| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
28.09.2012, 09:52
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Mach bitte ein neues OTL-Log. Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs
msconfig
safebootminimal
safebootnetwork
activex
drivers32
%ALLUSERSPROFILE%\Application Data\*.
%ALLUSERSPROFILE%\Application Data\*.exe /s
%APPDATA%\*.
%APPDATA%\*.exe /s
%SYSTEMDRIVE%\*.exe
/md5start
wininit.exe
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
28.09.2012, 18:00
| #17 |
 | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Ok, hier ist der Inhalt von OTL.txt:
__________________Code:
ATTFilter OTL logfile created on: 28.09.2012 17:56:21 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\aharing\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 7,91 Gb Total Physical Memory | 5,92 Gb Available Physical Memory | 74,86% Memory free 15,82 Gb Paging File | 13,91 Gb Available in Paging File | 87,87% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 149,04 Gb Total Space | 84,90 Gb Free Space | 56,97% Space Free | Partition Type: NTFS Drive D: | 425,64 Gb Total Space | 418,37 Gb Free Space | 98,29% Space Free | Partition Type: NTFS Computer Name: AHARING_PC | User Name: aharing | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.28 17:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.02.08 10:05:27 | 018,977,656 | ---- | M] (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) -- C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.02.25 01:36:31 | 003,058,304 | ---- | M] (ASUS) -- C:\Windows\AsScrPro.exe PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files (x86)\OpenOffice.org 3\program\soffice.bin PRC - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.12.04 20:52:59 | 001,997,416 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010.11.16 20:33:06 | 000,965,728 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\MediaEspresso\DeviceDetector\DeviceDetector.exe PRC - [2010.10.08 00:05:14 | 000,170,624 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe PRC - [2010.10.07 19:43:00 | 000,182,912 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe PRC - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe PRC - [2010.08.25 06:07:39 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () -- C:\ExpressGateUtil\VAWinService.exe PRC - [2010.08.18 00:55:42 | 005,732,992 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe PRC - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe PRC - [2010.08.05 15:41:15 | 000,047,640 | ---- | M] (ALi) -- C:\Windows\WebCam\S6000\S6000Mnt.exe PRC - [2010.07.10 08:45:00 | 000,984,400 | ---- | M] (Virage Logic Corporation / Sonic Focus) -- C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe PRC - [2010.02.03 10:08:56 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe PRC - [2009.11.03 00:21:26 | 000,103,720 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2009.06.19 20:29:42 | 000,105,016 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe PRC - [2009.06.19 20:29:26 | 002,488,888 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ATKOSD.exe PRC - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe PRC - [2008.12.23 03:15:34 | 000,174,648 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\WDC.exe PRC - [2008.08.14 07:00:08 | 000,113,208 | ---- | M] (ASUS) -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe PRC - [2008.08.13 15:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe PRC - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Modules (No Company Name) ========== MOD - [2011.06.19 23:05:47 | 000,985,088 | ---- | M] () -- C:\Program Files (x86)\OpenOffice.org 3\program\libxml2.dll MOD - [2010.09.24 02:53:16 | 001,601,536 | ---- | M] () -- C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe MOD - [2010.08.13 03:52:16 | 000,021,504 | ---- | M] () -- C:\ExpressGateUtil\VAWinAgent.exe MOD - [2009.11.03 00:23:36 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll MOD - [2009.11.03 00:20:10 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2007.11.30 21:20:44 | 000,051,768 | ---- | M] () -- C:\Program Files (x86)\ASUS\ASUS Live Update\ALU.exe ========== Services (SafeList) ========== SRV:64bit: - File not found [On_Demand | Stopped] -- C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe -- (Amsp) SRV:64bit: - [2010.11.30 23:19:52 | 000,379,520 | ---- | M] (ASUSTeK Computer Inc.) [Auto | Running] -- C:\Windows\SysNative\FBAgent.exe -- (AFBAgent) SRV:64bit: - [2010.09.23 04:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.09.17 10:32:56 | 000,241,488 | ---- | M] (Trend Micro Inc.) [Auto | Running] -- C:\Program Files\Trend Micro\Titanium\TiMiniService.exe -- (TiMiniService) SRV:64bit: - [2010.07.20 04:08:30 | 001,429,776 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010.07.20 03:48:36 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2010.07.20 03:46:54 | 000,838,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010.04.17 02:07:42 | 000,134,928 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\TurboBoost\TurboBoost.exe -- (TurboBoost) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.12.21 04:24:38 | 002,656,280 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.12.21 04:24:36 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.12.04 20:52:59 | 001,997,416 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010.08.25 22:07:38 | 000,246,256 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2010.08.21 04:47:58 | 000,077,312 | ---- | M] () [Auto | Running] -- C:\ExpressGateUtil\VAWinService.exe -- (VideAceWindowsService) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.15 20:39:38 | 000,096,896 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe -- (ATKGFNEXSrv) SRV - [2009.06.16 03:30:42 | 000,084,536 | ---- | M] (ASUS) [Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.04.18 15:05:16 | 000,019,304 | ---- | M] (GARMIN Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\grmnusb.sys -- (grmnusb) DRV:64bit: - [2012.03.08 18:40:52 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.12.04 20:52:59 | 000,025,576 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010.11.28 15:23:15 | 012,252,192 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010.11.20 15:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 13:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 02:25:40 | 000,210,944 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIc.sys -- (FLxHCIc) DRV:64bit: - [2010.11.20 02:25:40 | 000,049,664 | ---- | M] (Fresco Logic) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FLxHCIh.sys -- (FLxHCIh) DRV:64bit: - [2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.20 02:34:26 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.10.14 18:28:15 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.10.06 16:11:16 | 000,042,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\WDKMD.sys -- (wdkmd) DRV:64bit: - [2010.09.17 10:52:28 | 000,144,464 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmcomm.sys -- (tmcomm) DRV:64bit: - [2010.09.17 10:52:28 | 000,105,552 | ---- | M] (Trend Micro Inc.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\tmtdi.sys -- (tmtdi) DRV:64bit: - [2010.09.17 10:52:28 | 000,090,704 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmactmon.sys -- (tmactmon) DRV:64bit: - [2010.09.17 10:52:28 | 000,067,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\tmevtmgr.sys -- (tmevtmgr) DRV:64bit: - [2010.09.08 13:39:31 | 000,129,024 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010.08.05 15:41:31 | 000,190,232 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\S6000KNT.sys -- (S6000KNT) DRV:64bit: - [2010.07.14 14:42:58 | 007,821,312 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2010.06.23 03:31:11 | 000,333,928 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010.04.17 02:07:28 | 000,013,832 | ---- | M] () [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TurboB.sys -- (TurboB) DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbser6k.sys -- (ZTEusbser6k) DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbnmea.sys -- (ZTEusbnmea) DRV:64bit: - [2010.03.02 14:59:32 | 000,121,344 | ---- | M] (ZTE Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ZTEusbmdm6k.sys -- (ZTEusbmdm6k) DRV:64bit: - [2010.02.22 10:09:10 | 000,011,776 | ---- | M] (MBB Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\massfilter.sys -- (massfilter) DRV:64bit: - [2009.07.20 11:29:39 | 000,015,416 | ---- | M] ( ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\kbfiltr.sys -- (kbfiltr) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.20 04:09:57 | 001,394,688 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2009.06.10 22:35:57 | 000,056,832 | ---- | M] (Silicon Integrated Systems Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SiSG664.sys -- (SiSGbeLH) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2008.05.23 17:27:28 | 000,154,168 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WimFltr.sys -- (WimFltr) DRV - [2010.07.26 23:57:20 | 000,017,024 | ---- | M] (ASUS) [Kernel | System | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys -- (ATKWMIACPIIO) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.07.03 03:36:14 | 000,015,416 | ---- | M] (ASUS) [Kernel | Auto | Running] -- C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys -- (ASMMAP64) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=ASUTDF&pc=MAAU&src=IE-SearchBox IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://asus.msn.com IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ASUT IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus.msn.com IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://10.0.0.138/" FF - prefs.js..extensions.enabledAddons: {B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11}:0.3 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\ZEON/PDF,version=2.0: C:\Program Files (x86)\Nuance\PDF Reader\bin\nppdf.dll (Zeon Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{22C7F6C6-8D67-4534-92B5-529A0EC09405}: C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\firefoxextension\ [2011.02.25 01:04:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.05.12 15:37:47 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 11.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2012.08.17 18:08:26 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 14.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2012.03.11 18:30:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aharing\AppData\Roaming\mozilla\Extensions [2012.05.28 17:08:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\aharing\AppData\Roaming\mozilla\Firefox\Profiles\pjbsyadv.default\extensions [2012.05.28 17:08:05 | 000,000,000 | ---D | M] ("Free YouTube Download (Free Studio) Menu") -- C:\Users\aharing\AppData\Roaming\mozilla\Firefox\Profiles\pjbsyadv.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C} [2012.08.17 17:29:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012.08.17 17:29:18 | 000,000,000 | ---D | M] (Controller) -- C:\Program Files (x86)\mozilla firefox\extensions\{B0BBFC8E-6697-4D2B-8FC4-B5AD9B3B1F11} [2012.05.12 15:37:47 | 000,097,208 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.16 13:02:53 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.02.16 12:48:01 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.02.16 13:02:53 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.02.16 13:02:53 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.02.16 13:02:53 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.02.16 13:02:53 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.2.4204.1700\swg64.dll (Google Inc.) O2:64bit: - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O2 - BHO: (TmIEPlugInBHO Class) - {1CA1377B-DC1D-4A52-9585-6E06050FAC53} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll (Google Inc.) O2 - BHO: (TmBpIeBHO Class) - {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [ASUS WebStorage] C:\Program Files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe () O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelTBRunOnce] wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs" File not found O4:64bit: - HKLM..\Run: [IntelWireless] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [Trend Micro Client Framework] C:\Program Files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe (Trend Micro Inc.) O4:64bit: - HKLM..\Run: [VizorHtmlDialog.exe] C:\Program Files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe (Trend Micro Inc.) O4 - HKLM..\Run: [A1Webassistent] C:\Program Files (x86)\A1\A1 Webassistent\A1Webassistent.exe (mquadr.at software engineering and consulting GmbH, web: www.mquadr.at, mail: office@mquadr.at) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [ATKMEDIA] C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe (ASUS) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [FLxHCIm] C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe (Windows (R) Win 7 DDK provider) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [Nuance PDF Reader-reminder] C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe (Nuance Communications, Inc.) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\Run: [S6000Mnt] C:\Windows\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt File not found O4 - HKLM..\Run: [SessionLogon] C:\ExpressGateUtil\SessionLogon.exe File not found O4 - HKLM..\Run: [SonicMasterTray] C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe (Virage Logic Corporation / Sonic Focus) O4 - HKLM..\Run: [UpdateLBPShortCut] C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdateP2GoShortCut] C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [UpdatePSTShortCut] C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe (CyberLink Corp.) O4 - HKLM..\Run: [VAWinAgent] C:\ExpressGateUtil\VAWinAgent.exe () O4 - HKLM..\Run: [Wireless Console 3] C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\Run: [ISUSPM] C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe (Acresso Corporation) O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001..\RunOnce: [FlashPlayerUpdate] C:\Windows\SysWOW64\Macromed\Flash\FlashUtil32_11_3_300_262_Plugin.exe (Adobe Systems Incorporated) O4 - Startup: C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-931123733-2037267879-2966560627-1001\..Trusted Domains: blank ([]about in Local intranet) O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.138 10.0.0.138 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{FD5B7612-FC40-4ECB-8943-111600C3AC26}: DhcpNameServer = 10.0.0.138 10.0.0.138 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe64.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg.dll (Trend Micro Inc.) O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\tmbp {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll (Trend Micro Inc.) O18 - Protocol\Handler\tmpx {0E526CB5-7446-41D1-A403-19BFE95E8C23} - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll (Trend Micro Inc.) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell - "" = AutoRun O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell\AutoRun\command - "" = F:\Autorun.exe O33 - MountPoints2\F\Shell - "" = AutoRun O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^FancyStart daemon.lnk - C:\Windows\Installer\{2B81872B-A054-48DA-BE3B-FA5C164C303A}\_94E3CE3704FE82FBF49A6A.exe - () MsConfig:64bit - StartUpReg: ASUS Screen Saver Protector - hkey= - key= - C:\Windows\AsScrPro.exe (ASUS) MsConfig:64bit - StartUpReg: CLMLServer - hkey= - key= - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: Setwallpaper - hkey= - key= - File not found MsConfig:64bit - StartUpReg: Trend Micro Titanium - hkey= - key= - C:\Program Files\Trend Micro\Titanium\VizorShortCut.exe (Trend Micro Inc.) MsConfig:64bit - State: "startup" - Reg Error: Key error. SafeBootMin:64bit: AppMgmt - Service SafeBootMin:64bit: Base - Driver Group SafeBootMin:64bit: Boot Bus Extender - Driver Group SafeBootMin:64bit: Boot file system - Driver Group SafeBootMin:64bit: File system - Driver Group SafeBootMin:64bit: Filter - Driver Group SafeBootMin:64bit: HelpSvc - Service SafeBootMin:64bit: PCI Configuration - Driver Group SafeBootMin:64bit: PNP Filter - Driver Group SafeBootMin:64bit: Primary disk - Driver Group SafeBootMin:64bit: sacsvr - Service SafeBootMin:64bit: SCSI Class - Driver Group SafeBootMin:64bit: System Bus Extender - Driver Group SafeBootMin:64bit: vmms - Service SafeBootMin:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootMin:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: vmms - Service SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet:64bit: AppMgmt - Service SafeBootNet:64bit: Base - Driver Group SafeBootNet:64bit: Boot Bus Extender - Driver Group SafeBootNet:64bit: Boot file system - Driver Group SafeBootNet:64bit: File system - Driver Group SafeBootNet:64bit: Filter - Driver Group SafeBootNet:64bit: HelpSvc - Service SafeBootNet:64bit: Messenger - Service SafeBootNet:64bit: NDIS Wrapper - Driver Group SafeBootNet:64bit: NetBIOSGroup - Driver Group SafeBootNet:64bit: NetDDEGroup - Driver Group SafeBootNet:64bit: Network - Driver Group SafeBootNet:64bit: NetworkProvider - Driver Group SafeBootNet:64bit: PCI Configuration - Driver Group SafeBootNet:64bit: PNP Filter - Driver Group SafeBootNet:64bit: PNP_TDI - Driver Group SafeBootNet:64bit: Primary disk - Driver Group SafeBootNet:64bit: rdsessmgr - Service SafeBootNet:64bit: sacsvr - Service SafeBootNet:64bit: SCSI Class - Driver Group SafeBootNet:64bit: Streams Drivers - Driver Group SafeBootNet:64bit: System Bus Extender - Driver Group SafeBootNet:64bit: TDI - Driver Group SafeBootNet:64bit: vmms - Service SafeBootNet:64bit: WinDefend - C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SafeBootNet:64bit: WudfUsbccidDriver - Driver SafeBootNet:64bit: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet:64bit: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet:64bit: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet:64bit: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet:64bit: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet:64bit: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet:64bit: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet:64bit: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet:64bit: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet:64bit: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet:64bit: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet:64bit: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet:64bit: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet:64bit: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet:64bit: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet:64bit: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet:64bit: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet:64bit: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet:64bit: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet:64bit: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet:64bit: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet:64bit: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: vmms - Service SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5A604D2C-E968-429B-8327-62B5CE52126D} - .NET Framework ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {98D282C4-0F5F-D022-E57E-1F883C3BCE6A} - Browser Customizations ActiveX: {C6BAF60B-6E91-453F-BFF9-D3789CFEFCDD} - .NET Framework ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CE4BC71D-A88B-4943-BB3D-AF9C0E7D4387} - .NET Framework ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: {FE600E50-2C69-46D5-ACAA-2B617006245C} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32:64bit: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3acm - C:\Windows\SysWOW64\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.l3codecp - C:\Windows\SysWow64\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: vidc.cvid - C:\Windows\SysWow64\iccvid.dll (Radius Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.09.28 17:50:44 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe [2012.09.28 17:42:36 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012.09.24 19:33:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2012.09.23 10:41:31 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{3031CBB7-9615-4791-8EAE-0E45A8E2D06B} [2012.09.22 21:27:21 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Roaming\Malwarebytes [2012.09.22 21:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.22 21:26:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.22 21:26:45 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.22 21:26:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.19 22:04:05 | 000,000,000 | ---D | C] -- C:\Windows\pss [2012.09.16 15:38:02 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{51E80C41-9063-414D-B9CF-78671F7E6007} [2012.09.16 15:22:13 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{27338D5E-64B0-4FCA-BFFD-DFCB3A28A92B} [2012.09.08 21:41:41 | 000,000,000 | ---D | C] -- C:\Users\aharing\AppData\Local\{FF82E144-E449-4DC3-81F4-5977DDB021CC} ========== Files - Modified Within 30 Days ========== [2012.09.28 17:50:45 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\aharing\Desktop\OTL.exe [2012.09.28 17:39:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 17:39:29 | 000,010,016 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.28 17:31:40 | 000,045,056 | ---- | M] () -- C:\Windows\SysNative\acovcnt.exe [2012.09.28 17:31:40 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.28 17:31:10 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.28 17:31:03 | 2077,552,639 | -HS- | M] () -- C:\hiberfil.sys [2012.09.27 22:08:11 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.26 19:19:46 | 007,310,676 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.26 19:19:46 | 000,706,528 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.09.26 19:19:46 | 000,705,552 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012.09.26 19:19:46 | 000,703,290 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.09.26 19:19:46 | 000,701,206 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.09.26 19:19:46 | 000,691,440 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012.09.26 19:19:46 | 000,666,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.26 19:19:46 | 000,628,106 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.26 19:19:46 | 000,563,868 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012.09.26 19:19:46 | 000,397,418 | ---- | M] () -- C:\Windows\SysNative\prfh0404.dat [2012.09.26 19:19:46 | 000,365,620 | ---- | M] () -- C:\Windows\SysNative\perfh00D.dat [2012.09.26 19:19:46 | 000,141,242 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012.09.26 19:19:46 | 000,137,932 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012.09.26 19:19:46 | 000,137,120 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.09.26 19:19:46 | 000,134,320 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.09.26 19:19:46 | 000,134,186 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.26 19:19:46 | 000,131,324 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.09.26 19:19:46 | 000,110,568 | ---- | M] () -- C:\Windows\SysNative\prfc0404.dat [2012.09.26 19:19:46 | 000,110,568 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.26 19:19:46 | 000,093,616 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012.09.26 19:19:46 | 000,073,274 | ---- | M] () -- C:\Windows\SysNative\perfc00D.dat [2012.09.25 19:28:08 | 000,513,501 | ---- | M] () -- C:\Users\aharing\Desktop\adwcleaner.exe [2012.09.22 22:48:12 | 000,001,294 | ---- | M] () -- C:\Windows\SysNative\ServiceFilter.ini [2012.09.22 21:26:47 | 000,001,111 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.21 21:33:36 | 000,000,044 | ---- | M] () -- C:\Users\aharing\AppData\Roaming\msconfig.ini [2012.09.08 21:08:13 | 000,000,244 | ---- | M] () -- C:\Users\aharing\.swfinfo [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.09.25 19:48:08 | 000,513,501 | ---- | C] () -- C:\Users\aharing\Desktop\adwcleaner.exe [2012.09.22 21:26:47 | 000,001,111 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.19 21:41:29 | 000,000,044 | ---- | C] () -- C:\Users\aharing\AppData\Roaming\msconfig.ini [2012.09.08 21:08:13 | 000,000,244 | ---- | C] () -- C:\Users\aharing\.swfinfo [2012.06.17 15:35:48 | 007,405,734 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.02.12 15:42:41 | 000,017,408 | ---- | C] () -- C:\Users\aharing\AppData\Local\WebpageIcons.db [2011.02.25 01:01:57 | 000,131,472 | ---- | C] () -- C:\ProgramData\FullRemove.exe [2010.11.28 15:21:29 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin [2010.11.28 15:21:27 | 000,960,940 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2010.11.28 15:21:27 | 000,206,952 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.08.18 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\A1 Servicecenter [2011.04.29 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Asus WebStorage [2012.05.28 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoft [2012.05.28 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers [2012.08.25 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\GARMIN [2012.03.03 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\MP42AVI [2012.08.17 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\mquadr.at [2012.09.23 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nokia [2011.05.08 15:29:35 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nuance [2011.06.19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\OpenOffice.org [2012.06.05 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Opera [2011.05.01 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Scilab [2012.09.08 10:34:09 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\SoftGrid Client [2012.08.17 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Thunderbird [2012.06.17 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\TP [2012.08.17 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Windows Live Writer [2011.05.08 15:29:31 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Zeon ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.08.18 19:05:51 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\A1 Servicecenter [2012.06.07 19:16:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Adobe [2012.05.12 15:33:52 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Apple Computer [2011.04.29 21:24:45 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Asus WebStorage [2012.05.28 17:08:19 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoft [2012.05.28 17:08:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers [2011.05.08 15:29:36 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\FLEXnet [2012.08.25 20:31:23 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\GARMIN [2011.04.29 21:15:36 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Identities [2011.04.29 21:17:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Intel [2011.05.07 19:39:54 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Macromedia [2012.09.22 21:27:21 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Malwarebytes [2009.07.14 09:44:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Media Center Programs [2012.07.30 17:05:05 | 000,000,000 | --SD | M] -- C:\Users\aharing\AppData\Roaming\Microsoft [2012.03.11 18:30:57 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Mozilla [2012.03.03 21:40:10 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\MP42AVI [2012.08.17 17:37:13 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\mquadr.at [2012.09.23 10:33:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nokia [2011.05.08 15:29:35 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Nuance [2011.06.19 23:07:04 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\OpenOffice.org [2012.06.05 21:55:38 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Opera [2011.05.01 10:43:47 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Scilab [2012.09.08 10:34:09 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\SoftGrid Client [2012.08.17 18:08:30 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Thunderbird [2012.06.17 15:36:34 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\TP [2012.08.17 18:03:26 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Windows Live Writer [2011.05.08 15:29:31 | 000,000,000 | ---D | M] -- C:\Users\aharing\AppData\Roaming\Zeon < %APPDATA%\*.exe /s > [2011.06.25 14:09:14 | 003,120,288 | ---- | M] (Adobe Systems, Inc.) -- C:\Users\aharing\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\fpupdateax\fpupdateax.exe < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 03:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 03:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 03:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 03:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008.06.07 00:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files (x86)\CyberLink\PowerDirector\EventLog.dll < MD5 for: IASTOR.SYS > [2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\eSupport\eDriver\Software\Others\Intel\IRST\Vista64_Win7_64_10.1.0.1008\iaStor.sys [2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\drivers\iaStor.sys [2010.11.05 17:45:47 | 000,438,808 | ---- | M] (Intel Corporation) MD5=D7921D5A870B11CC1ADAB198A519D50A -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_710b330fb3531234\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 15:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.02.25 01:24:06 | 000,410,504 | ---- | M] (Intel Corporation) MD5=513DC087CFED7D2BB82F005385D3531F -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16592_none_0af87721a183cb70\iaStorV.sys [2011.03.11 08:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 08:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 08:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 08:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 03:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys [2011.02.25 01:24:06 | 000,410,496 | ---- | M] (Intel Corporation) MD5=E353CF970C5D4D6A092911E15FB78C07 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20712_none_0bd89532ba6088d9\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 03:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 15:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 14:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 03:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.02.25 01:24:06 | 000,166,280 | ---- | M] (NVIDIA Corporation) MD5=0AF7B8136794E23E87BE138992880E64 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16592_none_95c1e7d0d8ba7548\nvstor.sys [2009.07.14 03:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 08:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 08:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.02.25 01:24:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=CE76755AF933E728CEBA6C7A970838A4 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20712_none_96a205e1f19732b1\nvstor.sys [2011.03.11 08:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 08:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 15:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 03:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 03:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 14:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 15:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 14:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 03:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 03:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 15:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 14:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 03:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 03:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 15:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WININIT.EXE > [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\SysNative\wininit.exe [2009.07.14 03:39:52 | 000,129,024 | ---- | M] (Microsoft Corporation) MD5=94355C28C1970635A31B3FE52EB7CEBA -- C:\Windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\SysWOW64\wininit.exe [2009.07.14 03:14:45 | 000,096,256 | ---- | M] (Microsoft Corporation) MD5=B5C5DCAD3899512020D135600129D665 -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 15:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 03:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2011.02.25 00:48:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2011.02.25 00:48:43 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 02:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > [2009.07.14 03:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2012.08.24 09:03:49 | 009,738,240 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\ieframe.dll < End of report > |
|
28.09.2012, 19:20
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Mach einen OTL-Fix, beende alle evtl. geöffneten Programme, auch Virenscanner deaktivieren (!), starte OTL und kopiere folgenden Text in die "Custom Scan/Fixes" Box (unten in OTL): (das ":OTL" muss mitkopiert werden!!!)
__________________Code:
ATTFilter :OTL
FF - user.js - File not found
O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O32 - HKLM CDRom: AutoRun - 1
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell - "" = AutoRun
O33 - MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\Shell\AutoRun\command - "" = F:\Autorun.exe
O33 - MountPoints2\F\Shell - "" = AutoRun
O33 - MountPoints2\F\Shell\AutoRun\command - "" = F:\Autorun.exe
:Files
C:\Users\aharing\AppData\Local\{*
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
Das Logfile müsste geöffnet werden, wenn Du nach dem Fixen auf ok klickst, poste das bitte. Evtl. wird der Rechner neu gestartet. Die mit diesem Script gefixten Einträge, Dateien und Ordner werden zur Sicherheit nicht vollständig gelöscht, es wird eine Sicherheitskopie auf der Systempartition im Ordner "_OTL" erstellt. Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ |
|
28.09.2012, 21:14
| #19 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Hier ist das Logfile: Code:
ATTFilter All processes killed
========== OTL ==========
64bit-Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\Locked deleted successfully.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-21-931123733-2037267879-2966560627-1000\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktop deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoActiveDesktopChanges deleted successfully.
Registry value HKEY_USERS\S-1-5-21-931123733-2037267879-2966560627-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer\\NoDriveTypeAutoRun deleted successfully.
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom\\AutoRun|DWORD:1 /E : value set successfully!
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{53bd6ffb-8c58-11e1-b186-bcaec560400d}\ not found.
File F:\Autorun.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\F\ not found.
File F:\Autorun.exe not found.
========== FILES ==========
C:\Users\aharing\AppData\Local\{062A5EB5-3DFA-4E9D-8386-31CC4DEAB604} folder moved successfully.
C:\Users\aharing\AppData\Local\{06F14F74-B824-4AD4-89DF-FAC88807CEA4} folder moved successfully.
C:\Users\aharing\AppData\Local\{092215F5-D9A8-4E9B-84A9-30DF8EA6720F} folder moved successfully.
C:\Users\aharing\AppData\Local\{0EF834B8-0844-427E-BD80-9E4F00F926A9} folder moved successfully.
C:\Users\aharing\AppData\Local\{1118EC9C-5859-46E9-A22F-16F5F536CB47} folder moved successfully.
C:\Users\aharing\AppData\Local\{137651A4-24CC-48D7-8A81-52ABA7673BD4} folder moved successfully.
C:\Users\aharing\AppData\Local\{1EED1BA4-CC51-411B-A46E-58F595941D15} folder moved successfully.
C:\Users\aharing\AppData\Local\{26C5A1A0-138C-4D55-B701-3211035D2FEE} folder moved successfully.
C:\Users\aharing\AppData\Local\{27338D5E-64B0-4FCA-BFFD-DFCB3A28A92B} folder moved successfully.
C:\Users\aharing\AppData\Local\{2D45066E-805F-4EA5-A5F4-0FAED9F61860} folder moved successfully.
C:\Users\aharing\AppData\Local\{2E25FEB3-A433-46BE-8467-20D636C734CE} folder moved successfully.
C:\Users\aharing\AppData\Local\{3031CBB7-9615-4791-8EAE-0E45A8E2D06B} folder moved successfully.
C:\Users\aharing\AppData\Local\{3861D45A-34D7-4C30-88F3-8AAEBE630567} folder moved successfully.
C:\Users\aharing\AppData\Local\{39794139-6F81-417B-9DCC-A61CC25A1A5C} folder moved successfully.
C:\Users\aharing\AppData\Local\{427E2BF9-728A-47E1-A597-778B3D1924A6} folder moved successfully.
C:\Users\aharing\AppData\Local\{449746A0-B63D-4A6E-B715-C65EF824E8D6} folder moved successfully.
C:\Users\aharing\AppData\Local\{486277A0-0A7F-44C8-BC8C-61D2FE2C0A5A} folder moved successfully.
C:\Users\aharing\AppData\Local\{51E80C41-9063-414D-B9CF-78671F7E6007} folder moved successfully.
C:\Users\aharing\AppData\Local\{55666E1B-716C-499E-8DA6-F6E68521F0BF} folder moved successfully.
C:\Users\aharing\AppData\Local\{56B77FF2-E25A-41AB-A2E5-4E107B878DBC} folder moved successfully.
C:\Users\aharing\AppData\Local\{57E385E4-B617-4C9B-B2F5-5CA037AB781B} folder moved successfully.
C:\Users\aharing\AppData\Local\{5B29A964-6D9E-4888-9B97-A37CBDD71725} folder moved successfully.
C:\Users\aharing\AppData\Local\{5DE45A88-6491-4E39-A003-56D5B22CD0B4} folder moved successfully.
C:\Users\aharing\AppData\Local\{7FE6FC5E-F7CC-4AC9-9415-097D44DDA19F} folder moved successfully.
C:\Users\aharing\AppData\Local\{81FCD5A5-C5DA-47E9-B93C-4DA2D411CB17} folder moved successfully.
C:\Users\aharing\AppData\Local\{892C7C2B-F3B6-4595-B241-A4D97AFA4316} folder moved successfully.
C:\Users\aharing\AppData\Local\{900328D6-93CB-48E6-AFD7-C58C83DAF7F6} folder moved successfully.
C:\Users\aharing\AppData\Local\{9530FA64-FF15-43A9-8CCC-F37379595E4B} folder moved successfully.
C:\Users\aharing\AppData\Local\{95728D6D-8E6A-4C03-9876-6FBAE4EC92CA} folder moved successfully.
C:\Users\aharing\AppData\Local\{95F4D581-9943-4E5D-B2ED-241F92506C83} folder moved successfully.
C:\Users\aharing\AppData\Local\{9B515135-86AC-4F9F-BA0C-D781FCAB1DB2} folder moved successfully.
C:\Users\aharing\AppData\Local\{A2199B4C-489C-46E3-B2C4-505F5B21D768} folder moved successfully.
C:\Users\aharing\AppData\Local\{A46E3183-977A-48F3-8C07-484BCFFABF95} folder moved successfully.
C:\Users\aharing\AppData\Local\{A82202AF-4377-4261-93C0-C9FD2CB3ACCA} folder moved successfully.
C:\Users\aharing\AppData\Local\{A92DE12C-02CF-449A-B3EB-7D2E8292F963} folder moved successfully.
C:\Users\aharing\AppData\Local\{AE058606-D1A6-41E0-984D-FB1E3DBDD3F2} folder moved successfully.
C:\Users\aharing\AppData\Local\{B062AA85-B377-4A47-8B78-70FEEB65E154} folder moved successfully.
C:\Users\aharing\AppData\Local\{B51F2930-53F1-4B21-A0FE-84DFBBCA9456} folder moved successfully.
C:\Users\aharing\AppData\Local\{BBF83F73-9844-42CE-801E-AC1120D58198} folder moved successfully.
C:\Users\aharing\AppData\Local\{C7E0EE02-F028-4478-BF8D-042DE5633DF6} folder moved successfully.
C:\Users\aharing\AppData\Local\{CDF0E4C9-8203-4332-9473-E8778DBC24FD} folder moved successfully.
C:\Users\aharing\AppData\Local\{D7B5C229-BFC2-4257-843E-3D5BACD15B66} folder moved successfully.
C:\Users\aharing\AppData\Local\{DAEB6F66-D376-4ABC-AFF2-EBFA93CF3467} folder moved successfully.
C:\Users\aharing\AppData\Local\{E2D73B14-70D9-4C5C-8916-B468E176438A} folder moved successfully.
C:\Users\aharing\AppData\Local\{E458626C-FBDF-4CDC-80DF-509BFD9B5C50} folder moved successfully.
C:\Users\aharing\AppData\Local\{EAECFD9D-B7EF-4BDA-AD1B-FBB66537E49B} folder moved successfully.
C:\Users\aharing\AppData\Local\{ED38F364-EB4E-4467-8343-0F9C073DD6C6} folder moved successfully.
C:\Users\aharing\AppData\Local\{EEA4DB54-C83A-41E6-916C-2080D87DEA68} folder moved successfully.
C:\Users\aharing\AppData\Local\{FC0D2952-9041-4E13-A540-285AF434B17A} folder moved successfully.
C:\Users\aharing\AppData\Local\{FDA8928E-5926-4B5D-8D58-B501582BA1E9} folder moved successfully.
C:\Users\aharing\AppData\Local\{FF82E144-E449-4DC3-81F4-5977DDB021CC} folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\tmp folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\muffin folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\host folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\9 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\8 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\63 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\62 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\61 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\60 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\6 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\59 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\58 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\57 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\55 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\54 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\53 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\52 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\50 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\5 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\49 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\48 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\47 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\46 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\45 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\44 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\43 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\42 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\41 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\40 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\4 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\39 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\37 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\36 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\35 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\34 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\33 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\32 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\31 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\30 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\3 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\29 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\28 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\27 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\26 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\25 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\24 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\23 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\22 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\21 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\20 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\2 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\19 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\18 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\17 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\16 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\15 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\14 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\12 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\11 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\10 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\1 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\0 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache\6.0 folder moved successfully.
C:\Users\aharing\AppData\LocalLow\Sun\Java\Deployment\cache folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\aharing\Desktop\cmd.bat deleted successfully.
C:\Users\aharing\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: aharing
->Temp folder emptied: 517624121 bytes
->Temporary Internet Files folder emptied: 388798589 bytes
->FireFox cache emptied: 76762450 bytes
->Flash cache emptied: 3128719 bytes
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 498281665 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 1.416,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 09282012_215040
Files\Folders moved on Reboot...
C:\Users\aharing\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
28.09.2012, 21:27
| #20 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.09.2012, 22:57
| #21 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Hier ist der Report: Code:
ATTFilter 23:50:19.0914 3028 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
23:50:20.0258 3028 ============================================================
23:50:20.0258 3028 Current date / time: 2012/09/29 23:50:20.0258
23:50:20.0258 3028 SystemInfo:
23:50:20.0258 3028
23:50:20.0258 3028 OS Version: 6.1.7601 ServicePack: 1.0
23:50:20.0258 3028 Product type: Workstation
23:50:20.0258 3028 ComputerName: AHARING_PC
23:50:20.0258 3028 UserName: aharing
23:50:20.0258 3028 Windows directory: C:\Windows
23:50:20.0258 3028 System windows directory: C:\Windows
23:50:20.0258 3028 Running under WOW64
23:50:20.0258 3028 Processor architecture: Intel x64
23:50:20.0258 3028 Number of processors: 4
23:50:20.0258 3028 Page size: 0x1000
23:50:20.0258 3028 Boot type: Normal boot
23:50:20.0258 3028 ============================================================
23:50:20.0975 3028 Drive \Device\Harddisk0\DR0 - Size: 0x950B056000 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
23:50:20.0991 3028 ============================================================
23:50:20.0991 3028 \Device\Harddisk0\DR0:
23:50:20.0991 3028 MBR partitions:
23:50:20.0991 3028 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x2AF98B5, BlocksNum 0x12A151A9
23:50:21.0006 3028 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1550F800, BlocksNum 0x35348000
23:50:21.0006 3028 ============================================================
23:50:21.0038 3028 C: <-> \Device\Harddisk0\DR0\Partition1
23:50:21.0162 3028 D: <-> \Device\Harddisk0\DR0\Partition2
23:50:21.0162 3028 ============================================================
23:50:21.0162 3028 Initialize success
23:50:21.0162 3028 ============================================================
23:51:03.0922 5668 ============================================================
23:51:03.0922 5668 Scan started
23:51:03.0922 5668 Mode: Manual; SigCheck; TDLFS;
23:51:03.0922 5668 ============================================================
23:51:04.0343 5668 ================ Scan system memory ========================
23:51:04.0343 5668 System memory - ok
23:51:04.0343 5668 ================ Scan services =============================
23:51:04.0874 5668 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:51:05.0030 5668 1394ohci - ok
23:51:05.0092 5668 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:51:05.0139 5668 ACPI - ok
23:51:05.0170 5668 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:51:05.0264 5668 AcpiPmi - ok
23:51:05.0373 5668 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
23:51:05.0420 5668 Adobe LM Service ( UnsignedFile.Multi.Generic ) - warning
23:51:05.0420 5668 Adobe LM Service - detected UnsignedFile.Multi.Generic (1)
23:51:05.0451 5668 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:51:05.0498 5668 adp94xx - ok
23:51:05.0529 5668 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:51:05.0560 5668 adpahci - ok
23:51:05.0560 5668 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:51:05.0576 5668 adpu320 - ok
23:51:05.0622 5668 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:51:05.0763 5668 AeLookupSvc - ok
23:51:05.0794 5668 [ 079CBA3C5C9AB11B2B4E6BD729A860F2 ] AFBAgent C:\Windows\system32\FBAgent.exe
23:51:05.0825 5668 AFBAgent - ok
23:51:05.0872 5668 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
23:51:05.0966 5668 AFD - ok
23:51:06.0012 5668 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
23:51:06.0044 5668 agp440 - ok
23:51:06.0090 5668 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
23:51:06.0153 5668 ALG - ok
23:51:06.0184 5668 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
23:51:06.0200 5668 aliide - ok
23:51:06.0231 5668 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
23:51:06.0246 5668 amdide - ok
23:51:06.0278 5668 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:51:06.0340 5668 AmdK8 - ok
23:51:06.0340 5668 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:51:06.0387 5668 AmdPPM - ok
23:51:06.0418 5668 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:51:06.0449 5668 amdsata - ok
23:51:06.0512 5668 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:51:06.0543 5668 amdsbs - ok
23:51:06.0574 5668 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:51:06.0574 5668 amdxata - ok
23:51:06.0668 5668 [ E8494519BCB9E3B1B72E5604993A76E3 ] Amsp C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe
23:51:06.0699 5668 Amsp - ok
23:51:06.0730 5668 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
23:51:06.0933 5668 AppID - ok
23:51:06.0980 5668 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:51:07.0058 5668 AppIDSvc - ok
23:51:07.0089 5668 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
23:51:07.0167 5668 Appinfo - ok
23:51:07.0214 5668 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
23:51:07.0245 5668 arc - ok
23:51:07.0245 5668 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:51:07.0260 5668 arcsas - ok
23:51:07.0338 5668 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
23:51:07.0370 5668 ASLDRService - ok
23:51:07.0416 5668 [ 4C016FD76ED5C05E84CA8CAB77993961 ] ASMMAP64 C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
23:51:07.0432 5668 ASMMAP64 - ok
23:51:07.0479 5668 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:51:07.0557 5668 AsyncMac - ok
23:51:07.0588 5668 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
23:51:07.0604 5668 atapi - ok
23:51:07.0775 5668 [ E857EEE6B92AAA473EBB3465ADD8F7E7 ] athr C:\Windows\system32\DRIVERS\athrx.sys
23:51:07.0947 5668 athr - ok
23:51:07.0978 5668 [ 7910158929571214A959D5A6D16DD9C0 ] ATKGFNEXSrv C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
23:51:07.0994 5668 ATKGFNEXSrv - ok
23:51:08.0025 5668 [ 1F7238A37389ED92E9D8EEE975CABD54 ] ATKWMIACPIIO C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
23:51:08.0040 5668 ATKWMIACPIIO - ok
23:51:08.0072 5668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:51:08.0196 5668 AudioEndpointBuilder - ok
23:51:08.0228 5668 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
23:51:08.0290 5668 AudioSrv - ok
23:51:08.0306 5668 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:51:08.0446 5668 AxInstSV - ok
23:51:08.0477 5668 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
23:51:08.0555 5668 b06bdrv - ok
23:51:08.0571 5668 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
23:51:08.0618 5668 b57nd60a - ok
23:51:08.0664 5668 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
23:51:08.0727 5668 BDESVC - ok
23:51:08.0758 5668 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
23:51:08.0852 5668 Beep - ok
23:51:08.0883 5668 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
23:51:08.0930 5668 BFE - ok
23:51:08.0992 5668 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
23:51:09.0101 5668 BITS - ok
23:51:09.0132 5668 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:51:09.0148 5668 blbdrive - ok
23:51:09.0179 5668 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:51:09.0242 5668 bowser - ok
23:51:09.0288 5668 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:51:09.0335 5668 BrFiltLo - ok
23:51:09.0335 5668 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:51:09.0351 5668 BrFiltUp - ok
23:51:09.0382 5668 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
23:51:09.0444 5668 Browser - ok
23:51:09.0491 5668 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:51:09.0569 5668 Brserid - ok
23:51:09.0616 5668 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:51:09.0663 5668 BrSerWdm - ok
23:51:09.0663 5668 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:51:09.0710 5668 BrUsbMdm - ok
23:51:09.0710 5668 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:51:09.0741 5668 BrUsbSer - ok
23:51:09.0756 5668 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:51:09.0772 5668 BTHMODEM - ok
23:51:09.0803 5668 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
23:51:09.0881 5668 bthserv - ok
23:51:09.0912 5668 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:51:09.0959 5668 cdfs - ok
23:51:10.0006 5668 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
23:51:10.0053 5668 cdrom - ok
23:51:10.0100 5668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
23:51:10.0162 5668 CertPropSvc - ok
23:51:10.0193 5668 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:51:10.0224 5668 circlass - ok
23:51:10.0287 5668 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
23:51:10.0334 5668 CLFS - ok
23:51:10.0552 5668 [ FE1C81A049E5C5D67C4AB7C31C899F6F ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
23:51:10.0583 5668 CLKMSVC10_38F51D56 - ok
23:51:10.0802 5668 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:51:10.0833 5668 clr_optimization_v2.0.50727_32 - ok
23:51:11.0051 5668 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
23:51:11.0082 5668 clr_optimization_v2.0.50727_64 - ok
23:51:11.0363 5668 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:51:11.0379 5668 clr_optimization_v4.0.30319_32 - ok
23:51:11.0628 5668 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
23:51:11.0644 5668 clr_optimization_v4.0.30319_64 - ok
23:51:11.0722 5668 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:51:11.0753 5668 CmBatt - ok
23:51:11.0769 5668 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:51:11.0784 5668 cmdide - ok
23:51:11.0800 5668 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
23:51:11.0831 5668 CNG - ok
23:51:11.0862 5668 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:51:11.0878 5668 Compbatt - ok
23:51:11.0909 5668 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:51:11.0987 5668 CompositeBus - ok
23:51:12.0018 5668 COMSysApp - ok
23:51:12.0034 5668 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:51:12.0050 5668 crcdisk - ok
23:51:12.0081 5668 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:51:12.0112 5668 CryptSvc - ok
23:51:12.0237 5668 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
23:51:12.0268 5668 cvhsvc - ok
23:51:12.0315 5668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
23:51:12.0393 5668 DcomLaunch - ok
23:51:12.0471 5668 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
23:51:12.0596 5668 defragsvc - ok
23:51:12.0658 5668 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:51:12.0752 5668 DfsC - ok
23:51:12.0798 5668 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
23:51:12.0908 5668 Dhcp - ok
23:51:12.0939 5668 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
23:51:12.0986 5668 discache - ok
23:51:13.0001 5668 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:51:13.0017 5668 Disk - ok
23:51:13.0032 5668 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:51:13.0079 5668 Dnscache - ok
23:51:13.0110 5668 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
23:51:13.0157 5668 dot3svc - ok
23:51:13.0188 5668 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
23:51:13.0235 5668 DPS - ok
23:51:13.0282 5668 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:51:13.0329 5668 drmkaud - ok
23:51:13.0391 5668 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:51:13.0422 5668 DXGKrnl - ok
23:51:13.0454 5668 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
23:51:13.0500 5668 EapHost - ok
23:51:13.0922 5668 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
23:51:14.0062 5668 ebdrv - ok
23:51:14.0093 5668 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
23:51:14.0140 5668 EFS - ok
23:51:14.0405 5668 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:51:14.0514 5668 ehRecvr - ok
23:51:14.0546 5668 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
23:51:14.0624 5668 ehSched - ok
23:51:14.0670 5668 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:51:14.0748 5668 elxstor - ok
23:51:14.0764 5668 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:51:14.0811 5668 ErrDev - ok
23:51:14.0842 5668 [ 05B0DCDA418E297A1B4CD8D7B8ADE403 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
23:51:14.0889 5668 ETD - ok
23:51:14.0951 5668 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
23:51:15.0029 5668 EventSystem - ok
23:51:15.0123 5668 [ BDFCB7E8C108D042B213957D2B044E7E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
23:51:15.0185 5668 EvtEng - ok
23:51:15.0216 5668 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
23:51:15.0248 5668 exfat - ok
23:51:15.0294 5668 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:51:15.0341 5668 fastfat - ok
23:51:15.0388 5668 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
23:51:15.0497 5668 Fax - ok
23:51:15.0528 5668 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:51:15.0575 5668 fdc - ok
23:51:15.0622 5668 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
23:51:15.0716 5668 fdPHost - ok
23:51:15.0716 5668 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
23:51:15.0762 5668 FDResPub - ok
23:51:15.0778 5668 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:51:15.0794 5668 FileInfo - ok
23:51:15.0809 5668 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:51:15.0856 5668 Filetrace - ok
23:51:15.0872 5668 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:51:15.0887 5668 flpydisk - ok
23:51:15.0934 5668 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:51:15.0950 5668 FltMgr - ok
23:51:15.0965 5668 [ D0ADBCF2A5316D23EF67DFAA02D5D544 ] FLxHCIc C:\Windows\system32\DRIVERS\FLxHCIc.sys
23:51:15.0981 5668 FLxHCIc - ok
23:51:16.0012 5668 [ F9B6DB9727AD2F14ECF84E43EB5279F7 ] FLxHCIh C:\Windows\system32\DRIVERS\FLxHCIh.sys
23:51:16.0043 5668 FLxHCIh - ok
23:51:16.0152 5668 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
23:51:16.0246 5668 FontCache - ok
23:51:16.0308 5668 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
23:51:16.0340 5668 FontCache3.0.0.0 - ok
23:51:16.0371 5668 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:51:16.0386 5668 FsDepends - ok
23:51:16.0418 5668 [ 07DA62C960DDCCC2D35836AEAB4FC578 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
23:51:16.0433 5668 fssfltr - ok
23:51:16.0511 5668 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
23:51:16.0605 5668 fsssvc - ok
23:51:16.0667 5668 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:51:16.0683 5668 Fs_Rec - ok
23:51:16.0714 5668 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:51:16.0730 5668 fvevol - ok
23:51:16.0745 5668 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:51:16.0761 5668 gagp30kx - ok
23:51:16.0792 5668 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
23:51:16.0870 5668 gpsvc - ok
23:51:16.0932 5668 [ B9893A68032A6D9ADDB5B98287C630F7 ] grmnusb C:\Windows\system32\drivers\grmnusb.sys
23:51:16.0948 5668 grmnusb - ok
23:51:17.0010 5668 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:17.0026 5668 gupdate - ok
23:51:17.0042 5668 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
23:51:17.0057 5668 gupdatem - ok
23:51:17.0104 5668 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
23:51:17.0104 5668 gusvc - ok
23:51:17.0135 5668 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:51:17.0182 5668 hcw85cir - ok
23:51:17.0244 5668 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:51:17.0322 5668 HdAudAddService - ok
23:51:17.0338 5668 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:51:17.0369 5668 HDAudBus - ok
23:51:17.0400 5668 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:51:17.0447 5668 HidBatt - ok
23:51:17.0463 5668 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:51:17.0510 5668 HidBth - ok
23:51:17.0541 5668 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:51:17.0556 5668 HidIr - ok
23:51:17.0588 5668 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
23:51:17.0619 5668 hidserv - ok
23:51:17.0650 5668 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
23:51:17.0681 5668 HidUsb - ok
23:51:17.0697 5668 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:51:17.0775 5668 hkmsvc - ok
23:51:17.0806 5668 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:51:17.0837 5668 HomeGroupListener - ok
23:51:17.0868 5668 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:51:17.0915 5668 HomeGroupProvider - ok
23:51:17.0946 5668 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:51:17.0962 5668 HpSAMD - ok
23:51:18.0024 5668 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:51:18.0102 5668 HTTP - ok
23:51:18.0165 5668 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:51:18.0180 5668 hwpolicy - ok
23:51:18.0227 5668 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
23:51:18.0243 5668 i8042prt - ok
23:51:18.0274 5668 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
23:51:18.0290 5668 iaStor - ok
23:51:18.0352 5668 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:51:18.0383 5668 iaStorV - ok
23:51:18.0492 5668 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
23:51:18.0555 5668 idsvc - ok
23:51:19.0725 5668 [ 0AC9E321D604BE48A0D72B69BA484BDC ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
23:51:20.0115 5668 igfx - ok
23:51:20.0130 5668 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:51:20.0162 5668 iirsp - ok
23:51:20.0224 5668 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
23:51:20.0286 5668 IKEEXT - ok
23:51:20.0505 5668 [ A0C2C3D4C03C4FB896CFC53873784178 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
23:51:20.0552 5668 IntcAzAudAddService - ok
23:51:20.0583 5668 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
23:51:20.0645 5668 IntcDAud - ok
23:51:20.0676 5668 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
23:51:20.0708 5668 intelide - ok
23:51:20.0723 5668 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:51:20.0770 5668 intelppm - ok
23:51:20.0801 5668 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:51:20.0864 5668 IPBusEnum - ok
23:51:20.0895 5668 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:51:20.0973 5668 IpFilterDriver - ok
23:51:21.0035 5668 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:51:21.0129 5668 iphlpsvc - ok
23:51:21.0144 5668 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:51:21.0207 5668 IPMIDRV - ok
23:51:21.0300 5668 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:51:21.0394 5668 IPNAT - ok
23:51:21.0394 5668 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:51:21.0488 5668 IRENUM - ok
23:51:21.0503 5668 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:51:21.0519 5668 isapnp - ok
23:51:21.0550 5668 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:51:21.0566 5668 iScsiPrt - ok
23:51:21.0581 5668 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:51:21.0597 5668 kbdclass - ok
23:51:21.0644 5668 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:51:21.0706 5668 kbdhid - ok
23:51:21.0722 5668 [ E63EF8C3271D014F14E2469CE75FECB4 ] kbfiltr C:\Windows\system32\DRIVERS\kbfiltr.sys
23:51:21.0737 5668 kbfiltr - ok
23:51:21.0753 5668 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
23:51:21.0784 5668 KeyIso - ok
23:51:21.0800 5668 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:51:21.0846 5668 KSecDD - ok
23:51:21.0878 5668 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:51:21.0909 5668 KSecPkg - ok
23:51:21.0956 5668 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
23:51:22.0034 5668 ksthunk - ok
23:51:22.0065 5668 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
23:51:22.0158 5668 KtmRm - ok
23:51:22.0221 5668 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
23:51:22.0299 5668 LanmanServer - ok
23:51:22.0314 5668 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:51:22.0361 5668 LanmanWorkstation - ok
23:51:22.0377 5668 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:51:22.0424 5668 lltdio - ok
23:51:22.0439 5668 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:51:22.0517 5668 lltdsvc - ok
23:51:22.0517 5668 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
23:51:22.0548 5668 lmhosts - ok
23:51:22.0626 5668 [ 7F32D4C47A50E7223491E8FB9359907D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
23:51:22.0658 5668 LMS - ok
23:51:22.0673 5668 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:51:22.0689 5668 LSI_FC - ok
23:51:22.0720 5668 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:51:22.0720 5668 LSI_SAS - ok
23:51:22.0751 5668 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:51:22.0751 5668 LSI_SAS2 - ok
23:51:22.0767 5668 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:51:22.0782 5668 LSI_SCSI - ok
23:51:22.0798 5668 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
23:51:22.0845 5668 luafv - ok
23:51:22.0876 5668 [ 830708A5CC0A19196C1DC205BED5A3A8 ] massfilter C:\Windows\system32\drivers\massfilter.sys
23:51:22.0938 5668 massfilter - ok
23:51:22.0985 5668 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
23:51:23.0016 5668 MBAMProtector - ok
23:51:23.0126 5668 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
23:51:23.0172 5668 MBAMScheduler - ok
23:51:23.0204 5668 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
23:51:23.0250 5668 MBAMService - ok
23:51:23.0282 5668 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:51:23.0313 5668 Mcx2Svc - ok
23:51:23.0344 5668 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:51:23.0375 5668 megasas - ok
23:51:23.0391 5668 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:51:23.0406 5668 MegaSR - ok
23:51:23.0422 5668 [ A6518DCC42F7A6E999BB3BEA8FD87567 ] MEIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
23:51:23.0422 5668 MEIx64 - ok
23:51:23.0453 5668 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
23:51:23.0531 5668 MMCSS - ok
23:51:23.0531 5668 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
23:51:23.0594 5668 Modem - ok
23:51:23.0609 5668 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:51:23.0625 5668 monitor - ok
23:51:23.0640 5668 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
23:51:23.0656 5668 mouclass - ok
23:51:23.0672 5668 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:51:23.0687 5668 mouhid - ok
23:51:23.0718 5668 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:51:23.0718 5668 mountmgr - ok
23:51:23.0750 5668 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
23:51:23.0750 5668 mpio - ok
23:51:23.0796 5668 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:51:23.0859 5668 mpsdrv - ok
23:51:23.0984 5668 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:51:24.0108 5668 MpsSvc - ok
23:51:24.0140 5668 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:51:24.0186 5668 MRxDAV - ok
23:51:24.0218 5668 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:51:24.0296 5668 mrxsmb - ok
23:51:24.0327 5668 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:51:24.0358 5668 mrxsmb10 - ok
23:51:24.0389 5668 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:51:24.0452 5668 mrxsmb20 - ok
23:51:24.0483 5668 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
23:51:24.0483 5668 msahci - ok
23:51:24.0530 5668 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:51:24.0561 5668 msdsm - ok
23:51:24.0592 5668 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
23:51:24.0639 5668 MSDTC - ok
23:51:24.0670 5668 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:51:24.0732 5668 Msfs - ok
23:51:24.0732 5668 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:51:24.0779 5668 mshidkmdf - ok
23:51:24.0795 5668 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:51:24.0810 5668 msisadrv - ok
23:51:24.0842 5668 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:51:24.0904 5668 MSiSCSI - ok
23:51:24.0920 5668 msiserver - ok
23:51:24.0935 5668 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:51:24.0982 5668 MSKSSRV - ok
23:51:24.0998 5668 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:51:25.0029 5668 MSPCLOCK - ok
23:51:25.0060 5668 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:51:25.0091 5668 MSPQM - ok
23:51:25.0154 5668 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:51:25.0185 5668 MsRPC - ok
23:51:25.0216 5668 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:51:25.0232 5668 mssmbios - ok
23:51:25.0232 5668 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:51:25.0278 5668 MSTEE - ok
23:51:25.0278 5668 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:51:25.0310 5668 MTConfig - ok
23:51:25.0325 5668 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
23:51:25.0325 5668 Mup - ok
23:51:25.0356 5668 [ 93CD1C4ECB8658A35E5E6EBA02D43E4F ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
23:51:25.0372 5668 MyWiFiDHCPDNS - ok
23:51:25.0403 5668 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
23:51:25.0434 5668 napagent - ok
23:51:25.0481 5668 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:51:25.0544 5668 NativeWifiP - ok
23:51:25.0700 5668 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:51:25.0746 5668 NDIS - ok
23:51:25.0778 5668 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:51:25.0856 5668 NdisCap - ok
23:51:25.0856 5668 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:51:25.0887 5668 NdisTapi - ok
23:51:25.0918 5668 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:51:25.0949 5668 Ndisuio - ok
23:51:25.0996 5668 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:51:26.0058 5668 NdisWan - ok
23:51:26.0105 5668 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:51:26.0199 5668 NDProxy - ok
23:51:26.0230 5668 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:51:26.0308 5668 NetBIOS - ok
23:51:26.0339 5668 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:51:26.0402 5668 NetBT - ok
23:51:26.0448 5668 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
23:51:26.0480 5668 Netlogon - ok
23:51:26.0511 5668 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
23:51:26.0573 5668 Netman - ok
23:51:26.0604 5668 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
23:51:26.0636 5668 netprofm - ok
23:51:26.0667 5668 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:51:26.0667 5668 NetTcpPortSharing - ok
23:51:26.0916 5668 [ EB43840BABF5589E33186D094DE7381D ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
23:51:27.0182 5668 NETwNs64 - ok
23:51:27.0228 5668 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:51:27.0260 5668 nfrd960 - ok
23:51:27.0275 5668 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
23:51:27.0338 5668 NlaSvc - ok
23:51:27.0338 5668 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:51:27.0384 5668 Npfs - ok
23:51:27.0400 5668 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
23:51:27.0431 5668 nsi - ok
23:51:27.0447 5668 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:51:27.0478 5668 nsiproxy - ok
23:51:27.0556 5668 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:51:27.0603 5668 Ntfs - ok
23:51:27.0618 5668 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
23:51:27.0681 5668 Null - ok
23:51:28.0274 5668 [ 4FB60F36D13EABE95CE60A0D97D1A022 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:51:28.0430 5668 nvlddmkm - ok
23:51:28.0570 5668 [ 8952D53483F690BCCE3D51654AFE0892 ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
23:51:28.0601 5668 nvpciflt - ok
23:51:28.0632 5668 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:51:28.0632 5668 nvraid - ok
23:51:28.0648 5668 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:51:28.0664 5668 nvstor - ok
23:51:28.0710 5668 [ 6EADB29447941304CEECC7270892F572 ] NVSvc C:\Windows\system32\nvvsvc.exe
23:51:28.0757 5668 NVSvc - ok
23:51:28.0851 5668 [ 7E0780027DD61424655C1A44DDC94686 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
23:51:28.0913 5668 nvUpdatusService - ok
23:51:28.0929 5668 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:51:28.0944 5668 nv_agp - ok
23:51:28.0976 5668 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:51:28.0976 5668 ohci1394 - ok
23:51:29.0038 5668 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:51:29.0069 5668 ose - ok
23:51:29.0397 5668 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
23:51:29.0568 5668 osppsvc - ok
23:51:29.0631 5668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:51:29.0693 5668 p2pimsvc - ok
23:51:29.0756 5668 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
23:51:29.0818 5668 p2psvc - ok
23:51:29.0834 5668 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:51:29.0896 5668 Parport - ok
23:51:29.0927 5668 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:51:29.0943 5668 partmgr - ok
23:51:29.0990 5668 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:51:30.0021 5668 PcaSvc - ok
23:51:30.0036 5668 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
23:51:30.0052 5668 pci - ok
23:51:30.0083 5668 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
23:51:30.0083 5668 pciide - ok
23:51:30.0114 5668 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:51:30.0161 5668 pcmcia - ok
23:51:30.0177 5668 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
23:51:30.0177 5668 pcw - ok
23:51:30.0208 5668 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:51:30.0270 5668 PEAUTH - ok
23:51:30.0832 5668 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
23:51:30.0879 5668 PerfHost - ok
23:51:30.0972 5668 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
23:51:31.0082 5668 pla - ok
23:51:31.0191 5668 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:51:31.0238 5668 PlugPlay - ok
23:51:31.0269 5668 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:51:31.0300 5668 PNRPAutoReg - ok
23:51:31.0316 5668 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:51:31.0347 5668 PNRPsvc - ok
23:51:31.0440 5668 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:51:31.0534 5668 PolicyAgent - ok
23:51:31.0706 5668 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
23:51:31.0752 5668 Power - ok
23:51:31.0784 5668 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:51:31.0815 5668 PptpMiniport - ok
23:51:31.0830 5668 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:51:31.0846 5668 Processor - ok
23:51:31.0877 5668 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
23:51:31.0908 5668 ProfSvc - ok
23:51:31.0924 5668 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:51:31.0924 5668 ProtectedStorage - ok
23:51:31.0971 5668 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:51:32.0033 5668 Psched - ok
23:51:32.0080 5668 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:51:32.0174 5668 ql2300 - ok
23:51:32.0189 5668 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:51:32.0189 5668 ql40xx - ok
23:51:32.0220 5668 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
23:51:32.0236 5668 QWAVE - ok
23:51:32.0236 5668 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:51:32.0283 5668 QWAVEdrv - ok
23:51:32.0283 5668 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:51:32.0314 5668 RasAcd - ok
23:51:32.0345 5668 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:51:32.0439 5668 RasAgileVpn - ok
23:51:32.0501 5668 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
23:51:32.0595 5668 RasAuto - ok
23:51:32.0626 5668 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:51:32.0704 5668 Rasl2tp - ok
23:51:32.0720 5668 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
23:51:32.0766 5668 RasMan - ok
23:51:32.0798 5668 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:51:32.0844 5668 RasPppoe - ok
23:51:32.0860 5668 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:51:32.0891 5668 RasSstp - ok
23:51:32.0938 5668 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:51:32.0985 5668 rdbss - ok
23:51:33.0000 5668 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:51:33.0032 5668 rdpbus - ok
23:51:33.0032 5668 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:51:33.0063 5668 RDPCDD - ok
23:51:33.0063 5668 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:51:33.0141 5668 RDPENCDD - ok
23:51:33.0141 5668 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:51:33.0172 5668 RDPREFMP - ok
23:51:33.0203 5668 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:51:33.0266 5668 RDPWD - ok
23:51:33.0312 5668 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:51:33.0344 5668 rdyboost - ok
23:51:33.0422 5668 [ A6BAEA839CC888D4961AB5FE16BB8C4A ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
23:51:33.0500 5668 RegSrvc - ok
23:51:33.0531 5668 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
23:51:33.0609 5668 RemoteAccess - ok
23:51:33.0640 5668 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:51:33.0687 5668 RemoteRegistry - ok
23:51:33.0780 5668 [ 616F6E52CAE254727A886BA8EDA1BEEA ] RichVideo C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
23:51:33.0812 5668 RichVideo - ok
23:51:33.0858 5668 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:51:33.0952 5668 RpcEptMapper - ok
23:51:33.0968 5668 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
23:51:33.0983 5668 RpcLocator - ok
23:51:34.0014 5668 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
23:51:34.0061 5668 RpcSs - ok
23:51:34.0092 5668 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:51:34.0124 5668 rspndr - ok
23:51:34.0155 5668 [ 20A466B9EA2BD828C0EC723F99B8CFE7 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
23:51:34.0170 5668 RTL8167 - ok
23:51:34.0202 5668 [ 538B4DECD14E7A664921908C44987C8A ] S6000KNT C:\Windows\system32\Drivers\S6000KNT.sys
23:51:34.0202 5668 S6000KNT - ok
23:51:34.0217 5668 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
23:51:34.0233 5668 SamSs - ok
23:51:34.0280 5668 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:51:34.0311 5668 sbp2port - ok
23:51:34.0342 5668 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:51:34.0389 5668 SCardSvr - ok
23:51:34.0467 5668 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:51:34.0545 5668 scfilter - ok
23:51:34.0685 5668 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
23:51:34.0779 5668 Schedule - ok
23:51:34.0826 5668 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:51:34.0841 5668 SCPolicySvc - ok
23:51:34.0888 5668 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:51:34.0904 5668 SDRSVC - ok
23:51:34.0935 5668 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:51:34.0966 5668 secdrv - ok
23:51:34.0997 5668 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
23:51:35.0044 5668 seclogon - ok
23:51:35.0060 5668 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
23:51:35.0091 5668 SENS - ok
23:51:35.0106 5668 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:51:35.0153 5668 SensrSvc - ok
23:51:35.0169 5668 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:51:35.0200 5668 Serenum - ok
23:51:35.0216 5668 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:51:35.0231 5668 Serial - ok
23:51:35.0262 5668 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:51:35.0294 5668 sermouse - ok
23:51:35.0325 5668 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
23:51:35.0387 5668 SessionEnv - ok
23:51:35.0434 5668 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:51:35.0481 5668 sffdisk - ok
23:51:35.0496 5668 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:51:35.0559 5668 sffp_mmc - ok
23:51:35.0574 5668 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:51:35.0606 5668 sffp_sd - ok
23:51:35.0621 5668 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:51:35.0637 5668 sfloppy - ok
23:51:35.0699 5668 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
23:51:35.0730 5668 Sftfs - ok
23:51:35.0808 5668 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
23:51:35.0840 5668 sftlist - ok
23:51:35.0871 5668 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
23:51:35.0871 5668 Sftplay - ok
23:51:35.0902 5668 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
23:51:35.0918 5668 Sftredir - ok
23:51:35.0980 5668 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
23:51:35.0996 5668 Sftvol - ok
23:51:36.0027 5668 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
23:51:36.0042 5668 sftvsa - ok
23:51:36.0089 5668 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:51:36.0152 5668 SharedAccess - ok
23:51:36.0214 5668 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:51:36.0292 5668 ShellHWDetection - ok
23:51:36.0339 5668 [ 1BC348CF6BAA90EC8E533EF6E6A69933 ] SiSGbeLH C:\Windows\system32\DRIVERS\SiSG664.sys
23:51:36.0370 5668 SiSGbeLH - ok
23:51:36.0417 5668 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:51:36.0432 5668 SiSRaid2 - ok
23:51:36.0448 5668 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:51:36.0464 5668 SiSRaid4 - ok
23:51:36.0510 5668 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:51:36.0588 5668 Smb - ok
23:51:36.0620 5668 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:51:36.0635 5668 SNMPTRAP - ok
23:51:36.0635 5668 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
23:51:36.0651 5668 spldr - ok
23:51:36.0698 5668 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
23:51:36.0760 5668 Spooler - ok
23:51:36.0978 5668 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
23:51:37.0119 5668 sppsvc - ok
23:51:37.0166 5668 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:51:37.0197 5668 sppuinotify - ok
23:51:37.0244 5668 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
23:51:37.0322 5668 srv - ok
23:51:37.0353 5668 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:51:37.0431 5668 srv2 - ok
23:51:37.0478 5668 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:51:37.0524 5668 srvnet - ok
23:51:37.0556 5668 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:51:37.0618 5668 SSDPSRV - ok
23:51:37.0634 5668 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:51:37.0665 5668 SstpSvc - ok
23:51:37.0696 5668 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:51:37.0712 5668 stexstor - ok
23:51:37.0743 5668 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
23:51:37.0774 5668 stisvc - ok
23:51:37.0790 5668 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
23:51:37.0805 5668 swenum - ok
23:51:37.0899 5668 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
23:51:37.0977 5668 swprv - ok
23:51:38.0133 5668 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
23:51:38.0211 5668 SysMain - ok
23:51:38.0242 5668 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:51:38.0258 5668 TabletInputService - ok
23:51:38.0273 5668 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
23:51:38.0320 5668 TapiSrv - ok
23:51:38.0336 5668 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
23:51:38.0367 5668 TBS - ok
23:51:38.0445 5668 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:51:38.0507 5668 Tcpip - ok
23:51:38.0570 5668 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:51:38.0601 5668 TCPIP6 - ok
23:51:38.0663 5668 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:51:38.0710 5668 tcpipreg - ok
23:51:38.0741 5668 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:51:38.0788 5668 TDPIPE - ok
23:51:38.0819 5668 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:51:38.0850 5668 TDTCP - ok
23:51:38.0882 5668 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:51:38.0960 5668 tdx - ok
23:51:38.0975 5668 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:51:38.0975 5668 TermDD - ok
23:51:39.0022 5668 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
23:51:39.0131 5668 TermService - ok
23:51:39.0162 5668 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
23:51:39.0209 5668 Themes - ok
23:51:39.0209 5668 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
23:51:39.0240 5668 THREADORDER - ok
23:51:39.0303 5668 [ 69D76CE06BB629B69165C81D83A4B03E ] TiMiniService C:\Program Files\Trend Micro\Titanium\TiMiniService.exe
23:51:39.0334 5668 TiMiniService - ok
23:51:39.0365 5668 [ 73AAFFDD2AC3C8814B26C440E5DD9DD4 ] tmactmon C:\Windows\system32\DRIVERS\tmactmon.sys
23:51:39.0381 5668 tmactmon - ok
23:51:39.0396 5668 [ 360E61217D4E1E333583D0C721057F70 ] tmcomm C:\Windows\system32\DRIVERS\tmcomm.sys
23:51:39.0412 5668 tmcomm - ok
23:51:39.0412 5668 [ 699D34EB7C670139CA23A65372BD5743 ] tmevtmgr C:\Windows\system32\DRIVERS\tmevtmgr.sys
23:51:39.0428 5668 tmevtmgr - ok
23:51:39.0443 5668 [ 262198EFB734012BFCD17E7479AE4A09 ] tmtdi C:\Windows\system32\DRIVERS\tmtdi.sys
23:51:39.0443 5668 tmtdi - ok
23:51:39.0474 5668 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
23:51:39.0537 5668 TrkWks - ok
23:51:39.0615 5668 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:51:39.0693 5668 TrustedInstaller - ok
23:51:39.0724 5668 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:51:39.0771 5668 tssecsrv - ok
23:51:39.0833 5668 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:51:39.0880 5668 TsUsbFlt - ok
23:51:39.0911 5668 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:51:39.0989 5668 tunnel - ok
23:51:40.0005 5668 [ B355581A9DA34C92E2DBAFA410D2F829 ] TurboB C:\Windows\system32\DRIVERS\TurboB.sys
23:51:40.0020 5668 TurboB - ok
23:51:40.0052 5668 [ 6564E84B1522C12EA1C3A181ED03276F ] TurboBoost C:\Program Files\Intel\TurboBoost\TurboBoost.exe
23:51:40.0067 5668 TurboBoost - ok
23:51:40.0083 5668 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:51:40.0114 5668 uagp35 - ok
23:51:40.0145 5668 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:51:40.0239 5668 udfs - ok
23:51:40.0254 5668 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:51:40.0286 5668 UI0Detect - ok
23:51:40.0301 5668 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:51:40.0317 5668 uliagpkx - ok
23:51:40.0348 5668 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
23:51:40.0379 5668 umbus - ok
23:51:40.0426 5668 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:51:40.0473 5668 UmPass - ok
23:51:40.0816 5668 [ 2C16648A12999AE69A9EBF41974B0BA2 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
23:51:40.0863 5668 UNS - ok
23:51:40.0941 5668 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
23:51:41.0003 5668 upnphost - ok
23:51:41.0019 5668 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:51:41.0050 5668 usbccgp - ok
23:51:41.0066 5668 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:51:41.0097 5668 usbcir - ok
23:51:41.0128 5668 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
23:51:41.0159 5668 usbehci - ok
23:51:41.0206 5668 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:51:41.0237 5668 usbhub - ok
23:51:41.0268 5668 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:51:41.0284 5668 usbohci - ok
23:51:41.0315 5668 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:51:41.0346 5668 usbprint - ok
23:51:41.0362 5668 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:51:41.0424 5668 USBSTOR - ok
23:51:41.0440 5668 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
23:51:41.0471 5668 usbuhci - ok
23:51:41.0502 5668 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:51:41.0534 5668 usbvideo - ok
23:51:41.0565 5668 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
23:51:41.0627 5668 UxSms - ok
23:51:41.0643 5668 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
23:51:41.0643 5668 VaultSvc - ok
23:51:41.0690 5668 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:51:41.0721 5668 vdrvroot - ok
23:51:41.0830 5668 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
23:51:41.0924 5668 vds - ok
23:51:41.0939 5668 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:51:41.0955 5668 vga - ok
23:51:41.0970 5668 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
23:51:42.0017 5668 VgaSave - ok
23:51:42.0048 5668 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:51:42.0048 5668 vhdmp - ok
23:51:42.0080 5668 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
23:51:42.0095 5668 viaide - ok
23:51:42.0142 5668 [ 0ADF410187B71C9B855721C8D59CEC7A ] VideAceWindowsService C:\ExpressGateUtil\VAWinService.exe
23:51:42.0173 5668 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - warning
23:51:42.0173 5668 VideAceWindowsService - detected UnsignedFile.Multi.Generic (1)
23:51:42.0189 5668 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:51:42.0204 5668 volmgr - ok
23:51:42.0282 5668 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:51:42.0329 5668 volmgrx - ok
23:51:42.0360 5668 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:51:42.0407 5668 volsnap - ok
23:51:42.0454 5668 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:51:42.0470 5668 vsmraid - ok
23:51:42.0610 5668 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
23:51:42.0719 5668 VSS - ok
23:51:42.0735 5668 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:51:42.0766 5668 vwifibus - ok
23:51:42.0797 5668 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:51:42.0813 5668 vwififlt - ok
23:51:42.0828 5668 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:51:42.0860 5668 vwifimp - ok
23:51:42.0906 5668 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
23:51:43.0000 5668 W32Time - ok
23:51:43.0016 5668 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:51:43.0047 5668 WacomPen - ok
23:51:43.0062 5668 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:51:43.0094 5668 WANARP - ok
23:51:43.0109 5668 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:51:43.0140 5668 Wanarpv6 - ok
23:51:43.0234 5668 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
23:51:43.0328 5668 WatAdminSvc - ok
23:51:43.0468 5668 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
23:51:43.0546 5668 wbengine - ok
23:51:43.0577 5668 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:51:43.0624 5668 WbioSrvc - ok
23:51:43.0655 5668 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:51:43.0718 5668 wcncsvc - ok
23:51:43.0733 5668 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:51:43.0764 5668 WcsPlugInService - ok
23:51:43.0780 5668 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:51:43.0796 5668 Wd - ok
23:51:43.0811 5668 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:51:43.0858 5668 Wdf01000 - ok
23:51:43.0874 5668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:51:43.0967 5668 WdiServiceHost - ok
23:51:43.0983 5668 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:51:44.0014 5668 WdiSystemHost - ok
23:51:44.0045 5668 [ D655B1A102E352D7801E7C8B36317A6D ] wdkmd C:\Windows\system32\DRIVERS\WDKMD.sys
23:51:44.0076 5668 wdkmd - ok
23:51:44.0123 5668 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
23:51:44.0186 5668 WebClient - ok
23:51:44.0264 5668 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:51:44.0326 5668 Wecsvc - ok
23:51:44.0357 5668 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:51:44.0388 5668 wercplsupport - ok
23:51:44.0404 5668 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
23:51:44.0451 5668 WerSvc - ok
23:51:44.0482 5668 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:51:44.0560 5668 WfpLwf - ok
23:51:44.0591 5668 [ 52DED146E4797E6CCF94799E8E22BB2A ] WimFltr C:\Windows\system32\DRIVERS\wimfltr.sys
23:51:44.0607 5668 WimFltr - ok
23:51:44.0607 5668 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:51:44.0622 5668 WIMMount - ok
23:51:44.0638 5668 WinDefend - ok
23:51:44.0654 5668 WinHttpAutoProxySvc - ok
23:51:44.0810 5668 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:51:44.0856 5668 Winmgmt - ok
23:51:44.0934 5668 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
23:51:45.0075 5668 WinRM - ok
23:51:45.0106 5668 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:51:45.0122 5668 WinUsb - ok
23:51:45.0184 5668 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
23:51:45.0246 5668 Wlansvc - ok
23:51:45.0340 5668 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
23:51:45.0356 5668 wlcrasvc - ok
23:51:45.0621 5668 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
23:51:45.0714 5668 wlidsvc - ok
23:51:45.0746 5668 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:51:45.0777 5668 WmiAcpi - ok
23:51:45.0808 5668 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:51:45.0839 5668 wmiApSrv - ok
23:51:45.0855 5668 WMPNetworkSvc - ok
23:51:45.0886 5668 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:51:45.0917 5668 WPCSvc - ok
23:51:45.0948 5668 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:51:45.0980 5668 WPDBusEnum - ok
23:51:46.0011 5668 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:51:46.0089 5668 ws2ifsl - ok
23:51:46.0136 5668 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
23:51:46.0182 5668 wscsvc - ok
23:51:46.0182 5668 WSearch - ok
23:51:46.0292 5668 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
23:51:46.0370 5668 wuauserv - ok
23:51:46.0385 5668 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:51:46.0463 5668 WudfPf - ok
23:51:46.0494 5668 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:51:46.0526 5668 WUDFRd - ok
23:51:46.0557 5668 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:51:46.0572 5668 wudfsvc - ok
23:51:46.0619 5668 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
23:51:46.0650 5668 WwanSvc - ok
23:51:46.0666 5668 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbmdm6k C:\Windows\system32\DRIVERS\ZTEusbmdm6k.sys
23:51:46.0682 5668 ZTEusbmdm6k - ok
23:51:46.0713 5668 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbnmea C:\Windows\system32\DRIVERS\ZTEusbnmea.sys
23:51:46.0713 5668 ZTEusbnmea - ok
23:51:46.0728 5668 [ D6959A4FC3B56AFD9E31B0E71377C05F ] ZTEusbser6k C:\Windows\system32\DRIVERS\ZTEusbser6k.sys
23:51:46.0728 5668 ZTEusbser6k - ok
23:51:46.0760 5668 ================ Scan global ===============================
23:51:46.0806 5668 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
23:51:46.0838 5668 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:51:46.0853 5668 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
23:51:46.0884 5668 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
23:51:46.0900 5668 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
23:51:46.0916 5668 [Global] - ok
23:51:46.0916 5668 ================ Scan MBR ==================================
23:51:46.0931 5668 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:51:47.0820 5668 \Device\Harddisk0\DR0 - ok
23:51:47.0820 5668 ================ Scan VBR ==================================
23:51:47.0867 5668 [ 6B41624EB4ED1238BCA41995B87CD8BD ] \Device\Harddisk0\DR0\Partition1
23:51:47.0867 5668 \Device\Harddisk0\DR0\Partition1 - ok
23:51:47.0898 5668 [ B2B33AEC8BCE4C3A041A95E0EBB66163 ] \Device\Harddisk0\DR0\Partition2
23:51:47.0898 5668 \Device\Harddisk0\DR0\Partition2 - ok
23:51:47.0898 5668 ============================================================
23:51:47.0914 5668 Scan finished
23:51:47.0914 5668 ============================================================
23:51:47.0930 5644 Detected object count: 2
23:51:47.0930 5644 Actual detected object count: 2
23:52:18.0724 5644 Adobe LM Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:18.0724 5644 Adobe LM Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:52:18.0724 5644 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - skipped by user
23:52:18.0724 5644 VideAceWindowsService ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
01.10.2012, 12:12
| #22 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
01.10.2012, 18:50
| #23 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Hallo Cosinus! Ich habe Combo-Fix ausgeführt (Log-Datei siehe etwas weiter unten). Danach sind mir (auf die Schnelle) folgende Dinge aufgefallen: - Die beiden Hilfsprogramme zur Konfiguration der Internetverbindung "A1-Webassistent" und "A1-Servicecenters" meines Internet-Providers (A1) wurden gelöscht (Verknüpfungen in Startmenü und Desktop noch vorhanden) - Mozilla Firefox ist nicht mehr der Standard-Browser - Im Windows Explorer werden die Dateiendungen nicht mehr angezeigt. Ansonsten lassen sich offenbar alle Programme normal ausführen. Hier ist die Log-Datei: Code:
ATTFilter ComboFix 12-09-30.03 - aharing 01.10.2012 19:07:54.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.43.1031.18.8103.6106 [GMT 2:00]
ausgeführt von:: c:\users\aharing\Desktop\ComboFix.exe
AV: Trend Micro Titanium Internet Security *Disabled/Updated* {68F968AC-2AA0-091D-848C-803E83E35902}
SP: Trend Micro Titanium Internet Security *Disabled/Updated* {D3988948-0C9A-0693-BE3C-BB4CF86413BF}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\program files (x86)\A1
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
c:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
c:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
c:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
c:\program files (x86)\A1\A1 Servicecenter\Content\index.html
c:\program files (x86)\A1\A1 Servicecenter\Content\more.html
c:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
c:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
c:\program files (x86)\A1\A1 Servicecenter\libcef.dll
c:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
c:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
c:\program files (x86)\A1\A1 Servicecenter\Start.exe
c:\program files (x86)\A1\A1 Servicecenter\Start.ini
c:\program files (x86)\A1\A1 Webassistent\A1Breitband.chm
c:\program files (x86)\A1\A1 Webassistent\A1Breitband.exe
c:\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe
c:\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe
c:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf
c:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe
c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm
c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
c:\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe
c:\program files (x86)\A1\A1 Webassistent\inifiles.dat
c:\program files (x86)\A1\A1 Webassistent\ipworks6.dll
c:\program files (x86)\A1\A1 Webassistent\KCO.exe
c:\program files (x86)\A1\A1 Webassistent\M2Updater.exe
c:\programdata\FullRemove.exe
c:\windows\SysWow64\pt
c:\windows\SysWow64\pt\AuthFWSnapIn.Resources.dll
c:\windows\SysWow64\pt\AuthFWWizFwk.Resources.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-09-01 bis 2012-10-01 ))))))))))))))))))))))))))))))
.
.
2012-10-01 17:15 . 2012-10-01 17:15 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-10-01 17:15 . 2012-10-01 17:15 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-09-28 19:50 . 2012-09-28 19:50 -------- d-----w- C:\_OTL
2012-09-28 15:42 . 2012-08-21 21:01 245760 ----a-w- c:\windows\system32\OxpsConverter.exe
2012-09-28 15:42 . 2012-09-28 15:42 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-09-28 15:42 . 2012-09-28 15:42 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-09-24 19:43 . 2012-08-24 11:15 17810944 ----a-w- c:\windows\system32\mshtml.dll
2012-09-24 19:43 . 2012-08-24 10:39 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-09-24 17:33 . 2012-09-24 17:33 -------- d-----w- c:\program files (x86)\ESET
2012-09-22 19:27 . 2012-09-22 19:27 -------- d-----w- c:\users\aharing\AppData\Roaming\Malwarebytes
2012-09-22 19:26 . 2012-09-22 19:26 -------- d-----w- c:\programdata\Malwarebytes
2012-09-22 19:26 . 2012-09-22 19:26 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-09-22 19:26 . 2012-09-07 15:04 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-09-12 18:26 . 2012-08-22 18:12 950128 ----a-w- c:\windows\system32\drivers\ndis.sys
2012-09-12 18:26 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-09-12 18:26 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-09-12 18:26 . 2012-07-04 20:26 41472 ----a-w- c:\windows\system32\drivers\RNDISMP.sys
2012-09-12 18:26 . 2012-08-22 18:12 1913200 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-09-12 18:26 . 2012-08-22 18:12 376688 ----a-w- c:\windows\system32\drivers\netio.sys
2012-09-12 18:26 . 2012-08-22 18:12 288624 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-01 16:53 . 2011-04-29 19:15 45056 ----a-w- c:\windows\system32\acovcnt.exe
2012-09-28 15:42 . 2012-06-30 14:42 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-09-28 15:42 . 2011-06-19 21:04 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-09-12 20:19 . 2011-06-16 20:49 64462936 ----a-w- c:\windows\system32\MRT.exe
2012-07-18 18:15 . 2012-08-17 15:16 3148800 ----a-w- c:\windows\system32\win32k.sys
2012-07-04 22:16 . 2012-08-17 15:34 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-07-04 22:13 . 2012-08-17 15:34 59392 ----a-w- c:\windows\system32\browcli.dll
2012-07-04 22:13 . 2012-08-17 15:34 136704 ----a-w- c:\windows\system32\browser.dll
2012-07-04 21:14 . 2012-08-17 15:34 41984 ----a-w- c:\windows\SysWow64\browcli.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-20 1475584]
"gStart"="c:\garmin\gStart.exe" [2008-08-13 1891416]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"UpdateLBPShortCut"="c:\program files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"UpdateP2GoShortCut"="c:\program files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2009-05-20 222504]
"Nuance PDF Reader-reminder"="c:\program files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" [2008-11-03 328992]
"FLxHCIm"="c:\program files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" [2010-11-20 37888]
"SonicMasterTray"="c:\program files (x86)\ASUS\SonicMaster\SonicMasterTray.exe" [2010-07-10 984400]
"ATKMEDIA"="c:\program files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe" [2010-10-07 170624]
"HControlUser"="c:\program files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe" [2009-06-19 105016]
"Wireless Console 3"="c:\program files (x86)\ASUS\Wireless Console 3\wcourier.exe" [2010-09-24 1601536]
"VAWinAgent"="c:\expressgateutil\VAWinAgent.exe" [2010-08-13 21504]
"RemoteControl10"="c:\program files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" [2010-02-03 87336]
"BDRegion"="c:\program files (x86)\Cyberlink\Shared files\brs.exe" [2010-08-25 75048]
"UpdatePSTShortCut"="c:\program files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" [2010-11-17 222504]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2011-09-27 59240]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2011-10-24 421888]
.
c:\users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-5 113664]
OpenOffice.org 3.3.lnk - c:\program files (x86)\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2012-6-5 113664]
AsusVibeLauncher.lnk - c:\program files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe [2011-2-25 548528]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Security Packages REG_MULTI_SZ kerberos msv1_0 schannel wdigest tspkg pku2u livessp
.
R2 CLKMSVC10_38F51D56;CyberLink Product - 2011/02/24 15:47;c:\program files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2010-08-25 246256]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 gupdate;Google Update Service (gupdate);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 135664]
R2 VideAceWindowsService;VideAceWindowsService;c:\expressgateutil\VAWinService.exe [2010-08-21 77312]
R3 Amsp;Trend Micro Solution Platform;c:\program files\Trend Micro\AMSP\coreServiceShell.exe coreFrameworkHost.exe [x]
R3 gupdatem;Google Update-Dienst (gupdatem);c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 135664]
R3 massfilter;MBB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [2010-02-22 11776]
R3 MyWiFiDHCPDNS;Wireless PAN DHCP Server;c:\program files\Intel\WiFi\bin\PanDhcpDns.exe [2010-07-20 340240]
R3 osppsvc;Office Software Protection Platform;c:\program files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE [2010-01-09 4925184]
R3 SiSGbeLH;SiS191/SiS190 Ethernet Device NDIS 6.0 Driver;c:\windows\system32\DRIVERS\SiSG664.sys [2009-06-10 56832]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [2011-05-14 1255736]
R4 wlcrasvc;Windows Live Mesh remote connections service;c:\program files\Windows Live\Mesh\wlcrasvc.exe [2010-09-23 57184]
S0 nvpciflt;nvpciflt;c:\windows\system32\DRIVERS\nvpciflt.sys [2010-12-04 25576]
S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2010-07-26 17024]
S1 vwififlt;Virtual WiFi Filter Driver;c:\windows\system32\DRIVERS\vwififlt.sys [2009-07-14 59904]
S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe [2010-11-30 379520]
S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-07-03 15416]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-07 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-07 676936]
S2 nvUpdatusService;NVIDIA Update Service Daemon;c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe [2010-12-04 1997416]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TiMiniService;TiMiniService;c:\program files\Trend Micro\Titanium\TiMiniService.exe [2010-09-17 241488]
S2 tmevtmgr;tmevtmgr;c:\windows\system32\DRIVERS\tmevtmgr.sys [2010-09-17 67664]
S2 TurboB;Turbo Boost UI Monitor driver;c:\windows\system32\DRIVERS\TurboB.sys [2010-04-17 13832]
S2 TurboBoost;Intel(R) Turbo Boost Technology Monitor;c:\program files\Intel\TurboBoost\TurboBoost.exe [2010-04-17 134928]
S2 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-12-21 2656280]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-09-08 129024]
S3 FLxHCIc;Fresco Logic xHCI (USB3) Device Driver;c:\windows\system32\DRIVERS\FLxHCIc.sys [2010-11-20 210944]
S3 FLxHCIh;Fresco Logic xHCI (USB3) Hub Device Driver;c:\windows\system32\DRIVERS\FLxHCIh.sys [2010-11-20 49664]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-10-14 317440]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-07 25928]
S3 MEIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2010-10-20 56344]
S3 NETwNs64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 7 - 64 Bit;c:\windows\system32\DRIVERS\NETwNs64.sys [2010-07-14 7821312]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-06-23 333928]
S3 S6000KNT;S6000KNT_WebCam Driver;c:\windows\system32\Drivers\S6000KNT.sys [2010-08-05 190232]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 vwifimp;Microsoft Virtual WiFi Miniport Service;c:\windows\system32\DRIVERS\vwifimp.sys [2009-07-14 17920]
S3 wdkmd;Intel WiDi KMD;c:\windows\system32\DRIVERS\WDKMD.sys [2010-10-06 42392]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*Deregistered* - CLKMDRV10_38F51D56
.
Inhalt des "geplante Tasks" Ordners
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 22:50]
.
2012-10-01 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2011-02-24 22:50]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_B]
@="{6D4133E5-0742-4ADC-8A8C-9303440F7190}"
[HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\AsusWSShellExt_O]
@="{64174815-8D98-4CE6-8646-4C039977D808}"
[HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}]
2009-11-26 05:49 70656 ----a-w- c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSShellExt64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ASUS WebStorage"="c:\program files (x86)\ASUS\ASUS WebStorage\SERVICE\AsusWSService.exe" [2010-03-16 1754448]
"VizorHtmlDialog.exe"="c:\program files\Trend Micro\Titanium\UIFramework\VizorHtmlDialog.exe" [2010-10-08 1123664]
"Trend Micro Client Framework"="c:\program files\Trend Micro\UniClient\UiFrmWrk\UIWatchDog.exe" [2010-10-12 192520]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-12-03 167960]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-12-03 391704]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-12-03 417304]
"AmIcoSinglun64"="c:\program files (x86)\AmIcoSingLun\AmIcoSinglun64.exe" [2010-08-11 324096]
"RtHDVBg"="c:\program files\Realtek\Audio\HDA\RAVBg64.exe" [2010-11-30 2186856]
"IntelWireless"="c:\program files\Common Files\Intel\WirelessCommon\iFrmewrk.exe" [2010-07-20 1931024]
"IntelTBRunOnce"="wscript.exe" [2009-07-14 168960]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.at/
mStart Page = hxxp://asus.msn.com
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: Free YouTube to MP3 Converter - c:\users\aharing\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 10.0.0.138 10.0.0.138
FF - ProfilePath - c:\users\aharing\AppData\Roaming\Mozilla\Firefox\Profiles\pjbsyadv.default\
FF - prefs.js: browser.startup.homepage - hxxp://10.0.0.138/
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-S6000Mnt - S6000Rmv.dll
Wow6432Node-HKLM-Run-SessionLogon - c:\expressgateutil\SessionLogon.exe
Wow6432Node-HKLM-Run-A1Webassistent - c:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-ASUS_Screensaver - c:\windows\system32\ASUS_Screensaver.scr
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil10t_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash10t.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet002\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-10-01 19:18:14
ComboFix-quarantined-files.txt 2012-10-01 17:18
.
Vor Suchlauf: 12 Verzeichnis(se), 91.463.852.032 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 91.222.507.520 Bytes frei
.
- - End Of File - - 5A2FBC39757CA6F2E501B397951B4F0E
|
|
02.10.2012, 13:41
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht A1 stellen wir wieder her, die anderen Sachen wie Standardbrowser also das ist ja pillepalle  Combofix - Scripten 1. Starte das Notepad (Start / Ausführen / notepad[Enter]) 2. Jetzt füge mit copy/paste den ganzen Inhalt der untenstehenden Codebox in das Notepad Fenster ein. Code:
ATTFilter DeQuarantine::
C:\Qoobox\Quarantine\c\program files (x86)\A1
Quit::
4. Deaktivere den Guard Deines Antivirenprogramms und eine eventuell vorhandene Software Firewall. (Auch Guards von Ad-, Spyware Programmen und den Tea Timer (wenn vorhanden) !) 5. Dann ziehe die CFScript.txt auf die cofi.exe, so wie es im unteren Bild zu sehen ist. Damit wird Combofix neu gestartet.  6. Nach dem Neustart (es wird gefragt ob Du neustarten willst), poste bitte die folgenden Log Dateien: Combofix.txt Hinweis: Das obige Script ist nur für diesen einen User in dieser Situtation erstellt worden. Es ist auf keinen anderen Rechner portierbar und darf nicht anderweitig verwandt werden, da es das System nachhaltig schädigen kann!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 18:50
| #25 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Ich habe das Script wie beschrieben von Combo-Fix ausführen lassen. Danach wurde die Datei DeQuarantine.txt im Editor angezeigt, die Datei "Combofix.txt" habe ich diesmal allerdings nirgendwo gefunden (weder am Desktop, noch direkt unter C:\, auch nicht im Ordner C:\Combofix\), auch ein Neustart wurde mir nicht angeboten (habe ich dann manuell durchgeführt). Die Wiederherstellung scheint aber funktioniert zu haben. Ich poste dir mangels Combofix.txt (wo sollte sie zu finden sein?) die Datei DeQuarantine.txt: Code:
ATTFilter C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe -> C:\program files (x86)\A1\A1 Servicecenter\A1Servicecenter.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\icudt42.dll -> C:\program files (x86)\A1\A1 Servicecenter\icudt42.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\libcef.dll -> C:\program files (x86)\A1\A1 Servicecenter\libcef.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\M2Updater.exe -> C:\program files (x86)\A1\A1 Servicecenter\M2Updater.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\reqdata.cfg -> C:\program files (x86)\A1\A1 Servicecenter\reqdata.cfg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.exe -> C:\program files (x86)\A1\A1 Servicecenter\Start.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Start.ini -> C:\program files (x86)\A1\A1 Servicecenter\Start.ini
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\broadband.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\broadband.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\cd_more.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\index.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\index.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\more.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\more.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\wlan.html -> C:\program files (x86)\A1\A1 Servicecenter\Content\wlan.html
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_medium_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf -> C:\program files (x86)\A1\A1 Servicecenter\Content\fonts\a1ta_regular_web01-webfont.ttf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_a1_breitband_200x300.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_weitere_services.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\01a_wlan_einrichten.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_a1_breitband_installieren_200x366.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemkonfigurationssoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02a_modemwechselsoftware.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_unterwegs.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_breitband_zuhause.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_hinzufuegen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_installation.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\02b_wiederherstellen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_geraete.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\03_zusaetzliche_wlan_sicherheitseinstellungen.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\1x1_white_15.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\AdobeX_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_big.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_box_small.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\bg_overlay.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_down.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\box_arrow_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\btn_close.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\FF_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\footer_trenner.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\icon_warning.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\IE_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_active_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_arrow_back.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_center.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_left.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\link_inactive_right.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\loader.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo.jpg
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_150.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_chrome_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_glas_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\logo_kabel_48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\mm_icon_48x48.png
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_bl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_br.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tl.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif -> C:\program files (x86)\A1\A1 Servicecenter\Content\img\warning_tr.gif
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.css
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js -> C:\program files (x86)\A1\A1 Servicecenter\Content\includes\main.js
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Breitband.chm -> C:\program files (x86)\A1\A1 Webassistent\A1Breitband.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Breitband.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Breitband.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe -> C:\program files (x86)\A1\A1 Webassistent\A1CMDTool.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Mailboxen.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf -> C:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.elf
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Modemkonfigurator.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm -> C:\program files (x86)\A1\A1 Webassistent\A1Webassistent.chm
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe -> C:\program files (x86)\A1\A1 Webassistent\A1Webassistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe -> C:\program files (x86)\A1\A1 Webassistent\A1WLANAssistent.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\inifiles.dat -> C:\program files (x86)\A1\A1 Webassistent\inifiles.dat
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\ipworks6.dll -> C:\program files (x86)\A1\A1 Webassistent\ipworks6.dll
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\KCO.exe -> C:\program files (x86)\A1\A1 Webassistent\KCO.exe
C:\Qoobox\Quarantine\c\program files (x86)\A1\A1 Webassistent\M2Updater.exe -> C:\program files (x86)\A1\A1 Webassistent\M2Updater.exe
76 Datei(en) kopiert
|
|
02.10.2012, 20:31
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Ja nur die brauch ich - das Dequarantine wird so selten benötigt, dass ich da öfter mal vergesse den Baustein für die Anleitungen anzupassen Läuft A1 wieder?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.10.2012, 20:55
| #27 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Alles klar! Ja, A1 läuft wieder. |
|
03.10.2012, 17:57
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Bitte nun Logs mit GMER und OSAM erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim 2. Mal nicht will, lass es einfach weg und führ nur OSAM aus - die Online-Abfrage durch OSAM bitte überspringen. Bei OSAM bitte darauf auch achten, dass Du das Log auch als *.log und nicht *.html oder so abspeicherst. Hinweis: Zum Entpacken von OSAM bitte WinRAR oder 7zip verwenden! Stell auch unbedingt den Virenscanner ab, besonders der Scanner von McAfee meldet oft einen Fehalarm in OSAM! Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.10.2012, 20:33
| #29 |
| | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Nach einem langen Scan mit GMER hat sich ein Fenster mit der Nachricht "GMER has not found any system modifications" (oder so ähnlich) geöffnet, das ich mit OK bestätigt habe. Log-File wurde keines erzeugt: mit "Copy" wurde nichts in die Zwischenablage kopiert - auch "Save..." hat nur ein leeres log-File erzeugt. OSAM-Log: Code:
ATTFilter Report of OSAM: Autorun Manager v5.0.11926.0 hxxp://www.online-solutions.ru/en/ Saved at 21:01:29 on 03.10.2012 OS: Windows 7 Home Premium Edition Service Pack 1 (Build 7601), 64-bit Default Browser: Mozilla Corporation Firefox 11.0 Scanner Settings [x] Rootkits detection (hidden registry) [x] Rootkits detection (hidden files) [x] Retrieve files information [x] Check Microsoft signatures Filters [ ] Trusted entries [ ] Empty entries [x] Hidden registry entries (rootkit activity) [x] Exclusively opened files [x] Not found files [x] Files without detailed information [x] Existing files [ ] Non-startable services [ ] Non-startable drivers [x] Active entries [x] Disabled entries [Common] -----( %SystemRoot%\Tasks )----- "GoogleUpdateTaskMachineCore.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "GoogleUpdateTaskMachineUA.job" - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [Control Panel Objects] -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Control Panel\Cpls )----- "Adobe Gamma" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma.cpl "QuickTime" - "Apple Inc." - C:\Program Files (x86)\QuickTime\QTSystem\QuickTime.cpl [Drivers] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "ASMMAP64" (ASMMAP64) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys "ATKWMIACPI Driver" (ATKWMIACPIIO) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys "catchme" (catchme) - ? - C:\ComboFix\catchme.sys (File not found) "FssFltr" (fssfltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\fssfltr.sys "MBAMProtector" (MBAMProtector) - "Malwarebytes Corporation" - C:\Windows\system32\drivers\mbam.sys "Sftfs" (Sftfs) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftfslh.sys "Sftplay" (Sftplay) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftplaylh.sys "Sftredir" (Sftredir) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftredirlh.sys "Sftvol" (Sftvol) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\Sftvollh.sys "Trend Micro TDI Driver" (tmtdi) - "Trend Micro Inc." - C:\Windows\System32\DRIVERS\tmtdi.sys "WimFltr" (WimFltr) - "Microsoft Corporation" - C:\Windows\System32\DRIVERS\wimfltr.sys [Explorer] -----( HKLM\Software\Classes\Folder\shellex\ColumnHandlers )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "{C52AF81D-F7A0-4AAB-8E87-F80A60CCD396}" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll -----( HKLM\Software\Classes\Protocols\Handler )----- {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} "Album Download IE Asynchronous Pluggable Protocol Interface" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll {828030A1-22C1-4009-854F-8E305202313F} "livecall" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {828030A1-22C1-4009-854F-8E305202313F} "msnim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Messenger\msgrapp.dll {1A77E7DC-C9A0-4110-8A37-2F36BAE71ECF} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll {0E526CB5-7446-41D1-A403-19BFE95E8C23} "TmIEPlugInAPP Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll {03C514A3-1EFB-4856-9F99-10D7BE1653C0} "Windows Live Mail HTML Asynchronous Pluggable Protocol Handler" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Mail\mailcomm.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved )----- {C52AF81D-F7A0-4AAB-8E87-F80A60CCD396} "OpenOffice.org Column Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {087B3AE3-E237-4467-B8DB-5A38AB959AC9} "OpenOffice.org Infotip Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {AE424E85-F6DF-4910-A6A9-438797986431} "OpenOffice.org Property Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\propertyhdl.dll {63542C48-9552-494A-84F7-73AA6A7C99C1} "OpenOffice.org Property Sheet Handler" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {3B092F0C-7696-40E3-A80F-68D74DA84210} "OpenOffice.org Thumbnail Viewer" - ? - C:\Program Files (x86)\OpenOffice.org 3\Basis\program\shlxthdl\shlxthdl.dll {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) {2BE99FD4-A181-4996-BFA9-58C5FFD11F6C} "Windows Live Photo Gallery Autoplay Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F30F64-AC33-42F5-8FD1-5DC2D3FDE06C} "Windows Live Photo Gallery Editor Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F3712A-CA79-45B4-9E4D-D7891E7F8B9D} "Windows Live Photo Gallery Editor Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F30F90-3E96-453B-AFCD-D71989ECC2C7} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F33137-EE26-412F-8D71-F84E4C2C6625} "Windows Live Photo Gallery Viewer Autoplay Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {00F374B7-B390-4884-B372-2FC349F2172B} "Windows Live Photo Gallery Viewer Drop Target" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoGallery.exe {00F346CB-35A4-465B-8B8F-65A29DBAB1F6} "Windows Live Photo Gallery Viewer Shim" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\PhotoViewerShim.dll {0563DB41-F538-4B37-A92D-4659049B7766} "WLMD Message Handler" - ? - (File not found | COM-object registry key not found) {06A2568A-CED6-4187-BB20-400B8C02BE5A} "{06A2568A-CED6-4187-BB20-400B8C02BE5A}" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Photo Gallery\WLXPhotoAcquireWizard.exe -----( HKLM\Software\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad )----- {E6FB5E20-DE35-11CF-9C87-00AA005127ED} "WebCheck" - ? - (File not found | COM-object registry key not found) [Internet Explorer] -----( HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser )----- ITBar7Height "ITBar7Height" - ? - (File not found | COM-object registry key not found) ITBar7Height64 "ITBar7Height64" - ? - (File not found | COM-object registry key not found) <binary data> "ITBar7Layout" - ? - (File not found | COM-object registry key not found) -----( HKLM\SOFTWARE\Microsoft\Code Store Database\Distribution Units )----- {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} "Java Plug-in 1.7.0_07" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\npjpi170_07.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {8AD9C840-044E-11D1-B3E9-00805F499D93} "Java Plug-in 10.7.2" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2iexp.dll / hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab {7530BFB8-7293-4D34-9923-61A11451AFC5} "OnlineScanner Control" - "ESET" - C:\PROGRA~2\ESET\ESETON~1\ONLINE~1.OCX / hxxp://download.eset.com/special/eos/OnlineScanner.cab -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Extensions )----- {B63DBA5F-523F-4B9C-A43D-65DF1977EAD3} "@C:\Program Files (x86)\Windows Live\Companion\companionlang.dll,-600" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll {5F7B1267-94A9-47F5-98DB-E99415F33AEC} "@C:\Program Files (x86)\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll -----( HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar )----- <binary data> "Google Toolbar" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects )----- {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} "Google Dictionary Compression sdch" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll {AA58ED58-01DD-4d91-8333-CF10577473F7} "Google Toolbar Helper" - "Google Inc." - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} "Google Toolbar Notifier BHO" - "Google Inc." - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.2.4204.1700\swg.dll {DBC80044-A445-435b-BC74-9C25C1C588A9} "Java(tm) Plug-In 2 SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} "Java(tm) Plug-In SSV Helper" - "Oracle Corporation" - C:\Program Files (x86)\Java\jre7\bin\ssv.dll {BBACBAFD-FA5E-4079-8B33-00EB9F13D4AC} "TmBpIeBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20002\6.5.1234\6.5.1234\TmBpIe32.dll {1CA1377B-DC1D-4A52-9585-6E06050FAC53} "TmIEPlugInBHO Class" - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\Module\20004\1.5.1381\6.5.1234\TmIEPlg32.dll {9030D464-4C02-4ABF-8ECC-5164760863C6} "Windows Live ID-Anmelde-Hilfsprogramm" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll {9FDDE16B-836F-4806-AB1F-1455CBEFF289} "Windows Live Messenger Companion Helper" - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Companion\companioncore.dll [LSA Providers] -----( HKLM\SYSTEM\CurrentControlSet\Control\Lsa )----- "Security Packages" - "Microsoft Corp." - C:\Windows\system32\livessp.dll [Logon] -----( %APPDATA%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\Users\aharing\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini "OpenOffice.org 3.3.lnk" - ? - C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe (Shortcut exists | File found, but it contains no detailed information | File exists) -----( %AllUsersProfile%\Microsoft\Windows\Start Menu\Programs\Startup )----- "Adobe Gamma Loader.lnk" - "Adobe Systems, Inc." - C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Shortcut exists | File exists) "AsusVibeLauncher.lnk" - ? - C:\Program Files (x86)\ASUS\AsusVibe\AsusVibeLauncher.exe (Shortcut exists | File exists) "desktop.ini" - ? - C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\desktop.ini -----( HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run )----- "gStart" - "GARMIN Corp." - C:\Garmin\gStart.exe -----( HKLM\SYSTEM\CurrentControlSet\Control\Terminal Server\Wds\rdpwd )----- "StartupPrograms" - ? - rdpclip (File not found) -----( HKLM\Software\Microsoft\Windows\CurrentVersion\Run )----- "APSDaemon" - "Apple Inc." - "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" "ATKMEDIA" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe "BDRegion" - "cyberlink" - C:\Program Files (x86)\Cyberlink\Shared files\brs.exe "FLxHCIm" - "Windows (R) Win 7 DDK provider" - "C:\Program Files\Fresco Logic Inc\Fresco Logic USB3.0 Host Controller\host\FLxHCIm.exe" "HControlUser" - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControlUser.exe "Nuance PDF Reader-reminder" - "Nuance Communications, Inc." - "C:\Program Files (x86)\Nuance\PDF Reader\Ereg\Ereg.exe" -r "C:\ProgramData\Nuance\PDF Reader\Ereg\Ereg.ini" "QuickTime Task" - "Apple Inc." - "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime "RemoteControl10" - "CyberLink Corp." - "C:\Program Files (x86)\Cyberlink\PowerDVD10\PDVD10Serv.exe" "SonicMasterTray" - "Virage Logic Corporation / Sonic Focus" - C:\Program Files (x86)\ASUS\SonicMaster\SonicMasterTray.exe "UpdateLBPShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\LabelPrint\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\LabelPrint" UpdateWithCreateOnce "Software\CyberLink\LabelPrint\2.5" "UpdateP2GoShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\Power2Go" UpdateWithCreateOnce "SOFTWARE\CyberLink\Power2Go\6.0" "UpdatePSTShortCut" - "CyberLink Corp." - "C:\Program Files (x86)\Cyberlink\DVD Suite\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\Cyberlink\DVD Suite" UpdateWithCreateOnce "Software\CyberLink\PowerStarter" "VAWinAgent" - ? - C:\ExpressGateUtil\VAWinAgent.exe (File found, but it contains no detailed information) "Wireless Console 3" - ? - C:\Program Files (x86)\ASUS\Wireless Console 3\wcourier.exe [Services] -----( HKLM\SYSTEM\CurrentControlSet\Services )----- "@%ProgramFiles%\Windows Defender\MsMpRes.dll,-103" (WinDefend) - ? - C:\Program Files (x86)\Windows Defender\mpsvc.dll (File not found) "@%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101" (WMPNetworkSvc) - ? - "C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe" (File not found) "Adobe LM Service" (Adobe LM Service) - "Adobe Systems" - C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe "AFBAgent" (AFBAgent) - "ASUSTeK Computer Inc." - C:\Windows\system32\FBAgent.exe "Application Virtualization Client" (sftlist) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe "Application Virtualization Service Agent" (sftvsa) - "Microsoft Corporation" - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe "ASLDR Service" (ASLDRService) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe "ATKGFNEX Service" (ATKGFNEXSrv) - "ASUS" - C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe "Client Virtualization Handler" (cvhsvc) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE "CyberLink Product - 2011/02/24 15:47:30" (CLKMSVC10_38F51D56) - "CyberLink" - C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe "Cyberlink RichVideo Service(CRVS)" (RichVideo) - ? - C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe "Google Software Updater" (gusvc) - "Google" - C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe "Google Update Service (gupdate)" (gupdate) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Google Update-Dienst (gupdatem)" (gupdatem) - "Google Inc." - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe "Intel(R) Management and Security Application Local Management Service" (LMS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe "Intel(R) Management and Security Application User Notification Service" (UNS) - "Intel Corporation" - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe "Intel(R) PROSet/Wireless Event Log" (EvtEng) - "Intel(R) Corporation" - C:\Program Files\Intel\WiFi\bin\EvtEng.exe "Intel(R) PROSet/Wireless Registry Service" (RegSrvc) - "Intel(R) Corporation" - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe "Intel(R) Turbo Boost Technology Monitor" (TurboBoost) - "Intel(R) Corporation" - C:\Program Files\Intel\TurboBoost\TurboBoost.exe "MBAMScheduler" (MBAMScheduler) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe "MBAMService" (MBAMService) - "Malwarebytes Corporation" - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe "Microsoft .NET Framework NGEN v4.0.30319_X64" (clr_optimization_v4.0.30319_64) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe "Microsoft .NET Framework NGEN v4.0.30319_X86" (clr_optimization_v4.0.30319_32) - "Microsoft Corporation" - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe "NVIDIA Driver Helper Service" (NVSvc) - "NVIDIA Corporation" - C:\Windows\system32\nvvsvc.exe "NVIDIA Update Service Daemon" (nvUpdatusService) - "NVIDIA Corporation" - C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe "Office Source Engine" (ose) - "Microsoft Corporation" - C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE "Office Software Protection Platform" (osppsvc) - "Microsoft Corporation" - C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE "TiMiniService" (TiMiniService) - "Trend Micro Inc." - C:\Program Files\Trend Micro\Titanium\TiMiniService.exe "Trend Micro Solution Platform" (Amsp) - "Trend Micro Inc." - C:\Program Files\Trend Micro\AMSP\coreServiceShell.exe "VideAceWindowsService" (VideAceWindowsService) - ? - C:\ExpressGateUtil\VAWinService.exe (File found, but it contains no detailed information) "Windows Live Family Safety Service" (fsssvc) - "Microsoft Corporation" - C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe "Windows Live ID Sign-in Assistant" (wlidsvc) - "Microsoft Corp." - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE "Wireless PAN DHCP Server" (MyWiFiDHCPDNS) - ? - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [Winsock Providers] -----( HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries )----- "WindowsLive Local NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL "WindowsLive NSP" - "Microsoft Corp." - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL ===[ Logfile end ]=========================================[ Logfile end ]=== If You have questions or want to get some help, You can visit hxxp://forum.online-solutions.ru Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-03 21:07:10
-----------------------------
21:07:10.378 OS Version: Windows x64 6.1.7601 Service Pack 1
21:07:10.378 Number of processors: 4 586 0x2A07
21:07:10.378 ComputerName: AHARING_PC UserName: aharing
21:07:12.094 Initialize success
21:12:09.869 AVAST engine defs: 12100301
21:12:42.052 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
21:12:42.052 Disk 0 Vendor: ST964032 0002 Size: 610480MB BusType: 3
21:12:42.067 Disk 0 MBR read successfully
21:12:42.083 Disk 0 MBR scan
21:12:42.083 Disk 0 Windows 7 default MBR code
21:12:42.098 Disk 0 Partition 1 00 1C Hidd FAT32 LBA MSDOS5.0 22003 MB offset 63
21:12:42.114 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 152618 MB offset 45062325
21:12:42.114 Disk 0 Partition - 00 0F Extended LBA 435857 MB offset 357625856
21:12:42.145 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 435856 MB offset 357627904
21:12:42.192 Disk 0 scanning C:\Windows\system32\drivers
21:12:55.078 Service scanning
21:13:50.130 Modules scanning
21:13:50.146 Disk 0 trace - called modules:
21:13:50.692 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys iaStor.sys hal.dll
21:13:50.692 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa80099eb060]
21:13:50.707 3 CLASSPNP.SYS[fffff8800120143f] -> nt!IofCallDriver -> [0xfffffa8006fca7b0]
21:13:50.723 5 ACPI.sys[fffff88000f6e7a1] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8007b46050]
21:13:54.685 AVAST engine scan C:\Windows
21:13:57.868 AVAST engine scan C:\Windows\system32
21:17:11.308 AVAST engine scan C:\Windows\system32\drivers
21:17:29.092 AVAST engine scan C:\Users\aharing
21:18:43.114 AVAST engine scan C:\ProgramData
21:19:14.579 Scan finished successfully
21:19:28.214 Disk 0 MBR has been saved successfully to "C:\Users\aharing\Desktop\MBR.dat"
21:19:28.229 The log file has been saved successfully to "C:\Users\aharing\Desktop\aswMBR.txt"
|
|
03.10.2012, 21:19
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle Vollscans mit Malwarebytes und SUPERAntiSpyware und poste die Logs. Denk dran beide Tools zu updaten vor dem Scan!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu weißer Bildschirm-Abgesicherter Modus mit Netzwerktreibern funktioniert nicht |
| abgesicherten, bildschirm, einfach, eingefangen, folgende, funktioniert, funktioniert nicht, hochfahren, java/exploit.cve-2010-4452.b, java/exploit.cve-2012-1723.ci, laptop, malwarebytes, netzwerk, problem, programme, starten, taskmanager, tippen, trojan.agent, trojan.fakealert, verdächtige, version, win32/injector.wsr, win32/kryptik.vdr |
Textbox von OTL - wenn OTL auf deutsch ist wird sie mit 
beschriftet
.
Linear-Darstellung
