|
Plagegeister aller Art und deren Bekämpfung: Malewarebytes findet ganz viele PUPBlabbersWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
13.10.2012, 01:45 | #1 | |
| Malewarebytes findet ganz viele PUPBlabbers Hallo ihr, ich habe eben einen Scan mit Malewarebytes durchgeführt und bin ganz erschrocken, dass über 30 infizierte Objekte gefunden wurden. Es sind ausschließlich PUPBlabbers. Ich benutze als Anti-Virenprogramm Avast Security System und es sagt mir oft mehrmals am Tag, dass die Virendatenbank aktualisiert wurde - deswegen hätte ich jetzt nicht mit so vielen Infizierungen gerechnet. Ich hoffe es ist ok, wenn ich schonmal den Malewarebytes-Log hier poste. Bei Vista finde ich den manchmal nicht wieder. Zitat:
Danke schonmal im Voraus. LG Fabienne |
13.10.2012, 14:25 | #2 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Bitte nun routinemäßig einen Vollscan mit Malwarebytes machen und Log posten. =>ALLE lokalen Datenträger (außer CD/DVD) überprüfen lassen!
__________________Denk daran, dass Malwarebytes vor jedem Scan manuell aktualisiert werden muss! Die Funde mit Malwarebytes bitte alle entfernen, sodass sie in der Quarantäne von Malwarebytes aufgehoben werden! NICHTS voreilig aus der Quarantäne entfernen! Falls Logs aus älteren Scans mit Malwarebytes vorhanden sind, bitte auch davon alle posten! Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ |
13.10.2012, 15:52 | #3 |
| Malewarebytes findet ganz viele PUPBlabbers Danke für deine Antwort.
__________________Hier ist der Log vom Vollscan: Code:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.12.08 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Surfen :: FABIÈNNE-PC [limited] 13.10.2012 15:29:19 mbam-log-2012-10-13 (15-29-19).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 300533 Time elapsed: 1 hour(s), 4 minute(s), 20 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 4 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{963B125B-8B21-49A2-A3A8-E37092276531} (PUP.Blabbers) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> No action taken. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{00CBB66B-1D3B-46D3-9577-323A336ACB50} (PUP.Blabbers) -> Quarantined and deleted successfully. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 1 C:\Users\Fabiènne\AppData\LocalLow\bbrs_002.tb\content\BCHelper.exe (PUP.Blabbers) -> No action taken. Hier kommen noch die älteren Logs: Code:
ATTFilter Malwarebytes Anti-Malware 1.62.0.1300 www.malwarebytes.org Database version: v2012.07.24.12 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Surfen :: FABIÈNNE-PC [limited] 25.07.2012 02:03:09 mbam-log-2012-07-25 (02-03-09).txt Scan type: Full scan (C:\|D:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 287212 Time elapsed: 1 hour(s), 8 minute(s), 23 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) LG Fabienne |
13.10.2012, 17:50 | #4 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Nein die reichen mir ESET Online Scanner
Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log
__________________ Logfiles bitte immer in CODE-Tags posten |
13.10.2012, 22:07 | #5 |
| Malewarebytes findet ganz viele PUPBlabbers ok, habe alles geschafft... der log sieht so aus: Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9e8b27a129deed46b1ad5f7a705aec97 # end=stopped # remove_checked=true # archives_checked=false # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-13 06:40:47 # local_time=2012-10-13 08:40:47 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 111510 187686326 0 0 # compatibility_mode=8192 67108863 100 0 221 221 0 0 # scanned=597 # found=0 # cleaned=0 # scan_time=48 ESETSmartInstaller@High as downloader log: all ok esets_scanner_update returned -1 esets_gle=53251 # version=7 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6583 # api_version=3.0.2 # EOSSerial=9e8b27a129deed46b1ad5f7a705aec97 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=true # unsafe_checked=false # antistealth_checked=true # utc_time=2012-10-13 08:54:17 # local_time=2012-10-13 10:54:17 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.0.6002 NT Service Pack 2 # compatibility_mode=5892 16776573 100 100 111612 187686428 0 0 # compatibility_mode=8192 67108863 100 0 323 323 0 0 # scanned=160443 # found=4 # cleaned=0 # scan_time=7956 C:\Users\Fabiènne\AppData\Local\Temp\softonic_ggl_1.6.7.4.exe Win32/Toolbar.Funmoods application (unable to clean) 00000000000000000000000000000000 I C:\Users\Fabiènne\AppData\Roaming\BrowserCompanion\tbhcn.exe Win32/BrowserCompanion application (unable to clean) 00000000000000000000000000000000 I C:\Users\Surfen\Downloads\SoftonicDownloader_fuer_10-tage-bis-die-welt-versinkt.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I C:\Users\Surfen\Downloads\SoftonicDownloader_fuer_age-of-oracles-taras-journey.exe a variant of Win32/SoftonicDownloader.E application (unable to clean) 00000000000000000000000000000000 I |
14.10.2012, 16:02 | #6 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbersCode:
ATTFilter C:\Users\Surfen\Downloads\SoftonicDownloader_fuer_10-tage-bis-die-welt Finger weg von Softonic!! Softonic ist eine Toolbar- und Adwareschleuder! Finger weg! Software lädt man sich mit oberster Priorität direkt vom Hersteller und nicht von solchen Toolbarklitschen wie Softonic! Im Notfall würde natürlich chip.de gehen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ --> Malewarebytes findet ganz viele PUPBlabbers |
14.10.2012, 17:30 | #7 | |
| Malewarebytes findet ganz viele PUPBlabbers Danke dir! Zitat:
alles klar! gut zu wissen...ich spiele gerne wimmelbildspiele - hab mir die jetzt auf cd gekauft. das sagt adwCleaner: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 14/10/2012 um 18:15:32 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Fabiènne - FABIÈNNE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Surfen\Downloads\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gefunden : \user.js Datei Gefunden : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\searchplugins\Plusnetwork.xml Datei Gefunden : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\searchplugins\softonic.xml Ordner Gefunden : C:\ProgramData\Trymedia Ordner Gefunden : C:\Users\Fabiènne\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\Fabiènne\AppData\LocalLow\Softonic Ordner Gefunden : C:\Users\Fabiènne\AppData\Roaming\BrowserCompanion Ordner Gefunden : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\bbrs_002@blabbers.com Ordner Gefunden : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\ffxtlbra@softonic.com Ordner Gefunden : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\staged Ordner Gefunden : C:\Users\Surfen\AppData\LocalLow\bbrs_002.tb Ordner Gefunden : C:\Users\Surfen\AppData\LocalLow\boost_interprocess ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gefunden : HKLM\Software\BrowserCompanion Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gefunden : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Schlüssel Gefunden : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Schlüssel Gefunden : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gefunden : HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc= -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\prefs.js Gefunden : user_pref("browser.search.selectedEngine", "Search the web (Softonic)"); Gefunden : user_pref("extensions.Softonic.admin", false); Gefunden : user_pref("extensions.Softonic.aflt", "SD"); Gefunden : user_pref("extensions.Softonic.autoRvrt", "false"); Gefunden : user_pref("extensions.Softonic.cntry", "DE"); Gefunden : user_pref("extensions.Softonic.cv", "cv5"); Gefunden : user_pref("extensions.Softonic.dfltLng", "de"); Gefunden : user_pref("extensions.Softonic.dfltSrch", true); Gefunden : user_pref("extensions.Softonic.dfltlng", "de"); Gefunden : user_pref("extensions.Softonic.dfltsrch", true); Gefunden : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Gefunden : user_pref("extensions.Softonic.dspOld", ""); Gefunden : user_pref("extensions.Softonic.envrmnt", "production"); Gefunden : user_pref("extensions.Softonic.excTlbr", false); Gefunden : user_pref("extensions.Softonic.hdrMd5", "3C0F1FCFF3186AFEFBE33E2BB484A809"); Gefunden : user_pref("extensions.Softonic.hmpg", true); Gefunden : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...] Gefunden : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...] Gefunden : user_pref("extensions.Softonic.hpOld", ""); Gefunden : user_pref("extensions.Softonic.hrdid", "f469a3e50000000000000024d2134395"); Gefunden : user_pref("extensions.Softonic.id", "f469a3e50000000000000024d2134395"); Gefunden : user_pref("extensions.Softonic.instlDay", "15560"); Gefunden : user_pref("extensions.Softonic.instlRef", "INF1205T01"); Gefunden : user_pref("extensions.Softonic.instlday", "15560"); Gefunden : user_pref("extensions.Softonic.instlref", "INF1205T01"); Gefunden : user_pref("extensions.Softonic.isdcmntcmplt", "false"); Gefunden : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Gefunden : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Gefunden : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.41:57:05"); Gefunden : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Gefunden : user_pref("extensions.Softonic.newTab", true); Gefunden : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.Softonic.newtab", true); Gefunden : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Gefunden : user_pref("extensions.Softonic.prdct", "Softonic"); Gefunden : user_pref("extensions.Softonic.propectorlck", 83108679); Gefunden : user_pref("extensions.Softonic.prtkhmpg", 1); Gefunden : user_pref("extensions.Softonic.prtnrId", "softonic"); Gefunden : user_pref("extensions.Softonic.prtnrid", "softonic"); Gefunden : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Gefunden : user_pref("extensions.Softonic.savedVrsnTs", "1"); Gefunden : user_pref("extensions.Softonic.sg", "az"); Gefunden : user_pref("extensions.Softonic.smplGrp", "none"); Gefunden : user_pref("extensions.Softonic.smplgrp", "none"); Gefunden : user_pref("extensions.Softonic.srch", ""); Gefunden : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Gefunden : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Gefunden : user_pref("extensions.Softonic.tlbrId", "base"); Gefunden : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Gefunden : user_pref("extensions.Softonic.tlbrid", "base"); Gefunden : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Gefunden : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Gefunden : user_pref("extensions.Softonic.vrsnTs", "1.6.7.41:57:05"); Gefunden : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Gefunden : user_pref("extensions.Softonic.vrsnts", "1.6.7.41:57:05"); Gefunden : user_pref("extensions.Softonic_i.dnsErr", true); Gefunden : user_pref("extensions.Softonic_i.hmpg", true); Gefunden : user_pref("extensions.Softonic_i.newTab", true); Gefunden : user_pref("extensions.Softonic_i.smplGrp", "none"); Gefunden : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.41:57:05"); Gefunden : user_pref("extensions.enabledAddons", "bbrs_002@blabbers.com:1.0.5,ffxtlbra@softonic.com:1.6.0,{73a6[...] Gefunden : user_pref("keyword.URL", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q="); Profilname : default Datei : C:\Users\Surfen\AppData\Roaming\Mozilla\Firefox\Profiles\k4hfcwgp.default\prefs.js Gefunden : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{73a6fe31-595d-460b-a920-fcc[...] -\\ Opera v12.2.1578.0 Datei : C:\Users\Fabiènne\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. Datei : C:\Users\Surfen\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [9346 octets] - [14/10/2012 18:15:32] ########## EOF - \AdwCleaner[R1].txt - [9406 octets] ########## Du liebe Zeit....alles voll von dem zeug |
14.10.2012, 19:58 | #8 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
__________________ Logfiles bitte immer in CODE-Tags posten |
14.10.2012, 21:44 | #9 |
| Malewarebytes findet ganz viele PUPBlabbers hier is der log: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 14/10/2012 um 22:33:53 erstellt # Aktualisiert am 14/10/2012 von Xplode # Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits) # Benutzer : Fabiènne - FABIÈNNE-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Surfen\Downloads\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : \user.js Datei Gelöscht : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\searchplugins\Plusnetwork.xml Datei Gelöscht : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\searchplugins\softonic.xml Ordner Gelöscht : C:\ProgramData\Trymedia Ordner Gelöscht : C:\Users\Fabiènne\AppData\LocalLow\bbrs_002.tb Ordner Gelöscht : C:\Users\Fabiènne\AppData\LocalLow\Softonic Ordner Gelöscht : C:\Users\Fabiènne\AppData\Roaming\BrowserCompanion Ordner Gelöscht : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\bbrs_002@blabbers.com Ordner Gelöscht : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\ffxtlbra@softonic.com Ordner Gelöscht : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\extensions\staged Ordner Gelöscht : C:\Users\Surfen\AppData\LocalLow\bbrs_002.tb Ordner Gelöscht : C:\Users\Surfen\AppData\LocalLow\boost_interprocess ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{4327FABE-3C22-4689-8DBF-D226CF777FE9} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{5018CFD2-804D-4C99-9F81-25EAEA2769DE} Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{E87806B5-E908-45FD-AF5E-957D83E58E68} Schlüssel Gelöscht : HKLM\Software\BrowserCompanion Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{20EDC024-43C5-423E-B7F5-FD93523E0D9F} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{373ED12D-B306-43AC-9485-A7C5133DC34C} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{7ABBFE1C-E485-44AA-8F36-353751B4124D} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{ED6535E7-F778-48A5-A060-549D30024511} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\tdataprotocol.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\updatebho.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\wit4ie.DLL Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00CBB66B-1D3B-46D3-9577-323A336ACB50} Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\base64 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\chrome Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\PROTOCOLS\Handler\prox Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\tdataprotocol.CTData.1 Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\wit4ie.WitBHO.2 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16421 Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://www.searchplusnetwork.com/?sp=vit4 --> hxxp://www.google.com Ersetzt : [HKLM\SOFTWARE\Microsoft\Internet Explorer\AboutURls - Tabs] = hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=15&cc= --> hxxp://www.google.com -\\ Mozilla Firefox v15.0.1 (de) Profilname : default Datei : C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\prefs.js C:\Users\Fabiènne\AppData\Roaming\Mozilla\Firefox\Profiles\7sozphux.default\user.js ... Gelöscht ! Gelöscht : user_pref("browser.search.selectedEngine", "Search the web (Softonic)"); Gelöscht : user_pref("extensions.Softonic.admin", false); Gelöscht : user_pref("extensions.Softonic.aflt", "SD"); Gelöscht : user_pref("extensions.Softonic.autoRvrt", "false"); Gelöscht : user_pref("extensions.Softonic.cntry", "DE"); Gelöscht : user_pref("extensions.Softonic.cv", "cv5"); Gelöscht : user_pref("extensions.Softonic.dfltLng", "de"); Gelöscht : user_pref("extensions.Softonic.dfltSrch", true); Gelöscht : user_pref("extensions.Softonic.dfltlng", "de"); Gelöscht : user_pref("extensions.Softonic.dfltsrch", true); Gelöscht : user_pref("extensions.Softonic.dspNew", "Search the web (Softonic)"); Gelöscht : user_pref("extensions.Softonic.dspOld", ""); Gelöscht : user_pref("extensions.Softonic.envrmnt", "production"); Gelöscht : user_pref("extensions.Softonic.excTlbr", false); Gelöscht : user_pref("extensions.Softonic.hdrMd5", "3C0F1FCFF3186AFEFBE33E2BB484A809"); Gelöscht : user_pref("extensions.Softonic.hmpg", true); Gelöscht : user_pref("extensions.Softonic.hmpgUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=1[...] Gelöscht : user_pref("extensions.Softonic.hpNew", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=13&[...] Gelöscht : user_pref("extensions.Softonic.hpOld", ""); Gelöscht : user_pref("extensions.Softonic.hrdid", "f469a3e50000000000000024d2134395"); Gelöscht : user_pref("extensions.Softonic.id", "f469a3e50000000000000024d2134395"); Gelöscht : user_pref("extensions.Softonic.instlDay", "15560"); Gelöscht : user_pref("extensions.Softonic.instlRef", "INF1205T01"); Gelöscht : user_pref("extensions.Softonic.instlday", "15560"); Gelöscht : user_pref("extensions.Softonic.instlref", "INF1205T01"); Gelöscht : user_pref("extensions.Softonic.isdcmntcmplt", "false"); Gelöscht : user_pref("extensions.Softonic.keyWordUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Gelöscht : user_pref("extensions.Softonic.keywordurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSourc[...] Gelöscht : user_pref("extensions.Softonic.lastVrsnTs", "1.6.7.41:57:05"); Gelöscht : user_pref("extensions.Softonic.mntrvrsn", "1.3.0"); Gelöscht : user_pref("extensions.Softonic.newTab", true); Gelöscht : user_pref("extensions.Softonic.newTabUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Gelöscht : user_pref("extensions.Softonic.newtab", true); Gelöscht : user_pref("extensions.Softonic.newtaburl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource[...] Gelöscht : user_pref("extensions.Softonic.prdct", "Softonic"); Gelöscht : user_pref("extensions.Softonic.propectorlck", 83108679); Gelöscht : user_pref("extensions.Softonic.prtkhmpg", 1); Gelöscht : user_pref("extensions.Softonic.prtnrId", "softonic"); Gelöscht : user_pref("extensions.Softonic.prtnrid", "softonic"); Gelöscht : user_pref("extensions.Softonic.rvrtMsg", "Click Yes to keep current home page and default search set[...] Gelöscht : user_pref("extensions.Softonic.savedVrsnTs", "1"); Gelöscht : user_pref("extensions.Softonic.sg", "az"); Gelöscht : user_pref("extensions.Softonic.smplGrp", "none"); Gelöscht : user_pref("extensions.Softonic.smplgrp", "none"); Gelöscht : user_pref("extensions.Softonic.srch", ""); Gelöscht : user_pref("extensions.Softonic.srchPrvdr", "Search the web (Softonic)"); Gelöscht : user_pref("extensions.Softonic.srchprvdr", "Search the web (Softonic)"); Gelöscht : user_pref("extensions.Softonic.tlbrId", "base"); Gelöscht : user_pref("extensions.Softonic.tlbrSrchUrl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Gelöscht : user_pref("extensions.Softonic.tlbrid", "base"); Gelöscht : user_pref("extensions.Softonic.tlbrsrchurl", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSour[...] Gelöscht : user_pref("extensions.Softonic.vrsn", "1.6.7.4"); Gelöscht : user_pref("extensions.Softonic.vrsnTs", "1.6.7.41:57:05"); Gelöscht : user_pref("extensions.Softonic.vrsni", "1.6.7.4"); Gelöscht : user_pref("extensions.Softonic.vrsnts", "1.6.7.41:57:05"); Gelöscht : user_pref("extensions.Softonic_i.dnsErr", true); Gelöscht : user_pref("extensions.Softonic_i.hmpg", true); Gelöscht : user_pref("extensions.Softonic_i.newTab", true); Gelöscht : user_pref("extensions.Softonic_i.smplGrp", "none"); Gelöscht : user_pref("extensions.Softonic_i.vrsnTs", "1.6.7.41:57:05"); Gelöscht : user_pref("extensions.enabledAddons", "bbrs_002@blabbers.com:1.0.5,ffxtlbra@softonic.com:1.6.0,{73a6[...] Gelöscht : user_pref("keyword.URL", "hxxp://search.softonic.com/INF1205T01/tb_v1?SearchSource=2&cc=&q="); Profilname : default Datei : C:\Users\Surfen\AppData\Roaming\Mozilla\Firefox\Profiles\k4hfcwgp.default\prefs.js Gelöscht : user_pref("extensions.enabledAddons", "DivXWebPlayer@divx.com:2.0.2.039,{73a6fe31-595d-460b-a920-fcc[...] -\\ Opera v12.2.1578.0 Datei : C:\Users\Fabiènne\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. Datei : C:\Users\Surfen\AppData\Roaming\Opera\Opera\operaprefs.ini [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [9198 octets] - [14/10/2012 22:33:53] AdwCleaner[R2].txt - [9533 octets] - [14/10/2012 18:16:16] AdwCleaner[R1].txt - [9473 octets] - [14/10/2012 18:15:32] ########## EOF - \AdwCleaner[S1].txt - [9378 octets] ########## |
15.10.2012, 13:18 | #10 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Hätte da mal zwei Fragen bevor es weiter geht (wir sind noch nicht fertig!) 1.) Geht der normale Modus von Windows (wieder) uneingeschränkt? 2.) Vermisst du irgendwas im Startmenü? Sind da leere Ordner unter alle Programme oder ist alles vorhanden?
__________________ Logfiles bitte immer in CODE-Tags posten |
15.10.2012, 19:28 | #11 |
| Malewarebytes findet ganz viele PUPBlabbers Hallo, Windows ging die ganze Zeit über und macht auch weiterhin keine Probleme. Ich bin überhaupt nur auf die Idee gekommen, dass was nicht stimmt, weil der Lappi sehr oft beim Hochfahren hängenblieb und ich beim Wechseln der Tabs immerzu das Fenster noch gesehen habe,was ich vorher mal offen hatte. Im Startmenu sind alle Orner vorhanden und ich habe auch keinen leeren gefunden. LG Fabienne |
15.10.2012, 20:58 | #12 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Mach bitte einen CustomScan mit OTL . Bitte alles nach Möglichkeit hier in CODE-Tags posten. Wird so gemacht: [code] hier steht das Log [/code] Und das ganze sieht dann so aus: Code:
ATTFilter hier steht das Log Lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop. Falls schon vorhanden, bitte die ältere vorhandene Datei durch die neu heruntergeladene Datei ersetzen, damit du auch wirklich mit einer aktuellen Version von OTL arbeitest.
Code:
ATTFilter netsvcs msconfig safebootminimal safebootnetwork activex drivers32 %ALLUSERSPROFILE%\Application Data\*. %ALLUSERSPROFILE%\Application Data\*.exe /s %APPDATA%\*. %APPDATA%\*.exe /s %SYSTEMDRIVE%\*.exe /md5start wininit.exe userinit.exe eventlog.dll scecli.dll netlogon.dll cngaudit.dll ws2ifsl.sys sceclt.dll ntelogon.dll winlogon.exe logevent.dll user32.DLL iaStor.sys nvstor.sys atapi.sys IdeChnDr.sys viasraid.sys AGP440.sys vaxscsi.sys nvatabus.sys viamraid.sys nvata.sys nvgts.sys iastorv.sys ViPrt.sys eNetHook.dll ahcix86.sys KR10N.sys nvstor32.sys ahcix86s.sys /md5stop %systemroot%\system32\drivers\*.sys /lockedfiles %systemroot%\System32\config\*.sav %systemroot%\*. /mp /s %systemroot%\system32\*.dll /lockedfiles CREATERESTOREPOINT
__________________ Logfiles bitte immer in CODE-Tags posten |
15.10.2012, 21:47 | #13 |
| Malewarebytes findet ganz viele PUPBlabbers sooo, auch das wäre geschafft. hier is der log: OTL Logfile: Code:
ATTFilter OTL logfile created on: 15.10.2012 22:14:19 - Run 3 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Surfen\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,96 Gb Total Physical Memory | 1,21 Gb Available Physical Memory | 61,77% Memory free 4,15 Gb Paging File | 3,24 Gb Available in Paging File | 78,00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 109,88 Gb Total Space | 32,64 Gb Free Space | 29,71% Space Free | Partition Type: NTFS Drive D: | 110,00 Gb Total Space | 84,69 Gb Free Space | 76,99% Space Free | Partition Type: NTFS Computer Name: FABIÈNNE-PC | User Name: Fabiènne | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.15 22:12:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Surfen\Downloads\OTL.exe PRC - [2012.08.21 11:12:26 | 004,282,728 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe PRC - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) -- C:\Users\Fabiènne\Desktop\PSI\PSIA.exe PRC - [2011.04.19 08:44:40 | 000,291,896 | ---- | M] (Secunia) -- C:\Users\Fabiènne\Desktop\PSI\psi_tray.exe PRC - [2009.04.11 08:28:03 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe PRC - [2009.04.11 08:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2008.10.08 02:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe PRC - [2008.10.06 11:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2008.08.26 02:59:54 | 000,045,056 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\Samsung Magic Doctor\MagicDoctorKbdHk.exe PRC - [2008.08.07 04:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe PRC - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Intel\WiFi\bin\EvtEng.exe PRC - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe PRC - [2008.04.17 04:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe PRC - [2008.02.12 06:19:52 | 000,723,496 | ---- | M] (Broadcom Corporation.) -- C:\Programme\WIDCOMM\Bluetooth Software\BTTray.exe PRC - [2008.01.21 04:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe PRC - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe ========== Modules (No Company Name) ========== MOD - [2011.07.29 01:09:42 | 000,096,112 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 01:08:12 | 001,259,376 | ---- | M] () -- C:\Programme\DivX\DivX Update\DivXUpdate.exe MOD - [2009.08.23 19:58:06 | 000,094,208 | ---- | M] () -- C:\Programme\FileZilla FTP Client\fzshellext.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Samsung Magic Doctor\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll MOD - [2006.08.12 05:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV - [2012.10.09 14:34:45 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.09.08 15:02:11 | 000,114,144 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.08.21 11:12:25 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV - [2012.08.21 11:12:23 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Programme\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV - [2012.07.27 22:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2011.05.13 16:27:02 | 001,492,840 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2011.04.19 08:44:40 | 000,993,848 | ---- | M] (Secunia) [Auto | Running] -- C:\Users\Fabiènne\Desktop\PSI\PSIA.exe -- (Secunia PSI Agent) SRV - [2011.03.28 21:31:14 | 001,713,536 | ---- | M] (Microsoft Corp.) [Auto | Stopped] -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE -- (wlidsvc) SRV - [2010.12.10 19:30:50 | 000,086,880 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.09.22 17:33:04 | 000,051,040 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV - [2008.07.10 13:42:14 | 000,819,200 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2008.07.10 13:12:40 | 000,466,944 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2008.05.13 01:47:20 | 000,077,480 | ---- | M] () [Auto | Stopped] -- C:\Programme\Samsung\Samsung Update Plus\SLUBackgroundService.exe -- (Samsung Update Plus) SRV - [2008.01.21 04:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc) SRV - [2008.01.21 04:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend) SRV - [2001.02.23 11:07:30 | 000,270,336 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe -- (MDM) ========== Driver Services (SafeList) ========== DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC326.sys -- (VMC326) DRV - File not found [Kernel | On_Demand | Stopped] -- System32\Drivers\VMC302.sys -- (VMC302) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt) DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp) DRV - [2012.08.21 11:13:15 | 000,729,752 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\System32\drivers\aswSnx.sys -- (aswSnx) DRV - [2012.08.21 11:13:15 | 000,355,632 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswSP.sys -- (aswSP) DRV - [2012.08.21 11:13:15 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswTdi.sys -- (aswTdi) DRV - [2012.08.21 11:13:14 | 000,202,928 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis2.sys -- (aswNdis2) DRV - [2012.08.21 11:13:14 | 000,058,680 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswMonFlt.sys -- (aswMonFlt) DRV - [2012.08.21 11:13:14 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswRdr.sys -- (AswRdr) DRV - [2012.08.21 11:13:14 | 000,018,544 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswKbd.sys -- (aswKbd) DRV - [2012.08.21 11:13:13 | 000,113,776 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\System32\drivers\aswFW.sys -- (aswFW) DRV - [2012.08.21 11:13:13 | 000,021,256 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\System32\drivers\aswFsBlk.sys -- (aswFsBlk) DRV - [2012.03.07 00:44:51 | 000,012,112 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\aswNdis.sys -- (aswNdis) DRV - [2010.09.01 10:30:58 | 000,015,544 | ---- | M] (Secunia) [File_System | On_Demand | Stopped] -- C:\Windows\System32\drivers\psi_mf.sys -- (PSI) DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr) DRV - [2008.01.21 04:23:20 | 002,225,664 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\NETw3v32.sys -- (NETw3v32) DRV - [2007.05.23 10:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO) DRV - [2006.11.02 09:41:50 | 000,983,552 | ---- | M] (Agere Systems) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2006.11.02 09:30:53 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\bcm4sbxp.sys -- (bcm4sbxp) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\..\SearchScopes\{394C5622-9D9B-4C92-BB8E-B71EDC23138A}: "URL" = hxxp://search.softonic.com/INF1205T01/tb_v1?q={searchTerms}&SearchSource=4&cc=&r=69 IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http:\\www.samsungcomputer.com IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1004\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-1867499432-3885610887-3941038006-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://google.de/" FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2011.12.16 11:54:28 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.08.23 22:05:13 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.09.08 15:02:12 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 15.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.08.15 13:54:28 | 000,000,000 | ---D | M] [2011.07.09 03:31:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\Extensions [2012.10.14 22:33:57 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\Firefox\Profiles\7sozphux.default\extensions [2012.05.27 03:41:55 | 000,000,000 | ---D | M] (WOT) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\Firefox\Profiles\7sozphux.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2012.10.13 20:30:18 | 000,518,756 | ---- | M] () (No name found) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\firefox\profiles\7sozphux.default\extensions\toolbar@web.de.xpi [2012.08.09 23:50:48 | 000,526,190 | ---- | M] () (No name found) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\firefox\profiles\7sozphux.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2012.08.09 23:50:48 | 000,741,958 | ---- | M] () (No name found) -- C:\Users\Fabiènne\AppData\Roaming\mozilla\firefox\profiles\7sozphux.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.08.07 01:52:53 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\FABIèNNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7SOZPHUX.DEFAULT\EXTENSIONS\{73A6FE31-595D-460B-A920-FCC0F8843232}.XPI File not found (No name found) -- C:\USERS\FABIèNNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7SOZPHUX.DEFAULT\EXTENSIONS\{A0D7CCB3-214D-498B-B4AA-0E8FDA9A7BF7} File not found (No name found) -- C:\USERS\FABIèNNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7SOZPHUX.DEFAULT\EXTENSIONS\BBRS_002@BLABBERS.COM File not found (No name found) -- C:\USERS\FABIèNNE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\7SOZPHUX.DEFAULT\EXTENSIONS\FFXTLBRA@SOFTONIC.COM [2012.09.08 15:02:12 | 000,266,720 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2011.11.10 06:54:13 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll [2012.07.14 02:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.08 15:02:09 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.14 02:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 02:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 02:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 02:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Programme\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - No CLSID value found. O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corp.) O2 - BHO: (Windows Live Messenger Companion Helper) - {9FDDE16B-836F-4806-AB1F-1455CBEFF289} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll File not found O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003..\Run: [Exetender_148] "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 File not found O4 - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003..\Run: [Spiele Post] C:\Program Files\OXXOGames\GPlayer\GameCenterNotifier.exe File not found O4 - HKU\S-1-5-21-1867499432-3885610887-3941038006-1004..\Run: [Exetender_148] "C:\Program Files\FreeRide Games\GPlayer.exe" /schedule 300000 File not found O4 - HKLM..\RunOnce: [aswAhAScr.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [aswasOutExt.dll] C:\Program Files\AVAST Software\Avast\aswRegSvr.exe (AVAST Software) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003..\RunOnce: [DependencyCheck] Performed File not found O4 - HKU\S-1-5-21-1867499432-3885610887-3941038006-1003..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - Startup: C:\Users\Fabiènne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\tbhcn.lnk = File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\Office10\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: @C:\Program Files\Windows Live\Companion\companionlang.dll,-600 - {0000036B-C524-4050-81A0-243669A86B9F} - C:\Programme\Windows Live\Companion\companioncore.dll (Microsoft Corporation) O9 - Extra Button: @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1004 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @C:\Program Files\Windows Live\Writer\WindowsLiveWriterShortcuts.dll,-1003 - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O16 - DPF: {4FF78044-96B4-4312-A5B7-FDA3CB328095} (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{325B4744-7293-499E-87B7-6D35321CA512}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - C:\Programme\Common Files\microsoft shared\Web Folders\PKMCDO.DLL (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Fabiènne\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Fabiènne\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 0 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{879af369-a9c1-11e0-8640-001377e0973a}\Shell - "" = AutoRun O33 - MountPoints2\{879af369-a9c1-11e0-8640-001377e0973a}\Shell\AutoRun\command - "" = H:\LaunchU3.exe -a O33 - MountPoints2\{c7146092-fbfa-11dd-9f2a-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{c7146092-fbfa-11dd-9f2a-806e6f6e6963}\Shell\AutoRun\command - "" = E:\setup.exe /AUTORUN O33 - MountPoints2\{c7146092-fbfa-11dd-9f2a-806e6f6e6963}\Shell\configure\command - "" = E:\setup.exe O33 - MountPoints2\{c7146092-fbfa-11dd-9f2a-806e6f6e6963}\Shell\install\command - "" = E:\setup.exe O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation) NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Microsoft Office.lnk - C:\Programme\Microsoft Office\Office10\OSA.EXE - (Microsoft Corporation) MsConfig - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - State: "startup" - 2 SafeBootMin: AppMgmt - Service SafeBootMin: Base - Driver Group SafeBootMin: Boot Bus Extender - Driver Group SafeBootMin: Boot file system - Driver Group SafeBootMin: File system - Driver Group SafeBootMin: Filter - Driver Group SafeBootMin: HelpSvc - Service SafeBootMin: NTDS - File not found SafeBootMin: PCI Configuration - Driver Group SafeBootMin: PNP Filter - Driver Group SafeBootMin: Primary disk - Driver Group SafeBootMin: sacsvr - Service SafeBootMin: SCSI Class - Driver Group SafeBootMin: System Bus Extender - Driver Group SafeBootMin: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootMin: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootMin: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootMin: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices SafeBootNet: AppMgmt - Service SafeBootNet: Base - Driver Group SafeBootNet: Boot Bus Extender - Driver Group SafeBootNet: Boot file system - Driver Group SafeBootNet: File system - Driver Group SafeBootNet: Filter - Driver Group SafeBootNet: HelpSvc - Service SafeBootNet: Messenger - Service SafeBootNet: NDIS Wrapper - Driver Group SafeBootNet: NetBIOSGroup - Driver Group SafeBootNet: NetDDEGroup - Driver Group SafeBootNet: Network - Driver Group SafeBootNet: NetworkProvider - Driver Group SafeBootNet: NTDS - File not found SafeBootNet: PCI Configuration - Driver Group SafeBootNet: PNP Filter - Driver Group SafeBootNet: PNP_TDI - Driver Group SafeBootNet: Primary disk - Driver Group SafeBootNet: rdsessmgr - Service SafeBootNet: sacsvr - Service SafeBootNet: SCSI Class - Driver Group SafeBootNet: Streams Drivers - Driver Group SafeBootNet: System Bus Extender - Driver Group SafeBootNet: TDI - Driver Group SafeBootNet: WinDefend - C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SafeBootNet: WudfPf - Driver SafeBootNet: WudfUsbccidDriver - Driver SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive SafeBootNet: {50DD5230-BA8A-11D1-BF5D-0000F805F530} - Smart card readers SafeBootNet: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy SafeBootNet: {6BDD1FC1-810F-11D0-BEC7-08002BE2092F} - IEEE 1394 Bus host controllers SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices SafeBootNet: {D48179BE-EC20-11D1-B6B8-00C04FA372A7} - SBP2 IEEE 1394 Devices SafeBootNet: {D94EE5D8-D189-4994-83D2-F68D7D41B0E6} - SecurityDevices ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 11.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\system32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\Windows\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\system32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP Drivers32: msacm.l3acm - C:\Windows\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS) Drivers32: msacm.sl_anet - C:\Windows\System32\SL_ANET.ACM (Sipro Lab Telecom Inc.) Drivers32: MSVideo8 - C:\Windows\System32\vfwwdm32.dll (Microsoft Corporation) Drivers32: vidc.cvid - C:\Windows\System32\iccvid.dll (Radius Inc.) Drivers32: vidc.DIVX - C:\Windows\System32\DivX.dll (DivX, Inc.) Drivers32: vidc.yv12 - C:\Windows\System32\DivX.dll (DivX, Inc.) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012.10.13 20:36:17 | 000,000,000 | ---D | C] -- C:\Program Files\ESET [2012.10.13 20:35:51 | 002,322,184 | ---- | C] (ESET) -- C:\Users\Fabiènne\Desktop\esetsmartinstaller_enu.exe [2012.10.13 01:48:05 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 01:48:03 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.13 01:48:02 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.10.07 02:59:28 | 000,000,000 | ---D | C] -- C:\Program Files\GIMP 2 ========== Files - Modified Within 30 Days ========== [2012.10.15 21:54:53 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.15 21:54:53 | 000,004,784 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.15 21:34:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.15 19:54:51 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.15 19:54:49 | 2106,179,584 | -HS- | M] () -- C:\hiberfil.sys [2012.10.13 20:35:53 | 002,322,184 | ---- | M] (ESET) -- C:\Users\Fabiènne\Desktop\esetsmartinstaller_enu.exe [2012.10.13 01:48:05 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.09.27 13:44:03 | 000,628,742 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.09.27 13:44:03 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.09.27 13:44:03 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.09.27 13:44:02 | 000,126,454 | ---- | M] () -- C:\Windows\System32\perfc007.dat ========== Files Created - No Company Name ========== [2012.10.13 01:48:05 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.07 03:02:28 | 000,000,880 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GIMP 2.lnk [2012.02.01 11:32:56 | 000,000,000 | ---- | C] () -- C:\Users\Fabiènne\defogger_reenable [2011.11.21 19:04:31 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2011.07.12 00:57:47 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.07.12 00:57:47 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2011.07.10 03:24:53 | 000,005,632 | ---- | C] () -- C:\Users\Fabiènne\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.02.11 19:10:52 | 000,439,308 | ---- | C] () -- C:\Windows\System32\igcompkrng500.bin [2011.02.11 19:10:50 | 000,982,240 | ---- | C] () -- C:\Windows\System32\igkrng500.bin [2011.02.11 19:10:50 | 000,092,356 | ---- | C] () -- C:\Windows\System32\igfcg500m.bin [2011.02.11 18:40:40 | 000,004,096 | ---- | C] ( ) -- C:\Windows\System32\IGFXDEVLib.dll [2011.02.11 18:38:44 | 000,000,151 | ---- | C] () -- C:\Windows\System32\GfxUI.exe.config ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 08:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 08:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.08.03 01:52:40 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Absolutist [2012.08.02 03:22:43 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Alawar Entertainment [2012.08.10 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\AlawarEntertainment [2011.07.14 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\BSW [2012.08.09 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\FlyWheelGames [2012.08.10 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Freeze Tag [2011.07.09 03:05:46 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Opera [2012.08.09 23:57:03 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Phantasmat_intenium_se [2012.08.02 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\SpinTop Games [2011.07.20 02:33:27 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\SumatraPDF [2012.08.02 20:45:40 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Alawar Entertainment [2012.08.04 17:34:06 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Ancient Quest of Saqqarah_alawar [2011.12.09 04:58:28 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\BSW [2012.08.03 14:20:38 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Cat's Eye Games [2012.08.03 14:15:45 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Exent Technologies [2012.05.09 01:23:11 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\FileZilla [2012.08.29 02:25:30 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Freeze Tag [2011.12.04 03:25:04 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Nik Software [2011.09.11 18:36:23 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Opera [2012.08.04 02:35:20 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Phantasmat_alawar_se [2012.08.10 01:44:03 | 000,000,000 | ---D | M] -- C:\Users\Surfen\AppData\Roaming\Phantasmat_intenium_se ========== Purity Check ========== ========== Custom Scans ========== < %ALLUSERSPROFILE%\Application Data\*. > < %ALLUSERSPROFILE%\Application Data\*.exe /s > < %APPDATA%\*. > [2012.08.03 01:52:40 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Absolutist [2011.07.09 23:17:21 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Adobe [2012.08.02 03:22:43 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Alawar Entertainment [2012.08.10 20:30:47 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\AlawarEntertainment [2011.07.14 01:42:41 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\BSW [2011.10.29 18:33:30 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\DivX [2012.08.09 23:08:24 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\FlyWheelGames [2012.08.10 21:48:00 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Freeze Tag [2009.03.29 19:52:06 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Identities [2011.07.10 01:44:39 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Macromedia [2012.02.13 14:35:14 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Malwarebytes [2006.11.02 14:37:34 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Media Center Programs [2012.08.23 21:53:31 | 000,000,000 | --SD | M] -- C:\Users\Fabiènne\AppData\Roaming\Microsoft [2011.07.09 03:31:40 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Mozilla [2011.07.09 03:05:46 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Opera [2012.08.09 23:57:03 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\Phantasmat_intenium_se [2012.08.02 21:33:31 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\SpinTop Games [2011.07.20 02:33:27 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\SumatraPDF [2012.08.02 02:05:09 | 000,000,000 | ---D | M] -- C:\Users\Fabiènne\AppData\Roaming\WinRAR < %APPDATA%\*.exe /s > < %SYSTEMDRIVE%\*.exe > < MD5 for: AGP440.SYS > [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\drivers\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_51b95d75\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_f750e484\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys [2008.01.21 04:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys [2006.11.02 11:49:52 | 000,053,864 | ---- | M] (Microsoft Corporation) MD5=EF23439CDD587F64C2C1B8825CEAD7D8 -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_920a2c1f\AGP440.sys < MD5 for: ATAPI.SYS > [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_b12d8e84\atapi.sys [2009.04.11 08:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\drivers\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_cc18792d\atapi.sys [2008.01.21 04:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys [2006.11.02 11:49:36 | 000,019,048 | ---- | M] (Microsoft Corporation) MD5=4F4FCB8B6EA06784FB6D475B7EC7300F -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_c6c2e699\atapi.sys < MD5 for: CNGAUDIT.DLL > [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\System32\cngaudit.dll [2006.11.02 11:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll < MD5 for: IASTOR.SYS > [2008.07.22 08:33:26 | 000,396,312 | ---- | M] (Intel Corporation) MD5=5C62352AFF7F1FB36B2C19329F7C949D -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver64\IaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Program Files\Intel\Intel Matrix Storage Manager\driver\IaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\drivers\iaStor.sys [2008.07.22 08:33:02 | 000,319,000 | ---- | M] (Intel Corporation) MD5=ABFEBC5F846C71AFEBD7F8F6BA740C03 -- C:\Windows\System32\DriverStore\FileRepository\iaahci.inf_783fb8da\iaStor.sys < MD5 for: IASTORV.SYS > [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\drivers\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_c9df7691\iaStorV.sys [2008.01.21 04:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys [2006.11.02 11:51:25 | 000,232,040 | ---- | M] (Intel Corporation) MD5=C957BF4B5D80B46C5017BF0101E6C906 -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_37cdafa4\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\System32\netlogon.dll [2009.04.11 08:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll [2008.01.21 04:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll < MD5 for: NVSTOR.SYS > [2006.11.02 11:50:13 | 000,040,040 | ---- | M] (NVIDIA Corporation) MD5=9E0BA19A28C498A6D323D065DB76DFFC -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_733654ff\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\drivers\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_31c3d71d\nvstor.sys [2008.01.21 04:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys < MD5 for: SCECLI.DLL > [2008.01.21 04:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\System32\scecli.dll [2009.04.11 08:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll < MD5 for: USER32.DLL > [2008.01.21 04:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\System32\user32.dll [2009.04.11 08:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll < MD5 for: USERINIT.EXE > [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\System32\userinit.exe [2008.01.21 04:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe < MD5 for: WININIT.EXE > [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\System32\wininit.exe [2008.01.21 04:23:42 | 000,096,768 | ---- | M] (Microsoft Corporation) MD5=101BA3EA053480BB5D957EF37C06B5ED -- C:\Windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.0.6001.18000_none_30f2b8cf0450a6a2\wininit.exe < MD5 for: WINLOGON.EXE > [2012.09.07 17:04:42 | 000,218,696 | ---- | M] () MD5=4E0D8C9F83B7FD82393F7D8CCC27E7AE -- C:\Program Files\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\System32\winlogon.exe [2009.04.11 08:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe [2008.01.21 04:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe < MD5 for: WS2IFSL.SYS > [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\System32\drivers\ws2ifsl.sys [2008.01.21 04:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > [2008.01.21 05:14:18 | 016,846,848 | ---- | M] () -- C:\Windows\System32\config\COMPONENTS.SAV [2008.01.21 05:14:08 | 000,106,496 | ---- | M] () -- C:\Windows\System32\config\DEFAULT.SAV [2008.01.21 05:14:18 | 000,020,480 | ---- | M] () -- C:\Windows\System32\config\SECURITY.SAV [2006.11.02 12:34:08 | 010,133,504 | ---- | M] () -- C:\Windows\System32\config\SOFTWARE.SAV [2006.11.02 12:34:08 | 001,826,816 | ---- | M] () -- C:\Windows\System32\config\SYSTEM.SAV < %systemroot%\*. /mp /s > < %systemroot%\system32\*.dll /lockedfiles > < End of report > |
16.10.2012, 16:09 | #14 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Malewarebytes findet ganz viele PUPBlabbers Ist ziemlich unauffällig Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten!
__________________ Logfiles bitte immer in CODE-Tags posten |
17.10.2012, 14:41 | #15 |
| Malewarebytes findet ganz viele PUPBlabbers hab ich erledigt... er hat 4 sachen bemängelt: Code:
ATTFilter 15:30:12.0507 5580 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47 15:30:12.0769 5580 ============================================================ 15:30:12.0769 5580 Current date / time: 2012/10/17 15:30:12.0769 15:30:12.0769 5580 SystemInfo: 15:30:12.0769 5580 15:30:12.0770 5580 OS Version: 6.0.6002 ServicePack: 2.0 15:30:12.0770 5580 Product type: Workstation 15:30:12.0770 5580 ComputerName: FABIÈNNE-PC 15:30:12.0770 5580 UserName: Fabiènne 15:30:12.0770 5580 Windows directory: C:\Windows 15:30:12.0770 5580 System windows directory: C:\Windows 15:30:12.0770 5580 Processor architecture: Intel x86 15:30:12.0770 5580 Number of processors: 2 15:30:12.0770 5580 Page size: 0x1000 15:30:12.0770 5580 Boot type: Normal boot 15:30:12.0770 5580 ============================================================ 15:30:13.0453 5580 Drive \Device\Harddisk0\DR0 - Size: 0x3A38B2E000 (232.89 Gb), SectorSize: 0x200, Cylinders: 0x76C1, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 15:30:13.0491 5580 ============================================================ 15:30:13.0491 5580 \Device\Harddisk0\DR0: 15:30:13.0491 5580 MBR partitions: 15:30:13.0491 5580 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0xDBC3800 15:30:13.0491 5580 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xF5C4000, BlocksNum 0xDC01000 15:30:13.0491 5580 ============================================================ 15:30:13.0530 5580 C: <-> \Device\Harddisk0\DR0\Partition1 15:30:13.0633 5580 D: <-> \Device\Harddisk0\DR0\Partition2 15:30:13.0633 5580 ============================================================ 15:30:13.0633 5580 Initialize success 15:30:13.0634 5580 ============================================================ 15:30:45.0569 4756 ============================================================ 15:30:45.0569 4756 Scan started 15:30:45.0569 4756 Mode: Manual; SigCheck; TDLFS; 15:30:45.0569 4756 ============================================================ 15:30:45.0959 4756 ================ Scan system memory ======================== 15:30:45.0959 4756 System memory - ok 15:30:45.0959 4756 ================ Scan services ============================= 15:30:46.0177 4756 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys 15:30:46.0364 4756 ACPI - ok 15:30:46.0458 4756 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 15:30:46.0473 4756 AdobeARMservice - ok 15:30:46.0536 4756 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 15:30:46.0551 4756 AdobeFlashPlayerUpdateSvc - ok 15:30:46.0598 4756 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 15:30:46.0629 4756 adp94xx - ok 15:30:46.0692 4756 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys 15:30:46.0723 4756 adpahci - ok 15:30:46.0754 4756 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys 15:30:46.0770 4756 adpu160m - ok 15:30:46.0801 4756 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 15:30:46.0817 4756 adpu320 - ok 15:30:46.0848 4756 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 15:30:47.0035 4756 AeLookupSvc - ok 15:30:47.0097 4756 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys 15:30:47.0175 4756 AFD - ok 15:30:47.0238 4756 [ 5D97943C128ED756D1B0A08302C1B1F8 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 15:30:47.0378 4756 AgereSoftModem - ok 15:30:47.0425 4756 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys 15:30:47.0441 4756 agp440 - ok 15:30:47.0472 4756 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys 15:30:47.0503 4756 aic78xx - ok 15:30:47.0519 4756 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe 15:30:47.0581 4756 ALG - ok 15:30:47.0612 4756 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys 15:30:47.0628 4756 aliide - ok 15:30:47.0643 4756 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys 15:30:47.0659 4756 amdagp - ok 15:30:47.0675 4756 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys 15:30:47.0690 4756 amdide - ok 15:30:47.0721 4756 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys 15:30:47.0768 4756 AmdK7 - ok 15:30:47.0784 4756 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 15:30:47.0846 4756 AmdK8 - ok 15:30:47.0877 4756 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll 15:30:47.0940 4756 Appinfo - ok 15:30:47.0971 4756 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys 15:30:47.0987 4756 arc - ok 15:30:48.0018 4756 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys 15:30:48.0033 4756 arcsas - ok 15:30:48.0080 4756 [ F5DC168BF77572D51BE28BA261B30CB4 ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 15:30:48.0455 4756 aswFsBlk - ok 15:30:48.0595 4756 [ 09678587C5C70F91720631EF048B4744 ] aswFW C:\Windows\system32\drivers\aswFW.sys 15:30:48.0626 4756 aswFW - ok 15:30:48.0673 4756 [ 31E0D16EB06D09A248AFF20C76F9091B ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 15:30:48.0720 4756 aswKbd - ok 15:30:48.0782 4756 [ F76E51561562AC4105DBBE53FC99BC10 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 15:30:48.0813 4756 aswMonFlt - ok 15:30:48.0845 4756 [ 7B948E3657BEA62E437BC46CA6EF6012 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 15:30:48.0876 4756 aswNdis - ok 15:30:48.0907 4756 [ C6E5E1E0FB3827B2359F4D394ECAA070 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 15:30:48.0954 4756 aswNdis2 - ok 15:30:48.0969 4756 [ B7D5E4486BA658ED08624D8084ABB830 ] AswRdr C:\Windows\system32\drivers\AswRdr.sys 15:30:48.0985 4756 AswRdr - ok 15:30:49.0047 4756 [ 30E45AF8B4D83176CA850FC9699E860B ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 15:30:49.0094 4756 aswSnx - ok 15:30:49.0157 4756 [ F04BDBCB965C05C51F4A7DE7B62063D6 ] aswSP C:\Windows\system32\drivers\aswSP.sys 15:30:49.0203 4756 aswSP - ok 15:30:49.0266 4756 [ DFE9152ABFA89BB8CFDC057409B2D4DA ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 15:30:49.0297 4756 aswTdi - ok 15:30:49.0344 4756 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 15:30:49.0391 4756 AsyncMac - ok 15:30:49.0422 4756 [ 2D9C903DC76A66813D350A562DE40ED9 ] atapi C:\Windows\system32\drivers\atapi.sys 15:30:49.0437 4756 atapi - ok 15:30:49.0515 4756 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys 15:30:49.0625 4756 athr - ok 15:30:49.0687 4756 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 15:30:49.0734 4756 AudioEndpointBuilder - ok 15:30:49.0765 4756 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll 15:30:49.0796 4756 Audiosrv - ok 15:30:49.0905 4756 [ 04AC21E821F259845BD7367CEE057290 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 15:30:49.0921 4756 avast! Antivirus - ok 15:30:49.0999 4756 [ DD4C61CB3CDBC8B0A7D2107C6944DC71 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 15:30:50.0015 4756 avast! Firewall - ok 15:30:50.0124 4756 [ 08015D34F6FDD0B355805BAD978497C3 ] bcm4sbxp C:\Windows\system32\DRIVERS\bcm4sbxp.sys 15:30:50.0202 4756 bcm4sbxp - ok 15:30:50.0233 4756 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys 15:30:50.0295 4756 Beep - ok 15:30:50.0342 4756 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll 15:30:50.0389 4756 BFE - ok 15:30:50.0639 4756 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll 15:30:50.0779 4756 BITS - ok 15:30:50.0857 4756 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys 15:30:50.0951 4756 blbdrive - ok 15:30:50.0997 4756 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys 15:30:51.0029 4756 bowser - ok 15:30:51.0060 4756 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys 15:30:51.0107 4756 BrFiltLo - ok 15:30:51.0169 4756 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys 15:30:51.0231 4756 BrFiltUp - ok 15:30:51.0247 4756 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll 15:30:51.0309 4756 Browser - ok 15:30:51.0325 4756 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys 15:30:51.0387 4756 Brserid - ok 15:30:51.0434 4756 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys 15:30:51.0512 4756 BrSerWdm - ok 15:30:51.0528 4756 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys 15:30:51.0590 4756 BrUsbMdm - ok 15:30:51.0606 4756 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys 15:30:51.0684 4756 BrUsbSer - ok 15:30:51.0699 4756 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 15:30:51.0793 4756 BTHMODEM - ok 15:30:51.0949 4756 [ AA84638EB071A54FAEF41DA601D3DE1D ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe 15:30:51.0980 4756 btwdins - ok 15:30:51.0996 4756 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 15:30:52.0058 4756 cdfs - ok 15:30:52.0089 4756 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 15:30:52.0121 4756 cdrom - ok 15:30:52.0183 4756 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll 15:30:52.0245 4756 CertPropSvc - ok 15:30:52.0277 4756 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys 15:30:52.0339 4756 circlass - ok 15:30:52.0417 4756 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys 15:30:52.0464 4756 CLFS - ok 15:30:52.0635 4756 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 15:30:52.0682 4756 clr_optimization_v2.0.50727_32 - ok 15:30:52.0760 4756 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 15:30:52.0776 4756 clr_optimization_v4.0.30319_32 - ok 15:30:52.0823 4756 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 15:30:52.0869 4756 CmBatt - ok 15:30:52.0885 4756 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys 15:30:52.0932 4756 cmdide - ok 15:30:52.0947 4756 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 15:30:52.0963 4756 Compbatt - ok 15:30:52.0979 4756 COMSysApp - ok 15:30:52.0994 4756 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 15:30:53.0025 4756 crcdisk - ok 15:30:53.0057 4756 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys 15:30:53.0088 4756 Crusoe - ok 15:30:53.0119 4756 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll 15:30:53.0166 4756 CryptSvc - ok 15:30:53.0228 4756 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll 15:30:53.0291 4756 DcomLaunch - ok 15:30:53.0337 4756 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys 15:30:53.0384 4756 DfsC - ok 15:30:53.0665 4756 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe 15:30:53.0868 4756 DFSR - ok 15:30:53.0930 4756 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll 15:30:53.0993 4756 Dhcp - ok 15:30:54.0024 4756 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys 15:30:54.0039 4756 disk - ok 15:30:54.0086 4756 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll 15:30:54.0117 4756 Dnscache - ok 15:30:54.0211 4756 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll 15:30:54.0273 4756 dot3svc - ok 15:30:54.0305 4756 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll 15:30:54.0351 4756 DPS - ok 15:30:54.0398 4756 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 15:30:54.0461 4756 drmkaud - ok 15:30:54.0554 4756 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 15:30:54.0601 4756 DXGKrnl - ok 15:30:54.0632 4756 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys 15:30:54.0679 4756 E1G60 - ok 15:30:54.0710 4756 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll 15:30:54.0757 4756 EapHost - ok 15:30:54.0819 4756 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys 15:30:54.0835 4756 Ecache - ok 15:30:54.0944 4756 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 15:30:54.0991 4756 ehRecvr - ok 15:30:55.0007 4756 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe 15:30:55.0069 4756 ehSched - ok 15:30:55.0069 4756 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll 15:30:55.0100 4756 ehstart - ok 15:30:55.0147 4756 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys 15:30:55.0178 4756 elxstor - ok 15:30:55.0256 4756 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll 15:30:55.0334 4756 EMDMgmt - ok 15:30:55.0365 4756 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys 15:30:55.0412 4756 ErrDev - ok 15:30:55.0506 4756 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll 15:30:55.0599 4756 EventSystem - ok 15:30:55.0818 4756 [ 2D41D7250F73272946DE04FF7A19761E ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 15:30:55.0943 4756 EvtEng ( UnsignedFile.Multi.Generic ) - warning 15:30:55.0943 4756 EvtEng - detected UnsignedFile.Multi.Generic (1) 15:30:55.0989 4756 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys 15:30:56.0036 4756 exfat - ok 15:30:56.0083 4756 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys 15:30:56.0130 4756 fastfat - ok 15:30:56.0161 4756 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys 15:30:56.0192 4756 fdc - ok 15:30:56.0223 4756 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll 15:30:56.0270 4756 fdPHost - ok 15:30:56.0286 4756 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll 15:30:56.0348 4756 FDResPub - ok 15:30:56.0379 4756 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 15:30:56.0395 4756 FileInfo - ok 15:30:56.0411 4756 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys 15:30:56.0457 4756 Filetrace - ok 15:30:56.0504 4756 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 15:30:56.0582 4756 flpydisk - ok 15:30:56.0629 4756 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 15:30:56.0676 4756 FltMgr - ok 15:30:56.0754 4756 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll 15:30:56.0847 4756 FontCache - ok 15:30:57.0003 4756 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 15:30:57.0019 4756 FontCache3.0.0.0 - ok 15:30:57.0081 4756 [ BFAAA92861526BB0ADCD01E964AB6609 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 15:30:57.0097 4756 fssfltr - ok 15:30:57.0222 4756 [ 40CDFAD174B3D5E80F95DDA003C0B97F ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 15:30:57.0331 4756 fsssvc - ok 15:30:57.0393 4756 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 15:30:57.0456 4756 Fs_Rec - ok 15:30:57.0471 4756 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 15:30:57.0503 4756 gagp30kx - ok 15:30:57.0596 4756 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll 15:30:57.0721 4756 gpsvc - ok 15:30:57.0768 4756 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 15:30:57.0846 4756 HdAudAddService - ok 15:30:57.0971 4756 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 15:30:58.0033 4756 HDAudBus - ok 15:30:58.0080 4756 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys 15:30:58.0142 4756 HidBth - ok 15:30:58.0158 4756 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys 15:30:58.0236 4756 HidIr - ok 15:30:58.0267 4756 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll 15:30:58.0329 4756 hidserv - ok 15:30:58.0361 4756 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 15:30:58.0392 4756 HidUsb - ok 15:30:58.0407 4756 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll 15:30:58.0454 4756 hkmsvc - ok 15:30:58.0470 4756 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys 15:30:58.0485 4756 HpCISSs - ok 15:30:58.0563 4756 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys 15:30:58.0657 4756 HTTP - ok 15:30:58.0688 4756 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys 15:30:58.0704 4756 i2omp - ok 15:30:58.0766 4756 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 15:30:58.0813 4756 i8042prt - ok 15:30:59.0109 4756 [ DCE0B53570703CCE580D066F89EF58CD ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys 15:30:59.0499 4756 ialm - ok 15:30:59.0546 4756 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 15:30:59.0562 4756 iaStor - ok 15:30:59.0593 4756 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys 15:30:59.0624 4756 iaStorV - ok 15:30:59.0687 4756 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 15:30:59.0749 4756 idsvc - ok 15:31:00.0014 4756 [ DCE0B53570703CCE580D066F89EF58CD ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 15:31:00.0389 4756 igfx - ok 15:31:00.0404 4756 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys 15:31:00.0420 4756 iirsp - ok 15:31:00.0482 4756 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll 15:31:00.0529 4756 IKEEXT - ok 15:31:00.0623 4756 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 15:31:00.0888 4756 IntcAzAudAddService - ok 15:31:00.0935 4756 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys 15:31:00.0950 4756 intelide - ok 15:31:00.0966 4756 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 15:31:01.0013 4756 intelppm - ok 15:31:01.0044 4756 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 15:31:01.0091 4756 IPBusEnum - ok 15:31:01.0122 4756 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 15:31:01.0169 4756 IpFilterDriver - ok 15:31:01.0184 4756 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 15:31:01.0215 4756 iphlpsvc - ok 15:31:01.0231 4756 IpInIp - ok 15:31:01.0262 4756 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys 15:31:01.0309 4756 IPMIDRV - ok 15:31:01.0325 4756 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys 15:31:01.0356 4756 IPNAT - ok 15:31:01.0387 4756 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 15:31:01.0403 4756 IRENUM - ok 15:31:01.0434 4756 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys 15:31:01.0449 4756 isapnp - ok 15:31:01.0496 4756 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys 15:31:01.0527 4756 iScsiPrt - ok 15:31:01.0559 4756 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys 15:31:01.0574 4756 iteatapi - ok 15:31:01.0590 4756 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys 15:31:01.0605 4756 iteraid - ok 15:31:01.0621 4756 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 15:31:01.0637 4756 kbdclass - ok 15:31:01.0652 4756 [ 18247836959BA67E3511B62846B9C2E0 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 15:31:01.0699 4756 kbdhid - ok 15:31:01.0746 4756 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe 15:31:01.0793 4756 KeyIso - ok 15:31:01.0824 4756 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys 15:31:01.0839 4756 KMDFMEMIO - ok 15:31:01.0886 4756 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 15:31:01.0902 4756 KSecDD - ok 15:31:01.0949 4756 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll 15:31:02.0027 4756 KtmRm - ok 15:31:02.0089 4756 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll 15:31:02.0136 4756 LanmanServer - ok 15:31:02.0183 4756 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 15:31:02.0229 4756 LanmanWorkstation - ok 15:31:02.0276 4756 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 15:31:02.0307 4756 lltdio - ok 15:31:02.0339 4756 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll 15:31:02.0385 4756 lltdsvc - ok 15:31:02.0401 4756 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll 15:31:02.0448 4756 lmhosts - ok 15:31:02.0479 4756 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 15:31:02.0495 4756 LSI_FC - ok 15:31:02.0510 4756 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 15:31:02.0526 4756 LSI_SAS - ok 15:31:02.0541 4756 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 15:31:02.0557 4756 LSI_SCSI - ok 15:31:02.0588 4756 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys 15:31:02.0635 4756 luafv - ok 15:31:02.0666 4756 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 15:31:02.0697 4756 Mcx2Svc - ok 15:31:02.0775 4756 [ 4EA37B969B8C659C51E1CABB6D435325 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe 15:31:02.0807 4756 MDM ( UnsignedFile.Multi.Generic ) - warning 15:31:02.0807 4756 MDM - detected UnsignedFile.Multi.Generic (1) 15:31:02.0838 4756 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys 15:31:02.0853 4756 megasas - ok 15:31:02.0900 4756 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys 15:31:02.0931 4756 MegaSR - ok 15:31:02.0947 4756 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll 15:31:02.0994 4756 MMCSS - ok 15:31:03.0009 4756 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys 15:31:03.0072 4756 Modem - ok 15:31:03.0103 4756 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 15:31:03.0150 4756 monitor - ok 15:31:03.0165 4756 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 15:31:03.0197 4756 mouclass - ok 15:31:03.0212 4756 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 15:31:03.0275 4756 mouhid - ok 15:31:03.0290 4756 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys 15:31:03.0321 4756 MountMgr - ok 15:31:03.0368 4756 [ CB8AF049AC9BE419A77ADAE288673359 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 15:31:03.0399 4756 MozillaMaintenance - ok 15:31:03.0431 4756 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys 15:31:03.0462 4756 mpio - ok 15:31:03.0493 4756 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 15:31:03.0540 4756 mpsdrv - ok 15:31:03.0587 4756 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll 15:31:03.0649 4756 MpsSvc - ok 15:31:03.0680 4756 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys 15:31:03.0696 4756 Mraid35x - ok 15:31:03.0727 4756 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 15:31:03.0758 4756 MRxDAV - ok 15:31:03.0789 4756 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 15:31:03.0805 4756 mrxsmb - ok 15:31:03.0852 4756 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 15:31:03.0883 4756 mrxsmb10 - ok 15:31:03.0899 4756 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 15:31:03.0930 4756 mrxsmb20 - ok 15:31:03.0961 4756 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys 15:31:03.0977 4756 msahci - ok 15:31:03.0992 4756 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys 15:31:04.0008 4756 msdsm - ok 15:31:04.0023 4756 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe 15:31:04.0086 4756 MSDTC - ok 15:31:04.0117 4756 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys 15:31:04.0148 4756 Msfs - ok 15:31:04.0195 4756 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 15:31:04.0211 4756 msisadrv - ok 15:31:04.0242 4756 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 15:31:04.0304 4756 MSiSCSI - ok 15:31:04.0320 4756 msiserver - ok 15:31:04.0351 4756 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 15:31:04.0398 4756 MSKSSRV - ok 15:31:04.0445 4756 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 15:31:04.0476 4756 MSPCLOCK - ok 15:31:04.0491 4756 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 15:31:04.0523 4756 MSPQM - ok 15:31:04.0554 4756 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 15:31:04.0585 4756 MsRPC - ok 15:31:04.0601 4756 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 15:31:04.0616 4756 mssmbios - ok 15:31:04.0632 4756 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 15:31:04.0663 4756 MSTEE - ok 15:31:04.0694 4756 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys 15:31:04.0710 4756 Mup - ok 15:31:04.0741 4756 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll 15:31:04.0788 4756 napagent - ok 15:31:04.0850 4756 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 15:31:04.0866 4756 NativeWifiP - ok 15:31:04.0913 4756 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys 15:31:04.0959 4756 NDIS - ok 15:31:05.0006 4756 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 15:31:05.0037 4756 NdisTapi - ok 15:31:05.0053 4756 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 15:31:05.0084 4756 Ndisuio - ok 15:31:05.0131 4756 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 15:31:05.0178 4756 NdisWan - ok 15:31:05.0193 4756 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 15:31:05.0225 4756 NDProxy - ok 15:31:05.0225 4756 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 15:31:05.0271 4756 NetBIOS - ok 15:31:05.0318 4756 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys 15:31:05.0365 4756 netbt - ok 15:31:05.0365 4756 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe 15:31:05.0396 4756 Netlogon - ok 15:31:05.0412 4756 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll 15:31:05.0474 4756 Netman - ok 15:31:05.0490 4756 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll 15:31:05.0537 4756 netprofm - ok 15:31:05.0583 4756 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 15:31:05.0615 4756 NetTcpPortSharing - ok 15:31:05.0989 4756 [ 35D5458D9A1B26B2005ABFFBF4C1C5E7 ] NETw3v32 C:\Windows\system32\DRIVERS\NETw3v32.sys 15:31:06.0192 4756 NETw3v32 - ok 15:31:06.0223 4756 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 15:31:06.0239 4756 nfrd960 - ok 15:31:06.0285 4756 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll 15:31:06.0317 4756 NlaSvc - ok 15:31:06.0379 4756 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys 15:31:06.0426 4756 Npfs - ok 15:31:06.0441 4756 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll 15:31:06.0488 4756 nsi - ok 15:31:06.0504 4756 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 15:31:06.0551 4756 nsiproxy - ok 15:31:06.0956 4756 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 15:31:07.0143 4756 Ntfs - ok 15:31:07.0190 4756 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys 15:31:07.0253 4756 ntrigdigi - ok 15:31:07.0331 4756 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys 15:31:07.0409 4756 Null - ok 15:31:07.0455 4756 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys 15:31:07.0471 4756 nvraid - ok 15:31:07.0487 4756 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys 15:31:07.0518 4756 nvstor - ok 15:31:07.0533 4756 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 15:31:07.0565 4756 nv_agp - ok 15:31:07.0565 4756 NwlnkFlt - ok 15:31:07.0580 4756 NwlnkFwd - ok 15:31:07.0611 4756 [ 790E27C3DB53410B40FF9EF2FD10A1D9 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys 15:31:07.0658 4756 ohci1394 - ok 15:31:07.0923 4756 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll 15:31:08.0064 4756 p2pimsvc - ok 15:31:08.0095 4756 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll 15:31:08.0157 4756 p2psvc - ok 15:31:08.0204 4756 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys 15:31:08.0345 4756 Parport - ok 15:31:08.0438 4756 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys 15:31:08.0485 4756 partmgr - ok 15:31:08.0532 4756 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys 15:31:08.0672 4756 Parvdm - ok 15:31:08.0750 4756 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll 15:31:08.0906 4756 PcaSvc - ok 15:31:08.0953 4756 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys 15:31:09.0000 4756 pci - ok 15:31:09.0062 4756 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys 15:31:09.0109 4756 pciide - ok 15:31:09.0140 4756 [ B7C5A8769541900F6DFA6FE0C5E4D513 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 15:31:09.0171 4756 pcmcia - ok 15:31:09.0203 4756 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys 15:31:09.0312 4756 PEAUTH - ok 15:31:09.0764 4756 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll 15:31:09.0951 4756 pla - ok 15:31:10.0029 4756 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll 15:31:10.0107 4756 PlugPlay - ok 15:31:10.0139 4756 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll 15:31:10.0185 4756 PNRPAutoReg - ok 15:31:10.0201 4756 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll 15:31:10.0295 4756 PNRPsvc - ok 15:31:10.0404 4756 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 15:31:10.0513 4756 PolicyAgent - ok 15:31:10.0544 4756 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 15:31:10.0591 4756 PptpMiniport - ok 15:31:10.0607 4756 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys 15:31:10.0638 4756 Processor - ok 15:31:10.0731 4756 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll 15:31:10.0794 4756 ProfSvc - ok 15:31:10.0809 4756 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe 15:31:10.0825 4756 ProtectedStorage - ok 15:31:10.0872 4756 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys 15:31:10.0950 4756 PSched - ok 15:31:10.0981 4756 [ D24DFD16A1E2A76034DF5AA18125C35D ] PSI C:\Windows\system32\DRIVERS\psi_mf.sys 15:31:11.0012 4756 PSI - ok 15:31:11.0075 4756 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 15:31:11.0184 4756 ql2300 - ok 15:31:11.0215 4756 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 15:31:11.0246 4756 ql40xx - ok 15:31:11.0277 4756 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll 15:31:11.0324 4756 QWAVE - ok 15:31:11.0340 4756 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 15:31:11.0387 4756 QWAVEdrv - ok 15:31:11.0402 4756 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 15:31:11.0433 4756 RasAcd - ok 15:31:11.0465 4756 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll 15:31:11.0511 4756 RasAuto - ok 15:31:11.0527 4756 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 15:31:11.0574 4756 Rasl2tp - ok 15:31:11.0621 4756 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll 15:31:11.0667 4756 RasMan - ok 15:31:11.0745 4756 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 15:31:11.0808 4756 RasPppoe - ok 15:31:11.0839 4756 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 15:31:11.0855 4756 RasSstp - ok 15:31:11.0901 4756 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 15:31:11.0948 4756 rdbss - ok 15:31:11.0964 4756 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 15:31:12.0011 4756 RDPCDD - ok 15:31:12.0073 4756 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys 15:31:12.0135 4756 rdpdr - ok 15:31:12.0135 4756 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 15:31:12.0182 4756 RDPENCDD - ok 15:31:12.0229 4756 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 15:31:12.0276 4756 RDPWD - ok 15:31:12.0588 4756 [ ED8C9F16E10C1E4C4C5D16CD04966E24 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 15:31:12.0650 4756 RegSrvc ( UnsignedFile.Multi.Generic ) - warning 15:31:12.0650 4756 RegSrvc - detected UnsignedFile.Multi.Generic (1) 15:31:12.0697 4756 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll 15:31:12.0728 4756 RemoteAccess - ok 15:31:12.0837 4756 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll 15:31:12.0884 4756 RemoteRegistry - ok 15:31:12.0900 4756 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe 15:31:12.0947 4756 RpcLocator - ok 15:31:12.0978 4756 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll 15:31:13.0025 4756 RpcSs - ok 15:31:13.0056 4756 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 15:31:13.0118 4756 rspndr - ok 15:31:13.0134 4756 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe 15:31:13.0149 4756 SamSs - ok 15:31:13.0415 4756 [ A9D840FA78F65857EB554229914F855C ] Samsung Update Plus C:\Program Files\Samsung\Samsung Update Plus\SLUBackgroundService.exe 15:31:13.0493 4756 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - warning 15:31:13.0493 4756 Samsung Update Plus - detected UnsignedFile.Multi.Generic (1) 15:31:13.0524 4756 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 15:31:13.0539 4756 sbp2port - ok 15:31:13.0602 4756 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll 15:31:13.0649 4756 SCardSvr - ok 15:31:13.0820 4756 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll 15:31:13.0961 4756 Schedule - ok 15:31:14.0007 4756 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll 15:31:14.0054 4756 SCPolicySvc - ok 15:31:14.0117 4756 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys 15:31:14.0226 4756 sdbus - ok 15:31:14.0288 4756 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll 15:31:14.0335 4756 SDRSVC - ok 15:31:14.0366 4756 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 15:31:14.0460 4756 secdrv - ok 15:31:14.0491 4756 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll 15:31:14.0538 4756 seclogon - ok 15:31:14.0663 4756 Secunia PSI Agent - ok 15:31:14.0709 4756 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll 15:31:14.0772 4756 SENS - ok 15:31:14.0787 4756 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys 15:31:14.0850 4756 Serenum - ok 15:31:14.0912 4756 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys 15:31:14.0990 4756 Serial - ok 15:31:15.0021 4756 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys 15:31:15.0053 4756 sermouse - ok 15:31:15.0115 4756 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll 15:31:15.0193 4756 SessionEnv - ok 15:31:15.0224 4756 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 15:31:15.0255 4756 sffdisk - ok 15:31:15.0271 4756 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 15:31:15.0333 4756 sffp_mmc - ok 15:31:15.0349 4756 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 15:31:15.0396 4756 sffp_sd - ok 15:31:15.0411 4756 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 15:31:15.0536 4756 sfloppy - ok 15:31:15.0755 4756 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll 15:31:15.0911 4756 SharedAccess - ok 15:31:15.0957 4756 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 15:31:16.0035 4756 ShellHWDetection - ok 15:31:16.0067 4756 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys 15:31:16.0082 4756 sisagp - ok 15:31:16.0098 4756 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys 15:31:16.0113 4756 SiSRaid2 - ok 15:31:16.0129 4756 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 15:31:16.0145 4756 SiSRaid4 - ok 15:31:16.0659 4756 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe 15:31:16.0893 4756 slsvc - ok 15:31:16.0909 4756 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll 15:31:16.0971 4756 SLUINotify - ok 15:31:17.0018 4756 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys 15:31:17.0065 4756 Smb - ok 15:31:17.0112 4756 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 15:31:17.0159 4756 SNMPTRAP - ok 15:31:17.0190 4756 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys 15:31:17.0221 4756 spldr - ok 15:31:17.0252 4756 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe 15:31:17.0299 4756 Spooler - ok 15:31:17.0361 4756 [ D89083C4EB02DACA8F944B0E05E57F9D ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 15:31:17.0377 4756 SQLWriter - ok 15:31:17.0424 4756 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys 15:31:17.0486 4756 srv - ok 15:31:17.0502 4756 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 15:31:17.0533 4756 srv2 - ok 15:31:17.0564 4756 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 15:31:17.0595 4756 srvnet - ok 15:31:17.0642 4756 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 15:31:17.0720 4756 SSDPSRV - ok 15:31:17.0751 4756 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll 15:31:17.0783 4756 SstpSvc - ok 15:31:17.0845 4756 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll 15:31:17.0923 4756 stisvc - ok 15:31:17.0954 4756 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 15:31:17.0985 4756 swenum - ok 15:31:18.0032 4756 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll 15:31:18.0110 4756 swprv - ok 15:31:18.0141 4756 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys 15:31:18.0173 4756 Symc8xx - ok 15:31:18.0188 4756 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys 15:31:18.0219 4756 Sym_hi - ok 15:31:18.0235 4756 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys 15:31:18.0266 4756 Sym_u3 - ok 15:31:18.0297 4756 [ 451E8037E2EB6DA6BDF0A66F65D1810B ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 15:31:18.0313 4756 SynTP - ok 15:31:18.0391 4756 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll 15:31:18.0485 4756 SysMain - ok 15:31:18.0531 4756 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll 15:31:18.0578 4756 TabletInputService - ok 15:31:18.0625 4756 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll 15:31:18.0703 4756 TapiSrv - ok 15:31:18.0734 4756 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll 15:31:18.0797 4756 TBS - ok 15:31:18.0859 4756 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 15:31:18.0953 4756 Tcpip - ok 15:31:18.0999 4756 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys 15:31:19.0062 4756 Tcpip6 - ok 15:31:19.0093 4756 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 15:31:19.0140 4756 tcpipreg - ok 15:31:19.0171 4756 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 15:31:19.0233 4756 TDPIPE - ok 15:31:19.0233 4756 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 15:31:19.0280 4756 TDTCP - ok 15:31:19.0311 4756 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 15:31:19.0358 4756 tdx - ok 15:31:19.0374 4756 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 15:31:19.0389 4756 TermDD - ok 15:31:19.0436 4756 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll 15:31:19.0483 4756 TermService - ok 15:31:19.0499 4756 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll 15:31:19.0514 4756 Themes - ok 15:31:19.0561 4756 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll 15:31:19.0592 4756 THREADORDER - ok 15:31:19.0608 4756 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll 15:31:19.0670 4756 TrkWks - ok 15:31:19.0717 4756 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 15:31:19.0764 4756 TrustedInstaller - ok 15:31:19.0795 4756 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 15:31:19.0842 4756 tssecsrv - ok 15:31:19.0857 4756 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys 15:31:19.0889 4756 tunmp - ok 15:31:19.0904 4756 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 15:31:19.0920 4756 tunnel - ok 15:31:19.0951 4756 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys 15:31:19.0967 4756 uagp35 - ok 15:31:19.0998 4756 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 15:31:20.0029 4756 udfs - ok 15:31:20.0060 4756 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 15:31:20.0091 4756 UI0Detect - ok 15:31:20.0123 4756 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 15:31:20.0138 4756 uliagpkx - ok 15:31:20.0169 4756 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys 15:31:20.0185 4756 uliahci - ok 15:31:20.0216 4756 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys 15:31:20.0232 4756 UlSata - ok 15:31:20.0247 4756 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys 15:31:20.0263 4756 ulsata2 - ok 15:31:20.0279 4756 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 15:31:20.0325 4756 umbus - ok 15:31:20.0357 4756 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll 15:31:20.0403 4756 upnphost - ok 15:31:20.0435 4756 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 15:31:20.0481 4756 usbccgp - ok 15:31:20.0513 4756 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys 15:31:20.0559 4756 usbcir - ok 15:31:20.0606 4756 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 15:31:20.0622 4756 usbehci - ok 15:31:20.0669 4756 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 15:31:20.0715 4756 usbhub - ok 15:31:20.0731 4756 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys 15:31:20.0778 4756 usbohci - ok 15:31:20.0793 4756 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 15:31:20.0840 4756 usbprint - ok 15:31:20.0856 4756 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 15:31:20.0887 4756 USBSTOR - ok 15:31:20.0918 4756 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 15:31:20.0965 4756 usbuhci - ok 15:31:20.0996 4756 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 15:31:21.0027 4756 usbvideo - ok 15:31:21.0059 4756 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll 15:31:21.0090 4756 UxSms - ok 15:31:21.0121 4756 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe 15:31:21.0230 4756 vds - ok 15:31:21.0293 4756 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 15:31:21.0308 4756 vga - ok 15:31:21.0339 4756 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys 15:31:21.0402 4756 VgaSave - ok 15:31:21.0417 4756 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys 15:31:21.0433 4756 viaagp - ok 15:31:21.0449 4756 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys 15:31:21.0480 4756 ViaC7 - ok 15:31:21.0495 4756 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys 15:31:21.0511 4756 viaide - ok 15:31:21.0527 4756 VMC302 - ok 15:31:21.0542 4756 VMC326 - ok 15:31:21.0558 4756 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys 15:31:21.0573 4756 volmgr - ok 15:31:21.0620 4756 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 15:31:21.0651 4756 volmgrx - ok 15:31:21.0683 4756 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys 15:31:21.0714 4756 volsnap - ok 15:31:21.0745 4756 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 15:31:21.0761 4756 vsmraid - ok 15:31:21.0807 4756 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe 15:31:21.0917 4756 VSS - ok 15:31:21.0963 4756 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll 15:31:22.0010 4756 W32Time - ok 15:31:22.0041 4756 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 15:31:22.0088 4756 WacomPen - ok 15:31:22.0104 4756 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys 15:31:22.0135 4756 Wanarp - ok 15:31:22.0151 4756 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 15:31:22.0182 4756 Wanarpv6 - ok 15:31:22.0197 4756 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll 15:31:22.0229 4756 wcncsvc - ok 15:31:22.0275 4756 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 15:31:22.0322 4756 WcsPlugInService - ok 15:31:22.0353 4756 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys 15:31:22.0369 4756 Wd - ok 15:31:22.0385 4756 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 15:31:22.0416 4756 Wdf01000 - ok 15:31:22.0447 4756 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll 15:31:22.0494 4756 WdiServiceHost - ok 15:31:22.0494 4756 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll 15:31:22.0525 4756 WdiSystemHost - ok 15:31:22.0572 4756 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll 15:31:22.0619 4756 WebClient - ok 15:31:22.0650 4756 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll 15:31:22.0697 4756 Wecsvc - ok 15:31:22.0728 4756 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll 15:31:22.0775 4756 wercplsupport - ok 15:31:22.0821 4756 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll 15:31:22.0853 4756 WerSvc - ok 15:31:22.0899 4756 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 15:31:22.0931 4756 WinDefend - ok 15:31:22.0931 4756 WinHttpAutoProxySvc - ok 15:31:23.0009 4756 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 15:31:23.0024 4756 Winmgmt - ok 15:31:23.0087 4756 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll 15:31:23.0211 4756 WinRM - ok 15:31:23.0274 4756 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll 15:31:23.0367 4756 Wlansvc - ok 15:31:23.0414 4756 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe 15:31:23.0430 4756 wlcrasvc - ok 15:31:23.0539 4756 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 15:31:23.0633 4756 wlidsvc - ok 15:31:23.0664 4756 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 15:31:23.0695 4756 WmiAcpi - ok 15:31:23.0742 4756 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 15:31:23.0773 4756 wmiApSrv - ok 15:31:23.0851 4756 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 15:31:23.0976 4756 WMPNetworkSvc - ok 15:31:24.0023 4756 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll 15:31:24.0085 4756 WPCSvc - ok 15:31:24.0132 4756 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 15:31:24.0210 4756 WPDBusEnum - ok 15:31:24.0319 4756 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe 15:31:24.0350 4756 WPFFontCache_v0400 - ok 15:31:24.0381 4756 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 15:31:24.0428 4756 ws2ifsl - ok 15:31:24.0475 4756 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll 15:31:24.0522 4756 wscsvc - ok 15:31:24.0537 4756 WSearch - ok 15:31:24.0631 4756 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 15:31:24.0725 4756 wuauserv - ok 15:31:24.0740 4756 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 15:31:24.0787 4756 WUDFRd - ok 15:31:24.0818 4756 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll 15:31:24.0881 4756 wudfsvc - ok 15:31:24.0927 4756 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys 15:31:24.0943 4756 yukonwlh - ok 15:31:24.0959 4756 ================ Scan global =============================== 15:31:24.0974 4756 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll 15:31:25.0005 4756 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:31:25.0037 4756 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll 15:31:25.0083 4756 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe 15:31:25.0099 4756 [Global] - ok 15:31:25.0099 4756 ================ Scan MBR ================================== 15:31:25.0115 4756 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0 15:31:25.0785 4756 \Device\Harddisk0\DR0 - ok 15:31:25.0785 4756 ================ Scan VBR ================================== 15:31:25.0785 4756 [ 778BD02862DAF00CBA9203AD1F772529 ] \Device\Harddisk0\DR0\Partition1 15:31:25.0785 4756 \Device\Harddisk0\DR0\Partition1 - ok 15:31:25.0817 4756 [ 3AEF6052CF435B768F153AC751BE2BF1 ] \Device\Harddisk0\DR0\Partition2 15:31:25.0817 4756 \Device\Harddisk0\DR0\Partition2 - ok 15:31:25.0817 4756 ============================================================ 15:31:25.0817 4756 Scan finished 15:31:25.0817 4756 ============================================================ 15:31:25.0832 3456 Detected object count: 4 15:31:25.0832 3456 Actual detected object count: 4 15:34:00.0429 3456 EvtEng ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:00.0429 3456 EvtEng ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:00.0429 3456 MDM ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:00.0429 3456 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:00.0429 3456 RegSrvc ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:00.0429 3456 RegSrvc ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:00.0429 3456 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - skipped by user 15:34:00.0445 3456 Samsung Update Plus ( UnsignedFile.Multi.Generic ) - User select action: Skip 15:34:12.0285 4876 Deinitialize success |
Themen zu Malewarebytes findet ganz viele PUPBlabbers |
.dll, administrator, anti-malware, autostart, avast, dateien, explorer, helper, infizierte, install, install.exe, malwarebytes, microsoft, programm, scan, security, security system, service, service pack 2, software, speicher, system, uninstall.exe, version, virendatenbank, vista |