 adpahci - ok
17:45:05.0640 3080 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:45:05.0656 3080 adpu320 - ok
17:45:05.0687 3080 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:45:05.0890 3080 AeLookupSvc - ok
17:45:06.0015 3080 [ A6FB9DB8F1A86861D955FD6975977AE0 ] AESTFilters C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe
17:45:06.0093 3080 AESTFilters - ok
17:45:06.0155 3080 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
17:45:06.0217 3080 AFD - ok
17:45:06.0280 3080 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys
17:45:06.0405 3080 AgereSoftModem - ok
17:45:06.0451 3080 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:45:06.0467 3080 agp440 - ok
17:45:06.0498 3080 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
17:45:06.0576 3080 ALG - ok
17:45:06.0623 3080 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
17:45:06.0654 3080 aliide - ok
17:45:06.0701 3080 [ BCC32BF5EBB5DFD4380FA053D3651949 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
17:45:06.0748 3080 AMD External Events Utility - ok
17:45:06.0795 3080 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
17:45:06.0810 3080 amdide - ok
17:45:06.0841 3080 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:45:06.0904 3080 AmdK8 - ok
17:45:06.0951 3080 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:45:06.0997 3080 AmdPPM - ok
17:45:07.0029 3080 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:45:07.0044 3080 amdsata - ok
17:45:07.0091 3080 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:45:07.0122 3080 amdsbs - ok
17:45:07.0122 3080 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:45:07.0138 3080 amdxata - ok
17:45:07.0278 3080 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
17:45:07.0309 3080 AntiVirSchedulerService - ok
17:45:07.0387 3080 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
17:45:07.0387 3080 AntiVirService - ok
17:45:07.0481 3080 [ 59D01FA91962C9C1E9B4022B2D3B46DB ] AppHostSvc C:\Windows\system32\inetsrv\apphostsvc.dll
17:45:07.0543 3080 AppHostSvc - ok
17:45:07.0590 3080 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
17:45:07.0809 3080 AppID - ok
17:45:07.0840 3080 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:45:07.0933 3080 AppIDSvc - ok
17:45:07.0980 3080 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
17:45:08.0058 3080 Appinfo - ok
17:45:08.0136 3080 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
17:45:08.0167 3080 arc - ok
17:45:08.0167 3080 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:45:08.0183 3080 arcsas - ok
17:45:08.0323 3080 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe
17:45:08.0401 3080 aspnet_state - ok
17:45:08.0433 3080 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:45:08.0526 3080 AsyncMac - ok
17:45:08.0557 3080 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
17:45:08.0589 3080 atapi - ok
17:45:08.0667 3080 [ 38562A6A9CB10844759EAF2B01A7FCD3 ] athr C:\Windows\system32\DRIVERS\athrx.sys
17:45:08.0760 3080 athr - ok
17:45:08.0823 3080 [ 3B9014FB7CE9E20FD726321C7DB7D8B0 ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
17:45:08.0854 3080 AtiHdmiService - ok
17:45:09.0010 3080 [ A29087680A1C3B049E3C05438E8FF2B8 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
17:45:09.0197 3080 atikmdag - ok
17:45:09.0228 3080 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
17:45:09.0244 3080 AtiPcie - ok
17:45:09.0306 3080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:45:09.0415 3080 AudioEndpointBuilder - ok
17:45:09.0447 3080 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
17:45:09.0493 3080 AudioSrv - ok
17:45:09.0540 3080 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:45:09.0571 3080 avgntflt - ok
17:45:09.0587 3080 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:45:09.0618 3080 avipbb - ok
17:45:09.0634 3080 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:45:09.0649 3080 avkmgr - ok
17:45:09.0712 3080 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:45:09.0821 3080 AxInstSV - ok
17:45:09.0915 3080 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
17:45:09.0993 3080 b06bdrv - ok
17:45:10.0024 3080 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
17:45:10.0086 3080 b57nd60a - ok
17:45:10.0164 3080 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
17:45:10.0211 3080 BBSvc - ok
17:45:10.0273 3080 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
17:45:10.0305 3080 BBUpdate - ok
17:45:10.0320 3080 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
17:45:10.0351 3080 BDESVC - ok
17:45:10.0398 3080 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
17:45:10.0476 3080 Beep - ok
17:45:10.0554 3080 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
17:45:10.0632 3080 BFE - ok
17:45:10.0710 3080 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
17:45:10.0788 3080 BITS - ok
17:45:10.0835 3080 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:45:10.0866 3080 blbdrive - ok
17:45:10.0897 3080 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:45:10.0929 3080 bowser - ok
17:45:10.0960 3080 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:45:11.0038 3080 BrFiltLo - ok
17:45:11.0069 3080 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:45:11.0085 3080 BrFiltUp - ok
17:45:11.0116 3080 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
17:45:11.0178 3080 Browser - ok
17:45:11.0209 3080 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:45:11.0256 3080 Brserid - ok
17:45:11.0287 3080 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:45:11.0334 3080 BrSerWdm - ok
17:45:11.0365 3080 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:45:11.0412 3080 BrUsbMdm - ok
17:45:11.0428 3080 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:45:11.0459 3080 BrUsbSer - ok
17:45:11.0490 3080 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:45:11.0537 3080 BTHMODEM - ok
17:45:11.0568 3080 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
17:45:11.0631 3080 bthserv - ok
17:45:11.0677 3080 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:45:11.0755 3080 cdfs - ok
17:45:11.0818 3080 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:45:11.0865 3080 cdrom - ok
17:45:11.0911 3080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
17:45:11.0989 3080 CertPropSvc - ok
17:45:12.0036 3080 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:45:12.0083 3080 circlass - ok
17:45:12.0130 3080 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
17:45:12.0161 3080 CLFS - ok
17:45:12.0223 3080 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:45:12.0239 3080 clr_optimization_v2.0.50727_32 - ok
17:45:12.0301 3080 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
17:45:12.0317 3080 clr_optimization_v2.0.50727_64 - ok
17:45:12.0395 3080 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:45:12.0489 3080 clr_optimization_v4.0.30319_32 - ok
17:45:12.0520 3080 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
17:45:12.0551 3080 clr_optimization_v4.0.30319_64 - ok
17:45:12.0567 3080 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:45:12.0598 3080 CmBatt - ok
17:45:12.0629 3080 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:45:12.0645 3080 cmdide - ok
17:45:12.0691 3080 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
17:45:12.0723 3080 CNG - ok
17:45:12.0801 3080 [ C7A0E61D5714AC20DE52D4F66EC773B8 ] Com4QLBEx C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe
17:45:12.0832 3080 Com4QLBEx - ok
17:45:12.0847 3080 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:45:12.0863 3080 Compbatt - ok
17:45:12.0910 3080 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:45:12.0972 3080 CompositeBus - ok
17:45:12.0988 3080 COMSysApp - ok
17:45:13.0019 3080 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:45:13.0019 3080 crcdisk - ok
17:45:13.0081 3080 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:45:13.0144 3080 CryptSvc - ok
17:45:13.0206 3080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:45:13.0284 3080 DcomLaunch - ok
17:45:13.0331 3080 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
17:45:13.0425 3080 defragsvc - ok
17:45:13.0471 3080 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:45:13.0549 3080 DfsC - ok
17:45:13.0627 3080 [ 105373D52E71D2D1355AD3ACD18259C3 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
17:45:13.0659 3080 dg_ssudbus - ok
17:45:13.0721 3080 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
17:45:13.0799 3080 Dhcp - ok
17:45:13.0846 3080 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
17:45:13.0893 3080 discache - ok
17:45:13.0924 3080 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:45:13.0939 3080 Disk - ok
17:45:13.0971 3080 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:45:14.0033 3080 Dnscache - ok
17:45:14.0080 3080 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:45:14.0158 3080 dot3svc - ok
17:45:14.0205 3080 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
17:45:14.0267 3080 DPS - ok
17:45:14.0314 3080 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:45:14.0361 3080 drmkaud - ok
17:45:14.0407 3080 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:45:14.0439 3080 DXGKrnl - ok
17:45:14.0470 3080 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
17:45:14.0548 3080 EapHost - ok
17:45:14.0657 3080 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
17:45:14.0813 3080 ebdrv - ok
17:45:14.0860 3080 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
17:45:14.0891 3080 EFS - ok
17:45:15.0000 3080 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:45:15.0094 3080 ehRecvr - ok
17:45:15.0125 3080 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
17:45:15.0172 3080 ehSched - ok
17:45:15.0219 3080 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:45:15.0250 3080 elxstor - ok
17:45:15.0281 3080 [ 524C79054636D2E5751169005006460B ] enecir C:\Windows\system32\DRIVERS\enecir.sys
17:45:15.0328 3080 enecir - ok
17:45:15.0375 3080 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:45:15.0421 3080 ErrDev - ok
17:45:15.0468 3080 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
17:45:15.0499 3080 EventSystem - ok
17:45:15.0531 3080 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
17:45:15.0562 3080 exfat - ok
17:45:15.0593 3080 ezSharedSvc - ok
17:45:15.0609 3080 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:45:15.0655 3080 fastfat - ok
17:45:15.0733 3080 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
17:45:15.0811 3080 Fax - ok
17:45:15.0827 3080 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:45:15.0843 3080 fdc - ok
17:45:15.0874 3080 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
17:45:15.0967 3080 fdPHost - ok
17:45:15.0983 3080 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
17:45:16.0030 3080 FDResPub - ok
17:45:16.0061 3080 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:45:16.0077 3080 FileInfo - ok
17:45:16.0092 3080 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:45:16.0123 3080 Filetrace - ok
17:45:16.0233 3080 [ 1A18EBD87AA9FBF6EFE8CFADA08D0275 ] FirebirdGuardianDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe
17:45:16.0233 3080 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
17:45:16.0233 3080 FirebirdGuardianDefaultInstance - detected UnsignedFile.Multi.Generic (1)
17:45:16.0342 3080 [ 53C740150C082AAF3C7D21C1D6A9FF98 ] FirebirdServerDefaultInstance C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe
17:45:16.0498 3080 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - warning
17:45:16.0498 3080 FirebirdServerDefaultInstance - detected UnsignedFile.Multi.Generic (1)
17:45:16.0529 3080 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:45:16.0560 3080 flpydisk - ok
17:45:16.0591 3080 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:45:16.0607 3080 FltMgr - ok
17:45:16.0669 3080 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
17:45:16.0779 3080 FontCache - ok
17:45:16.0841 3080 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
17:45:16.0872 3080 FontCache3.0.0.0 - ok
17:45:16.0888 3080 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:45:16.0903 3080 FsDepends - ok
17:45:16.0935 3080 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:45:16.0966 3080 Fs_Rec - ok
17:45:17.0013 3080 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:45:17.0028 3080 fvevol - ok
17:45:17.0075 3080 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:45:17.0091 3080 gagp30kx - ok
17:45:17.0153 3080 [ C1BBCE4B30B45410178EE674C818D10C ] GameConsoleService C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe
17:45:17.0184 3080 GameConsoleService - ok
17:45:17.0247 3080 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
17:45:17.0340 3080 gpsvc - ok
17:45:17.0465 3080 [ E859CA020ED61899F3C74A8D0032D05C ] Guard.Mail.ru C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe
17:45:17.0527 3080 Guard.Mail.ru - ok
17:45:17.0559 3080 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:45:17.0605 3080 hcw85cir - ok
17:45:17.0637 3080 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:45:17.0683 3080 HdAudAddService - ok
17:45:17.0715 3080 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:45:17.0746 3080 HDAudBus - ok
17:45:17.0777 3080 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:45:17.0808 3080 HidBatt - ok
17:45:17.0855 3080 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:45:17.0902 3080 HidBth - ok
17:45:17.0964 3080 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:45:18.0027 3080 HidIr - ok
17:45:18.0073 3080 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
17:45:18.0167 3080 hidserv - ok
17:45:18.0229 3080 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:45:18.0261 3080 HidUsb - ok
17:45:18.0292 3080 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:45:18.0370 3080 hkmsvc - ok
17:45:18.0417 3080 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:45:18.0463 3080 HomeGroupListener - ok
17:45:18.0495 3080 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:45:18.0526 3080 HomeGroupProvider - ok
17:45:18.0604 3080 [ 170233B8D743EFE35F462A5D516B93E3 ] HP Support Assistant Service C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
17:45:18.0635 3080 HP Support Assistant Service - ok
17:45:18.0682 3080 [ BCC4A8B2E2E902F52E7F2E7D8E125765 ] HPDrvMntSvc.exe C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe
17:45:18.0713 3080 HPDrvMntSvc.exe - ok
17:45:18.0744 3080 [ 4E0BEC0F78096FFD6D3314B497FC49D3 ] hpdskflt C:\Windows\system32\DRIVERS\hpdskflt.sys
17:45:18.0744 3080 hpdskflt - ok
17:45:18.0791 3080 [ 9AF482D058BE59CC28BCE52E7C4B747C ] HpqKbFiltr C:\Windows\system32\DRIVERS\HpqKbFiltr.sys
17:45:18.0853 3080 HpqKbFiltr - ok
17:45:18.0916 3080 [ EC9739A46F1F83C6E52A7A4697F44A65 ] hpqwmiex C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe
17:45:18.0947 3080 hpqwmiex - ok
17:45:19.0009 3080 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:45:19.0025 3080 HpSAMD - ok
17:45:19.0056 3080 [ FC7C13B5A9E9BE23B7AE72BBC7FDB278 ] hpsrv C:\Windows\system32\Hpservice.exe
17:45:19.0056 3080 hpsrv - ok
17:45:19.0134 3080 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:45:19.0228 3080 HTTP - ok
17:45:19.0259 3080 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:45:19.0290 3080 hwpolicy - ok
17:45:19.0337 3080 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:45:19.0353 3080 i8042prt - ok
17:45:19.0384 3080 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:45:19.0415 3080 iaStorV - ok
17:45:19.0493 3080 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
17:45:19.0571 3080 idsvc - ok
17:45:19.0743 3080 [ A87261EF1546325B559374F5689CF5BC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
17:45:19.0945 3080 igfx - ok
17:45:19.0977 3080 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:45:19.0977 3080 iirsp - ok
17:45:20.0023 3080 [ AB55B8A9B13130F638546881CE4425F8 ] IISADMIN C:\Windows\system32\inetsrv\inetinfo.exe
17:45:20.0055 3080 IISADMIN - ok
17:45:20.0101 3080 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
17:45:20.0179 3080 IKEEXT - ok
17:45:20.0211 3080 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
17:45:20.0226 3080 intelide - ok
17:45:20.0273 3080 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:45:20.0320 3080 intelppm - ok
17:45:20.0335 3080 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:45:20.0429 3080 IPBusEnum - ok
17:45:20.0476 3080 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:45:20.0554 3080 IpFilterDriver - ok
17:45:20.0585 3080 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:45:20.0647 3080 iphlpsvc - ok
17:45:20.0679 3080 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:45:20.0710 3080 IPMIDRV - ok
17:45:20.0741 3080 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:45:20.0835 3080 IPNAT - ok
17:45:20.0866 3080 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:45:20.0944 3080 IRENUM - ok
17:45:20.0975 3080 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:45:20.0991 3080 isapnp - ok
17:45:21.0037 3080 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:45:21.0069 3080 iScsiPrt - ok
17:45:21.0115 3080 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:45:21.0131 3080 kbdclass - ok
17:45:21.0147 3080 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:45:21.0178 3080 kbdhid - ok
17:45:21.0193 3080 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
17:45:21.0209 3080 KeyIso - ok
17:45:21.0240 3080 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:45:21.0256 3080 KSecDD - ok
17:45:21.0287 3080 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:45:21.0303 3080 KSecPkg - ok
17:45:21.0334 3080 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
17:45:21.0381 3080 ksthunk - ok
17:45:21.0412 3080 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
17:45:21.0459 3080 KtmRm - ok
17:45:21.0521 3080 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
17:45:21.0599 3080 LanmanServer - ok
17:45:21.0661 3080 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:45:21.0739 3080 LanmanWorkstation - ok
17:45:21.0817 3080 [ 2238B91AC1A12CC6CC4C4FED41258B2A ] LightScribeService C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe
17:45:21.0849 3080 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
17:45:21.0849 3080 LightScribeService - detected UnsignedFile.Multi.Generic (1)
17:45:21.0880 3080 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:45:21.0973 3080 lltdio - ok
17:45:22.0005 3080 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:45:22.0067 3080 lltdsvc - ok
17:45:22.0083 3080 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:45:22.0129 3080 lmhosts - ok
17:45:22.0161 3080 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:45:22.0176 3080 LSI_FC - ok
17:45:22.0207 3080 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:45:22.0239 3080 LSI_SAS - ok
17:45:22.0254 3080 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:45:22.0270 3080 LSI_SAS2 - ok
17:45:22.0285 3080 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:45:22.0301 3080 LSI_SCSI - ok
17:45:22.0332 3080 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
17:45:22.0395 3080 luafv - ok
17:45:22.0426 3080 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:45:22.0473 3080 Mcx2Svc - ok
17:45:22.0519 3080 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:45:22.0535 3080 megasas - ok
17:45:22.0566 3080 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:45:22.0597 3080 MegaSR - ok
17:45:22.0629 3080 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
17:45:22.0707 3080 MMCSS - ok
17:45:22.0738 3080 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
17:45:22.0769 3080 Modem - ok
17:45:22.0785 3080 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:45:22.0816 3080 monitor - ok
17:45:22.0878 3080 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:45:22.0909 3080 mouclass - ok
17:45:22.0941 3080 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:45:22.0987 3080 mouhid - ok
17:45:23.0019 3080 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:45:23.0034 3080 mountmgr - ok
17:45:23.0081 3080 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
17:45:23.0097 3080 MozillaMaintenance - ok
17:45:23.0143 3080 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
17:45:23.0175 3080 mpio - ok
17:45:23.0190 3080 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:45:23.0237 3080 mpsdrv - ok
17:45:23.0284 3080 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:45:23.0346 3080 MpsSvc - ok
17:45:23.0377 3080 [ CD22D2563039DDA6793F7624719363A7 ] MQAC C:\Windows\system32\drivers\mqac.sys
17:45:23.0440 3080 MQAC - ok
17:45:23.0487 3080 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:45:23.0549 3080 MRxDAV - ok
17:45:23.0580 3080 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:45:23.0643 3080 mrxsmb - ok
17:45:23.0689 3080 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:45:23.0721 3080 mrxsmb10 - ok
17:45:23.0752 3080 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:45:23.0783 3080 mrxsmb20 - ok
17:45:23.0814 3080 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
17:45:23.0830 3080 msahci - ok
17:45:23.0861 3080 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:45:23.0892 3080 msdsm - ok
17:45:23.0908 3080 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
17:45:23.0923 3080 MSDTC - ok
17:45:23.0970 3080 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:45:24.0017 3080 Msfs - ok
17:45:24.0033 3080 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:45:24.0079 3080 mshidkmdf - ok
17:45:24.0095 3080 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:45:24.0111 3080 msisadrv - ok
17:45:24.0157 3080 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:45:24.0204 3080 MSiSCSI - ok
17:45:24.0204 3080 msiserver - ok
17:45:24.0235 3080 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:45:24.0329 3080 MSKSSRV - ok
17:45:24.0360 3080 [ FAAEAEF99E53561BEEE58F946CA56F0D ] MSMQ C:\Windows\system32\mqsvc.exe
17:45:24.0391 3080 MSMQ - ok
17:45:24.0438 3080 [ 59ED174FD4314B0218DC91F9BFA6CD3D ] MSMQTriggers C:\Windows\system32\mqtgsvc.exe
17:45:24.0516 3080 MSMQTriggers - ok
17:45:24.0547 3080 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:45:24.0610 3080 MSPCLOCK - ok
17:45:24.0625 3080 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:45:24.0672 3080 MSPQM - ok
17:45:24.0719 3080 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:45:24.0735 3080 MsRPC - ok
17:45:24.0766 3080 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:45:24.0781 3080 mssmbios - ok
17:45:24.0813 3080 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:45:24.0891 3080 MSTEE - ok
17:45:24.0906 3080 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:45:24.0922 3080 MTConfig - ok
17:45:24.0953 3080 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
17:45:24.0953 3080 Mup - ok
17:45:25.0000 3080 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
17:45:25.0078 3080 napagent - ok
17:45:25.0125 3080 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:45:25.0171 3080 NativeWifiP - ok
17:45:25.0234 3080 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:45:25.0265 3080 NDIS - ok
17:45:25.0296 3080 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:45:25.0327 3080 NdisCap - ok
17:45:25.0374 3080 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:45:25.0405 3080 NdisTapi - ok
17:45:25.0452 3080 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:45:25.0530 3080 Ndisuio - ok
17:45:25.0561 3080 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:45:25.0639 3080 NdisWan - ok
17:45:25.0686 3080 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:45:25.0764 3080 NDProxy - ok
17:45:25.0858 3080 [ B90E093E7A7250906F1054418B5339C0 ] Nero BackItUp Scheduler 4.0 C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
17:45:25.0905 3080 Nero BackItUp Scheduler 4.0 - ok
17:45:25.0936 3080 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:45:26.0014 3080 NetBIOS - ok
17:45:26.0045 3080 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:45:26.0076 3080 NetBT - ok
17:45:26.0092 3080 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
17:45:26.0107 3080 Netlogon - ok
17:45:26.0139 3080 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
17:45:26.0201 3080 Netman - ok
17:45:26.0248 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0279 3080 NetMsmqActivator - ok
17:45:26.0295 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0326 3080 NetPipeActivator - ok
17:45:26.0341 3080 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
17:45:26.0388 3080 netprofm - ok
17:45:26.0404 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0404 3080 NetTcpActivator - ok
17:45:26.0404 3080 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
17:45:26.0419 3080 NetTcpPortSharing - ok
17:45:26.0591 3080 [ 64428DFDAF6E88366CB51F45A79C5F69 ] netw5v64 C:\Windows\system32\DRIVERS\netw5v64.sys
17:45:26.0809 3080 netw5v64 - ok
17:45:26.0841 3080 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:45:26.0856 3080 nfrd960 - ok
17:45:26.0919 3080 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:45:26.0981 3080 NlaSvc - ok
17:45:27.0012 3080 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:45:27.0043 3080 Npfs - ok
17:45:27.0075 3080 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
17:45:27.0121 3080 nsi - ok
17:45:27.0137 3080 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:45:27.0168 3080 nsiproxy - ok
17:45:27.0231 3080 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:45:27.0355 3080 Ntfs - ok
17:45:27.0387 3080 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
17:45:27.0418 3080 Null - ok
17:45:27.0449 3080 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:45:27.0480 3080 nvraid - ok
17:45:27.0496 3080 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:45:27.0511 3080 nvstor - ok
17:45:27.0527 3080 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:45:27.0543 3080 nv_agp - ok
17:45:27.0574 3080 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:45:27.0621 3080 ohci1394 - ok
17:45:27.0652 3080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:45:27.0730 3080 p2pimsvc - ok
17:45:27.0761 3080 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
17:45:27.0777 3080 p2psvc - ok
17:45:27.0808 3080 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:45:27.0823 3080 Parport - ok
17:45:27.0870 3080 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:45:27.0870 3080 partmgr - ok
17:45:27.0886 3080 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:45:27.0917 3080 PcaSvc - ok
17:45:27.0979 3080 [ BC0018C2D29F655188A0ED3FA94FDB24 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys
17:45:28.0042 3080 pccsmcfd - ok
17:45:28.0057 3080 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
17:45:28.0073 3080 pci - ok
17:45:28.0104 3080 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
17:45:28.0120 3080 pciide - ok
17:45:28.0151 3080 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:45:28.0167 3080 pcmcia - ok
17:45:28.0198 3080 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
17:45:28.0213 3080 pcw - ok
17:45:28.0229 3080 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:45:28.0291 3080 PEAUTH - ok
17:45:28.0416 3080 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
17:45:28.0463 3080 PerfHost - ok
17:45:28.0541 3080 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
17:45:28.0650 3080 pla - ok
17:45:28.0713 3080 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:45:28.0744 3080 PlugPlay - ok
17:45:28.0775 3080 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:45:28.0806 3080 PNRPAutoReg - ok
17:45:28.0822 3080 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:45:28.0837 3080 PNRPsvc - ok
17:45:28.0884 3080 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:45:28.0962 3080 PolicyAgent - ok
17:45:29.0009 3080 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
17:45:29.0056 3080 Power - ok
17:45:29.0103 3080 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:45:29.0181 3080 PptpMiniport - ok
17:45:29.0212 3080 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:45:29.0243 3080 Processor - ok
17:45:29.0274 3080 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
17:45:29.0321 3080 ProfSvc - ok
17:45:29.0352 3080 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:45:29.0352 3080 ProtectedStorage - ok
17:45:29.0399 3080 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:45:29.0461 3080 Psched - ok
17:45:29.0524 3080 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:45:29.0617 3080 ql2300 - ok
17:45:29.0633 3080 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:45:29.0649 3080 ql40xx - ok
17:45:29.0680 3080 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
17:45:29.0711 3080 QWAVE - ok
17:45:29.0742 3080 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:45:29.0805 3080 QWAVEdrv - ok
17:45:29.0836 3080 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:45:29.0867 3080 RasAcd - ok
17:45:29.0914 3080 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:45:29.0945 3080 RasAgileVpn - ok
17:45:29.0961 3080 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
17:45:30.0023 3080 RasAuto - ok
17:45:30.0070 3080 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:45:30.0179 3080 Rasl2tp - ok
17:45:30.0241 3080 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
17:45:30.0288 3080 RasMan - ok
17:45:30.0335 3080 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:45:30.0397 3080 RasPppoe - ok
17:45:30.0429 3080 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:45:30.0475 3080 RasSstp - ok
17:45:30.0522 3080 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:45:30.0600 3080 rdbss - ok
17:45:30.0631 3080 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:45:30.0647 3080 rdpbus - ok
17:45:30.0694 3080 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:45:30.0772 3080 RDPCDD - ok
17:45:30.0787 3080 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:45:30.0865 3080 RDPENCDD - ok
17:45:30.0897 3080 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:45:30.0928 3080 RDPREFMP - ok
17:45:30.0959 3080 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:45:31.0021 3080 RDPWD - ok
17:45:31.0068 3080 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:45:31.0099 3080 rdyboost - ok
17:45:31.0131 3080 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:45:31.0193 3080 RemoteAccess - ok
17:45:31.0224 3080 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:45:31.0287 3080 RemoteRegistry - ok
17:45:31.0365 3080 [ 498EB62A160674E793FA40FD65390625 ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
17:45:31.0380 3080 RichVideo - ok
17:45:31.0427 3080 [ CAF88D6573D21CD2AA27001DDBFDC74D ] RMCAST C:\Windows\system32\DRIVERS\RMCAST.sys
17:45:31.0505 3080 RMCAST - ok
17:45:31.0536 3080 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:45:31.0567 3080 RpcEptMapper - ok
17:45:31.0583 3080 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
17:45:31.0614 3080 RpcLocator - ok
17:45:31.0677 3080 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
17:45:31.0723 3080 RpcSs - ok
17:45:31.0770 3080 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:45:31.0848 3080 rspndr - ok
17:45:31.0879 3080 [ B49DC435AE3695BAC5623DD94B05732D ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
17:45:31.0926 3080 RTL8167 - ok
17:45:31.0942 3080 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
17:45:31.0957 3080 SamSs - ok
17:45:32.0004 3080 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:45:32.0004 3080 sbp2port - ok
17:45:32.0035 3080 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:45:32.0098 3080 SCardSvr - ok
17:45:32.0129 3080 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:45:32.0207 3080 scfilter - ok
17:45:32.0269 3080 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
17:45:32.0379 3080 Schedule - ok
17:45:32.0410 3080 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:45:32.0441 3080 SCPolicySvc - ok
17:45:32.0488 3080 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:45:32.0535 3080 sdbus - ok
17:45:32.0566 3080 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:45:32.0644 3080 SDRSVC - ok
17:45:32.0675 3080 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:45:32.0722 3080 secdrv - ok
17:45:32.0769 3080 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
17:45:32.0862 3080 seclogon - ok
17:45:32.0893 3080 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
17:45:32.0956 3080 SENS - ok
17:45:32.0987 3080 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:45:33.0003 3080 SensrSvc - ok
17:45:33.0034 3080 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:45:33.0034 3080 Serenum - ok
17:45:33.0065 3080 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:45:33.0081 3080 Serial - ok
17:45:33.0096 3080 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:45:33.0112 3080 sermouse - ok
17:45:33.0159 3080 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
17:45:33.0205 3080 SessionEnv - ok
17:45:33.0252 3080 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:45:33.0315 3080 sffdisk - ok
17:45:33.0330 3080 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:45:33.0377 3080 sffp_mmc - ok
17:45:33.0393 3080 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:45:33.0439 3080 sffp_sd - ok
17:45:33.0471 3080 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:45:33.0502 3080 sfloppy - ok
17:45:33.0549 3080 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:45:33.0627 3080 SharedAccess - ok
17:45:33.0673 3080 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:45:33.0751 3080 ShellHWDetection - ok
17:45:33.0783 3080 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:45:33.0783 3080 SiSRaid2 - ok
17:45:33.0814 3080 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:45:33.0829 3080 SiSRaid4 - ok
17:45:33.0892 3080 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
17:45:33.0907 3080 SkypeUpdate - ok
17:45:33.0939 3080 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:45:34.0048 3080 Smb - ok
17:45:34.0110 3080 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:45:34.0141 3080 SNMPTRAP - ok
17:45:34.0173 3080 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
17:45:34.0188 3080 spldr - ok
17:45:34.0235 3080 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
17:45:34.0251 3080 Spooler - ok
17:45:34.0360 3080 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
17:45:34.0531 3080 sppsvc - ok
17:45:34.0563 3080 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:45:34.0641 3080 sppuinotify - ok
17:45:34.0672 3080 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
17:45:34.0734 3080 srv - ok
17:45:34.0765 3080 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:45:34.0797 3080 srv2 - ok
17:45:34.0843 3080 [ 0C4540311E11664B245A263E1154CEF8 ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL6.SYS
17:45:34.0890 3080 SrvHsfHDA - ok
17:45:34.0953 3080 [ 02071D207A9858FBE3A48CBFD59C4A04 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV6.SYS
17:45:34.0999 3080 SrvHsfV92 - ok
17:45:35.0031 3080 [ 18E40C245DBFAF36FD0134A7EF2DF396 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT6.SYS
17:45:35.0062 3080 SrvHsfWinac - ok
17:45:35.0077 3080 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:45:35.0124 3080 srvnet - ok
17:45:35.0171 3080 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:45:35.0218 3080 SSDPSRV - ok
17:45:35.0233 3080 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:45:35.0280 3080 SstpSvc - ok
17:45:35.0311 3080 [ 74425FFA11C133D045E1C3BE2EAD481D ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
17:45:35.0327 3080 ssudmdm - ok
17:45:35.0452 3080 [ 7595D53EE8E8B0BAA9A2DDDE867EBB0C ] STacSV C:\Windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\STacSV64.exe
17:45:35.0483 3080 STacSV - ok
17:45:35.0514 3080 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:45:35.0545 3080 stexstor - ok
17:45:35.0592 3080 [ DFFBC024DFC7BB05B2129E05CBC7A201 ] STHDA C:\Windows\system32\DRIVERS\stwrt64.sys
17:45:35.0639 3080 STHDA - ok
17:45:35.0686 3080 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
17:45:35.0733 3080 stisvc - ok
17:45:35.0764 3080 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
17:45:35.0795 3080 swenum - ok
17:45:35.0842 3080 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
17:45:35.0889 3080 swprv - ok
17:45:35.0967 3080 [ AC3CC98B1BDB6540021D3FFB105AC2B9 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
17:45:35.0998 3080 SynTP - ok
17:45:36.0076 3080 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
17:45:36.0169 3080 SysMain - ok
17:45:36.0201 3080 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:45:36.0216 3080 TabletInputService - ok
17:45:36.0263 3080 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:45:36.0325 3080 TapiSrv - ok
17:45:36.0372 3080 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
17:45:36.0419 3080 TBS - ok
17:45:36.0513 3080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:45:36.0622 3080 Tcpip - ok
17:45:36.0669 3080 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:45:36.0715 3080 TCPIP6 - ok
17:45:36.0762 3080 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:45:36.0856 3080 tcpipreg - ok
17:45:36.0887 3080 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:45:36.0949 3080 TDPIPE - ok
17:45:36.0981 3080 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:45:37.0027 3080 TDTCP - ok
17:45:37.0059 3080 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:45:37.0105 3080 tdx - ok
17:45:37.0293 3080 [ 2BBB318EA9F34FDC508CEA4AAB98D770 ] TeamViewer7 C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe
17:45:37.0402 3080 TeamViewer7 - ok
17:45:37.0449 3080 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:45:37.0480 3080 TermDD - ok
17:45:37.0527 3080 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
17:45:37.0589 3080 TermService - ok
17:45:37.0620 3080 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
17:45:37.0667 3080 Themes - ok
17:45:37.0714 3080 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
17:45:37.0745 3080 THREADORDER - ok
17:45:37.0761 3080 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
17:45:37.0792 3080 TrkWks - ok
17:45:37.0854 3080 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:45:37.0917 3080 TrustedInstaller - ok
17:45:37.0963 3080 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:45:37.0995 3080 tssecsrv - ok
17:45:38.0041 3080 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:45:38.0073 3080 TsUsbFlt - ok
17:45:38.0135 3080 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:45:38.0197 3080 tunnel - ok
17:45:38.0213 3080 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:45:38.0229 3080 uagp35 - ok
17:45:38.0275 3080 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:45:38.0322 3080 udfs - ok
17:45:38.0353 3080 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:45:38.0369 3080 UI0Detect - ok
17:45:38.0400 3080 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:45:38.0431 3080 uliagpkx - ok
17:45:38.0463 3080 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
17:45:38.0509 3080 umbus - ok
17:45:38.0541 3080 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:45:38.0572 3080 UmPass - ok
17:45:38.0603 3080 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
17:45:38.0681 3080 upnphost - ok
17:45:38.0697 3080 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:45:38.0743 3080 usbccgp - ok
17:45:38.0806 3080 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:45:38.0837 3080 usbcir - ok
17:45:38.0853 3080 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:45:38.0884 3080 usbehci - ok
17:45:38.0915 3080 [ 44D9C773FEBFF10593B50DDFC2D6BC27 ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
17:45:38.0931 3080 usbfilter - ok
17:45:38.0977 3080 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:45:39.0024 3080 usbhub - ok
17:45:39.0055 3080 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:45:39.0087 3080 usbohci - ok
17:45:39.0118 3080 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:45:39.0149 3080 usbprint - ok
17:45:39.0196 3080 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:45:39.0227 3080 usbscan - ok
17:45:39.0258 3080 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:45:39.0305 3080 USBSTOR - ok
17:45:39.0352 3080 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
17:45:39.0383 3080 usbuhci - ok
17:45:39.0430 3080 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
17:45:39.0445 3080 usbvideo - ok
17:45:39.0461 3080 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
17:45:39.0508 3080 UxSms - ok
17:45:39.0539 3080 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
17:45:39.0539 3080 VaultSvc - ok
17:45:39.0601 3080 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:45:39.0601 3080 vdrvroot - ok
17:45:39.0664 3080 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
17:45:39.0757 3080 vds - ok
17:45:39.0804 3080 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:45:39.0820 3080 vga - ok
17:45:39.0835 3080 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
17:45:39.0882 3080 VgaSave - ok
17:45:39.0913 3080 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:45:39.0929 3080 vhdmp - ok
17:45:39.0960 3080 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
17:45:39.0976 3080 viaide - ok
17:45:39.0991 3080 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:45:40.0007 3080 volmgr - ok
17:45:40.0054 3080 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:45:40.0069 3080 volmgrx - ok
17:45:40.0085 3080 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:45:40.0116 3080 volsnap - ok
17:45:40.0147 3080 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:45:40.0179 3080 vsmraid - ok
17:45:40.0241 3080 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
17:45:40.0350 3080 VSS - ok
17:45:40.0381 3080 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:45:40.0428 3080 vwifibus - ok
17:45:40.0459 3080 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:45:40.0491 3080 vwififlt - ok
17:45:40.0506 3080 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
17:45:40.0553 3080 W32Time - ok
17:45:40.0647 3080 [ B32009DB1972E7F2C227499289C4384A ] W3SVC C:\Windows\system32\inetsrv\iisw3adm.dll
17:45:40.0709 3080 W3SVC - ok
17:45:40.0740 3080 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:45:40.0787 3080 WacomPen - ok
17:45:40.0849 3080 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:45:40.0927 3080 WANARP - ok
17:45:40.0943 3080 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:45:40.0974 3080 Wanarpv6 - ok
17:45:41.0005 3080 [ B32009DB1972E7F2C227499289C4384A ] WAS C:\Windows\system32\inetsrv\iisw3adm.dll
17:45:41.0021 3080 WAS - ok
17:45:41.0099 3080 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
17:45:41.0177 3080 wbengine - ok
17:45:41.0193 3080 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:45:41.0239 3080 WbioSrvc - ok
17:45:41.0271 3080 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:45:41.0286 3080 wcncsvc - ok
17:45:41.0317 3080 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:45:41.0333 3080 WcsPlugInService - ok
17:45:41.0364 3080 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:45:41.0364 3080 Wd - ok
17:45:41.0395 3080 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:45:41.0427 3080 Wdf01000 - ok
17:45:41.0442 3080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:45:41.0551 3080 WdiServiceHost - ok
17:45:41.0567 3080 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:45:41.0583 3080 WdiSystemHost - ok
17:45:41.0629 3080 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
17:45:41.0676 3080 WebClient - ok
17:45:41.0723 3080 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:45:41.0817 3080 Wecsvc - ok
17:45:41.0832 3080 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:45:41.0879 3080 wercplsupport - ok
17:45:41.0910 3080 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
17:45:41.0941 3080 WerSvc - ok
17:45:41.0973 3080 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:45:42.0004 3080 WfpLwf - ok
17:45:42.0019 3080 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:45:42.0035 3080 WIMMount - ok
17:45:42.0051 3080 WinDefend - ok
17:45:42.0066 3080 WinHttpAutoProxySvc - ok
17:45:42.0129 3080 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:45:42.0222 3080 Winmgmt - ok
17:45:42.0300 3080 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
17:45:42.0394 3080 WinRM - ok
17:45:42.0472 3080 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:45:42.0519 3080 WinUsb - ok
17:45:42.0550 3080 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
17:45:42.0612 3080 Wlansvc - ok
17:45:42.0659 3080 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:45:42.0690 3080 WmiAcpi - ok
17:45:42.0737 3080 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:45:42.0768 3080 wmiApSrv - ok
17:45:42.0815 3080 WMPNetworkSvc - ok
17:45:42.0846 3080 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:45:42.0862 3080 WPCSvc - ok
17:45:42.0909 3080 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:45:42.0940 3080 WPDBusEnum - ok
17:45:42.0987 3080 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:45:43.0065 3080 ws2ifsl - ok
17:45:43.0080 3080 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
17:45:43.0111 3080 wscsvc - ok
17:45:43.0127 3080 WSearch - ok
17:45:43.0221 3080 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
17:45:43.0330 3080 wuauserv - ok
17:45:43.0361 3080 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:45:43.0439 3080 WudfPf - ok
17:45:43.0501 3080 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:45:43.0548 3080 WUDFRd - ok
17:45:43.0579 3080 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:45:43.0611 3080 wudfsvc - ok
17:45:43.0642 3080 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
17:45:43.0720 3080 WwanSvc - ok
17:45:43.0782 3080 [ B3EEACF62445E24FBB2CD4B0FB4DB026 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x64.sys
17:45:43.0845 3080 yukonw7 - ok
17:45:43.0860 3080 ================ Scan global ===============================
17:45:43.0876 3080 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
17:45:43.0907 3080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:43.0923 3080 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
17:45:43.0954 3080 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
17:45:43.0969 3080 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
17:45:43.0969 3080 [Global] - ok
17:45:43.0985 3080 ================ Scan MBR ==================================
17:45:44.0001 3080 [ 0FAF825560A0C0AF1AA8A7E39F1CF86F ] \Device\Harddisk0\DR0
17:45:44.0422 3080 \Device\Harddisk0\DR0 - ok
17:45:44.0422 3080 ================ Scan VBR ==================================
17:45:44.0437 3080 [ 6B86431A5BBFE3F314FE0636F53E453F ] \Device\Harddisk0\DR0\Partition1
17:45:44.0437 3080 \Device\Harddisk0\DR0\Partition1 - ok
17:45:44.0469 3080 [ 82484B9EB9629406178E3F3CD149DD80 ] \Device\Harddisk0\DR0\Partition2
17:45:44.0469 3080 \Device\Harddisk0\DR0\Partition2 - ok
17:45:44.0515 3080 [ 2F4CD77CEB744BEC4A01C5D17A3C48C2 ] \Device\Harddisk0\DR0\Partition3
17:45:44.0515 3080 \Device\Harddisk0\DR0\Partition3 - ok
17:45:44.0531 3080 [ 3C529C79B509DC2C8BB89D319829E93A ] \Device\Harddisk0\DR0\Partition4
17:45:44.0531 3080 \Device\Harddisk0\DR0\Partition4 - ok
17:45:44.0531 3080 ============================================================
17:45:44.0531 3080 Scan finished
17:45:44.0531 3080 ============================================================
17:45:44.0547 5320 Detected object count: 3
17:45:44.0547 5320 Actual detected object count: 3
17:46:21.0609 5320 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320 FirebirdGuardianDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:21.0609 5320 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320 FirebirdServerDefaultInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:46:21.0609 5320 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
17:46:21.0609 5320 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
02.10.2012, 19:46
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 21:26
| #21 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox Wie weit sind wir mit dem Problem? Ich versteh nicht wirklich was davon...ist der Virus weg und hat die Regestry viel abbekommen durchs manuelle löschen? ComboFix-Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-03.03 - Jasmin 03.10.2012 21:33:51.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2760 [GMT 2:00]
ausgeführt von:: c:\users\Jasmin\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Jasmin\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-03 bis 2012-10-03 ))))))))))))))))))))))))))))))
.
.
2012-10-03 19:49 . 2012-10-03 19:49 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-10-03 19:49 . 2012-10-03 19:49 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 16:00 . 2012-10-02 16:00 -------- d-----w- c:\program files (x86)\Guard-ICQ
2012-10-02 16:00 . 2012-10-02 16:00 -------- d-----w- c:\program files (x86)\ICQ7M
2012-10-02 15:55 . 2012-10-02 15:55 -------- d-----w- c:\program files (x86)\ICQ6Toolbar
2012-10-02 15:29 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C13C6F4-9C85-4C7E-BDEB-0AA83E6CF3E8}\mpengine.dll
2012-10-01 19:44 . 2012-10-01 19:44 -------- d-----w- C:\_OTL
2012-09-26 21:47 . 2012-09-26 21:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-26 21:46 . 2012-09-26 21:46 -------- d-----w- c:\program files (x86)\Java
2012-09-26 16:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 19:32 . 2012-09-24 19:32 -------- d-----w- c:\program files (x86)\ESET
2012-09-18 19:44 . 2012-09-18 19:44 -------- d-----w- c:\users\Jasmin\AppData\Local\ESET
2012-09-18 19:16 . 2012-09-18 19:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 15:50 . 2012-09-18 15:53 -------- d-----w- c:\users\Jasmin\AppData\Local\Google
2012-09-18 15:50 . 2012-09-18 15:50 -------- d-----w- c:\users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 15:50 . 2012-09-18 15:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-17 23:24 . 2012-09-17 23:24 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Malwarebytes
2012-09-17 23:24 . 2012-09-17 23:24 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 05:59 . 2012-09-18 17:33 -------- d-----w- c:\programdata\Freemake
2012-09-14 05:58 . 2012-09-18 17:15 -------- d-----w- c:\program files (x86)\Freemake
2012-09-14 04:58 . 2012-09-14 04:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\WinParam
2012-09-14 04:58 . 2012-09-14 04:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\KastorTubeToMp3
2012-09-14 04:51 . 2012-09-14 04:51 -------- d-----w- c:\users\Jasmin\AppData\Local\Abelssoft
2012-09-12 03:18 . 2012-09-12 03:18 -------- d-----w- c:\users\Jasmin\AppData\Roaming\FreeCDRipper
2012-09-12 01:18 . 2012-09-12 01:18 -------- d-----w- c:\programdata\Battle.net
2012-09-11 21:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 20:15 . 2012-09-06 20:15 -------- d-----w- c:\program files (x86)\Tools&More
2012-09-06 20:14 . 2012-09-06 20:14 -------- d-----w- c:\windows\Downloaded Installations
2012-09-05 22:22 . 2012-09-05 22:25 -------- d-----w- c:\users\Jasmin\AppData\Local\Paint.NET
2012-09-04 22:31 . 2012-07-31 10:42 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-09-04 22:31 . 2012-07-31 10:42 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-03 19:51 . 2010-08-20 17:22 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-26 21:46 . 2010-08-20 10:17 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 01:00 . 2010-08-20 11:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-11 20:14 . 2012-04-03 16:50 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-11 20:14 . 2011-05-14 16:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-04-27 16:08 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-18 18:15 . 2012-08-15 12:33 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Facebook Update"="c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-10-02 1564368]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-20 0]
Facebook Messenger.lnk - c:\users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-10-02 1564368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-03 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:14]
.
2012-09-30 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-10-02 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-09-30 c:\windows\Tasks\HPCeeScheduleForJasmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
FF - prefs.js: keyword.URL - hxxp://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
HKLM-Run-SynTPEnh - c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}*]
"hapnghmhoncpbkgf"=hex:6a,61,66,66,6e,6a,6b,6f,66,70,69,6a,65,69,62,6f,6b,63,
6a,6e,00,00
"iaflihdmmnjfjccaaj"=hex:63,61,66,66,6e,6a,00,01
"iajoofkocefpgihiah"=hex:69,61,6b,65,6d,6c,6e,6e,6d,65,62,6d,65,66,6e,6f,63,68,
00,76
"dbhfdikcecmippbipgplpekaggiebchbkejbjomk"=hex:68,61,6b,6c,6b,69,6c,68,6d,68,
6e,6b,6a,69,62,66,00,00
"jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja"=hex:68,61,6b,6c,6b,69,
6c,68,6d,68,6e,6b,6a,69,62,66,00,00
"dbhfdikcecmippbipgplaeppgedkhefoimeiilcm"=hex:62,62,70,70,66,6d,64,66,6c,62,
6e,66,62,67,66,67,63,6f,66,61,6e,64,70,65,64,6c,6b,68,6a,70,70,61,70,6b,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-03 22:14:12 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-03 20:14
.
Vor Suchlauf: 11 Verzeichnis(se), 451.963.445.248 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 452.879.486.976 Bytes frei
.
- - End Of File - - 6AD218B2205025E36A345BF3CCB57B21
|
|
04.10.2012, 09:12
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter Folder::
c:\program files (x86)\ICQ6Toolbar
Firefox::
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.search.selectedEngine - ICQ Search
FF - prefs.js: keyword.URL - http://search.icq.com/search/afe_results.php?ch_id=afex&tb_ver=1.5.1&q=
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
05.10.2012, 05:19
| #23 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox Hier der Log: Combofix Logfile: Code:
ATTFilter ComboFix 12-10-04.02 - Jasmin 05.10.2012 5:28.2.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4092.2362 [GMT 2:00]
ausgeführt von:: c:\users\Jasmin\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\Jasmin\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\ICQ6Toolbar
c:\program files (x86)\ICQ6Toolbar\config.xml
c:\program files (x86)\ICQ6Toolbar\Icons.bmp
c:\program files (x86)\ICQ6Toolbar\ICQ Service.exe
c:\program files (x86)\ICQ6Toolbar\icq6Toolbar.ico
c:\program files (x86)\ICQ6Toolbar\ICQToolBar.dll
c:\program files (x86)\ICQ6Toolbar\ICQUnToolbar.exe
c:\program files (x86)\ICQ6Toolbar\logo_small.gif
c:\program files (x86)\ICQ6Toolbar\ServiceStarter.exe
c:\program files (x86)\ICQ6Toolbar\short.wav
c:\program files (x86)\ICQ6Toolbar\Version.txt
c:\program files (x86)\ICQ6Toolbar\voucher.bmp
c:\program files (x86)\ICQ6Toolbar\voucher2.bmp
c:\users\Jasmin\AppData\Local\Temp\fbe2808e-2380-4f14-a1fa-3fa9c3a364e8\CliSecureRT.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-05 bis 2012-10-05 ))))))))))))))))))))))))))))))
.
.
2012-10-05 03:47 . 2012-10-05 03:47 -------- d-----w- c:\users\DefaultAppPool\AppData\Local\temp
2012-10-05 03:47 . 2012-10-05 03:47 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-10-02 16:00 . 2012-10-02 16:00 -------- d-----w- c:\program files (x86)\Guard-ICQ
2012-10-02 16:00 . 2012-10-02 16:00 -------- d-----w- c:\program files (x86)\ICQ7M
2012-10-02 15:29 . 2012-08-30 07:27 9308616 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{5C13C6F4-9C85-4C7E-BDEB-0AA83E6CF3E8}\mpengine.dll
2012-10-01 19:44 . 2012-10-01 19:44 -------- d-----w- C:\_OTL
2012-09-26 21:47 . 2012-09-26 21:47 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-26 21:46 . 2012-09-26 21:46 -------- d-----w- c:\program files (x86)\Java
2012-09-26 16:43 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-24 19:32 . 2012-09-24 19:32 -------- d-----w- c:\program files (x86)\ESET
2012-09-18 19:44 . 2012-09-18 19:44 -------- d-----w- c:\users\Jasmin\AppData\Local\ESET
2012-09-18 19:16 . 2012-09-18 19:16 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2012-09-18 15:50 . 2012-09-18 15:53 -------- d-----w- c:\users\Jasmin\AppData\Local\Google
2012-09-18 15:50 . 2012-09-18 15:50 -------- d-----w- c:\users\Jasmin\AppData\Roaming\SUPERAntiSpyware.com
2012-09-18 15:50 . 2012-09-18 15:50 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2012-09-17 23:24 . 2012-09-17 23:24 -------- d-----w- c:\users\Jasmin\AppData\Roaming\Malwarebytes
2012-09-17 23:24 . 2012-09-17 23:24 -------- d-----w- c:\programdata\Malwarebytes
2012-09-14 05:59 . 2012-09-18 17:33 -------- d-----w- c:\programdata\Freemake
2012-09-14 05:58 . 2012-09-18 17:15 -------- d-----w- c:\program files (x86)\Freemake
2012-09-14 04:58 . 2012-09-14 04:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\WinParam
2012-09-14 04:58 . 2012-09-14 04:58 -------- d-----w- c:\users\Jasmin\AppData\Roaming\KastorTubeToMp3
2012-09-14 04:51 . 2012-09-14 04:51 -------- d-----w- c:\users\Jasmin\AppData\Local\Abelssoft
2012-09-12 03:18 . 2012-09-12 03:18 -------- d-----w- c:\users\Jasmin\AppData\Roaming\FreeCDRipper
2012-09-12 01:18 . 2012-09-12 01:18 -------- d-----w- c:\programdata\Battle.net
2012-09-11 21:05 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-11 21:05 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-11 21:05 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-11 21:05 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-11 21:05 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-11 21:05 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-11 21:05 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2012-09-06 20:15 . 2012-09-06 20:15 -------- d-----w- c:\program files (x86)\Tools&More
2012-09-06 20:14 . 2012-09-06 20:14 -------- d-----w- c:\windows\Downloaded Installations
2012-09-05 22:22 . 2012-09-05 22:25 -------- d-----w- c:\users\Jasmin\AppData\Local\Paint.NET
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-05 03:50 . 2010-08-20 17:22 4194304 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2012-09-26 21:46 . 2010-08-20 10:17 473072 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 01:00 . 2010-08-20 11:21 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-09-11 20:14 . 2012-04-03 16:50 696520 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-09-11 20:14 . 2011-05-14 16:11 73416 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-08-28 18:24 . 2012-04-27 16:08 477168 ----a-w- c:\windows\SysWow64\npdeployJava1.dll
2012-07-31 10:42 . 2012-09-04 22:31 203104 ----a-w- c:\windows\system32\drivers\ssudmdm.sys
2012-07-31 10:42 . 2012-09-04 22:31 102240 ----a-w- c:\windows\system32\drivers\ssudbus.sys
2012-07-18 18:15 . 2012-08-15 12:33 3148800 ----a-w- c:\windows\system32\win32k.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LightScribe Control Panel"="c:\program files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe" [2009-08-20 2363392]
"Facebook Update"="c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" [2012-07-11 138096]
"KiesPreload"="c:\program files (x86)\Samsung\Kies\Kies.exe" [2012-08-31 964024]
"KiesPDLR"="c:\program files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-08-31 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2009-08-04 98304]
"HPCam_Menu"="c:\program files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" [2009-05-19 222504]
"QlbCtrl.exe"="c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe" [2010-02-25 323640]
"HP Software Update"="c:\program files (x86)\Hp\HP Software Update\HPWuSchd2.exe" [2008-12-08 54576]
"WirelessAssistant"="c:\program files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2009-07-23 498744]
"FreePDF Assistant"="c:\program files (x86)\FreePDF_XP\fpassist.exe" [2009-09-05 385024]
"WinampAgent"="c:\program files (x86)\Winamp\winampa.exe" [2011-07-11 74752]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2012-07-31 38872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-11 919008]
"KiesTrayAgent"="c:\program files (x86)\Samsung\Kies\KiesTrayAgent.exe" [2012-08-31 3524536]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"Guard.Mail.ru.gui"="c:\program files (x86)\Guard-ICQ\GuardICQ.exe" [2012-10-02 1564368]
.
c:\users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
CurseClientStartup.ccip [2010-8-20 0]
Facebook Messenger.lnk - c:\users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe [2012-9-25 247728]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office10\OSA.EXE [2001-2-13 83360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"mixer"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"
.
R2 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-10-21 196176]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 ezSharedSvc;Easybits Shared Services for Windows;c:\windows\system32\svchost.exe [2009-07-14 27136]
R2 HP Support Assistant Service;HP Support Assistant Service;c:\program files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe [2011-06-21 85560]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 AdobeFlashPlayerUpdateSvc;Adobe Flash Player Update Service;c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-09-11 250568]
R3 Com4QLBEx;Com4QLBEx;c:\program files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe [2010-02-25 227896]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-07-31 102240]
R3 MozillaMaintenance;Mozilla Maintenance Service;c:\program files (x86)\Mozilla Maintenance Service\maintenanceservice.exe [2012-09-06 114144]
R3 netw5v64;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 64 Bit;c:\windows\system32\DRIVERS\netw5v64.sys [2009-06-10 5434368]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL6.SYS [2009-06-10 292864]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV6.SYS [2009-06-10 1485312]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT6.SYS [2009-06-10 740864]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-07-31 203104]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x64.sys [2009-06-10 389120]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2011-10-11 27760]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AESTFilters;Andrea ST Filters Service;c:\windows\System32\DriverStore\FileRepository\stwrt64.inf_amd64_neutral_960c1f056a541068\AESTSr64.exe [2009-03-02 89600]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-08-05 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-08 86224]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-10-13 249648]
S2 FirebirdGuardianDefaultInstance;Firebird Guardian - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe [2010-09-17 98304]
S2 Guard.Mail.ru;Guard.Mail.ru;c:\program files (x86)\Guard-ICQ\GuardICQ.exe [2012-10-02 1564368]
S2 HPDrvMntSvc.exe;HP Quick Synchronization Service;c:\program files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe [2011-03-28 94264]
S2 hpsrv;HP Service;c:\windows\system32\Hpservice.exe [2011-05-13 30520]
S2 TeamViewer7;TeamViewer 7;c:\program files (x86)\TeamViewer\Version7\TeamViewer_Service.exe [2012-07-16 2673064]
S3 enecir;ENE CIR Receiver;c:\windows\system32\DRIVERS\enecir.sys [2009-06-29 70656]
S3 FirebirdServerDefaultInstance;Firebird Server - DefaultInstance;c:\program files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe [2010-09-17 3735552]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-05-23 215040]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2009-03-09 36408]
.
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ w3svc was
apphost REG_MULTI_SZ apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2009-08-20 12:24 451872 ----a-w- c:\program files (x86)\Common Files\LightScribe\LSRunOnce.exe
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-05 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 20:14]
.
2012-10-04 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-10-05 c:\windows\Tasks\FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job
- c:\users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe [2012-06-30 21:19]
.
2012-09-30 c:\windows\Tasks\HPCeeScheduleForJasmin.job
- c:\program files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2009-10-07 03:22]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2009-08-25 610872]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-14 171520]
"SysTrayApp"="c:\program files\IDT\WDM\sttray64.exe" [2010-03-23 487424]
"MsmqIntCert"="mqrt.dll" [2010-11-20 247808]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2009-07-27 2184520]
"CanonSolutionMenu"="c:\program files (x86)\Canon\SolutionMenu\CNSLMAIN.exe" [2009-03-18 767312]
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.de/
uLocal Page = c:\windows\system32\blank.htm
mDefault_Search_URL = hxxp://www.google.com
mSearch Page = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~4\Office10\EXCEL.EXE/3000
IE: Nach Microsoft E&xel exportieren - c:\progra~2\MICROS~4\Office12\EXCEL.EXE/3000
IE: {{781B39EC-2E18-41FC-9B00-B84E4FFCA85F} - c:\program files (x86)\ICQ7M\ICQ.exe
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Jasmin\AppData\Roaming\Mozilla\Firefox\Profiles\354o56dh.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.de
pref('extensions.shownSelectionUI',true);
pref('extensions.autoDisableScopes',0);
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Adobe Shockwave Player - c:\windows\system32\Adobe\Shockwave 11\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-2757323760-757079131-3812645846-1000\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}*]
"hapnghmhoncpbkgf"=hex:6a,61,66,66,6e,6a,6b,6f,66,70,69,6a,65,69,62,6f,6b,63,
6a,6e,00,00
"iaflihdmmnjfjccaaj"=hex:63,61,66,66,6e,6a,00,01
"iajoofkocefpgihiah"=hex:69,61,6b,65,6d,6c,6e,6e,6d,65,62,6d,65,66,6e,6f,63,68,
00,76
"dbhfdikcecmippbipgplpekaggiebchbkejbjomk"=hex:68,61,6b,6c,6b,69,6c,68,6d,68,
6e,6b,6a,69,62,66,00,00
"jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja"=hex:68,61,6b,6c,6b,69,
6c,68,6d,68,6e,6b,6a,69,62,66,00,00
"dbhfdikcecmippbipgplaeppgedkhefoimeiilcm"=hex:62,62,70,70,66,6d,64,66,6c,62,
6e,66,62,67,66,67,63,6f,66,61,6e,64,70,65,64,6c,6b,68,6a,70,70,61,70,6b,68,\
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\FlashUtil10c.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWow64\\Macromed\\Flash\\Flash10c.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Common Files\LightScribe\LSSrvc.exe
c:\program files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe
c:\program files (x86)\CyberLink\Shared files\RichVideo.exe
c:\program files (x86)\Hewlett-Packard\Media\Live TV\TVAgent.exe
c:\program files (x86)\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-10-05 06:12:43 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-10-05 04:12
ComboFix2.txt 2012-10-03 20:14
.
Vor Suchlauf: 17 Verzeichnis(se), 452.460.789.760 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 453.109.837.824 Bytes frei
.
- - End Of File - - 4ABB03DD89CD1A3F6A11D08AB49ED14B
|
|
05.10.2012, 13:28
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
06.10.2012, 02:02
| #25 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox Ich hoffe das alles so geklappt hat. Gmer und Osam sind bisschen anders verlaufen als in der Beschreibung der Links Der Gmer-Log: GMER Logfile: Code:
ATTFilter GMER 1.0.15.15641 - hxxp://www.gmer.net
Rootkit scan 2012-10-06 01:58:29
Windows 6.1.7601 Service Pack 1
Running: 5ivszzpf.exe
---- Registry - GMER 1.0.15 ----
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@hapnghmhoncpbkgf 0x6A 0x61 0x66 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iaflihdmmnjfjccaaj 0x63 0x61 0x66 0x66 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@iajoofkocefpgihiah 0x69 0x61 0x6B 0x65 ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplpekaggiebchbkejbjomk 0x68 0x61 0x6B 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@jbhfdikcecmippbipgplodllgdaeenhkmcjopdnoipjbjlmmagja 0x68 0x61 0x6B 0x6C ...
Reg HKCU\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{A19CF6D0-C5EC-6383-8179-84B0AA737609}@dbhfdikcecmippbipgplaeppgedkhefoimeiilcm 0x62 0x62 0x70 0x70 ...
---- Files - GMER 1.0.15 ----
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\08 Mexico Böhse Onkelz.mp3 8241256 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\01 Ich lieb Mich Böhse Onkelz.mp3 6604264 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\02 Nur die Besten sterben jung Böhse Onkelz.mp3 10333432 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\03 Keine ist wie Du Böhse Onkelz.mp3 12979972 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\04 Wieder mal`nen Tag verschenkt Böhse Onkelz.mp3 10360576 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\05 Heilige Lieder Böhse Onkelz.mp3 11847232 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\06 Wir ham noch lange nicht genug Böhse Onkelz.mp3 9766540 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\07 Stunde des Siegers Böhse Onkelz.mp3 12629188 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\09 Der Fuckin´ Metal Mann Böhse Onkelz.mp3 11953720 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\10 Erinnerung Böhse Onkelz.mp3 14068864 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\11 Das erste Blut Böhse Onkelz.mp3 11763712 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\12 Es ist soweit Böhse Onkelz.mp3 7465564 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\13 Eine dieser Nächte Böhse Onkelz.mp3 11626948 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\14 Lügenmarsch Böhse Onkelz.mp3 10054684 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\15 Könge für einen Tag Böhse Onkelz.mp3 10847080 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\16 Mädchen Böhse Onkelz2.mp3 2190996 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\17 Keiner wusste wie´s geschah.mp3 7738048 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\18 Nenn mich Gott.mp3 7823656 bytes
File C:\Users\Jasmin\Music\My Mucke\Deutschrock, Oi Punk, Ska etc\Deutschrock; Streetcore, Rock´n´Roll, (Trash-) Metal, Hardcore\Böhse Onkelz\Böhse Onkelz - Vaya Con Tioz - Lausitzring 15.06.2005 - 18.06.2005\01_Vaya Con Tioz - Lausitzring 15.06.05-18.06.05, Part 1 1980-1992\19 Hässlich brutal und gewahltätig Böhse Onkelz.mp3 8473024 bytes
---- EOF - GMER 1.0.15 ----
Hier der Osam-Log: Ich konnte den Online-Scan nicht überspringen und nur 2 mal "next" klicken. Danach kam schon das "finish"-Fenster und danach hab ich den Log gespeichert. Oder sollte ich da sonst noch was machen? OSAM Logfile: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 Online Solutions. Complex Protection for Information Systems Saved at 02:07:43 on 06.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 15.0.1 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "HPCeeScheduleForJasmin.job" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe "FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000Core.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe "FacebookUpdateTaskUserS-1-5-21-2757323760-757079131-3812645846-1000UA.job" - "Facebook Inc." - C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe "Adobe Flash Player Updater.job" - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "HP 3D DriveGuard" - ? - C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\hpaccelerometercp.CPL (File not found) "Nero BurnRights" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero BurnRights\NeroBurnRights_cpl.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "avgntflt" (avgntflt) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avgntflt.sys "avipbb" (avipbb) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avipbb.sys "avkmgr" (avkmgr) - "Avira GmbH" - C:\Windows\System32\DRIVERS\avkmgr.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) [Explorer] -----( HKLM\SOFTWARE\Microsoft\Active Setup\Installed Components )----- {10880D85-AAD9-4558-ABDC-2AB1552D831F} "LightScribe Control Panel" - "Hewlett-Packard Company" - "C:\Program Files (x86)\Common Files\LightScribe\LSRunOnce.exe" -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {F9DB5320-233E-11D1-9F84-707F02C10627} "PDF Shell Extension" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\PDFShell.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {3D9F03FA-7A94-11D3-BE81-0050048385D1} "Data Page Pluggable Protocol mso-offdap Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} "IEProtocolHandler Class" - "Skype Technologies" - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL {0A9007C0-4076-11D3-8789-0000F8105754} "Microsoft Infotech Storage Protocol for IE 4.0" - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Information Retrieval\msitss.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {42042206-2D85-11D3-8CFF-005004838597} "Microsoft Office HTML Icon Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\msohev.dll {993BE281-6695-4BA5-8A2A-7AACBFAAB69E} "Microsoft Office Metadata Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {C41662BB-1FA0-4CE0-8DC5-9B7F8279FF97} "Microsoft Office Thumbnail Handler" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\msoshext.dll {97F68CE3-7146-45FF-BE24-D9A7DD7CB8A2} "NeroCoverEdLiveIcons Class" - "Nero AG" - C:\Program Files (x86)\Nero\Nero 9\Nero CoverDesigner\CoverEdExtension.dll {C9E60ED7-FEAE-477b-B6A6-7D62103A0C6B} "NeroDigitalColumnHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {1CA6BBC9-E9FA-4021-822B-075DF1837B63} "NeroDigitalIconHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {4FBFFA8D-F390-471a-AE46-FEB93623AD63} "NeroDigitalInfoHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {846083A4-BFC6-4447-985C-6578B466A7D7} "NeroDigitalPropSheetHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {EDCC595A-F0EE-4d81-B554-D5D01C7AFB87} "NeroDigitalThumbnailHandler Class" - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\SMC\NeroDigitalExt.dll {0006F045-0000-0000-C000-000000000046} "Outlook-Dateisymbolerweiterung" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OLKFSTUB.DLL {BD88A479-9623-4897-8546-BC62B9628F44} "SPTHandler" - ? - (File not found | COM-object registry key not found) {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {BDEADF00-C265-11D0-BCED-00A0C90AB50F} "Webordner" - "Microsoft Corporation" - C:\PROGRA~2\COMMON~1\MICROS~1\WEBFOL~1\MSONSEXT.DLL -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\SOFTWARE\Microsoft\Internet Explorer\Explorer Bars )----- {21347690-EC41-4F9A-8887-1F4AEE672439} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- <binary data> "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.6.0_35" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\npjpi160_35.dll / hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- "ICQ7M" - "ICQ, LLC." - C:\Program Files (x86)\ICQ7M\ICQ.exe -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- {8dcb7100-df86-4384-8842-8fa844297b3f} "Bing Bar" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} "Canon Easy-WebPrint EX" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {18DF081C-E8AD-4283-A596-FA578C2EBDC3} "Adobe PDF Link Helper" - "Adobe Systems Incorporated" - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll {d2ce3e00-f94a-4740-988e-03dc2f38c34f} "Bing Bar Helper" - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BingExt.dll {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} "Canon Easy-WebPrint EX BHO" - "CANON INC." - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Sun Microsystems, Inc." - C:\Program Files (x86)\Java\jre6\bin\ssv.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\Users\Jasmin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Facebook Messenger.lnk" - "Facebook" - C:\Users\Jasmin\AppData\Local\Facebook\Messenger\2.1.4651.0\FacebookMessenger.exe (Shortcut exists | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "Microsoft Office.lnk" - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Office\Office10\OSA.EXE (Shortcut exists | File exists) -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "Facebook Update" - "Facebook Inc." - "C:\Users\Jasmin\AppData\Local\Facebook\Update\FacebookUpdate.exe" /c /nocrashserver "KiesPDLR" - ? - C:\Program Files (x86)\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe "KiesPreload" - "Samsung" - C:\Program Files (x86)\Samsung\Kies\Kies.exe /preload "LightScribe Control Panel" - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LightScribeControlPanel.exe -hidden -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "Adobe ARM" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" "Adobe Reader Speed Launcher" - "Adobe Systems Incorporated" - "C:\Program Files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" "avgnt" - "Avira Operations GmbH & Co. KG" - "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min "FreePDF Assistant" - "shbox.de" - C:\Program Files (x86)\FreePDF_XP\fpassist.exe "Guard.Mail.ru.gui" - ? - "C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe" /gui "HP Software Update" - "Hewlett-Packard" - C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe "HPCam_Menu" - "CyberLink Corp." - "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam\MUITransfer\MUIStartMenu.exe" "c:\Program Files (x86)\Hewlett-Packard\Media\Webcam" UpdateWithCreateOnce "Software\Hewlett-Packard\Media\Webcam" "KiesTrayAgent" - "Samsung Electronics Co., Ltd." - C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe "QlbCtrl.exe" - " Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start "StartCCC" - "Advanced Micro Devices, Inc." - "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun "SunJavaUpdateSched" - "Sun Microsystems, Inc." - "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe" "WinampAgent" - "Nullsoft, Inc." - "C:\Program Files (x86)\Winamp\winampa.exe" "WirelessAssistant" - "Hewlett-Packard" - C:\Program Files (x86)\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe [Print Monitors] -----( HKLM\SYSTEM\CurrentControlSet\Control\Print\Monitors )----- "Redirected Port" - ? - C:\Windows\system32\redmonnt.dll (File found, but it contains no detailed information) [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe Flash Player Update Service" (AdobeFlashPlayerUpdateSvc) - "Adobe Systems Incorporated" - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe "ASP.NET-Zustandsdienst" (aspnet_state) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe "Avira Echtzeit Scanner" (AntiVirService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe "Avira Planer" (AntiVirSchedulerService) - "Avira Operations GmbH & Co. KG" - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe "BBUpdate" (BBUpdate) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\SeaPort.exe "BingBar Service" (BBSvc) - "Microsoft Corporation." - C:\Program Files (x86)\Microsoft\BingBar\7.1.391.0\BBSvc.exe "Com4QLBEx" (Com4QLBEx) - "Hewlett-Packard Development Company, L.P." - C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch Buttons\Com4QLBEx.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "Easybits Shared Services for Windows" (ezSharedSvc) - ? - C:\Windows\System32\ezsvc7.dll (File not found) "Firebird Guardian - DefaultInstance" (FirebirdGuardianDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbguard.exe "Firebird Server - DefaultInstance" (FirebirdServerDefaultInstance) - "Firebird Project" - C:\Program Files (x86)\Firebird\Firebird_2_5\bin\fbserver.exe "GameConsoleService" (GameConsoleService) - "WildTangent, Inc." - C:\Program Files (x86)\HP Games\HP Game Console\GameConsoleService.exe "Guard.Mail.ru" (Guard.Mail.ru) - ? - C:\Program Files (x86)\Guard-ICQ\GuardICQ.exe "HP Quick Synchronization Service" (HPDrvMntSvc.exe) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\HPDrvMntSvc.exe "HP Software Framework Service" (hpqwmiex) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\Shared\hpqWmiEx.exe "HP Support Assistant Service" (HP Support Assistant Service) - "Hewlett-Packard Company" - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe "LightScribeService Direct Disc Labeling Service" (LightScribeService) - "Hewlett-Packard Company" - C:\Program Files (x86)\Common Files\LightScribe\LSSrvc.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "Mozilla Maintenance Service" (MozillaMaintenance) - "Mozilla Foundation" - C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe "Nero BackItUp Scheduler 4.0" (Nero BackItUp Scheduler 4.0) - "Nero AG" - C:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe "Skype Updater" (SkypeUpdate) - "Skype Technologies" - C:\Program Files (x86)\Skype\Updater\Updater.exe "TeamViewer 7" (TeamViewer7) - "TeamViewer GmbH" - C:\Program Files (x86)\TeamViewer\Version7\TeamViewer_Service.exe ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru [/code] Und hier der Log von aswMBR: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-06 02:12:48
-----------------------------
02:12:48.568 OS Version: Windows x64 6.1.7601 Service Pack 1
02:12:48.568 Number of processors: 2 586 0x602
02:12:48.569 ComputerName: JASMIN-PC UserName: Jasmin
02:12:51.294 Initialize success
02:14:45.304 AVAST engine defs: 12100502
02:15:01.751 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
02:15:01.756 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
02:15:01.774 Disk 0 MBR read successfully
02:15:01.781 Disk 0 MBR scan
02:15:01.791 Disk 0 unknown MBR code
02:15:01.799 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
02:15:01.820 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596181 MB offset 409600
02:15:01.856 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13995 MB offset 1221388288
02:15:01.880 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
02:15:01.945 Disk 0 scanning C:\Windows\system32\drivers
02:15:15.391 Service scanning
02:15:51.918 Modules scanning
02:15:51.932 Disk 0 trace - called modules:
02:15:52.317 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
02:15:52.328 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800467e790]
02:15:52.340 3 CLASSPNP.SYS[fffff8800110e43f] -> nt!IofCallDriver -> [0xfffffa800467d2e0]
02:15:52.353 5 hpdskflt.sys[fffff8800200b189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80045fc060]
02:15:55.526 AVAST engine scan C:\Windows
02:16:02.004 AVAST engine scan C:\Windows\system32
02:18:52.781 AVAST engine scan C:\Windows\system32\drivers
02:19:13.847 AVAST engine scan C:\Users\Jasmin
02:41:46.051 AVAST engine scan C:\ProgramData
02:44:40.000 Scan finished successfully
02:57:46.169 Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
02:57:46.175 The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR.txt"
|
|
07.10.2012, 05:43
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Wir sollten den MBR fixen, sichere für den Fall der Fälle ALLE wichtigen Daten, auch wenn meistens alles glatt geht. Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
07.10.2012, 18:28
| #27 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox Ich hab zur Zeit meine externe Festplatte nicht zuhause....Verschlüsselung dürfte ich nicht haben denke ich.... Wie verbleiben wir jetzt erstmal? Fix ohne Sicherung? Verlust darf ich nicht haben- das wäre schlecht.... |
|
07.10.2012, 20:15
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Normalerweise geht der Fix einfach so durch...also es wäre schon unwahrscheinlich, dass du dann alle Daten nicht mehr hast. Aber ich weise bei solchen Eingriffen lieber nochmal drauf hin um hinterher böses Blut zu vermeiden  Mach den Fix ohne Datensicherung auf eigene Gefahr
__________________ Logfiles bitte immer in CODE-Tags posten |
|
09.10.2012, 01:59
| #29 |
| | Neuer Tab wird mit "searchsafer" geöffnet Firefox So hatte doch ma vorsichtshalber die externe wieder geholt und alles gesichert ^^ Hier der Log: Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-09 01:10:48
-----------------------------
01:10:48.089 OS Version: Windows x64 6.1.7601 Service Pack 1
01:10:48.089 Number of processors: 2 586 0x602
01:10:48.089 ComputerName: JASMIN-PC UserName: Jasmin
01:10:53.533 Initialize success
01:11:08.026 AVAST engine defs: 12100801
01:11:33.017 The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR2.txt"
01:14:09.458 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
01:14:09.474 Disk 0 Vendor: WDC_WD6400BEVT-60A0RT0 01.01A01 Size: 610480MB BusType: 11
01:14:09.474 Disk 0 MBR read successfully
01:14:09.490 Disk 0 MBR scan
01:14:09.505 Disk 0 Windows 7 default MBR code
01:14:09.505 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 199 MB offset 2048
01:14:09.599 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 596181 MB offset 409600
01:14:09.646 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 13995 MB offset 1221388288
01:14:09.708 Disk 0 Partition 4 00 0C FAT32 LBA MSDOS5.0 103 MB offset 1250050048
01:14:09.802 Disk 0 scanning C:\Windows\system32\drivers
01:14:46.041 Service scanning
01:15:37.864 Modules scanning
01:15:37.879 Disk 0 trace - called modules:
01:15:37.895 ntoskrnl.exe CLASSPNP.SYS disk.sys hpdskflt.sys ataport.SYS PCIIDEX.SYS hal.dll msahci.sys
01:15:37.911 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800437d060]
01:15:37.911 3 CLASSPNP.SYS[fffff880010fc43f] -> nt!IofCallDriver -> [0xfffffa800437c260]
01:15:37.926 5 hpdskflt.sys[fffff88002188189] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa8004302680]
01:15:40.563 AVAST engine scan C:\Windows
01:15:51.171 AVAST engine scan C:\Windows\system32
01:22:48.830 AVAST engine scan C:\Windows\system32\drivers
01:23:09.391 AVAST engine scan C:\Users\Jasmin
02:17:08.754 AVAST engine scan C:\ProgramData
02:23:09.505 Scan finished successfully
02:55:45.203 Disk 0 MBR has been saved successfully to "C:\Users\Jasmin\Desktop\MBR.dat"
02:55:45.219 The log file has been saved successfully to "C:\Users\Jasmin\Desktop\aswMBR3.txt"
|
|
09.10.2012, 14:33
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Neuer Tab wird mit "searchsafer" geöffnet Firefox Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu Neuer Tab wird mit "searchsafer" geöffnet Firefox |
| deinstalliert, dll, eingefangen, entferne, entfernen, firefox, foren, früheren, funktioniert, gelöscht, leute, löschen, manuell, neuem, neuer, pcs, rundll, sache, sachen, searchsafer, start, tab, verschiedene, warnung, öffnet |
Linear-Darstellung
