| |
| |||||||
Log-Analyse und Auswertung: BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus?Windows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
26.09.2012, 15:35
| #1 |
 |  BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Hallo liebe Virenbekämpfer, ich bin ganz neu hier und hoffe, dass mein Beitrag formal in Ordnung ist. Also, AVIRA zeigte bei mir plötzlich den Fund "BDS/ZeroAccess.gen" an. Als ich ihn nicht entfernen konnte, habe ich mal danach gegoogelt und meist nur entdeckt, dass man das System neu aufsetzen solle. Kompromittierung war das Stichwort, und ich las hier nach: hxxp://www.winfuture-forum.de/index.php?showtopic=58510 Also erhoffte ich mir, es evtl. auch durch eine Sytemwiederherstellung beheben zu können. Wenn ich meinen Laptop hochfahre habe ich die Chance, mittels der Taste F11 zur Recovery zu gelangen. Dies tat ich und setze damit alles auf Werk zurück und behielt die Daten, die ich nun unter C:/BackupMyData finde. Daraufhin habe ich mich an die Anweisungen des Trojaner Boards gehalten und erstmal alles geupdatet. Nach dem ersten Durchlauf mit AVIRA wurde "CVE-2012-4361" gefunden, den ich aber entfernen konnte (also erst Quarantäne - dann löschen). Das machte mich natürlich stutzig, ob mein Problem wirklich schon behoben ist. Wenn ich nun alles durchsuche, erscheint Folgendes: (also wie in diesem Forum beschrieben, zunächst Defogger verwendet) Hier OTL Log:OTL Logfile: Code:
ATTFilter OTL logfile created on: 26.09.2012 14:47:13 - Run 1 OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Brüll\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,91 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 57,79% Memory free 7,82 Gb Paging File | 6,07 Gb Available in Paging File | 77,58% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 414,66 Gb Total Space | 350,81 Gb Free Space | 84,60% Space Free | Partition Type: NTFS Drive D: | 50,00 Gb Total Space | 27,12 Gb Free Space | 54,24% Space Free | Partition Type: NTFS Computer Name: BRÜLL-LAPTOP | User Name: Brüll | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.09.26 14:41:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brüll\Desktop\OTL.exe PRC - [2012.09.07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012.09.07 20:25:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE PRC - [2012.09.07 20:25:55 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.09.07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe PRC - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe PRC - [2012.09.07 17:04:44 | 000,766,536 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe PRC - [2012.06.20 13:18:08 | 001,568,976 | ---- | M] (Ask) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.11.08 05:56:36 | 000,247,016 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe PRC - [2011.09.28 10:37:00 | 000,075,048 | ---- | M] (cyberlink) -- C:\Program Files (x86)\CyberLink\Shared files\brs.exe PRC - [2011.08.13 03:30:28 | 000,818,176 | ---- | M] () -- C:\Program Files (x86)\PHotkey\PHotkey.exe PRC - [2011.07.13 23:56:16 | 003,426,312 | ---- | M] () -- C:\Program Files (x86)\PHotkey\POSD.exe PRC - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.04.14 01:37:06 | 000,312,616 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe PRC - [2011.04.14 01:37:04 | 000,070,952 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe PRC - [2011.03.31 00:01:10 | 000,087,336 | ---- | M] (CyberLink Corp.) -- C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe PRC - [2010.11.17 10:53:16 | 000,113,288 | ---- | M] (Renesas Electronics Corporation) -- C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe PRC - [2010.11.06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2010.11.06 09:54:20 | 000,283,160 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.08.04 01:39:38 | 000,107,816 | ---- | M] (CyberLink) -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe PRC - [2010.01.13 03:36:00 | 000,117,256 | ---- | M] () -- C:\Program Files (x86)\PHotkey\MsgTranAgt.exe PRC - [2009.12.19 01:40:48 | 000,104,968 | ---- | M] () -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe PRC - [2009.12.19 01:38:18 | 000,345,608 | ---- | M] (TODO: <Company name>) -- C:\Program Files (x86)\PHotkey\HCSynApi.exe ========== Modules (No Company Name) ========== MOD - [2012.09.25 15:31:14 | 000,475,648 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorUtil\2e16482769fcdf856919e292a968f16c\IAStorUtil.ni.dll MOD - [2012.09.25 15:31:14 | 000,014,336 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\IAStorCommon\3b2b9f4ec1819e4b95792d92f56d26f9\IAStorCommon.ni.dll MOD - [2012.09.25 14:35:10 | 000,771,584 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Runtime.Remo#\03dee80574f4ec770b6f77ca030ded6c\System.Runtime.Remoting.ni.dll MOD - [2012.09.25 14:34:55 | 012,436,480 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\7b7fbe651c6e72f12099a298654c9594\System.Windows.Forms.ni.dll MOD - [2012.09.25 14:34:17 | 001,591,808 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Drawing\6bb439b3f87736d3248ae27d43e2c0d6\System.Drawing.ni.dll MOD - [2012.09.25 14:34:02 | 003,347,968 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\46fce56db7685a586d3eeb7c373e3c1c\WindowsBase.ni.dll MOD - [2012.09.25 14:33:59 | 005,452,800 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Xml\ba3d70b651454c7d49b407b93663bfed\System.Xml.ni.dll MOD - [2012.09.25 14:33:55 | 000,971,264 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\cfa9c506bfb9254c89dace7b83bc9f9d\System.Configuration.ni.dll MOD - [2012.09.25 14:33:54 | 007,967,232 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\System\ce9ff6baf9053ed2ed673d948179195c\System.ni.dll MOD - [2012.09.25 14:33:43 | 011,492,864 | ---- | M] () -- C:\Windows\assembly\NativeImages_v2.0.50727_32\mscorlib\acfc1391e45fedd2a359778ea57d914c\mscorlib.ni.dll MOD - [2011.05.16 16:03:17 | 000,032,768 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010.11.13 02:08:41 | 000,315,392 | ---- | M] () -- C:\Windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010.08.04 01:39:38 | 000,619,816 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll MOD - [2010.08.04 01:39:32 | 000,013,096 | ---- | M] () -- C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll ========== Services (SafeList) ========== SRV:64bit: - [2011.05.03 00:27:50 | 001,517,328 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2011.05.03 00:13:54 | 000,340,240 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe -- (MyWiFiDHCPDNS) SRV:64bit: - [2011.05.03 00:10:26 | 000,844,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2010.12.17 16:46:34 | 000,198,784 | ---- | M] (Conexant Systems Inc.) [Auto | Running] -- C:\Windows\SysNative\CxAudMsg64.exe -- (CxAudMsg) SRV:64bit: - [2010.09.23 03:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010.08.19 18:43:00 | 000,386,344 | ---- | M] () [Auto | Running] -- C:\Program Files\CyberLink\Shared files\RichVideo64.exe -- (RichVideo64) SRV:64bit: - [2009.07.14 03:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012.09.25 23:26:29 | 000,250,288 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.25 06:48:24 | 000,332,272 | ---- | M] (Google Inc.) [On_Demand | Stopped] -- C:\ProgramData\Partner\Partner.exe -- (Partner Service) SRV - [2012.09.07 20:26:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.09.07 20:25:55 | 000,465,360 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService) SRV - [2012.09.07 20:25:55 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.09.07 17:04:46 | 000,676,936 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService) SRV - [2012.09.07 17:04:46 | 000,399,432 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler) SRV - [2012.09.06 03:25:06 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2011.10.07 11:23:08 | 000,070,144 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\watchmi\TvdService.exe -- (watchmi) SRV - [2011.09.28 02:47:38 | 000,025,824 | ---- | M] (Memeo) [Auto | Running] -- C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe -- (MemeoBackgroundService) SRV - [2011.06.06 21:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.04.20 19:57:02 | 000,241,648 | ---- | M] (CyberLink) [Auto | Stopped] -- C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe -- (CLKMSVC10_38F51D56) SRV - [2011.04.14 01:37:06 | 000,312,616 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe -- (CyberLink PowerDVD 10 MS Service) SRV - [2011.04.14 01:37:04 | 000,070,952 | ---- | M] (CyberLink) [Auto | Running] -- C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe -- (CyberLink PowerDVD 10 MS Monitor Service) SRV - [2010.11.06 09:54:22 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.10.07 03:46:42 | 000,159,752 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\GFNEXSrv.exe -- (GFNEXSrv) SRV - [2010.10.05 21:08:46 | 002,655,768 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2010.10.05 21:08:42 | 000,325,656 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2010.03.18 23:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.12.19 01:40:48 | 000,104,968 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\PHotkey\ASLDRSrv.exe -- (ASLDRService) SRV - [2009.06.10 23:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.09.07 20:26:05 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.07 20:26:05 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012.09.07 20:26:05 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\mbam.sys -- (MBAMProtector) DRV:64bit: - [2012.03.01 08:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.05.26 09:24:16 | 001,590,912 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2011.05.02 00:33:06 | 008,593,920 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETwNs64.sys -- (NETwNs64) DRV:64bit: - [2011.04.14 05:47:55 | 000,031,216 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2011.03.25 18:17:48 | 012,262,336 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2011.03.11 08:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 08:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.02.10 15:52:34 | 000,181,760 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3xhc.sys -- (nusb3xhc) DRV:64bit: - [2011.02.10 15:52:34 | 000,082,432 | ---- | M] (Renesas Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nusb3hub.sys -- (nusb3hub) DRV:64bit: - [2010.11.25 15:59:00 | 000,694,888 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RTL8192su.sys -- (RTL8192su) DRV:64bit: - [2010.11.21 05:24:33 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.21 05:23:47 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.21 05:23:47 | 000,031,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbGD.sys -- (TsUsbGD) DRV:64bit: - [2010.11.06 09:45:48 | 000,438,808 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.10.15 01:28:16 | 000,317,440 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010.09.23 22:03:06 | 000,129,008 | ---- | M] (CyberLink) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\wsvd.sys -- (wsvd) DRV:64bit: - [2010.09.21 09:59:38 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (MEIx64) DRV:64bit: - [2010.08.24 18:55:44 | 000,076,912 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.01.22 11:26:50 | 000,305,200 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.10.23 17:26:14 | 000,046,592 | ---- | M] (Alcor Micro, Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AmUStor.sys -- (AmUStor) DRV:64bit: - [2009.07.14 03:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 03:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 03:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 22:35:42 | 000,187,392 | ---- | M] (Realtek Corporation ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2009.06.10 22:35:35 | 000,408,960 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvm62x64.sys -- (NVENETFD) DRV:64bit: - [2009.06.10 22:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 22:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 22:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 22:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.09.12 00:11:46 | 000,014,344 | ---- | M] (PEGATRON) [Kernel | Auto | Running] -- C:\Program Files (x86)\PHotkey\PEGAGFN.sys -- (PEGAGFN) DRV - [2009.07.14 03:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=MDNF&bmod=MDNF IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\SearchScopes,DefaultScope = {FDC913D7-CCFD-4A4E-9BE8-1B4C45B2E3DC} IE - HKCU\..\SearchScopes\{BFEE9362-B0B3-469B-8439-A5A5D3EF071C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=kw&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=1d0b62cf-e71e-448e-9167-bfc7bfdb36d9&apn_sauid=B0347ACD-A1C6-4B83-A22A-9C98633DEAF5 IE - HKCU\..\SearchScopes\{FDC913D7-CCFD-4A4E-9BE8-1B4C45B2E3DC}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7MDNF_deDE503 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: {a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7}:20120827 FF - prefs.js..extensions.enabledAddons: toolbar@ask.com:3.15.4.100015 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&locale=de_DE&apn_uid=1d0b62cf-e71e-448e-9167-bfc7bfdb36d9&apn_ptnrs=^ABT&apn_sauid=B0347ACD-A1C6-4B83-A22A-9C98633DEAF5&apn_dtid=^YYYYYY^YY^DE&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_278.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_278.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.09.25 13:35:36 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.09.25 13:35:54 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brüll\AppData\Roaming\mozilla\Extensions [2012.09.25 22:26:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Brüll\AppData\Roaming\mozilla\Firefox\Profiles\5ohhtjol.default\extensions [2012.09.25 22:26:26 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Brüll\AppData\Roaming\mozilla\Firefox\Profiles\5ohhtjol.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.09.25 15:15:27 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\Brüll\AppData\Roaming\mozilla\Firefox\Profiles\5ohhtjol.default\extensions\toolbar@ask.com [2012.09.25 15:15:28 | 000,002,413 | ---- | M] () -- C:\Users\Brüll\AppData\Roaming\mozilla\firefox\profiles\5ohhtjol.default\searchplugins\askcom.xml [2012.09.25 15:17:03 | 000,002,289 | ---- | M] () -- C:\Users\Brüll\AppData\Roaming\mozilla\firefox\profiles\5ohhtjol.default\searchplugins\ecosia.xml [2012.09.25 13:35:36 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions File not found (No name found) -- C:\USERS\BRüLL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5OHHTJOL.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\BRüLL\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\5OHHTJOL.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2012.09.06 03:26:03 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.09.06 04:07:37 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.06 04:07:37 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.09.06 04:07:37 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.09.06 04:07:37 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.09.06 04:07:37 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.09.06 04:07:37 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 23:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner64.dll (Google Inc.) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Partner BHO Class) - {83FF80F4-8C74-4b80-B5BA-C8DDD434E5C4} - C:\ProgramData\Partner\Partner.dll (Google Inc.) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [AmIcoSinglun64] C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe (Alcor Micro Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IntelPAN] C:\Program Files\Common Files\Intel\WirelessCommon\iFrmewrk.exe (Intel(R) Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe (Conexant systems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BDRegion] C:\Program Files (x86)\Cyberlink\Shared files\brs.exe (cyberlink) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [Dolby Advanced Audio v2] C:\Program Files (x86)\Dolby Advanced Audio v2\pcee4.exe (Dolby Laboratories Inc.) O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [NUSB3MON] C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe (Renesas Electronics Corporation) O4 - HKLM..\Run: [RemoteControl10] C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe (CyberLink Corp.) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10:64bit: - Protocol_Catalog9\Catalog_Entries64\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda64.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files (x86)\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-0016-0000-0027-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_27-windows-i586.cab (Java Plug-in 1.6.0_27) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{18EF97E1-3520-4C4C-9991-68010C3A1980}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.09.26 14:45:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2012.09.26 14:45:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\7-Zip [2012.09.26 14:41:48 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Brüll\Desktop\OTL.exe [2012.09.25 23:29:46 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner [2012.09.25 23:29:45 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner [2012.09.25 23:26:11 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Macromedia [2012.09.25 22:31:46 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Malwarebytes [2012.09.25 22:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.09.25 22:31:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.09.25 22:31:35 | 000,025,928 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.09.25 22:31:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2012.09.25 15:20:56 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Avira [2012.09.25 15:13:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2012.09.25 15:13:03 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Ask.com [2012.09.25 15:12:59 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\APN [2012.09.25 15:12:52 | 000,132,832 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.25 15:12:52 | 000,098,848 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.25 15:12:52 | 000,027,760 | ---- | C] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.25 15:12:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2012.09.25 15:12:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2012.09.25 14:46:16 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012.09.25 13:36:30 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Virtual Desktop Manager [2012.09.25 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Mozilla [2012.09.25 13:35:49 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Mozilla [2012.09.25 13:35:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Mozilla [2012.09.25 13:35:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2012.09.25 13:35:35 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2012.09.25 13:33:25 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Adobe [2012.09.25 13:33:06 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Google [2012.09.25 13:33:05 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Google [2012.09.25 13:06:58 | 000,000,000 | ---D | C] -- C:\Users\Brüll\Documents\Youcam [2012.09.25 13:06:51 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\CyberLink [2012.09.25 06:56:50 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Intel Corporation [2012.09.25 06:56:41 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Power2Go [2012.09.25 06:55:58 | 000,000,000 | R--D | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup [2012.09.25 06:55:58 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Searches [2012.09.25 06:55:58 | 000,000,000 | R--D | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools [2012.09.25 06:55:36 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Identities [2012.09.25 06:55:26 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Contacts [2012.09.25 06:55:25 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2012.09.25 06:55:21 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\VirtualStore [2012.09.25 06:55:04 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Intel [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Vorlagen [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\AppData\Local\Verlauf [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\AppData\Local\Temporary Internet Files [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Startmenü [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\SendTo [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Recent [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Netzwerkumgebung [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Lokale Einstellungen [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Documents\Eigene Videos [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Documents\Eigene Musik [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Eigene Dateien [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Documents\Eigene Bilder [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Druckumgebung [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Cookies [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\AppData\Local\Anwendungsdaten [2012.09.25 06:55:01 | 000,000,000 | -HSD | C] -- C:\Users\Brüll\Anwendungsdaten [2012.09.25 06:55:00 | 000,000,000 | --SD | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Videos [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Saved Games [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Pictures [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Music [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Links [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Favorites [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Downloads [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Documents [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\Desktop [2012.09.25 06:55:00 | 000,000,000 | R--D | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories [2012.09.25 06:55:00 | 000,000,000 | -H-D | C] -- C:\Users\Brüll\AppData [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Temp [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\Roaming [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Local\Microsoft [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Media Center Programs [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Macromedia [2012.09.25 06:55:00 | 000,000,000 | ---D | C] -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerRecover [2012.09.25 06:54:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Memeo [2012.09.25 06:53:51 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Memeo [2012.09.25 06:53:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Memeo [2012.09.25 06:53:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Kaspersky Rescue Disk 10 [2012.09.25 06:50:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\COMPUTERBILD Vorteil-Center [2012.09.25 06:50:06 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\COMPUTERBILD Vorteil-Center [2012.09.25 06:49:13 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Versandhelfer [2012.09.25 06:49:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Versandhelfer [2012.09.25 06:48:53 | 000,000,000 | ---D | C] -- C:\Program Files\PlayReady [2012.09.25 06:48:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\watchmi [2012.09.25 06:48:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\watchmi [2012.09.25 06:48:30 | 000,000,000 | ---D | C] -- C:\ProgramData\TvdPersonal [2012.09.25 06:48:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Partner [2012.09.25 06:48:21 | 000,000,000 | ---D | C] -- C:\Program Files\Google [2012.09.25 06:48:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Google [2012.09.25 06:47:25 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Google [2012.09.25 06:45:03 | 000,000,000 | -HSD | C] -- C:\Recovery [2012.09.25 06:45:03 | 000,000,000 | -HSD | C] -- C:\Documents and Settings [2012.09.25 06:44:55 | 000,000,000 | ---D | C] -- C:\Windows\SoftwareDistribution ========== Files - Modified Within 30 Days ========== [2012.09.26 14:46:29 | 000,000,000 | ---- | M] () -- C:\Users\Brüll\defogger_reenable [2012.09.26 14:41:48 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Brüll\Desktop\OTL.exe [2012.09.26 14:41:21 | 000,050,477 | ---- | M] () -- C:\Users\Brüll\Desktop\Defogger.exe [2012.09.26 14:29:07 | 000,001,106 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.09.26 14:26:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.26 14:17:55 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.26 14:17:33 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.09.25 22:31:36 | 000,001,113 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.25 22:23:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 22:23:29 | 000,016,944 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.09.25 22:20:30 | 009,110,786 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.09.25 22:20:30 | 000,694,430 | ---- | M] () -- C:\Windows\SysNative\perfh00C.dat [2012.09.25 22:20:30 | 000,693,454 | ---- | M] () -- C:\Windows\SysNative\perfh00A.dat [2012.09.25 22:20:30 | 000,691,192 | ---- | M] () -- C:\Windows\SysNative\perfh013.dat [2012.09.25 22:20:30 | 000,689,726 | ---- | M] () -- C:\Windows\SysNative\perfh015.dat [2012.09.25 22:20:30 | 000,689,108 | ---- | M] () -- C:\Windows\SysNative\perfh010.dat [2012.09.25 22:20:30 | 000,679,342 | ---- | M] () -- C:\Windows\SysNative\prfh0816.dat [2012.09.25 22:20:30 | 000,654,166 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012.09.25 22:20:30 | 000,632,180 | ---- | M] () -- C:\Windows\SysNative\perfh00E.dat [2012.09.25 22:20:30 | 000,616,008 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012.09.25 22:20:30 | 000,610,202 | ---- | M] () -- C:\Windows\SysNative\perfh01F.dat [2012.09.25 22:20:30 | 000,551,770 | ---- | M] () -- C:\Windows\SysNative\perfh008.dat [2012.09.25 22:20:30 | 000,462,172 | ---- | M] () -- C:\Windows\SysNative\perfh006.dat [2012.09.25 22:20:30 | 000,148,310 | ---- | M] () -- C:\Windows\SysNative\perfc00E.dat [2012.09.25 22:20:30 | 000,137,062 | ---- | M] () -- C:\Windows\SysNative\perfc00A.dat [2012.09.25 22:20:30 | 000,134,840 | ---- | M] () -- C:\Windows\SysNative\perfc015.dat [2012.09.25 22:20:30 | 000,133,752 | ---- | M] () -- C:\Windows\SysNative\prfc0816.dat [2012.09.25 22:20:30 | 000,132,940 | ---- | M] () -- C:\Windows\SysNative\perfc013.dat [2012.09.25 22:20:30 | 000,130,140 | ---- | M] () -- C:\Windows\SysNative\perfc00C.dat [2012.09.25 22:20:30 | 000,130,006 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012.09.25 22:20:30 | 000,127,144 | ---- | M] () -- C:\Windows\SysNative\perfc010.dat [2012.09.25 22:20:30 | 000,121,526 | ---- | M] () -- C:\Windows\SysNative\perfc01F.dat [2012.09.25 22:20:30 | 000,106,388 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012.09.25 22:20:30 | 000,089,436 | ---- | M] () -- C:\Windows\SysNative\perfc008.dat [2012.09.25 22:20:30 | 000,079,804 | ---- | M] () -- C:\Windows\SysNative\perfc006.dat [2012.09.25 22:15:27 | 3151,331,328 | -HS- | M] () -- C:\hiberfil.sys [2012.09.25 16:43:08 | 000,159,772 | ---- | M] () -- C:\Windows\SysWow64\license.rtf [2012.09.25 16:43:07 | 000,159,772 | ---- | M] () -- C:\Windows\SysNative\license.rtf [2012.09.25 14:31:33 | 000,292,120 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2012.09.25 13:27:09 | 000,017,408 | ---- | M] () -- C:\Users\Brüll\AppData\Local\WebpageIcons.db [2012.09.07 20:26:05 | 000,132,832 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avipbb.sys [2012.09.07 20:26:05 | 000,098,848 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avgntflt.sys [2012.09.07 20:26:05 | 000,027,760 | ---- | M] (Avira GmbH) -- C:\Windows\SysNative\drivers\avkmgr.sys [2012.09.07 17:04:46 | 000,025,928 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys ========== Files Created - No Company Name ========== [2012.09.26 14:46:29 | 000,000,000 | ---- | C] () -- C:\Users\Brüll\defogger_reenable [2012.09.26 14:41:20 | 000,050,477 | ---- | C] () -- C:\Users\Brüll\Desktop\Defogger.exe [2012.09.25 23:25:52 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.09.25 22:31:36 | 000,001,113 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.25 13:35:39 | 000,001,146 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2012.09.25 13:27:09 | 000,017,408 | ---- | C] () -- C:\Users\Brüll\AppData\Local\WebpageIcons.db [2012.09.25 10:50:47 | 3151,331,328 | -HS- | C] () -- C:\hiberfil.sys [2012.09.25 06:56:09 | 000,001,409 | ---- | C] () -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer (64-bit).lnk [2012.09.25 06:56:00 | 000,001,443 | ---- | C] () -- C:\Users\Brüll\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk [2012.09.25 06:49:15 | 000,002,101 | ---- | C] () -- C:\Users\Public\Desktop\Erstellen Sie Ihre Support-DVD.lnk [2012.09.25 06:48:55 | 000,001,247 | ---- | C] () -- C:\Users\Public\Desktop\eBay.lnk [2012.09.25 06:48:33 | 000,002,789 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\watchmi tray.lnk [2012.09.25 06:48:25 | 000,002,360 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk [2012.09.25 06:47:31 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.09.25 06:47:30 | 000,001,106 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2011.12.19 21:54:56 | 000,008,192 | ---- | C] () -- C:\Windows\SysWow64\drivers\IntelMEFWVer.dll [2011.12.19 21:43:19 | 000,963,116 | ---- | C] () -- C:\Windows\SysWow64\igkrng600.bin [2011.12.19 21:43:18 | 000,216,876 | ---- | C] () -- C:\Windows\SysWow64\igfcg600m.bin [2011.12.19 21:43:17 | 000,145,804 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng600.bin ========== ZeroAccess Check ========== [2009.07.14 06:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 07:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 03:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 05:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 03:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.09.25 19:05:20 | 000,000,000 | ---D | M] -- C:\Users\Brüll\AppData\Roaming\Virtual Desktop Manager ========== Purity Check ========== < End of report > Hier die extras.txtOTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 26.09.2012 14:47:13 - Run 1
OTL by OldTimer - Version 3.2.68.0 Folder = C:\Users\Brüll\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,91 Gb Total Physical Memory | 2,26 Gb Available Physical Memory | 57,79% Memory free
7,82 Gb Paging File | 6,07 Gb Available in Paging File | 77,58% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 414,66 Gb Total Space | 350,81 Gb Free Space | 84,60% Space Free | Partition Type: NTFS
Drive D: | 50,00 Gb Total Space | 27,12 Gb Free Space | 54,24% Space Free | Partition Type: NTFS
Computer Name: BRÜLL-LAPTOP | User Name: Brüll | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
http [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{2436B483-27A4-40B7-8FA4-7FA983829759}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{28F72979-97EA-4224-9282-B3EFA79D48DB}" = rport=138 | protocol=17 | dir=out | app=system |
"{38668F92-859F-4B65-9D63-39C3B8269108}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{3F0CB73A-4640-4B7B-A0AC-524E66E23823}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{4926CF4F-B2CD-4336-AEB1-6E55CB8BBC99}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{542DCF6E-12B8-4CA5-BAD5-8DB6CA05DFA4}" = lport=445 | protocol=6 | dir=in | app=system |
"{5F6D767F-5DF9-4042-853B-97F87CC92765}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{6D3F0C3A-6BDB-4D09-98AA-C0C8702DC8F0}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8924F183-89E4-4AC7-84C8-5FB8A67E1FC7}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{970C4CC5-1C53-4659-ACB1-843E5EE57A85}" = lport=2869 | protocol=6 | dir=in | app=system |
"{A5E180F3-1D9F-48C5-B664-A4D021A09CED}" = lport=137 | protocol=17 | dir=in | app=system |
"{A9AA899E-0E25-4486-B9EC-30453FA85DDB}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{ACE2D99E-98E0-4882-AD45-BAB031D42009}" = rport=137 | protocol=17 | dir=out | app=system |
"{B9A2BEF7-4AC8-4D7F-903E-4E71339B792A}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{BC3FE8CE-EE97-46C3-9BA2-038DA1FF9FF8}" = rport=139 | protocol=6 | dir=out | app=system |
"{C5664BE7-1A8E-47B3-A63F-515F5EDCF4C1}" = lport=138 | protocol=17 | dir=in | app=system |
"{C9C99AD3-0B0D-4D66-8170-3F450E3367C1}" = rport=445 | protocol=6 | dir=out | app=system |
"{D63C74F5-9DCE-4F49-A501-D838905BB8A3}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{D78E5A8F-E5E4-4D4E-8468-43E53690766B}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAA9C174-5072-487B-B35A-9F51F14D284B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{DC9CCE66-E441-4E69-9EAB-61695AE149D9}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{E1D580BF-5D0A-45D0-B6CF-0FC7695C7F52}" = lport=10243 | protocol=6 | dir=in | app=system |
"{EE161594-0A37-4F99-931F-E10FD5EC6A26}" = lport=139 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02691977-A2BC-4439-A590-51806FEADCE0}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{09E7B5D7-93DC-4A97-A79B-1B0408C40D4D}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{0BD45FD8-16D4-494C-B8DE-971907A35184}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1D9CF272-1946-44B9-A681-2E1DE7A3F307}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2F5D29C0-7080-483E-8326-C210F7635722}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{45B053CE-FEF2-417B-87A1-9DF8F2FADDF8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{475B8C31-793C-492F-ABB6-7C6A20C24071}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\device\mediaserver\clmsserver.exe |
"{4B77DB71-3DEF-4781-8857-E0B10486B80C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{5F609927-857D-403F-BB66-2C3FFFE1E887}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr9.exe |
"{69DE903D-6072-4683-A8C9-25B737DE5119}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{6CBA5216-33D7-4D23-980D-9F691A008DD1}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7490B1FA-CCB5-4154-A0BC-2222516BBB65}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{85832019-5E10-4687-9BE8-ECC6260C4DFB}" = dir=in | app=c:\program files (x86)\windows live\contacts\wlcomm.exe |
"{91861C5E-FDEE-40BB-98CC-F48581733DF0}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{93439989-F1B1-4538-9E88-4950A349928F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{9DCD780A-AA8F-43CA-BBA1-88F0142C6E17}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A4030810-CC2F-4E66-9F2A-38169C06F9C6}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd cinema\powerdvdcinema10.exe |
"{ABF17C69-3870-4BB3-87BC-118A806AA95A}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{B7723CEE-F337-44C6-A274-B93D66E06CBA}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{B7BA32E4-9071-4190-A077-74889D35A6D3}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{C0B4056E-B896-435C-BBE5-FF8029F17959}" = dir=in | app=c:\program files (x86)\windows live\mesh\moe.exe |
"{C475B9AC-A26A-4796-90D8-F498257EC04E}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\powerdvd10.exe |
"{CB2332EA-77AC-41DE-AD54-8B1B22BDC0F9}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CF1B1F98-C42F-45C8-829E-BE898EF85A5F}" = protocol=6 | dir=out | app=system |
"{D7C0FA41-1427-475D-A74A-4457E57A8F77}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{DF73AF6C-641F-4128-84AF-3F3309403DE8}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{E74FF741-AC9E-443B-94D6-606BB36E1BAF}" = dir=in | app=c:\program files (x86)\cyberlink\powerdvd10\pdvd10serv.exe |
"{F57264B2-39FF-4AD8-8355-D160AB0CD88A}" = dir=in | app=c:\program files\intel\wifi\bin\pandhcpdns.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{180C8888-50F1-426B-A9DC-AB83A1989C65}" = Windows Live Language Selector
"{19F09425-3C20-4730-9E2A-FC2E17C9F362}" = Windows Live Remote Service Resources
"{1ACC8FFB-9D84-4C05-A4DE-D28A9BC91698}" = Windows Live ID Sign-in Assistant
"{1EB2CFC3-E1C5-4FC4-B1F8-549DD6242C67}" = Windows Live Remote Service Resources
"{2426E29F-9E8C-4C0B-97FC-0DB690C1ED98}" = Windows Live Remote Client Resources
"{26A24AE4-039D-4CA4-87B4-2F86416027FF}" = Java(TM) 6 Update 27 (64-bit)
"{2F304EF4-0C31-47F4-8557-0641AAE4197C}" = Windows Live Remote Client Resources
"{3C41721F-AF0F-4086-AA1C-4C7F29076228}" = Intel(R) PROSet/Wireless WiFi Software
"{456FB9B5-AFBC-4761-BBDC-BA6BAFBB818F}" = Windows Live Remote Client Resources
"{480F28F0-8BCE-404A-A52E-0DBB7D1CE2EF}" = Windows Live Remote Service Resources
"{5151E2DB-0748-4FD1-86A2-72E2F94F8BE7}" = Windows Live Remote Service Resources
"{5E2CD4FB-4538-4831-8176-05D653C3E6D4}" = Windows Live Remote Service Resources
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{5FEAD3E5-A158-4B66-B92B-0C959D7CF838}" = Windows Live Remote Service Resources
"{656DEEDE-F6AC-47CA-A568-A1B4E34B5760}" = Windows Live Remote Service Resources
"{692CCE55-9EAE-4F57-A834-092882E7FE0B}" = Windows Live Remote Client Resources
"{6C9D3F1D-DBBE-46F9-96A0-726CC72935AF}" = Windows Live Remote Service Resources
"{6CBFDC3C-CF21-4C02-A6DC-A5A2707FAF55}" = Windows Live Remote Service Resources
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{847B0532-55E3-4AAF-8D7B-E3A1A7CD17E5}" = Windows Live Remote Client Resources
"{850B8072-2EA7-4EDC-B930-7FE569495E76}" = Windows Live Remote Client Resources
"{8970AE69-40BE-4058-9916-0ACB1B974A3D}" = Windows Live Remote Client Resources
"{8EB588BD-D398-40D0-ADF7-BE1CEEF7C116}" = Windows Live Remote Client Resources
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A679FBE4-BA2D-4514-8834-030982C8B31A}" = Windows Live Remote Service Resources
"{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}" = Microsoft Visual C++ 2005 Redistributable (x64)
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{B750FA38-7AB0-42CB-ACBB-E7DBE9FF603F}" = Windows Live Remote Client Resources
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{C9F05151-95A9-4B9B-B534-1760E2D014A5}" = Windows Live Remote Client Resources
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"{D1C1556C-7FF3-48A3-A5D6-7126F0FAFB66}" = Windows Live Remote Client Resources
"{D3E4F422-7E0F-49C7-8B00-F42490D7A385}" = Windows Live Remote Service Resources
"{D5876F0A-B2E9-4376-B9F5-CD47B7B8D820}" = Windows Live Remote Client Resources
"{D930AF5C-5193-4616-887D-B974CEFC4970}" = Windows Live Remote Service Resources
"{DA54F80E-261C-41A2-A855-549A144F2F59}" = Windows Live MIME IFilter
"{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}" = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319
"{DBEDAF67-C5A3-4C91-951D-31F3FE63AF3F}" = Windows Live Remote Client Resources
"{DF6D988A-EEA0-4277-AAB8-158E086E439B}" = Windows Live Remote Client
"{E02A6548-6FDE-40E2-8ED9-119D7D7E641F}" = Windows Live Remote Service
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"{F6CB2C5F-B2C1-4DF1-BF44-39D0DC06FE6F}" = Windows Live Remote Service Resources
"CCleaner" = CCleaner
"CNXT_AUDIO_HDA" = Conexant HD Audio
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"ProInst" = Intel PROSet Wireless
"SynTPDeinstKey" = Synaptics Pointing Device Driver
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00884F14-05BD-4D8E-90E5-1ABF78948CA4}" = Windows Live Mesh
"{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"{04668DF2-D32F-4555-9C7E-35523DCD6544}" = Control ActiveX de Windows Live Mesh para conexiones remotas
"{05E379CC-F626-4E7D-8354-463865B303BF}" = Windows Live UX Platform Language Pack
"{062E4D94-8306-46D5-81B6-45E6AD09C799}" = Windows Live Messenger
"{0654EA5D-308A-4196-882B-5C09744A5D81}" = Windows Live Photo Common
"{09922FFE-D153-44AE-8B60-EA3CB8088F93}" = Windows Live UX Platform Language Pack
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{0C1931EB-8339-4837-8BEC-75029BF42734}" = Windows Live UX Platform Language Pack
"{0D261C88-454B-46FE-B43B-640E621BDA11}" = Windows Live Mail
"{0EC0B576-90F9-43C3-8FAD-A4902DF4B8F4}" = Galeria de Fotografias do Windows Live
"{10186F1A-6A14-43DF-A404-F0105D09BB07}" = Windows Live Mail
"{1203DC60-D9BD-44F9-B372-2B8F227E6094}" = Windows Live Temel Parçalar
"{14B441B7-774D-4170-98EA-A13667AE6218}" = Windows Live Writer Resources
"{17F99FCE-8F03-4439-860A-25C5A5434E18}" = Windows Live Essentials
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{198EA334-8A3F-4CB2-9D61-6C10B8168A6F}" = Windows Live Writer
"{19BA08F7-C728-469C-8A35-BFBD3633BE08}" = Windows Live Movie Maker
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1D6C2068-807F-4B76-A0C2-62ED05656593}" = Windows Live Writer
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"{1FC83EAE-74C8-4C72-8400-2D8E40A017DE}" = Windows Live Writer
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{241E7104-937A-4366-AD57-8FDDDB003939}" = Uzak Bağlantılar İçin Windows Live Mesh ActiveX Denetimi
"{25A381E1-0AB9-4E7A-ACCE-BA49D519CF4E}" = Windows Live Mail
"{26A24AE4-039D-4CA4-87B4-2F83216027FF}" = Java(TM) 6 Update 27
"{26E3C07C-7FF7-4362-9E99-9E49E383CF16}" = Windows Live Writer Resources
"{2902F983-B4C1-44BA-B85D-5C6D52E2C441}" = Windows Live Mesh ActiveX Control for Remote Connections
"{2A07C35B-8384-4DA4-9A95-442B6C89A073}" = Windows Live Essentials
"{2A3FC24C-6EC0-4519-A52B-FDA4EA9B2D24}" = Windows Live Messenger
"{2F54E453-8C93-4B3B-936A-233C909E6CAC}" = Windows Live Messenger
"{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
"{3125D9DE-8D7A-4987-95F3-8A42389833D8}" = Windows Live Writer Resources
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34319F1F-7CF2-4CC9-B357-1AE7D2FF3AC5}" = Windows Live
"{34F4D9A4-42C2-4348-BEF4-E553C84549E7}" = Windows Live Photo Gallery
"{370F888E-42A7-4911-9E34-7D74632E17EB}" = Windows Live Photo Common
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{3B9A92DA-6374-4872-B646-253F18624D5F}" = Windows Live Writer
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3F4143A1-9C21-4011-8679-3BC1014C6886}" = Windows Live Mesh
"{409DC300-28AF-468F-9624-1F3309701881}" = watchmi
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{40BFD84C-64CD-42CC-9909-8734C50429C6}" = Windows Live UX Platform Language Pack
"{410DF0AA-882D-450D-9E1B-F5397ACFFA80}" = Windows Live Essentials
"{429DF1A0-3610-4E9E-8ACE-3C8AC1BA8FCA}" = Windows Live Photo Gallery
"{443B561F-DE1B-4DEF-ADD9-484B684653C7}" = Windows Live Messenger
"{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"{46872828-6453-4138-BE1C-CE35FBF67978}" = Windows Live Mesh
"{48106FE4-B1AF-4941-BF3D-83E6C4B7CAF3}" = Alcor Micro USB Card Reader
"{48294D95-EE9A-4377-8213-44FC4265FB27}" = Windows Live Messenger
"{488F0347-C4A7-4374-91A7-30818BEDA710}" = Galerie de photos Windows Live
"{48C0DC5E-820A-44F2-890E-29B68EDD3C78}" = Windows Live Writer
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B28D47A-5FF0-45F8-8745-11DC2A1C9D0F}" = Windows Live Writer
"{4B744C85-DBB1-4038-B989-4721EB22C582}" = Windows Live Messenger
"{4D141929-141B-4605-95D6-2B8650C1C6DA}" = Windows Live UX Platform Language Pack
"{506FC723-8E6C-4417-9CFF-351F99130425}" = Windows Live UX Platform Language Pack
"{523DF2BB-3A85-4047-9898-29DC8AEB7E69}" = Windows Live UX Platform Language Pack
"{5275D81E-83AD-4DE4-BC2B-6E6BA3A33244}" = Windows Live Writer Resources
"{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"{55D003F4-9599-44BF-BA9E-95D060730DD3}" = Contrôle ActiveX Windows Live Mesh pour connexions à distance
"{57220148-3B2B-412A-A2E0-82B9DF423696}" = Windows Live Mesh ActiveX-objekt til fjernforbindelser
"{579684A4-DDD5-4CA3-9EA8-7BE7D9593DB4}" = Windows Live UX Platform Language Pack
"{5CF5B1A5-CBC3-42F0-8533-5A5090665862}" = Windows Live Mesh
"{5D273F60-0525-48BA-A5FB-D0CAA4A952AE}" = Windows Live Movie Maker
"{60C3C026-DB53-4DAB-8B97-7C1241F9A847}" = Windows Live Movie Maker
"{62687B11-58B5-4A18-9BC3-9DF4CE03F194}" = Windows Live Writer Resources
"{63CF7D0C-B6E7-4EE9-8253-816B613CC437}" = Windows Live Mail
"{640798A0-A4FB-4C52-AC72-755134767F1E}" = Windows Live Movie Maker
"{64376910-1860-4CEF-8B34-AA5D205FC5F1}" = Poczta usługi Windows Live
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{677AAD91-1790-4FC5-B285-0E6A9D65F7DC}" = Windows Live Mail
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{6ABE832B-A5C7-44C1-B697-3E123B7B4D5B}" = Windows Live Mesh
"{6B556C37-8919-4991-AC34-93D018B9EA49}" = Windows Live Photo Common
"{6DEC8BD5-7574-47FA-B080-492BBBE2FEA3}" = Windows Live Movie Maker
"{6E29C4F7-C2C2-4B18-A15C-E09B92065F15}" = Windows Live Mesh ActiveX-vezérlő távoli kapcsolatokhoz
"{6E8AFC13-F7B8-41D8-88AB-F1D0CFC56305}" = Windows Live Messenger
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{71A81378-79D5-40CC-9BDC-380642D1A87F}" = Windows Live Writer
"{71C95134-F6A9-45E7-B7B3-07CA6012BF2A}" = Windows Live Mesh
"{7272F232-A7E0-4B2B-A5D2-71B7C5E2379C}" = Windows Live Fotótár
"{73FC3510-6421-40F7-9503-EDAE4D0CF70D}" = Windows Live Photo Common
"{7496FD31-E5CB-4AE4-82D3-31099558BF6A}" = Windows Live Mesh
"{74E8A7F6-575D-42C7-9178-E87D1B3BEFE8}" = Windows Live UX Platform Language Pack
"{77477AEA-5757-47D8-8B33-939F43D82218}" = Windows Live UX Platform Language Pack
"{78DAE910-CA72-450E-AD22-772CB1A00678}" = Windows Live Mesh
"{7A9D47BA-6D50-4087-866F-0800D8B89383}" = Podstawowe programy Windows Live
"{7BA19818-F717-4DFB-BC11-FAF17B2B8AEE}" = Pošta Windows Live
"{7D1C7B9F-2744-4388-B128-5C75B8BCCC84}" = Windows Live Essentials
"{7E017923-16F8-4E32-94EF-0A150BD196FE}" = Windows Live Writer
"{7E90B133-FF47-48BB-91B8-36FC5A548FE9}" = Windows Live Writer Resources
"{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"{827D3E4A-0186-48B7-9801-7D1E9DD40C07}" = Windows Live Essentials
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{841F1FB4-FDF8-461C-A496-3E1CFD84C0B5}" = Windows Live Mesh
"{84267681-BF16-40B6-9564-27BC57D7D71C}" = Windows Live Photo Common
"{85373DA7-834E-4850-8AF5-1D99F7526857}" = Windows Live Photo Common
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8E666407-AC41-46a2-9692-6C7BFCBFDD37}" = Memeo Instant Backup
"{8FF3891F-01B5-4A71-BFCD-20761890471C}" = Windows Live Messenger
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{93E464B3-D075-4989-87FD-A828B5C308B1}" = Windows Live Writer Resources
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BD262D0-B788-4546-A0A5-F4F56EC3834B}" = Windows Live Photo Common
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C8A84AE-BCE5-E696-3DC2-D30BE2C7AA59}" = Versandhelfer
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{9FAE6E8D-E686-49F5-A574-0A58DFD9580C}" = Windows Live Mail
"{A0C91188-C88F-4E86-93E6-CD7C9A266649}" = Windows Live Mesh
"{A101F637-2E56-42C0-8E08-F1E9086BFAF3}" = Windows Live Movie Maker
"{A41A708E-3BE6-4561-855D-44027C1CF0F8}" = Windows Live Photo Common
"{A60B3BF0-954B-42AF-B8D8-2C1D34B613AA}" = Windows Live Photo Gallery
"{A7056D45-C63A-4FE4-A69D-FB54EF9B21BB}" = Windows Live Messenger
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{AAF454FC-82CA-4F29-AB31-6A109485E76E}" = Windows Live Writer
"{AB61A2E9-37D3-485D-9085-19FBDF8CEF4A}" = Windows Live Messenger
"{AC76BA86-7AD7-5464-3428-A00000000004}" = Spelling Dictionaries Support For Adobe Reader X
"{AC76BA86-7AD7-FFFF-7B44-AA0000000001}" = Adobe Reader X (10.1.1) MUI
"{ACEB2BAF-96DF-48FD-ADD5-43842D4C443D}" = Adobe AIR
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{ADE85655-8D1E-4E4B-BF88-5E312FB2C74F}" = Windows Live Mail
"{ADFE4AED-7F8E-4658-8D6E-742B15B9F120}" = Windows Live Photo Common
"{B04A0E2F-1E4C-4E61-B18E-3B2BD6779CA7}" = Formant ActiveX programu Windows Live Mesh odpowiedzialny za obsługę połączeń zdalnych
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B2E90616-C50D-4B89-A40D-92377AC669E5}" = Windows Live Messenger
"{B618C3BF-5142-4630-81DD-F96864F97C7E}" = Windows Live Essentials
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"{B7E68A6D-1C9B-4F18-B021-949115021714}" = COMPUTERBILD Vorteil-Center
"{B9E70C7A-9F85-4A39-A4A3-BFA3C3BF7613}" = Dolby Advanced Audio v2
"{BD695C2F-3EA0-4DA4-92D5-154072468721}" = Windows Live Fotoğraf Galerisi
"{BF022D76-9F72-4203-B8FA-6522DC66DFDA}" = Windows Live Movie Maker
"{BF35168D-F6F9-4202-BA87-86B5E3C9BF7A}" = Windows Live Mesh
"{C00C2A91-6CB3-483F-80B3-2958E29468F1}" = Συλλογή φωτογραφιών του Windows Live
"{C29FC15D-E84B-4EEC-8505-4DED94414C59}" = Windows Live Writer Resources
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C32CE55C-12BA-4951-8797-0967FDEF556F}" = Windows Live Mesh - ActiveX-besturingselement voor externe verbindingen
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C63A1E60-B6A4-440B-89A5-1FC6E4AC1C94}" = Windows Live Mesh ActiveX Control for Remote Connections
"{C66824E4-CBB3-4851-BB3F-E8CFD6350923}" = Windows Live Mail
"{C8421D85-CA0E-4E93-A9A9-B826C4FB88EA}" = Windows Live Mail
"{C893D8C0-1BA0-4517-B11C-E89B65E72F70}" = Windows Live Photo Common
"{CA227A9D-09BE-4BFB-9764-48FED2DA5454}" = Kontrolnik Windows Live Mesh ActiveX za oddaljene povezave
"{CB3F59BB-7858-41A1-A7EA-4B8A6FC7D431}" = Galeria fotografii usługi Windows Live
"{CB7224D9-6DCA-43F1-8F83-6B1E39A00F92}" = Windows Live Movie Maker
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{CF671BFE-6BA3-44E7-98C1-500D9C51D947}" = Windows Live Photo Gallery
"{D0B44725-3666-492D-BEF6-587A14BD9BD9}" = MSVCRT_amd64
"{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"{D436F577-1695-4D2F-8B44-AC76C99E0002}" = Windows Live Photo Common
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{D588365A-AE39-4F27-BDAE-B4E72C8E900C}" = Windows Live Mail
"{D6F25CF9-4E87-43EB-B324-C12BE9CDD668}" = Windows Live UX Platform Language Pack
"{DAEF48AD-89C8-4A93-B1DD-45B7E4FB6071}" = Windows Live Movie Maker
"{DB1208F4-B2FE-44E9-BFE6-8824DBD7891B}" = Windows Live Movie Maker
"{DDC8BDEE-DCAC-404D-8257-3E8D4B782467}" = Windows Live Writer Resources
"{DE7C13A6-E4EA-4296-B0D5-5D7E8AD69501}" = Windows Live Writer
"{DE8F99FD-2FC7-4C98-AA67-2729FDE1F040}" = Windows Live Writer Resources
"{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{DEF91E0F-D266-453D-B6F2-1BA002B40CB6}" = Windows Live Essentials
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E50C224A-BBF2-428D-9DCF-DBF9DF85C40E}" = PHotkey
"{E54EEB5D-41ED-40FE-B4A8-8565DB81469B}" = Controlo ActiveX do Windows Live Mesh para Ligações Remotas
"{E55E0C35-AC3C-4683-BA2F-834348577B80}" = Windows Live Writer
"{E59969EA-3B5B-4B24-8B94-43842A7FBFE9}" = Fotogalerija Windows Live
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{E5DD4723-FE0B-436E-A815-DC23CF902A0B}" = Windows Live UX Platform Language Pack
"{E727A662-AF9F-4DEE-81C5-F4A1686F3DFC}" = Windows Live Writer Resources
"{E8524B28-3BBB-4763-AC83-0E83FE31C350}" = Windows Live Writer
"{E85A4EFC-82F2-4CEE-8A8E-62FDAD353A66}" = Galería fotográfica de Windows Live
"{E9AD2143-26D5-4201-BED1-19DCC03B407D}" = Windows Live Messenger
"{E9D98402-21AB-4E9F-BF6B-47AF36EF7E97}" = Windows Live Writer Resources
"{ED16B700-D91F-44B0-867C-7EB5253CA38D}" = Raccolta foto di Windows Live
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Processor Graphics
"{F665F3B8-01B4-46A9-8E47-FF8DC2208C9F}" = Στοιχείο ελέγχου ActiveX του Windows Live Mesh για απομακρυσμένες συνδέσεις
"{F80E5450-3EF3-4270-B26C-6AC53BEC5E76}" = Windows Live Movie Maker
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FCDE76CB-989D-4E32-9739-6A272D2B0ED7}" = Windows Live Mesh
"{FE044230-9CA5-43F7-9B58-5AC5A28A1F33}" = Windows Live Essentials
"{FEEF7F78-5876-438B-B554-C4CC426A4302}" = Windows Live Essentials
"{FF3DFA01-1E98-46B4-A065-DA8AD47C9598}" = Windows Live Movie Maker
"7-Zip" = 7-Zip 9.20
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"AmUStor" = Alcor Micro USB Card Reader
"Avira AntiVir Desktop" = Avira Free Antivirus
"dpdhl.versandhelfer.medionlap.CDA82DC3FEDD13302C6424313D9A2999F162D21A.1" = Versandhelfer
"Google Chrome" = Google Chrome
"InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam 5
"InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{44B2A0AB-412E-4F8C-B058-D1E8AECCDFF5}" = CyberLink PowerRecover
"InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}" = Renesas Electronics USB 3.0 Host Controller Driver
"InstallShield_{80E158EA-7181-40FE-A701-301CE6BE64AB}" = CyberLink MediaShow
"InstallShield_{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = CyberLink PowerProducer
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = CyberLink PowerDirector
"InstallShield_{D36DD326-7280-11D8-97C8-000129760CBE}" = CyberLink PhotoNow
"InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}" = CyberLink PowerDVD 10
"InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}" = CyberLink MediaEspresso
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Mozilla Firefox 15.0.1 (x86 de)" = Mozilla Firefox 15.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"ProInst" = Intel PROSet Wireless
"WinLiveSuite" = Windows Live Essentials
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 25.09.2012 08:59:10 | Computer Name = Brüll-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 25.09.2012 08:59:12 | Computer Name = Brüll-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 25.09.2012 08:59:13 | Computer Name = Brüll-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 25.09.2012 08:59:16 | Computer Name = Brüll-Laptop | Source = .NET Runtime Optimization Service | ID = 1101
Description =
Error - 25.09.2012 09:01:36 | Computer Name = Brüll-Laptop | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 25.09.2012 09:19:28 | Computer Name = Brüll-Laptop | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 25.09.2012 11:09:47 | Computer Name = Brüll-Laptop | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
Error - 25.09.2012 11:35:23 | Computer Name = Brüll-Laptop | Source = VSS | ID = 12310
Description =
Error - 25.09.2012 11:35:23 | Computer Name = Brüll-Laptop | Source = VSS | ID = 12298
Description =
Error - 25.09.2012 16:16:07 | Computer Name = Brüll-Laptop | Source = MemeoBackgroundService | ID = 0
Description = Problem starting Memeo Background Service :Ausnahmefehler "System.Reflection.TargetInvocationException:
Ein Aufrufziel hat einen Ausnahmefehler verursacht. ---> System.Security.Principal.IdentityNotMappedException:
Manche oder alle Identitätsverweise konnten nicht übersetzt werden. bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel.StartListening(Object
data) bei System.Runtime.Remoting.Channels.Ipc.IpcServerChannel..ctor(IDictionary
properties, IServerChannelSinkProvider sinkProvider, CommonSecurityDescriptor securityDescriptor)
bei System.Runtime.Remoting.Channels.Ipc.IpcChannel..ctor(IDictionary properties,
IClientChannelSinkProvider clientSinkProvider, IServerChannelSinkProvider serverSinkProvider)
--- Ende der internen Ausnahmestapelüberwachung --- bei System.RuntimeMethodHandle._InvokeConstructor(Object[]
args, SignatureStruct& signature, IntPtr declaringType) bei System.Reflection.RuntimeConstructorInfo.Invoke(BindingFlags
invokeAttr, Binder binder, Object[] parameters, CultureInfo culture) bei System.RuntimeType.CreateInstanceImpl(BindingFlags
bindingAttr, Binder binder, Object[] args, CultureInfo culture, Object[] activationAttributes)
bei System.Runtime.Remoting.RemotingConfigHandler.CreateChannelFromConfigEntry(ChannelEntry
entry) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureChannels(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity)" bei der Remotekonfiguration. bei System.Runtime.Remoting.RemotingConfigHandler.ConfigureRemoting(RemotingXmlConfigFileData
configData, Boolean ensureSecurity) bei System.Runtime.Remoting.RemotingConfiguration.Configure(String
filename, Boolean ensureSecurity) bei RemoteServerService.MemeoBackgroundService.OnStart(String[]
args)
[ System Events ]
Error - 25.09.2012 00:45:24 | Computer Name = Brüll-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Windows Font Cache Service" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1069
Error - 25.09.2012 00:45:26 | Computer Name = Brüll-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Intel(R) Rapid Storage Technology" wurde aufgrund folgenden
Fehlers nicht gestartet: %%109
Error - 25.09.2012 07:39:14 | Computer Name = Brüll-Laptop | Source = Microsoft-Windows-WLAN-AutoConfig | ID = 10000
Description = Das WLAN-Erweiterungsmodul konnte nicht gestartet werden. Modulpfad:
C:\Windows\System32\IWMSSvc.dll Fehlercode: 258
Error - 25.09.2012 08:22:54 | Computer Name = Brüll-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package (KB2538243)
Error - 25.09.2012 08:31:35 | Computer Name = Brüll-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?09.?2012 um 14:29:42 unerwartet heruntergefahren.
Error - 25.09.2012 09:00:58 | Computer Name = Brüll-Laptop | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am ?25.?09.?2012 um 14:59:45 unerwartet heruntergefahren.
Error - 25.09.2012 09:10:11 | Computer Name = Brüll-Laptop | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft Visual C++ 2008
Service Pack 1 Redistributable Package (KB2538243)
Error - 25.09.2012 09:19:52 | Computer Name = Brüll-Laptop | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
watchmi service erreicht.
Error - 25.09.2012 09:19:52 | Computer Name = Brüll-Laptop | Source = Service Control Manager | ID = 7000
Description = Der Dienst "watchmi service" wurde aufgrund folgenden Fehlers nicht
gestartet: %%1053
Error - 25.09.2012 11:35:33 | Computer Name = Brüll-Laptop | Source = volsnap | ID = 393224
Description = Das Zeitlimit für den Lösch- und Speicherschreibvorgang für Volume
"C:" wurde beim Warten auf eine Schreibvorgangfreigabe überschritten.
< End of report >
Und hier Malware nach Quickscan: Malwarebytes Anti-Malware (Test) 1.65.0.1400 www.malwarebytes.org Datenbank Version: v2012.09.25.13 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Brüll :: BRÜLL-LAPTOP [Administrator] Schutz: Aktiviert 26.09.2012 15:04:12 mbam-log-2012-09-26 (15-04-12).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 200133 Laufzeit: 2 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Und hier AVIRA nach kurzem Systemscan: Avira Free Antivirus Erstellungsdatum der Reportdatei: Mittwoch, 26. September 2012 15:08 Es wird nach 4263957 Virenstämmen gesucht. Das Programm läuft als uneingeschränkte Vollversion. Online-Dienste stehen zur Verfügung. Lizenznehmer : Avira AntiVir Personal - Free Antivirus Seriennummer : 0000149996-ADJIE-0000001 Plattform : Windows 7 Home Premium Windowsversion : (Service Pack 1) [6.1.7601] Boot Modus : Normal gebootet Benutzername : Brüll Computername : BRÜLL-LAPTOP Versionsinformationen: BUILD.DAT : 12.0.0.1199 40869 Bytes 07.09.2012 22:14:00 AVSCAN.EXE : 12.3.0.33 468472 Bytes 07.09.2012 18:25:55 AVSCAN.DLL : 12.3.0.15 66256 Bytes 07.09.2012 18:26:03 LUKE.DLL : 12.3.0.15 68304 Bytes 07.09.2012 18:25:59 AVSCPLR.DLL : 12.3.0.27 97064 Bytes 07.09.2012 18:25:55 AVREG.DLL : 12.3.0.33 232232 Bytes 07.09.2012 18:25:55 VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 18:18:34 VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 23:22:12 VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 23:31:36 VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 09:58:50 VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 22:37:35 VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 18:26:03 VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 18:37:27 VBASE007.VDF : 7.11.41.251 2048 Bytes 06.09.2012 18:37:27 VBASE008.VDF : 7.11.41.252 2048 Bytes 06.09.2012 18:37:27 VBASE009.VDF : 7.11.41.253 2048 Bytes 06.09.2012 18:37:27 VBASE010.VDF : 7.11.41.254 2048 Bytes 06.09.2012 18:37:27 VBASE011.VDF : 7.11.41.255 2048 Bytes 06.09.2012 18:37:27 VBASE012.VDF : 7.11.42.0 2048 Bytes 06.09.2012 18:37:27 VBASE013.VDF : 7.11.42.1 2048 Bytes 06.09.2012 18:37:27 VBASE014.VDF : 7.11.42.65 203264 Bytes 09.09.2012 13:14:52 VBASE015.VDF : 7.11.42.125 156672 Bytes 11.09.2012 13:14:52 VBASE016.VDF : 7.11.42.171 187904 Bytes 12.09.2012 13:14:52 VBASE017.VDF : 7.11.42.235 141312 Bytes 13.09.2012 13:14:53 VBASE018.VDF : 7.11.43.35 133632 Bytes 15.09.2012 13:14:53 VBASE019.VDF : 7.11.43.89 129024 Bytes 18.09.2012 13:14:53 VBASE020.VDF : 7.11.43.141 130560 Bytes 19.09.2012 13:14:53 VBASE021.VDF : 7.11.43.187 121856 Bytes 21.09.2012 13:14:54 VBASE022.VDF : 7.11.43.251 147456 Bytes 24.09.2012 13:14:54 VBASE023.VDF : 7.11.43.252 2048 Bytes 24.09.2012 13:14:54 VBASE024.VDF : 7.11.43.253 2048 Bytes 24.09.2012 13:14:54 VBASE025.VDF : 7.11.43.254 2048 Bytes 24.09.2012 13:14:54 VBASE026.VDF : 7.11.43.255 2048 Bytes 24.09.2012 13:14:54 VBASE027.VDF : 7.11.44.0 2048 Bytes 24.09.2012 13:14:54 VBASE028.VDF : 7.11.44.1 2048 Bytes 24.09.2012 13:14:54 VBASE029.VDF : 7.11.44.2 2048 Bytes 24.09.2012 13:14:54 VBASE030.VDF : 7.11.44.3 2048 Bytes 24.09.2012 13:14:54 VBASE031.VDF : 7.11.44.40 123392 Bytes 25.09.2012 13:21:30 Engineversion : 8.2.10.172 AEVDF.DLL : 8.1.2.10 102772 Bytes 07.09.2012 18:25:51 AESCRIPT.DLL : 8.1.4.56 459131 Bytes 25.09.2012 13:14:59 AESCN.DLL : 8.1.8.2 131444 Bytes 16.02.2012 16:11:36 AESBX.DLL : 8.2.5.12 606578 Bytes 07.09.2012 18:25:51 AERDL.DLL : 8.1.9.15 639348 Bytes 20.01.2012 23:21:32 AEPACK.DLL : 8.3.0.36 811382 Bytes 25.09.2012 13:14:59 AEOFFICE.DLL : 8.1.2.48 201082 Bytes 25.09.2012 13:14:58 AEHEUR.DLL : 8.1.4.104 5280119 Bytes 25.09.2012 13:14:58 AEHELP.DLL : 8.1.23.2 258422 Bytes 07.09.2012 18:25:49 AEGEN.DLL : 8.1.5.36 434549 Bytes 07.09.2012 18:37:40 AEEXP.DLL : 8.1.0.86 90484 Bytes 07.09.2012 18:37:40 AEEMU.DLL : 8.1.3.2 393587 Bytes 07.09.2012 18:25:49 AECORE.DLL : 8.1.27.4 201078 Bytes 07.09.2012 18:37:40 AEBB.DLL : 8.1.1.0 53618 Bytes 20.01.2012 23:21:28 AVWINLL.DLL : 12.3.0.15 27344 Bytes 07.09.2012 18:25:56 AVPREF.DLL : 12.3.0.15 51920 Bytes 07.09.2012 18:25:55 AVREP.DLL : 12.3.0.15 179208 Bytes 07.09.2012 18:25:55 AVARKT.DLL : 12.3.0.15 211408 Bytes 07.09.2012 18:25:54 AVEVTLOG.DLL : 12.3.0.15 169168 Bytes 07.09.2012 18:25:54 SQLITE3.DLL : 3.7.0.1 398288 Bytes 07.09.2012 18:26:01 AVSMTP.DLL : 12.3.0.32 63480 Bytes 07.09.2012 18:25:55 NETNT.DLL : 12.3.0.15 17104 Bytes 07.09.2012 18:25:59 RCIMAGE.DLL : 12.3.0.31 4444408 Bytes 07.09.2012 18:26:04 RCTEXT.DLL : 12.3.0.31 100088 Bytes 07.09.2012 18:26:04 Konfiguration für den aktuellen Suchlauf: Job Name..............................: Schnelle Systemprüfung Konfigurationsdatei...................: C:\program files (x86)\avira\antivir desktop\quicksysscan.avp Protokollierung.......................: standard Primäre Aktion........................: interaktiv Sekundäre Aktion......................: ignorieren Durchsuche Masterbootsektoren.........: ein Durchsuche Bootsektoren...............: ein Bootsektoren..........................: C:, Durchsuche aktive Programme...........: ein Durchsuche Registrierung..............: ein Suche nach Rootkits...................: aus Integritätsprüfung von Systemdateien..: aus Datei Suchmodus.......................: Intelligente Dateiauswahl Durchsuche Archive....................: ein Rekursionstiefe einschränken..........: 20 Archiv Smart Extensions...............: ein Makrovirenheuristik...................: ein Dateiheuristik........................: vollständig Abweichende Gefahrenkategorien........: +APPL,+GAME,+JOKE,+PCK,+PFS,+SPR, Beginn des Suchlaufs: Mittwoch, 26. September 2012 15:08 Der Suchlauf über die Masterbootsektoren wird begonnen: Masterbootsektor HD0 [INFO] Es wurde kein Virus gefunden! Der Suchlauf über die Bootsektoren wird begonnen: Bootsektor 'C:\' [INFO] Es wurde kein Virus gefunden! Der Suchlauf über gestartete Prozesse wird begonnen: Durchsuche Prozess 'avscan.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avcenter.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamgui.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamservice.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'mbamscheduler.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'UNS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'LMS.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorDataMgrSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avgnt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'Updater.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'YouCamService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'brs.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PDVD10Serv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMLSvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'nusb3mon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'IAStorIcon.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'HCSynApi.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'GoogleToolbarNotifier.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'POSD.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'MsgTranAgt.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'PHotkey.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMSServer.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'CLMSMonitorService.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'AVWEBGRD.EXE' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'armsvc.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'sched.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'ASLDRSrv.exe' - '1' Modul(e) wurden durchsucht Durchsuche Prozess 'avguard.exe' - '1' Modul(e) wurden durchsucht Der Suchlauf auf Verweise zu ausführbaren Dateien (Registry) wird begonnen: Die Registry wurde durchsucht ( '1421' Dateien ). Der Suchlauf über die ausgewählten Dateien wird begonnen: Beginne mit der Suche in 'C:\Users\Brüll' Beginne mit der Suche in 'C:\Windows' Beginne mit der Suche in 'C:\Users\' Beginne mit der Suche in 'C:\Program Files (x86)' C:\Program Files (x86)\InstallShield Installation Information\{01FB4998-33C4-4431-85ED-079E3EEFE75D}\SupportFiles.7z [WARNUNG] Das gesamte Archiv ist kennwortgeschützt C:\Program Files (x86)\InstallShield Installation Information\{CB099890-1D5F-11D5-9EA9-0050BAE317E1}\SupportFiles.zip [WARNUNG] Die Datei ist kennwortgeschützt Ende des Suchlaufs: Mittwoch, 26. September 2012 15:51 Benötigte Zeit: 43:17 Minute(n) Der Suchlauf wurde vollständig durchgeführt. 61432 Verzeichnisse wurden überprüft 467756 Dateien wurden geprüft 0 Viren bzw. unerwünschte Programme wurden gefunden 0 Dateien wurden als verdächtig eingestuft 0 Dateien wurden gelöscht 0 Viren bzw. unerwünschte Programme wurden repariert 0 Dateien wurden in die Quarantäne verschoben 0 Dateien wurden umbenannt 0 Dateien konnten nicht durchsucht werden 467756 Dateien ohne Befall 2061 Archive wurden durchsucht 2 Warnungen 0 Hinweise Meine Frage nun ist, ob ich meinen Laptop wieder sorgenfrei benutzen kann!? Traue der Sache wie gesagt noch nicht so ganz... Würde mich sehr freuen, wenn mir jemand helfen könnte und sich die Zeit nimmt! Bin für jeden Tipp dankbar!  Geändert von MrHanky (26.09.2012 um 15:50 Uhr) Grund: Wollte den Tippfehler im Thema korrigieren... Wäre ein Admin so nett? |
|
27.09.2012, 06:36
| #2 |
| /// the machine /// TB-Ausbilder    | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Hi,
__________________Wenn Du aufs Werkseinstellungen zurückgesetzt hast sollte alles in Butter sein, aber schaun mer mal  Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
27.09.2012, 07:37
| #3 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Danke für die schnelle Antwort!
__________________Habe in dem Programm nach dem Scan auf Report geklickt und das hier ist das Ergebnis: Code:
ATTFilter 08:34:09.0102 4100 TDSS rootkit removing tool 2.8.10.0 Sep 17 2012 19:23:24
08:34:09.0258 4100 ============================================================
08:34:09.0258 4100 Current date / time: 2012/09/27 08:34:09.0258
08:34:09.0258 4100 SystemInfo:
08:34:09.0258 4100
08:34:09.0258 4100 OS Version: 6.1.7601 ServicePack: 1.0
08:34:09.0258 4100 Product type: Workstation
08:34:09.0258 4100 ComputerName: BRÜLL-LAPTOP
08:34:09.0258 4100 UserName: Brüll
08:34:09.0258 4100 Windows directory: C:\Windows
08:34:09.0258 4100 System windows directory: C:\Windows
08:34:09.0258 4100 Running under WOW64
08:34:09.0258 4100 Processor architecture: Intel x64
08:34:09.0258 4100 Number of processors: 2
08:34:09.0258 4100 Page size: 0x1000
08:34:09.0258 4100 Boot type: Normal boot
08:34:09.0258 4100 ============================================================
08:34:09.0836 4100 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
08:34:09.0836 4100 ============================================================
08:34:09.0836 4100 \Device\Harddisk0\DR0:
08:34:09.0836 4100 MBR partitions:
08:34:09.0836 4100 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
08:34:09.0836 4100 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x33D52800
08:34:09.0836 4100 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x33D85000, BlocksNum 0x6400000
08:34:09.0836 4100 ============================================================
08:34:09.0851 4100 C: <-> \Device\Harddisk0\DR0\Partition2
08:34:09.0898 4100 D: <-> \Device\Harddisk0\DR0\Partition3
08:34:09.0898 4100 ============================================================
08:34:09.0898 4100 Initialize success
08:34:09.0898 4100 ============================================================
08:34:11.0692 5484 ============================================================
08:34:11.0692 5484 Scan started
08:34:11.0692 5484 Mode: Manual;
08:34:11.0692 5484 ============================================================
08:34:12.0534 5484 ================ Scan system memory ========================
08:34:12.0534 5484 System memory - ok
08:34:12.0534 5484 ================ Scan services =============================
08:34:13.0299 5484 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:34:13.0314 5484 1394ohci - ok
08:34:13.0330 5484 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:34:13.0330 5484 ACPI - ok
08:34:13.0346 5484 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:34:13.0346 5484 AcpiPmi - ok
08:34:13.0548 5484 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
08:34:13.0548 5484 AdobeARMservice - ok
08:34:13.0876 5484 [ E12CFCF1DDBFC50948A75E6E38793225 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
08:34:13.0876 5484 AdobeFlashPlayerUpdateSvc - ok
08:34:13.0938 5484 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
08:34:13.0938 5484 adp94xx - ok
08:34:13.0985 5484 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
08:34:13.0985 5484 adpahci - ok
08:34:14.0001 5484 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
08:34:14.0001 5484 adpu320 - ok
08:34:14.0048 5484 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:34:14.0048 5484 AeLookupSvc - ok
08:34:14.0110 5484 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
08:34:14.0110 5484 AFD - ok
08:34:14.0172 5484 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
08:34:14.0188 5484 agp440 - ok
08:34:14.0235 5484 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
08:34:14.0235 5484 ALG - ok
08:34:14.0250 5484 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
08:34:14.0250 5484 aliide - ok
08:34:14.0266 5484 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
08:34:14.0266 5484 amdide - ok
08:34:14.0282 5484 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
08:34:14.0282 5484 AmdK8 - ok
08:34:14.0282 5484 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
08:34:14.0297 5484 AmdPPM - ok
08:34:14.0313 5484 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:34:14.0313 5484 amdsata - ok
08:34:14.0313 5484 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
08:34:14.0328 5484 amdsbs - ok
08:34:14.0328 5484 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:34:14.0328 5484 amdxata - ok
08:34:14.0360 5484 [ 08D51900C07BAE4F1FC82FC669B99B79 ] AmUStor C:\Windows\system32\drivers\AmUStor.SYS
08:34:14.0375 5484 AmUStor - ok
08:34:14.0625 5484 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
08:34:14.0625 5484 AntiVirSchedulerService - ok
08:34:14.0718 5484 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
08:34:14.0718 5484 AntiVirService - ok
08:34:14.0781 5484 [ 676894FA57B671FEC5C3F05F8929E03B ] AntiVirWebService C:\Program Files (x86)\Avira\AntiVir Desktop\AVWEBGRD.EXE
08:34:14.0781 5484 AntiVirWebService - ok
08:34:14.0812 5484 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
08:34:14.0812 5484 AppID - ok
08:34:14.0859 5484 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:34:14.0874 5484 AppIDSvc - ok
08:34:14.0890 5484 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
08:34:14.0890 5484 Appinfo - ok
08:34:14.0906 5484 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
08:34:14.0906 5484 arc - ok
08:34:14.0921 5484 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
08:34:14.0921 5484 arcsas - ok
08:34:14.0984 5484 [ EFD89582B55DD32DC79C1A4EB54612A1 ] ASLDRService C:\Program Files (x86)\PHotkey\ASLDRSrv.exe
08:34:14.0984 5484 ASLDRService - ok
08:34:15.0015 5484 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:34:15.0015 5484 AsyncMac - ok
08:34:15.0046 5484 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
08:34:15.0046 5484 atapi - ok
08:34:15.0124 5484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:34:15.0140 5484 AudioEndpointBuilder - ok
08:34:15.0171 5484 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
08:34:15.0186 5484 AudioSrv - ok
08:34:15.0233 5484 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:34:15.0233 5484 avgntflt - ok
08:34:15.0296 5484 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:34:15.0296 5484 avipbb - ok
08:34:15.0327 5484 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:34:15.0327 5484 avkmgr - ok
08:34:15.0436 5484 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:34:15.0436 5484 AxInstSV - ok
08:34:15.0498 5484 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
08:34:15.0498 5484 b06bdrv - ok
08:34:15.0530 5484 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
08:34:15.0530 5484 b57nd60a - ok
08:34:15.0576 5484 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
08:34:15.0592 5484 BDESVC - ok
08:34:15.0608 5484 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
08:34:15.0608 5484 Beep - ok
08:34:15.0670 5484 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
08:34:15.0670 5484 BFE - ok
08:34:15.0748 5484 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
08:34:15.0748 5484 BITS - ok
08:34:15.0779 5484 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
08:34:15.0779 5484 blbdrive - ok
08:34:15.0779 5484 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:34:15.0779 5484 bowser - ok
08:34:15.0810 5484 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
08:34:15.0810 5484 BrFiltLo - ok
08:34:15.0810 5484 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
08:34:15.0810 5484 BrFiltUp - ok
08:34:15.0842 5484 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
08:34:15.0842 5484 Browser - ok
08:34:15.0857 5484 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:34:15.0873 5484 Brserid - ok
08:34:15.0873 5484 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:34:15.0873 5484 BrSerWdm - ok
08:34:15.0888 5484 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:34:15.0888 5484 BrUsbMdm - ok
08:34:15.0888 5484 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:34:15.0888 5484 BrUsbSer - ok
08:34:15.0888 5484 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
08:34:15.0904 5484 BTHMODEM - ok
08:34:15.0982 5484 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
08:34:15.0982 5484 bthserv - ok
08:34:16.0013 5484 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:34:16.0013 5484 cdfs - ok
08:34:16.0044 5484 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
08:34:16.0060 5484 cdrom - ok
08:34:16.0107 5484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
08:34:16.0107 5484 CertPropSvc - ok
08:34:16.0154 5484 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
08:34:16.0169 5484 circlass - ok
08:34:16.0216 5484 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
08:34:16.0232 5484 CLFS - ok
08:34:16.0388 5484 [ 524DC3807CB1746225F9D26ADD19C319 ] CLKMSVC10_38F51D56 C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe
08:34:16.0388 5484 CLKMSVC10_38F51D56 - ok
08:34:16.0590 5484 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:34:16.0590 5484 clr_optimization_v2.0.50727_32 - ok
08:34:16.0793 5484 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
08:34:16.0793 5484 clr_optimization_v2.0.50727_64 - ok
08:34:16.0996 5484 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:34:16.0996 5484 clr_optimization_v4.0.30319_32 - ok
08:34:17.0214 5484 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
08:34:17.0214 5484 clr_optimization_v4.0.30319_64 - ok
08:34:17.0246 5484 [ E13A438F9E51DD034730678E33B73290 ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
08:34:17.0261 5484 clwvd - ok
08:34:17.0261 5484 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
08:34:17.0261 5484 CmBatt - ok
08:34:17.0292 5484 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:34:17.0292 5484 cmdide - ok
08:34:17.0339 5484 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
08:34:17.0339 5484 CNG - ok
08:34:17.0402 5484 [ E0B53D1FEF69106B76C06A0D783916E8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys
08:34:17.0433 5484 CnxtHdAudService - ok
08:34:17.0464 5484 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
08:34:17.0464 5484 Compbatt - ok
08:34:17.0464 5484 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:34:17.0480 5484 CompositeBus - ok
08:34:17.0480 5484 COMSysApp - ok
08:34:17.0495 5484 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
08:34:17.0511 5484 crcdisk - ok
08:34:17.0573 5484 [ 4F5414602E2544A4554D95517948B705 ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:34:17.0573 5484 CryptSvc - ok
08:34:17.0636 5484 [ F160B26B26BA4AFE8CECC12ED5AC231E ] CxAudMsg C:\Windows\system32\CxAudMsg64.exe
08:34:17.0636 5484 CxAudMsg - ok
08:34:17.0682 5484 [ 7F5CD87CA5BDB4D83F992D8C77201483 ] CyberLink PowerDVD 10 MS Monitor Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSMonitorService.exe
08:34:17.0682 5484 CyberLink PowerDVD 10 MS Monitor Service - ok
08:34:17.0729 5484 [ 9FAF58E876A3B1DB3030A0A5805F2D86 ] CyberLink PowerDVD 10 MS Service C:\Program Files (x86)\CyberLink\PowerDVD10\Device\MediaServer\CLMSServer.exe
08:34:17.0729 5484 CyberLink PowerDVD 10 MS Service - ok
08:34:17.0807 5484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
08:34:17.0807 5484 DcomLaunch - ok
08:34:17.0854 5484 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
08:34:17.0870 5484 defragsvc - ok
08:34:17.0916 5484 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:34:17.0916 5484 DfsC - ok
08:34:17.0994 5484 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
08:34:18.0010 5484 Dhcp - ok
08:34:18.0010 5484 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
08:34:18.0041 5484 discache - ok
08:34:18.0072 5484 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
08:34:18.0088 5484 Disk - ok
08:34:18.0150 5484 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:34:18.0150 5484 Dnscache - ok
08:34:18.0228 5484 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
08:34:18.0244 5484 dot3svc - ok
08:34:18.0306 5484 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
08:34:18.0306 5484 DPS - ok
08:34:18.0338 5484 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:34:18.0369 5484 drmkaud - ok
08:34:18.0431 5484 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:34:18.0462 5484 DXGKrnl - ok
08:34:18.0525 5484 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
08:34:18.0556 5484 EapHost - ok
08:34:18.0665 5484 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
08:34:18.0696 5484 ebdrv - ok
08:34:18.0743 5484 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
08:34:18.0743 5484 EFS - ok
08:34:18.0899 5484 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:34:18.0899 5484 ehRecvr - ok
08:34:18.0930 5484 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
08:34:18.0930 5484 ehSched - ok
08:34:18.0993 5484 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
08:34:18.0993 5484 elxstor - ok
08:34:19.0008 5484 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:34:19.0008 5484 ErrDev - ok
08:34:19.0071 5484 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
08:34:19.0071 5484 EventSystem - ok
08:34:19.0242 5484 [ 54FC81B0162478A72A93DBBEAFB35671 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
08:34:19.0242 5484 EvtEng - ok
08:34:19.0289 5484 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
08:34:19.0305 5484 exfat - ok
08:34:19.0320 5484 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:34:19.0336 5484 fastfat - ok
08:34:19.0398 5484 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
08:34:19.0430 5484 Fax - ok
08:34:19.0430 5484 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
08:34:19.0430 5484 fdc - ok
08:34:19.0476 5484 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
08:34:19.0476 5484 fdPHost - ok
08:34:19.0492 5484 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
08:34:19.0492 5484 FDResPub - ok
08:34:19.0508 5484 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:34:19.0508 5484 FileInfo - ok
08:34:19.0508 5484 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:34:19.0523 5484 Filetrace - ok
08:34:19.0554 5484 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
08:34:19.0554 5484 flpydisk - ok
08:34:19.0586 5484 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:34:19.0601 5484 FltMgr - ok
08:34:19.0664 5484 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
08:34:19.0695 5484 FontCache - ok
08:34:19.0757 5484 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
08:34:19.0757 5484 FontCache3.0.0.0 - ok
08:34:19.0788 5484 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:34:19.0804 5484 FsDepends - ok
08:34:19.0835 5484 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:34:19.0835 5484 Fs_Rec - ok
08:34:19.0866 5484 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:34:19.0866 5484 fvevol - ok
08:34:19.0882 5484 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
08:34:19.0898 5484 gagp30kx - ok
08:34:19.0944 5484 [ BA9051D3745FA546DE3660F5F2EF84A5 ] GFNEXSrv C:\Program Files (x86)\PHotkey\GFNEXSrv.exe
08:34:19.0944 5484 GFNEXSrv - ok
08:34:20.0007 5484 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
08:34:20.0022 5484 gpsvc - ok
08:34:20.0100 5484 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:20.0100 5484 gupdate - ok
08:34:20.0116 5484 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
08:34:20.0116 5484 gupdatem - ok
08:34:20.0163 5484 [ CC839E8D766CC31A7710C9F38CF3E375 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
08:34:20.0163 5484 gusvc - ok
08:34:20.0210 5484 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:34:20.0210 5484 hcw85cir - ok
08:34:20.0225 5484 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:34:20.0241 5484 HdAudAddService - ok
08:34:20.0241 5484 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:34:20.0241 5484 HDAudBus - ok
08:34:20.0256 5484 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
08:34:20.0256 5484 HidBatt - ok
08:34:20.0256 5484 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
08:34:20.0256 5484 HidBth - ok
08:34:20.0272 5484 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
08:34:20.0272 5484 HidIr - ok
08:34:20.0319 5484 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
08:34:20.0319 5484 hidserv - ok
08:34:20.0334 5484 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:34:20.0350 5484 HidUsb - ok
08:34:20.0381 5484 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:34:20.0381 5484 hkmsvc - ok
08:34:20.0397 5484 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:34:20.0412 5484 HomeGroupListener - ok
08:34:20.0459 5484 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:34:20.0459 5484 HomeGroupProvider - ok
08:34:20.0475 5484 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:34:20.0490 5484 HpSAMD - ok
08:34:20.0537 5484 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:34:20.0537 5484 HTTP - ok
08:34:20.0568 5484 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:34:20.0568 5484 hwpolicy - ok
08:34:20.0615 5484 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:34:20.0631 5484 i8042prt - ok
08:34:20.0662 5484 [ D7921D5A870B11CC1ADAB198A519D50A ] iaStor C:\Windows\system32\drivers\iaStor.sys
08:34:20.0662 5484 iaStor - ok
08:34:20.0771 5484 [ 8FFF9083252C16FE3960173722605E9E ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
08:34:20.0771 5484 IAStorDataMgrSvc - ok
08:34:20.0849 5484 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:34:20.0849 5484 iaStorV - ok
08:34:20.0927 5484 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
08:34:20.0927 5484 idsvc - ok
08:34:21.0239 5484 [ 795C99DC4F574C97C03D0BB39CF099EE ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
08:34:21.0317 5484 igfx - ok
08:34:21.0364 5484 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
08:34:21.0380 5484 iirsp - ok
08:34:21.0442 5484 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
08:34:21.0473 5484 IKEEXT - ok
08:34:21.0520 5484 [ FC727061C0F47C8059E88E05D5C8E381 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
08:34:21.0536 5484 IntcDAud - ok
08:34:21.0598 5484 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
08:34:21.0598 5484 intelide - ok
08:34:21.0614 5484 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
08:34:21.0614 5484 intelppm - ok
08:34:21.0676 5484 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:34:21.0692 5484 IPBusEnum - ok
08:34:21.0692 5484 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:34:21.0707 5484 IpFilterDriver - ok
08:34:21.0754 5484 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:34:21.0770 5484 iphlpsvc - ok
08:34:21.0785 5484 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:34:21.0785 5484 IPMIDRV - ok
08:34:21.0801 5484 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:34:21.0801 5484 IPNAT - ok
08:34:21.0848 5484 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:34:21.0848 5484 IRENUM - ok
08:34:21.0863 5484 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:34:21.0879 5484 isapnp - ok
08:34:21.0926 5484 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:34:21.0941 5484 iScsiPrt - ok
08:34:21.0972 5484 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:34:21.0972 5484 kbdclass - ok
08:34:21.0988 5484 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:34:22.0004 5484 kbdhid - ok
08:34:22.0019 5484 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
08:34:22.0035 5484 KeyIso - ok
08:34:22.0066 5484 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:34:22.0082 5484 KSecDD - ok
08:34:22.0097 5484 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:34:22.0113 5484 KSecPkg - ok
08:34:22.0191 5484 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
08:34:22.0191 5484 ksthunk - ok
08:34:22.0253 5484 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
08:34:22.0284 5484 KtmRm - ok
08:34:22.0300 5484 [ A4A9CA24E54E81C6C3E469EAEB4B3F42 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
08:34:22.0300 5484 L1C - ok
08:34:22.0362 5484 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
08:34:22.0378 5484 LanmanServer - ok
08:34:22.0440 5484 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:34:22.0456 5484 LanmanWorkstation - ok
08:34:22.0550 5484 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:34:22.0550 5484 lltdio - ok
08:34:22.0612 5484 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:34:22.0628 5484 lltdsvc - ok
08:34:22.0643 5484 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
08:34:22.0643 5484 lmhosts - ok
08:34:22.0737 5484 [ 926EBA26A8B49D1597751CED06B50862 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
08:34:22.0737 5484 LMS - ok
08:34:22.0784 5484 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
08:34:22.0799 5484 LSI_FC - ok
08:34:22.0815 5484 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
08:34:22.0815 5484 LSI_SAS - ok
08:34:22.0830 5484 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
08:34:22.0830 5484 LSI_SAS2 - ok
08:34:22.0862 5484 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
08:34:22.0877 5484 LSI_SCSI - ok
08:34:22.0893 5484 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
08:34:22.0893 5484 luafv - ok
08:34:22.0955 5484 [ B9FC4CCE5758B816F27DD4D1EED11841 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:34:22.0955 5484 MBAMProtector - ok
08:34:23.0064 5484 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:34:23.0064 5484 MBAMScheduler - ok
08:34:23.0111 5484 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
08:34:23.0142 5484 MBAMService - ok
08:34:23.0189 5484 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:34:23.0189 5484 Mcx2Svc - ok
08:34:23.0267 5484 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
08:34:23.0267 5484 megasas - ok
08:34:23.0283 5484 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
08:34:23.0298 5484 MegaSR - ok
08:34:23.0330 5484 [ 1C6E73FC46B509EFF9D0086AA37132DF ] MEIx64 C:\Windows\system32\drivers\HECIx64.sys
08:34:23.0330 5484 MEIx64 - ok
08:34:23.0423 5484 [ 8A43D23ACE2E8C95A2D87B6E9599DEDA ] MemeoBackgroundService C:\Program Files (x86)\Memeo\AutoBackup\MemeoBackgroundService.exe
08:34:23.0439 5484 MemeoBackgroundService - ok
08:34:23.0532 5484 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
08:34:23.0548 5484 MMCSS - ok
08:34:23.0564 5484 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
08:34:23.0579 5484 Modem - ok
08:34:23.0610 5484 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:34:23.0610 5484 monitor - ok
08:34:23.0642 5484 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:34:23.0657 5484 mouclass - ok
08:34:23.0673 5484 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:34:23.0673 5484 mouhid - ok
08:34:23.0673 5484 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:34:23.0688 5484 mountmgr - ok
08:34:23.0782 5484 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
08:34:23.0782 5484 MozillaMaintenance - ok
08:34:23.0829 5484 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
08:34:23.0844 5484 mpio - ok
08:34:23.0844 5484 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:34:23.0860 5484 mpsdrv - ok
08:34:23.0922 5484 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:34:23.0969 5484 MpsSvc - ok
08:34:23.0969 5484 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:34:23.0985 5484 MRxDAV - ok
08:34:24.0000 5484 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:34:24.0016 5484 mrxsmb - ok
08:34:24.0032 5484 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:34:24.0032 5484 mrxsmb10 - ok
08:34:24.0047 5484 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:34:24.0063 5484 mrxsmb20 - ok
08:34:24.0063 5484 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
08:34:24.0078 5484 msahci - ok
08:34:24.0094 5484 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:34:24.0110 5484 msdsm - ok
08:34:24.0141 5484 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
08:34:24.0156 5484 MSDTC - ok
08:34:24.0172 5484 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:34:24.0188 5484 Msfs - ok
08:34:24.0203 5484 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:34:24.0219 5484 mshidkmdf - ok
08:34:24.0219 5484 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:34:24.0234 5484 msisadrv - ok
08:34:24.0297 5484 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:34:24.0297 5484 MSiSCSI - ok
08:34:24.0312 5484 msiserver - ok
08:34:24.0328 5484 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:34:24.0328 5484 MSKSSRV - ok
08:34:24.0359 5484 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:34:24.0359 5484 MSPCLOCK - ok
08:34:24.0359 5484 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:34:24.0375 5484 MSPQM - ok
08:34:24.0375 5484 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:34:24.0390 5484 MsRPC - ok
08:34:24.0437 5484 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:34:24.0453 5484 mssmbios - ok
08:34:24.0468 5484 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:34:24.0484 5484 MSTEE - ok
08:34:24.0484 5484 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
08:34:24.0484 5484 MTConfig - ok
08:34:24.0500 5484 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
08:34:24.0500 5484 Mup - ok
08:34:24.0562 5484 [ 4BBB9D9C4DF259FAE2D172C5BB25DDD0 ] MyWiFiDHCPDNS C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
08:34:24.0562 5484 MyWiFiDHCPDNS - ok
08:34:24.0609 5484 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
08:34:24.0640 5484 napagent - ok
08:34:24.0718 5484 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:34:24.0718 5484 NativeWifiP - ok
08:34:24.0796 5484 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:34:24.0827 5484 NDIS - ok
08:34:24.0905 5484 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:34:24.0921 5484 NdisCap - ok
08:34:24.0936 5484 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:34:24.0936 5484 NdisTapi - ok
08:34:24.0968 5484 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:34:24.0968 5484 Ndisuio - ok
08:34:24.0983 5484 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:34:24.0999 5484 NdisWan - ok
08:34:25.0014 5484 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:34:25.0030 5484 NDProxy - ok
08:34:25.0030 5484 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:34:25.0046 5484 NetBIOS - ok
08:34:25.0061 5484 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:34:25.0061 5484 NetBT - ok
08:34:25.0077 5484 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
08:34:25.0092 5484 Netlogon - ok
08:34:25.0170 5484 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
08:34:25.0186 5484 Netman - ok
08:34:25.0202 5484 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
08:34:25.0233 5484 netprofm - ok
08:34:25.0280 5484 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:34:25.0280 5484 NetTcpPortSharing - ok
08:34:25.0592 5484 [ AC69618DE5BCCE8747C9AB0AAE1003C1 ] NETwNs64 C:\Windows\system32\DRIVERS\NETwNs64.sys
08:34:25.0654 5484 NETwNs64 - ok
08:34:25.0670 5484 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
08:34:25.0670 5484 nfrd960 - ok
08:34:25.0732 5484 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
08:34:25.0732 5484 NlaSvc - ok
08:34:25.0748 5484 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:34:25.0763 5484 Npfs - ok
08:34:25.0779 5484 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
08:34:25.0779 5484 nsi - ok
08:34:25.0794 5484 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:34:25.0794 5484 nsiproxy - ok
08:34:25.0857 5484 [ A2F74975097F52A00745F9637451FDD8 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:34:25.0872 5484 Ntfs - ok
08:34:25.0872 5484 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
08:34:25.0872 5484 Null - ok
08:34:25.0904 5484 [ 0EBC9D13CD96C15B1B18D8678A609E4B ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys
08:34:25.0904 5484 nusb3hub - ok
08:34:25.0904 5484 [ 7BDEC000D56D485021D9C1E63C2F81CA ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys
08:34:25.0919 5484 nusb3xhc - ok
08:34:25.0950 5484 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
08:34:25.0966 5484 NVENETFD - ok
08:34:26.0278 5484 [ DD81FBC57AB9134CDDC5CE90880BFD80 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
08:34:26.0356 5484 nvlddmkm - ok
08:34:26.0356 5484 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:34:26.0356 5484 nvraid - ok
08:34:26.0372 5484 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:34:26.0372 5484 nvstor - ok
08:34:26.0372 5484 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:34:26.0372 5484 nv_agp - ok
08:34:26.0387 5484 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:34:26.0387 5484 ohci1394 - ok
08:34:26.0434 5484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:34:26.0450 5484 p2pimsvc - ok
08:34:26.0512 5484 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
08:34:26.0543 5484 p2psvc - ok
08:34:26.0590 5484 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
08:34:26.0606 5484 Parport - ok
08:34:26.0637 5484 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:34:26.0652 5484 partmgr - ok
08:34:26.0777 5484 [ 9665402B7FA59302D520AD845DDFC026 ] Partner Service C:\ProgramData\Partner\Partner.exe
08:34:26.0777 5484 Partner Service - ok
08:34:26.0824 5484 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:34:26.0840 5484 PcaSvc - ok
08:34:26.0855 5484 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
08:34:26.0871 5484 pci - ok
08:34:26.0871 5484 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
08:34:26.0886 5484 pciide - ok
08:34:26.0933 5484 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
08:34:26.0949 5484 pcmcia - ok
08:34:26.0964 5484 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
08:34:26.0980 5484 pcw - ok
08:34:26.0996 5484 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:34:27.0027 5484 PEAUTH - ok
08:34:27.0105 5484 [ EE926C59CBD4DC4DC9FBB85014A2F1A5 ] PEGAGFN C:\Program Files (x86)\PHotkey\PEGAGFN.sys
08:34:27.0105 5484 PEGAGFN - ok
08:34:27.0386 5484 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
08:34:27.0401 5484 PerfHost - ok
08:34:27.0510 5484 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
08:34:27.0542 5484 pla - ok
08:34:27.0604 5484 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:34:27.0635 5484 PlugPlay - ok
08:34:27.0651 5484 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:34:27.0651 5484 PNRPAutoReg - ok
08:34:27.0666 5484 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:34:27.0682 5484 PNRPsvc - ok
08:34:27.0744 5484 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:34:27.0760 5484 PolicyAgent - ok
08:34:27.0791 5484 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
08:34:27.0791 5484 Power - ok
08:34:27.0838 5484 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:34:27.0854 5484 PptpMiniport - ok
08:34:27.0900 5484 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
08:34:27.0916 5484 Processor - ok
08:34:27.0978 5484 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
08:34:27.0994 5484 ProfSvc - ok
08:34:28.0010 5484 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:34:28.0010 5484 ProtectedStorage - ok
08:34:28.0056 5484 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:34:28.0072 5484 Psched - ok
08:34:28.0181 5484 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
08:34:28.0212 5484 ql2300 - ok
08:34:28.0212 5484 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
08:34:28.0228 5484 ql40xx - ok
08:34:28.0290 5484 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
08:34:28.0290 5484 QWAVE - ok
08:34:28.0306 5484 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:34:28.0306 5484 QWAVEdrv - ok
08:34:28.0322 5484 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:34:28.0322 5484 RasAcd - ok
08:34:28.0368 5484 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:34:28.0384 5484 RasAgileVpn - ok
08:34:28.0415 5484 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
08:34:28.0431 5484 RasAuto - ok
08:34:28.0431 5484 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:34:28.0446 5484 Rasl2tp - ok
08:34:28.0493 5484 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
08:34:28.0509 5484 RasMan - ok
08:34:28.0524 5484 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:34:28.0540 5484 RasPppoe - ok
08:34:28.0556 5484 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:34:28.0556 5484 RasSstp - ok
08:34:28.0571 5484 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:34:28.0587 5484 rdbss - ok
08:34:28.0602 5484 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
08:34:28.0602 5484 rdpbus - ok
08:34:28.0634 5484 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:34:28.0634 5484 RDPCDD - ok
08:34:28.0649 5484 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:34:28.0649 5484 RDPENCDD - ok
08:34:28.0649 5484 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:34:28.0665 5484 RDPREFMP - ok
08:34:28.0696 5484 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:34:28.0712 5484 RDPWD - ok
08:34:28.0758 5484 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:34:28.0774 5484 rdyboost - ok
08:34:28.0883 5484 [ A436F5E7D80BBDBB0826D0F176D5BEA8 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
08:34:28.0914 5484 RegSrvc - ok
08:34:28.0946 5484 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
08:34:28.0961 5484 RemoteAccess - ok
08:34:29.0039 5484 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:34:29.0055 5484 RemoteRegistry - ok
08:34:29.0148 5484 [ 0B169FE016039571ECC6DB70073F8979 ] RichVideo64 C:\Program Files\CyberLink\Shared files\RichVideo64.exe
08:34:29.0164 5484 RichVideo64 - ok
08:34:29.0211 5484 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:34:29.0226 5484 RpcEptMapper - ok
08:34:29.0273 5484 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
08:34:29.0289 5484 RpcLocator - ok
08:34:29.0320 5484 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
08:34:29.0320 5484 RpcSs - ok
08:34:29.0398 5484 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:34:29.0398 5484 rspndr - ok
08:34:29.0429 5484 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
08:34:29.0445 5484 RTL8167 - ok
08:34:29.0476 5484 [ B3F36B4B3F192EA87DDC119F3A0B3E45 ] RTL8192su C:\Windows\system32\DRIVERS\RTL8192su.sys
08:34:29.0476 5484 RTL8192su - ok
08:34:29.0507 5484 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
08:34:29.0507 5484 SamSs - ok
08:34:29.0523 5484 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:34:29.0538 5484 sbp2port - ok
08:34:29.0585 5484 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:34:29.0601 5484 SCardSvr - ok
08:34:29.0632 5484 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:34:29.0648 5484 scfilter - ok
08:34:29.0726 5484 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
08:34:29.0772 5484 Schedule - ok
08:34:29.0804 5484 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:34:29.0819 5484 SCPolicySvc - ok
08:34:29.0835 5484 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:34:29.0866 5484 SDRSVC - ok
08:34:29.0882 5484 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:34:29.0882 5484 secdrv - ok
08:34:29.0913 5484 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
08:34:29.0913 5484 seclogon - ok
08:34:29.0960 5484 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
08:34:29.0960 5484 SENS - ok
08:34:29.0975 5484 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:34:29.0991 5484 SensrSvc - ok
08:34:29.0991 5484 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
08:34:30.0006 5484 Serenum - ok
08:34:30.0038 5484 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
08:34:30.0038 5484 Serial - ok
08:34:30.0053 5484 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
08:34:30.0053 5484 sermouse - ok
08:34:30.0084 5484 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
08:34:30.0100 5484 SessionEnv - ok
08:34:30.0100 5484 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
08:34:30.0116 5484 sffdisk - ok
08:34:30.0116 5484 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:34:30.0116 5484 sffp_mmc - ok
08:34:30.0131 5484 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
08:34:30.0131 5484 sffp_sd - ok
08:34:30.0131 5484 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
08:34:30.0131 5484 sfloppy - ok
08:34:30.0178 5484 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:34:30.0194 5484 SharedAccess - ok
08:34:30.0225 5484 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:34:30.0256 5484 ShellHWDetection - ok
08:34:30.0287 5484 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
08:34:30.0287 5484 SiSRaid2 - ok
08:34:30.0303 5484 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
08:34:30.0318 5484 SiSRaid4 - ok
08:34:30.0350 5484 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:34:30.0365 5484 Smb - ok
08:34:30.0428 5484 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:34:30.0443 5484 SNMPTRAP - ok
08:34:30.0459 5484 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
08:34:30.0459 5484 spldr - ok
08:34:30.0521 5484 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
08:34:30.0552 5484 Spooler - ok
08:34:30.0693 5484 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
08:34:30.0802 5484 sppsvc - ok
08:34:30.0818 5484 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:34:30.0818 5484 sppuinotify - ok
08:34:30.0864 5484 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
08:34:30.0880 5484 srv - ok
08:34:30.0927 5484 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:34:30.0942 5484 srv2 - ok
08:34:30.0942 5484 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:34:30.0958 5484 srvnet - ok
08:34:30.0989 5484 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:34:30.0989 5484 SSDPSRV - ok
08:34:31.0005 5484 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:34:31.0020 5484 SstpSvc - ok
08:34:31.0020 5484 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
08:34:31.0036 5484 stexstor - ok
08:34:31.0098 5484 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
08:34:31.0114 5484 stisvc - ok
08:34:31.0161 5484 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
08:34:31.0161 5484 swenum - ok
08:34:31.0239 5484 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
08:34:31.0270 5484 swprv - ok
08:34:31.0317 5484 [ BE2B928DE9AF2848289DB7A54C7E2398 ] SynTP C:\Windows\system32\drivers\SynTP.sys
08:34:31.0332 5484 SynTP - ok
08:34:31.0395 5484 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
08:34:31.0457 5484 SysMain - ok
08:34:31.0488 5484 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:34:31.0504 5484 TabletInputService - ok
08:34:31.0613 5484 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
08:34:31.0644 5484 TapiSrv - ok
08:34:31.0660 5484 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
08:34:31.0676 5484 TBS - ok
08:34:31.0769 5484 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:34:31.0785 5484 Tcpip - ok
08:34:31.0878 5484 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:34:31.0910 5484 TCPIP6 - ok
08:34:31.0956 5484 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:34:31.0972 5484 tcpipreg - ok
08:34:31.0972 5484 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:34:31.0988 5484 TDPIPE - ok
08:34:32.0034 5484 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:34:32.0034 5484 TDTCP - ok
08:34:32.0066 5484 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:34:32.0081 5484 tdx - ok
08:34:32.0081 5484 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:34:32.0097 5484 TermDD - ok
08:34:32.0175 5484 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
08:34:32.0206 5484 TermService - ok
08:34:32.0222 5484 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
08:34:32.0237 5484 Themes - ok
08:34:32.0300 5484 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
08:34:32.0300 5484 THREADORDER - ok
08:34:32.0362 5484 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
08:34:32.0393 5484 TrkWks - ok
08:34:32.0471 5484 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:34:32.0471 5484 TrustedInstaller - ok
08:34:32.0534 5484 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:34:32.0534 5484 tssecsrv - ok
08:34:32.0549 5484 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:34:32.0565 5484 TsUsbFlt - ok
08:34:32.0580 5484 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
08:34:32.0580 5484 TsUsbGD - ok
08:34:32.0612 5484 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:34:32.0627 5484 tunnel - ok
08:34:32.0627 5484 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
08:34:32.0643 5484 uagp35 - ok
08:34:32.0658 5484 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:34:32.0690 5484 udfs - ok
08:34:32.0752 5484 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:34:32.0768 5484 UI0Detect - ok
08:34:32.0768 5484 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:34:32.0783 5484 uliagpkx - ok
08:34:32.0799 5484 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:34:32.0799 5484 umbus - ok
08:34:32.0830 5484 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
08:34:32.0830 5484 UmPass - ok
08:34:33.0048 5484 [ FDF92EC84FECEE834FB10A2A0A19BCDA ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
08:34:33.0158 5484 UNS - ok
08:34:33.0220 5484 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
08:34:33.0236 5484 upnphost - ok
08:34:33.0298 5484 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\drivers\usbccgp.sys
08:34:33.0314 5484 usbccgp - ok
08:34:33.0329 5484 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:34:33.0345 5484 usbcir - ok
08:34:33.0360 5484 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
08:34:33.0376 5484 usbehci - ok
08:34:33.0423 5484 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\drivers\usbhub.sys
08:34:33.0454 5484 usbhub - ok
08:34:33.0454 5484 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
08:34:33.0470 5484 usbohci - ok
08:34:33.0470 5484 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
08:34:33.0485 5484 usbprint - ok
08:34:33.0485 5484 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
08:34:33.0501 5484 USBSTOR - ok
08:34:33.0532 5484 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
08:34:33.0548 5484 usbuhci - ok
08:34:33.0579 5484 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
08:34:33.0579 5484 usbvideo - ok
08:34:33.0626 5484 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
08:34:33.0641 5484 UxSms - ok
08:34:33.0672 5484 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
08:34:33.0688 5484 VaultSvc - ok
08:34:33.0735 5484 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:34:33.0735 5484 vdrvroot - ok
08:34:33.0797 5484 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
08:34:33.0828 5484 vds - ok
08:34:33.0844 5484 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:34:33.0844 5484 vga - ok
08:34:33.0860 5484 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
08:34:33.0875 5484 VgaSave - ok
08:34:33.0906 5484 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:34:33.0906 5484 vhdmp - ok
08:34:33.0938 5484 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
08:34:33.0953 5484 viaide - ok
08:34:33.0953 5484 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:34:33.0969 5484 volmgr - ok
08:34:33.0984 5484 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:34:34.0000 5484 volmgrx - ok
08:34:34.0016 5484 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:34:34.0031 5484 volsnap - ok
08:34:34.0062 5484 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
08:34:34.0062 5484 vsmraid - ok
08:34:34.0156 5484 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
08:34:34.0218 5484 VSS - ok
08:34:34.0234 5484 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:34:34.0250 5484 vwifibus - ok
08:34:34.0265 5484 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:34:34.0265 5484 vwififlt - ok
08:34:34.0281 5484 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:34:34.0281 5484 vwifimp - ok
08:34:34.0296 5484 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
08:34:34.0312 5484 W32Time - ok
08:34:34.0328 5484 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
08:34:34.0328 5484 WacomPen - ok
08:34:34.0343 5484 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:34:34.0359 5484 WANARP - ok
08:34:34.0359 5484 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:34:34.0359 5484 Wanarpv6 - ok
08:34:34.0406 5484 [ 261A725F8ACEDDA695C7FFF6D6EDE6B5 ] watchmi C:\Program Files (x86)\watchmi\TvdService.exe
08:34:34.0406 5484 watchmi - ok
08:34:34.0484 5484 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
08:34:34.0530 5484 wbengine - ok
08:34:34.0530 5484 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:34:34.0546 5484 WbioSrvc - ok
08:34:34.0562 5484 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:34:34.0562 5484 wcncsvc - ok
08:34:34.0577 5484 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:34:34.0577 5484 WcsPlugInService - ok
08:34:34.0624 5484 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
08:34:34.0624 5484 Wd - ok
08:34:34.0640 5484 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:34:34.0671 5484 Wdf01000 - ok
08:34:34.0686 5484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:34:34.0702 5484 WdiServiceHost - ok
08:34:34.0718 5484 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:34:34.0733 5484 WdiSystemHost - ok
08:34:34.0764 5484 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
08:34:34.0780 5484 WebClient - ok
08:34:34.0811 5484 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:34:34.0827 5484 Wecsvc - ok
08:34:34.0858 5484 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:34:34.0858 5484 wercplsupport - ok
08:34:34.0889 5484 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
08:34:34.0905 5484 WerSvc - ok
08:34:34.0967 5484 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:34:34.0967 5484 WfpLwf - ok
08:34:34.0983 5484 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:34:34.0983 5484 WIMMount - ok
08:34:35.0030 5484 WinDefend - ok
08:34:35.0045 5484 WinHttpAutoProxySvc - ok
08:34:35.0264 5484 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:34:35.0295 5484 Winmgmt - ok
08:34:35.0404 5484 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
08:34:35.0451 5484 WinRM - ok
08:34:35.0498 5484 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
08:34:35.0529 5484 Wlansvc - ok
08:34:35.0607 5484 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
08:34:35.0607 5484 wlcrasvc - ok
08:34:35.0716 5484 [ 2BACD71123F42CEA603F4E205E1AE337 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
08:34:35.0778 5484 wlidsvc - ok
08:34:35.0825 5484 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:34:35.0825 5484 WmiAcpi - ok
08:34:35.0872 5484 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:34:35.0888 5484 wmiApSrv - ok
08:34:35.0934 5484 WMPNetworkSvc - ok
08:34:36.0012 5484 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:34:36.0012 5484 WPCSvc - ok
08:34:36.0028 5484 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:34:36.0044 5484 WPDBusEnum - ok
08:34:36.0090 5484 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:34:36.0106 5484 ws2ifsl - ok
08:34:36.0122 5484 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
08:34:36.0137 5484 wscsvc - ok
08:34:36.0137 5484 WSearch - ok
08:34:36.0168 5484 [ 82E8F5AA03DF7DBDB8A33F700D5D8CDA ] wsvd C:\Windows\system32\DRIVERS\wsvd.sys
08:34:36.0168 5484 wsvd - ok
08:34:36.0278 5484 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
08:34:36.0356 5484 wuauserv - ok
08:34:36.0356 5484 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:34:36.0371 5484 WudfPf - ok
08:34:36.0418 5484 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:34:36.0418 5484 WUDFRd - ok
08:34:36.0480 5484 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:34:36.0496 5484 wudfsvc - ok
08:34:36.0512 5484 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
08:34:36.0527 5484 WwanSvc - ok
08:34:36.0558 5484 ================ Scan global ===============================
08:34:36.0636 5484 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
08:34:36.0683 5484 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:34:36.0714 5484 [ EB6A48CC998E1090E44E8E7F1009A640 ] C:\Windows\system32\winsrv.dll
08:34:36.0777 5484 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
08:34:36.0839 5484 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
08:34:36.0839 5484 [Global] - ok
08:34:36.0855 5484 ================ Scan MBR ==================================
08:34:36.0886 5484 [ 4624822E540EC83CD0819525C65846BA ] \Device\Harddisk0\DR0
08:34:39.0413 5484 \Device\Harddisk0\DR0 - ok
08:34:39.0413 5484 ================ Scan VBR ==================================
08:34:39.0413 5484 [ B71E8AAE013F2E1E1429760B793B11E3 ] \Device\Harddisk0\DR0\Partition1
08:34:39.0413 5484 \Device\Harddisk0\DR0\Partition1 - ok
08:34:39.0476 5484 [ C018DB48E1E6E4CF7DC6FFB3DF5AEA14 ] \Device\Harddisk0\DR0\Partition2
08:34:39.0491 5484 \Device\Harddisk0\DR0\Partition2 - ok
08:34:39.0522 5484 [ 241C8FFC7ECA7A30C68F6FB0C1C18463 ] \Device\Harddisk0\DR0\Partition3
08:34:39.0522 5484 \Device\Harddisk0\DR0\Partition3 - ok
08:34:39.0522 5484 ============================================================
08:34:39.0522 5484 Scan finished
08:34:39.0522 5484 ============================================================
08:34:39.0538 5548 Detected object count: 0
08:34:39.0538 5548 Actual detected object count: 0
|
|
27.09.2012, 08:00
| #4 |
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Supi, schiessen wir noch nen Onlinescan nach und dann haben wir es ESET Online Scanner
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
27.09.2012, 20:53
| #5 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Hm, der Button zu den Files fehlte... Es wurde nichts gefunden. Und jetzt habe ich das Programm nicht deinstalliert beim Schließen...nicht, dass es nachher kostenpflichtig wird!?  Habe ich etwas falsch gemacht? Vielen Dank |
|
27.09.2012, 21:00
| #6 |
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Schau mal unter Systemsteuerung > Programme, da kannste es einfach deinstallieren .OTL öffnen > Button Bereinigung drücken. Hier noch ein paar Tipps zur Absicherung deines Systems. Ich kann garnicht zu oft erwähnen, wie wichtig es ist, dass dein System Up to Date ist.
Anti- Viren Software
Zusätzlicher Schutz
Sicheres Browsen
Alternative Browser Andere Browser tendieren zu etwas mehr Sicherheit als der IE, da diese keine Active X Elemente verwenden. Diese können von Spyware zur Infektion deines Systems missbraucht werden.
Performance Bereinige regelmäßig deine Temp Files. Ich empfehle hierzu TFC Halte dich fern von jedlichen Registry Cleanern. Diese Schaden deinem System mehr als sie helfen. Hier ein paar ( englishe ) Links Miekemoes Blogspot ( MVP ) Bill Castner ( MVP ) Don'ts
Hinweis: Bitte gib mir eine kurze Rückmeldung wenn alles erledigt ist und keine Fragen mehr vorhanden sind, so das ich diesen Thread aus meinen Abos löschen kann.
__________________ --> BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? |
|
28.09.2012, 11:13
| #7 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Sauber Schrauber  Habe alles soweit installiert... Hab vielen Dank!!! Aber wenn Du so nett fragst...ich hätte wirklich noch ein paar Fragen: (habe zwar schon hier und da Antworten gefunden, aber Deine meine Meinung interessiert mich zusätzlich) 1.) Malware zeigt eine Meldung, dass nur noch "soundsoviele" Tage zur Verfügung stehen. Es ist doch freeware, oder? 2.) Vertragen sich AVIRA und Malware? 3.) Eine externe Festplatte, die verseucht sein könnte, habe ich noch... Hast Du Tipps zum Anschließen und Scannen? |
|
28.09.2012, 12:07
| #8 |
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Du meinst Malwarebytes? Ja das Tool is Freeware, lediglich der Echtzeitschutz ist ein 30-Tage-Trial. Avira als Echtszeit-Av und Malwarebytes zum gelegentlichen Scannen machen keine Probleme. Shift-Taste drücken und gedrückt halten, dann die Platte anschliessen. Das verhindert den Autostart der Dateien auf der Platte. Diese dann mit Malwarebytes und/oder einem Onlinescan scannen .
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2012, 14:13
| #9 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? OK, danke. Aber der Unwissende nervt noch weiter... Also kann ich nach den 30 Tagen Malwarebytes einfach auf dem Rechner lassen? Muss ich die shift Taste bei der Externen drücken, obwohl ich die automatische Wiedergabe bereits deaktiviert habe? Und noch ein neues Fass  Java möchte jetzt als add-on in Mozilla die console 6.35 installieren. Ist das nicht diese Version, die die Lücken aufweist? Wie gehe ich mit java um? Dann sollte die Nerverei auch ein Ende haben... Nochmals vielen Dank für deine Zeit! |
|
28.09.2012, 14:27
| #10 | ||||
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus?Zitat:
Zitat:
Zitat:
Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2012, 14:44
| #11 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? ja, keine ahnung, ob ich java brauche. aber secunia psi hat direkt was von java geupdatet...muss also schon auf meinem aldi laptop drauf gewesen sein. dann öffnete ich firefox und wurde gefragt, ob ich das als add-on installieren möchte!? bin dann in den privaten modus gegangen möchte ich das als add-on? |
|
28.09.2012, 14:55
| #12 |
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? ja möchtest Du
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
28.09.2012, 15:13
| #13 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? alles klar. das fenster ist natürlich verschwunden, aber irgendwie werde ich das schon schaffen... also, nochmal zusammenfassend vielen dank für alles!!! wenn es zu problemen mit der externen kommen sollte, darf ich mich dann wieder an dich wenden? in diesem thread? |
|
28.09.2012, 17:00
| #14 | |
| /// the machine /// TB-Ausbilder | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus?Zitat:
__________________ gruß, schrauber Proud Member of UNITE and ASAP since 2009 Spenden Anleitungen und Hilfestellungen Trojaner-Board Facebook-Seite Keine Hilfestellung via PM! |
|
29.09.2012, 10:40
| #15 |
| | BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? Mit Fenster meinte ich das Tab in Firefox, wo mir das Add-On vorgeschlagen wurde... |
|
| Themen zu BDS/ZeroAccess.Gen - Reicht die Systemwiederehrstellung aus? |
| antivir, avira, avira searchfree toolbar, bds/zeroaccess.gen, bho, entfernen, error, firefox, flash player, frage, gfnexsrv.exe, google, helper, home, install.exe, kaspersky, logfile, neu aufsetzen, plug-in, problem, programm, realtek, registry, scan, security, software, stichwort, svchost.exe, system, system neu, trojaner, usb 3.0, windows |
Linear-Darstellung
