| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Das Programm kann diese Webseite nicht anzeigenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
13.10.2012, 20:13
| #1 |
| |  Das Programm kann diese Webseite nicht anzeigen Hallo liebes Trojaner-Board Team, folgende Situation: Ich habe mir vorgestern beim surfen im Internet ein "Problem" eingefangen. Der gesamte Bildschirm wurde von der Meldung "Das Programm kann diese Webseite nicht anzeigen" blockiert. Auch der Taskmanager funktionierte nicht mehr. Heute habe ich im abgesicherten Modus Malwarebytes als QuickScan und als Vollscan durchlaufen lassen. Der Quickscan ergab drei Treffer, der Vollscan dann keine mehr. Beide Logs im Anhang. Ebenfalls im Anhang die Logs von OTL. Ich kann nun Windows gar nicht mehr im normalen Modus starten. Nach Eingabe meines Passworts bleibt der Bildschirm komplett schwarz. Ich verwende Win Vista HP 64. Vielen Dank im Voraus für eure kompetente Hilfe! |
|
15.10.2012, 07:26
| #2 |
| /// Malwareteam    | Das Programm kann diese Webseite nicht anzeigen Mein Name ist Marius und ich werde dir bei deinem Problem helfen. Eines vorneweg: Hinweis: Wir können hier nie dafür garantieren, dass wir sämtliche Reste von Schadsoftware gefunden haben. Eine Formatierung ist meist der schnellste und immer der sicherste Weg. Solltest Du Dich für eine Bereinigung entscheiden, arbeite solange mit, bis dir jemand vom Team sagt, dass dein Rechner clean ist. Eine Bereinigung ist mitunter mit viel Arbeit für dich verbunden.
Vista und Win7 User Alle Tools mit Rechtsklick --> "als Administrator ausführen" starten. Abgesicherter Modus zur Bereinigung
Schritt 1: aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Schritt 2: Scan mit TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ |
|
15.10.2012, 18:08
| #3 |
| | Das Programm kann diese Webseite nicht anzeigen Hallo Marius,
__________________vielen Dank für deine Hilfe. aswMBR Code:
ATTFilter aswMBR version 0.9.9.1665 Copyright(c) 2011 AVAST Software
Run date: 2012-10-15 18:46:08
-----------------------------
18:46:08.890 OS Version: Windows 6.0.6002 Service Pack 2
18:46:08.890 Number of processors: 2 586 0x1706
18:46:08.890 ComputerName: HOME-OFFICE UserName: Stefan
18:46:10.122 Initialize success
18:47:51.538 AVAST engine defs: 12101500
18:49:14.015 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1
18:49:14.015 Disk 0 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:49:14.015 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IAAStorageDevice-2
18:49:14.015 Disk 1 Vendor: Hitachi_ FB4O Size: 305245MB BusType: 3
18:49:14.030 Disk 0 MBR read successfully
18:49:14.030 Disk 0 MBR scan
18:49:14.030 Disk 0 unknown MBR code
18:49:14.046 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 10240 MB offset 2048
18:49:14.077 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 147501 MB offset 20973568
18:49:14.093 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 147502 MB offset 323055616
18:49:14.108 Disk 0 scanning sectors +625139712
18:49:14.155 Disk 0 scanning C:\Windows\system32\drivers
18:49:24.888 Service scanning
18:49:57.086 Modules scanning
18:50:03.155 Disk 0 trace - called modules:
18:50:03.186 ntkrnlpa.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
18:50:03.186 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8683f510]
18:50:03.202 3 CLASSPNP.SYS[8ada08b3] -> nt!IofCallDriver -> [0x85966438]
18:50:03.202 5 acpi.sys[8069a6bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x85912028]
18:50:03.904 AVAST engine scan C:\Windows
18:50:05.042 File: C:\Windows\hsjgymnd.exe **INFECTED** Win32:Ransom-UY [Trj]
18:50:07.320 AVAST engine scan C:\Windows\system32
18:53:09.934 AVAST engine scan C:\Windows\system32\drivers
18:53:21.602 AVAST engine scan C:\Users\Stefan
18:55:51.019 Disk 0 MBR has been saved successfully to "F:\MBR.dat"
18:55:51.066 The log file has been saved successfully to "F:\aswMBR.txt"
Code:
ATTFilter 18:59:02.0823 3504 TDSS rootkit removing tool 2.8.13.0 Oct 12 2012 17:26:47
18:59:03.0650 3504 ============================================================
18:59:03.0650 3504 Current date / time: 2012/10/15 18:59:03.0650
18:59:03.0650 3504 SystemInfo:
18:59:03.0650 3504
18:59:03.0650 3504 OS Version: 6.0.6002 ServicePack: 2.0
18:59:03.0650 3504 Product type: Workstation
18:59:03.0650 3504 ComputerName: HOME-OFFICE
18:59:03.0650 3504 UserName: Stefan
18:59:03.0650 3504 Windows directory: C:\Windows
18:59:03.0650 3504 System windows directory: C:\Windows
18:59:03.0650 3504 Processor architecture: Intel x86
18:59:03.0650 3504 Number of processors: 2
18:59:03.0650 3504 Page size: 0x1000
18:59:03.0650 3504 Boot type: Safe boot with network
18:59:03.0650 3504 ============================================================
18:59:06.0286 3504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:59:06.0302 3504 Drive \Device\Harddisk1\DR1 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:59:06.0318 3504 Drive \Device\Harddisk2\DR2 - Size: 0x7980000 (0.12 Gb), SectorSize: 0x200, Cylinders: 0xF, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
18:59:06.0318 3504 ============================================================
18:59:06.0318 3504 \Device\Harddisk0\DR0:
18:59:06.0318 3504 MBR partitions:
18:59:06.0318 3504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
18:59:06.0318 3504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x12017000
18:59:06.0318 3504 \Device\Harddisk1\DR1:
18:59:06.0318 3504 MBR partitions:
18:59:06.0318 3504 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2542D682
18:59:06.0318 3504 \Device\Harddisk2\DR2:
18:59:06.0318 3504 MBR partitions:
18:59:06.0318 3504 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3CBE0
18:59:06.0318 3504 ============================================================
18:59:06.0380 3504 C: <-> \Device\Harddisk0\DR0\Partition1
18:59:06.0411 3504 E: <-> \Device\Harddisk0\DR0\Partition2
18:59:06.0411 3504 ============================================================
18:59:06.0411 3504 Initialize success
18:59:06.0411 3504 ============================================================
18:59:22.0557 3352 ============================================================
18:59:22.0557 3352 Scan started
18:59:22.0557 3352 Mode: Manual;
18:59:22.0557 3352 ============================================================
18:59:22.0947 3352 ================ Scan system memory ========================
18:59:22.0947 3352 System memory - ok
18:59:22.0947 3352 ================ Scan services =============================
18:59:23.0259 3352 [ 02E1C46C34F2D2843533C4F223867930 ] A310 C:\Windows\system32\DRIVERS\AVerA310USB.sys
18:59:23.0259 3352 A310 - ok
18:59:23.0322 3352 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
18:59:23.0337 3352 ACPI - ok
18:59:23.0431 3352 [ 44C00A385CA9DBC1D5CF3781F8C26AEA ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
18:59:23.0446 3352 AdobeFlashPlayerUpdateSvc - ok
18:59:23.0540 3352 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:59:23.0540 3352 adp94xx - ok
18:59:23.0571 3352 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:59:23.0571 3352 adpahci - ok
18:59:23.0587 3352 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
18:59:23.0587 3352 adpu160m - ok
18:59:23.0634 3352 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:59:23.0634 3352 adpu320 - ok
18:59:23.0696 3352 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:59:23.0696 3352 AeLookupSvc - ok
18:59:23.0743 3352 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
18:59:23.0743 3352 AFD - ok
18:59:23.0774 3352 [ EFBC44FBD75E4F80BD927AEBF6E7EADE ] AgereModemAudio C:\Windows\system32\agrsmsvc.exe
18:59:23.0774 3352 AgereModemAudio - ok
18:59:23.0852 3352 [ 38325C6AA8EAE011897D61CE48EC6435 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys
18:59:23.0868 3352 AgereSoftModem - ok
18:59:23.0914 3352 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
18:59:23.0914 3352 agp440 - ok
18:59:23.0930 3352 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:59:23.0946 3352 aic78xx - ok
18:59:23.0992 3352 [ 8D59617A9C3DBF4650AA44F4E9215744 ] AlfaFF C:\Windows\system32\Drivers\AlfaFF.sys
18:59:23.0992 3352 AlfaFF - ok
18:59:24.0008 3352 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
18:59:24.0008 3352 ALG - ok
18:59:24.0039 3352 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
18:59:24.0039 3352 aliide - ok
18:59:24.0055 3352 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:59:24.0055 3352 amdagp - ok
18:59:24.0070 3352 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
18:59:24.0070 3352 amdide - ok
18:59:24.0133 3352 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
18:59:24.0133 3352 AmdK7 - ok
18:59:24.0133 3352 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:59:24.0133 3352 AmdK8 - ok
18:59:24.0195 3352 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
18:59:24.0195 3352 Appinfo - ok
18:59:24.0211 3352 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
18:59:24.0226 3352 arc - ok
18:59:24.0242 3352 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:59:24.0242 3352 arcsas - ok
18:59:24.0289 3352 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:59:24.0289 3352 AsyncMac - ok
18:59:24.0320 3352 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
18:59:24.0336 3352 atapi - ok
18:59:24.0367 3352 [ 5E19F7B730C6A32E83174E2D6FEE4389 ] ATSWPDRV C:\Windows\system32\DRIVERS\ATSwpDrv.sys
18:59:24.0382 3352 ATSWPDRV - ok
18:59:24.0460 3352 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:59:24.0460 3352 AudioEndpointBuilder - ok
18:59:24.0476 3352 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:59:24.0476 3352 Audiosrv - ok
18:59:24.0492 3352 [ 7D0F2BFA273831124FA08526AF48AF18 ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:59:24.0492 3352 b57nd60x - ok
18:59:24.0523 3352 [ 9347A2DDEE501C242A8E21990279D688 ] BDASwCap C:\Windows\system32\drivers\AVerA310Cap.sys
18:59:24.0523 3352 BDASwCap - ok
18:59:24.0570 3352 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
18:59:24.0570 3352 Beep - ok
18:59:24.0601 3352 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
18:59:24.0601 3352 BFE - ok
18:59:24.0679 3352 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
18:59:24.0694 3352 BITS - ok
18:59:24.0726 3352 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
18:59:24.0726 3352 blbdrive - ok
18:59:24.0757 3352 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:59:24.0757 3352 bowser - ok
18:59:24.0804 3352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
18:59:24.0804 3352 BrFiltLo - ok
18:59:24.0835 3352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
18:59:24.0835 3352 BrFiltUp - ok
18:59:24.0866 3352 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
18:59:24.0882 3352 Browser - ok
18:59:24.0897 3352 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
18:59:24.0897 3352 Brserid - ok
18:59:24.0913 3352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
18:59:24.0913 3352 BrSerWdm - ok
18:59:24.0928 3352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
18:59:24.0928 3352 BrUsbMdm - ok
18:59:24.0944 3352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
18:59:24.0944 3352 BrUsbSer - ok
18:59:25.0006 3352 [ 6D39C954799B63BA866910234CF7D726 ] BthEnum C:\Windows\system32\DRIVERS\BthEnum.sys
18:59:25.0006 3352 BthEnum - ok
18:59:25.0053 3352 [ 9A966A8E86D1771911AE34A20D11BFF3 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
18:59:25.0053 3352 BTHMODEM - ok
18:59:25.0100 3352 [ 5904EFA25F829BF84EA6FB045134A1D8 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
18:59:25.0100 3352 BthPan - ok
18:59:25.0209 3352 [ 611FF3F2F095C8D4A6D4CFD9DCC09793 ] BthPort C:\Windows\system32\Drivers\BTHport.sys
18:59:25.0225 3352 BthPort - ok
18:59:25.0287 3352 [ A4C8377FA4A994E07075107DBE2E3DCE ] BthServ C:\Windows\System32\bthserv.dll
18:59:25.0287 3352 BthServ - ok
18:59:25.0334 3352 [ D330803EAB2A15CAEC7F011F1D4CB30E ] BTHUSB C:\Windows\system32\Drivers\BTHUSB.sys
18:59:25.0334 3352 BTHUSB - ok
18:59:25.0396 3352 [ 3EA1A20DC0CA1AD23E7AA8C37A91BCD1 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
18:59:25.0396 3352 btwaudio - ok
18:59:25.0428 3352 [ 195872E48A7FB01F8BC9B800F70F4054 ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
18:59:25.0443 3352 btwavdt - ok
18:59:25.0459 3352 [ 0724E7D6C9B6A289EDDDA33FA8176E80 ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
18:59:25.0459 3352 btwrchid - ok
18:59:25.0584 3352 [ 09E6AFFAE6C0E9158BF05C7D08D0107A ] BUNAgentSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\Client\Agentsvc.exe
18:59:25.0584 3352 BUNAgentSvc - ok
18:59:25.0630 3352 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:59:25.0630 3352 cdfs - ok
18:59:25.0677 3352 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:59:25.0677 3352 cdrom - ok
18:59:25.0708 3352 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
18:59:25.0724 3352 CertPropSvc - ok
18:59:25.0771 3352 [ 958C33D0715D1496684D2E5E329748E8 ] cfwids C:\Windows\system32\drivers\cfwids.sys
18:59:25.0771 3352 cfwids - ok
18:59:25.0802 3352 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:59:25.0802 3352 circlass - ok
18:59:25.0818 3352 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
18:59:25.0818 3352 CLFS - ok
18:59:25.0896 3352 [ 5CA9B1062C0C3E3AE19C23AD9D8A5048 ] CLHNService C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe
18:59:25.0911 3352 CLHNService - ok
18:59:25.0974 3352 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:59:25.0974 3352 clr_optimization_v2.0.50727_32 - ok
18:59:26.0052 3352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:59:26.0098 3352 clr_optimization_v4.0.30319_32 - ok
18:59:26.0130 3352 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:59:26.0130 3352 CmBatt - ok
18:59:26.0145 3352 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:59:26.0145 3352 cmdide - ok
18:59:26.0176 3352 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:59:26.0176 3352 Compbatt - ok
18:59:26.0176 3352 COMSysApp - ok
18:59:26.0192 3352 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:59:26.0192 3352 crcdisk - ok
18:59:26.0208 3352 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
18:59:26.0208 3352 Crusoe - ok
18:59:26.0270 3352 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:59:26.0270 3352 CryptSvc - ok
18:59:26.0332 3352 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
18:59:26.0348 3352 DcomLaunch - ok
18:59:26.0379 3352 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:59:26.0379 3352 DfsC - ok
18:59:26.0520 3352 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
18:59:26.0598 3352 DFSR - ok
18:59:26.0676 3352 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
18:59:26.0676 3352 Dhcp - ok
18:59:26.0707 3352 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
18:59:26.0722 3352 disk - ok
18:59:26.0738 3352 [ 73BAF270D24FE726B9CD7F80BB17A23D ] DKbFltr C:\Windows\system32\DRIVERS\DKbFltr.sys
18:59:26.0738 3352 DKbFltr - ok
18:59:26.0800 3352 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:59:26.0800 3352 Dnscache - ok
18:59:26.0863 3352 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
18:59:26.0863 3352 dot3svc - ok
18:59:26.0925 3352 [ 4F59C172C094E1A1D46463A8DC061CBD ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys
18:59:26.0925 3352 Dot4 - ok
18:59:26.0941 3352 [ 80BF3BA09F6F2523C8F6B7CC6DBF7BD5 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys
18:59:26.0941 3352 Dot4Print - ok
18:59:26.0972 3352 [ C55004CA6B419B6695970DFE849B122F ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys
18:59:26.0972 3352 dot4usb - ok
18:59:27.0019 3352 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
18:59:27.0019 3352 DPS - ok
18:59:27.0050 3352 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:59:27.0050 3352 drmkaud - ok
18:59:27.0159 3352 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:59:27.0175 3352 DXGKrnl - ok
18:59:27.0206 3352 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
18:59:27.0206 3352 E1G60 - ok
18:59:27.0253 3352 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
18:59:27.0253 3352 EapHost - ok
18:59:27.0315 3352 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
18:59:27.0315 3352 Ecache - ok
18:59:27.0440 3352 [ B7DC2580425225C320CEDA78DE55A3D0 ] eDataSecurity Service C:\Program Files\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe
18:59:27.0440 3352 eDataSecurity Service - ok
18:59:27.0487 3352 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:59:27.0487 3352 ehRecvr - ok
18:59:27.0518 3352 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
18:59:27.0518 3352 ehSched - ok
18:59:27.0534 3352 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
18:59:27.0534 3352 ehstart - ok
18:59:27.0596 3352 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:59:27.0596 3352 elxstor - ok
18:59:27.0674 3352 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
18:59:27.0690 3352 EMDMgmt - ok
18:59:27.0721 3352 [ 3DB974F3935483555D7148663F726C61 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:59:27.0721 3352 ErrDev - ok
18:59:27.0768 3352 [ A51FD9DF23720485991F56741BBEFCFB ] ETService C:\Program Files\Acer\Empowering Technology\Service\ETService.exe
18:59:27.0768 3352 ETService - ok
18:59:27.0830 3352 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
18:59:27.0830 3352 EventSystem - ok
18:59:27.0877 3352 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
18:59:27.0877 3352 exfat - ok
18:59:27.0939 3352 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:59:27.0939 3352 fastfat - ok
18:59:28.0002 3352 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
18:59:28.0002 3352 fdc - ok
18:59:28.0033 3352 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
18:59:28.0048 3352 fdPHost - ok
18:59:28.0048 3352 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
18:59:28.0048 3352 FDResPub - ok
18:59:28.0064 3352 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:59:28.0064 3352 FileInfo - ok
18:59:28.0080 3352 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:59:28.0080 3352 Filetrace - ok
18:59:28.0111 3352 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
18:59:28.0111 3352 flpydisk - ok
18:59:28.0158 3352 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:59:28.0158 3352 FltMgr - ok
18:59:28.0236 3352 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
18:59:28.0251 3352 FontCache - ok
18:59:28.0314 3352 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:59:28.0314 3352 FontCache3.0.0.0 - ok
18:59:28.0345 3352 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:59:28.0345 3352 Fs_Rec - ok
18:59:28.0376 3352 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:59:28.0376 3352 gagp30kx - ok
18:59:28.0470 3352 [ 9F5F2F0FB0A7F5AA9F16B9A7B6DAD89F ] GoogleDesktopManager-051210-111108 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
18:59:28.0470 3352 GoogleDesktopManager-051210-111108 - ok
18:59:28.0516 3352 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
18:59:28.0532 3352 gpsvc - ok
18:59:28.0579 3352 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:59:28.0579 3352 gupdate - ok
18:59:28.0626 3352 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:59:28.0626 3352 gupdatem - ok
18:59:28.0657 3352 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
18:59:28.0672 3352 gusvc - ok
18:59:28.0750 3352 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:59:28.0766 3352 HdAudAddService - ok
18:59:28.0797 3352 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:59:28.0797 3352 HDAudBus - ok
18:59:28.0813 3352 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:59:28.0813 3352 HidBth - ok
18:59:28.0875 3352 [ D8DF3722D5E961BAA1292AA2F12827E2 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:59:28.0875 3352 HidIr - ok
18:59:28.0922 3352 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
18:59:28.0938 3352 hidserv - ok
18:59:28.0953 3352 [ 3C64042B95E583B366BA4E5D2450235E ] HidUsb C:\Windows\system32\drivers\hidusb.sys
18:59:28.0953 3352 HidUsb - ok
18:59:29.0000 3352 [ D61E53E3FEC0C92BC8DD3969FAD63F87 ] HipShieldK C:\Windows\system32\drivers\HipShieldK.sys
18:59:29.0016 3352 HipShieldK - ok
18:59:29.0047 3352 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:59:29.0047 3352 hkmsvc - ok
18:59:29.0078 3352 [ 16EE7B23A009E00D835CDB79574A91A6 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
18:59:29.0078 3352 HpCISSs - ok
18:59:29.0187 3352 [ FCB563B0A23643E5F80B6FF1E60F610F ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll
18:59:29.0203 3352 hpqcxs08 - ok
18:59:29.0250 3352 [ 25E443E27165C652723A92D9BDFD4649 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll
18:59:29.0250 3352 hpqddsvc - ok
18:59:29.0265 3352 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:59:29.0281 3352 HTTP - ok
18:59:29.0312 3352 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
18:59:29.0312 3352 i2omp - ok
18:59:29.0390 3352 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:59:29.0390 3352 i8042prt - ok
18:59:29.0468 3352 [ 3E42C4691AAD4B1E8D0466F9CBF05CBE ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTMon.exe
18:59:29.0484 3352 IAANTMON - ok
18:59:29.0530 3352 [ 707C1692214B1C290271067197F075F6 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
18:59:29.0530 3352 iaStor - ok
18:59:29.0577 3352 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
18:59:29.0577 3352 iaStorV - ok
18:59:29.0702 3352 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:59:29.0718 3352 idsvc - ok
18:59:30.0030 3352 [ 60A52C8E2E25C62EC8359C28A4AF6E25 ] IGBASVC C:\Program Files\Acer\Acer Bio Protection\BASVC.exe
18:59:30.0123 3352 IGBASVC - ok
18:59:30.0139 3352 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:59:30.0139 3352 iirsp - ok
18:59:30.0217 3352 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
18:59:30.0232 3352 IKEEXT - ok
18:59:30.0264 3352 [ 4D8D5B1C895EA0F2A721B98A7CE198F1 ] int15 C:\Windows\system32\drivers\int15.sys
18:59:30.0264 3352 int15 - ok
18:59:30.0342 3352 [ 3CFA12FEFEA751DAE7B8133A6EF3C0D9 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
18:59:30.0373 3352 IntcAzAudAddService - ok
18:59:30.0435 3352 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
18:59:30.0435 3352 intelide - ok
18:59:30.0451 3352 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:59:30.0451 3352 intelppm - ok
18:59:30.0498 3352 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:59:30.0498 3352 IPBusEnum - ok
18:59:30.0529 3352 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:59:30.0529 3352 IpFilterDriver - ok
18:59:30.0622 3352 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:59:30.0622 3352 iphlpsvc - ok
18:59:30.0622 3352 IpInIp - ok
18:59:30.0669 3352 [ B25AAF203552B7B3491139D582B39AD1 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
18:59:30.0669 3352 IPMIDRV - ok
18:59:30.0685 3352 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
18:59:30.0685 3352 IPNAT - ok
18:59:30.0716 3352 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:59:30.0716 3352 IRENUM - ok
18:59:30.0763 3352 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:59:30.0763 3352 isapnp - ok
18:59:30.0810 3352 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
18:59:30.0810 3352 iScsiPrt - ok
18:59:30.0825 3352 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
18:59:30.0825 3352 iteatapi - ok
18:59:30.0856 3352 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
18:59:30.0856 3352 iteraid - ok
18:59:30.0888 3352 [ 858C550EBBD243826A2193262C1B54A3 ] JMCR C:\Windows\system32\DRIVERS\jmcr.sys
18:59:30.0888 3352 JMCR - ok
18:59:30.0919 3352 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:59:30.0919 3352 kbdclass - ok
18:59:30.0950 3352 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:59:30.0950 3352 kbdhid - ok
18:59:30.0997 3352 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
18:59:30.0997 3352 KeyIso - ok
18:59:31.0044 3352 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:59:31.0059 3352 KSecDD - ok
18:59:31.0090 3352 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
18:59:31.0090 3352 KtmRm - ok
18:59:31.0122 3352 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
18:59:31.0137 3352 LanmanServer - ok
18:59:31.0168 3352 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:59:31.0168 3352 LanmanWorkstation - ok
18:59:31.0231 3352 [ 793FF718477345CD5D232C50BED1E452 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
18:59:31.0231 3352 LightScribeService - ok
18:59:31.0262 3352 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:59:31.0262 3352 lltdio - ok
18:59:31.0324 3352 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:59:31.0324 3352 lltdsvc - ok
18:59:31.0356 3352 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
18:59:31.0356 3352 lmhosts - ok
18:59:31.0387 3352 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:59:31.0387 3352 LSI_FC - ok
18:59:31.0418 3352 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:59:31.0418 3352 LSI_SAS - ok
18:59:31.0434 3352 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:59:31.0434 3352 LSI_SCSI - ok
18:59:31.0480 3352 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
18:59:31.0480 3352 luafv - ok
18:59:31.0512 3352 [ 65E794E86468B61F2BC79ABC48BC4433 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
18:59:31.0512 3352 MBAMProtector - ok
18:59:31.0574 3352 [ 0DCF16B1449811EFA47AB52CAC84093C ] MBAMScheduler E:\Malwarebytes' Anti-Malware\mbamscheduler.exe
18:59:31.0574 3352 MBAMScheduler - ok
18:59:31.0605 3352 [ 9EAABA4D601004BEA4DAA6E146E19A96 ] MBAMService E:\Malwarebytes' Anti-Malware\mbamservice.exe
18:59:31.0636 3352 MBAMService - ok
18:59:31.0730 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] McAfee SiteAdvisor Service C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0730 3352 McAfee SiteAdvisor Service - ok
18:59:31.0839 3352 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
18:59:31.0839 3352 McComponentHostService - ok
18:59:31.0839 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] McMPFSvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0839 3352 McMPFSvc - ok
18:59:31.0855 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] mcmscsvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0855 3352 mcmscsvc - ok
18:59:31.0855 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNaiAnn C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0855 3352 McNaiAnn - ok
18:59:31.0870 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] McNASvc C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0870 3352 McNASvc - ok
18:59:31.0964 3352 [ E63BF12007702D6AC5037AF1E0C6B1C9 ] McODS C:\Program Files\McAfee\VirusScan\mcods.exe
18:59:31.0964 3352 McODS - ok
18:59:31.0980 3352 [ ECAB006AC6136F1307E140B633CDB8C2 ] McProxy C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
18:59:31.0980 3352 McProxy - ok
18:59:32.0026 3352 [ 6A78931E71218F38B2B4665D2BA79789 ] McShield C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
18:59:32.0026 3352 McShield - ok
18:59:32.0073 3352 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:59:32.0073 3352 Mcx2Svc - ok
18:59:32.0120 3352 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
18:59:32.0120 3352 megasas - ok
18:59:32.0136 3352 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
18:59:32.0136 3352 MegaSR - ok
18:59:32.0167 3352 [ 38995E33939DCA02BEED384C37A0BABB ] mfeapfk C:\Windows\system32\drivers\mfeapfk.sys
18:59:32.0167 3352 mfeapfk - ok
18:59:32.0214 3352 [ ACB64C134E0FA7124FE67A8CC5F02833 ] mfeavfk C:\Windows\system32\drivers\mfeavfk.sys
18:59:32.0214 3352 mfeavfk - ok
18:59:32.0245 3352 [ FB331E460DBAE41B7CBDD72E690D6DA3 ] mfebopk C:\Windows\system32\drivers\mfebopk.sys
18:59:32.0245 3352 mfebopk - ok
18:59:32.0307 3352 [ 8421EF9F71E0595BE68B5D913ED0FE78 ] mfefire C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
18:59:32.0307 3352 mfefire - ok
18:59:32.0354 3352 [ 53891A53ACF0D43088E899DDD7209ACC ] mfefirek C:\Windows\system32\drivers\mfefirek.sys
18:59:32.0354 3352 mfefirek - ok
18:59:32.0401 3352 [ 2F70286021B917F6D69C32C5DB8CD288 ] mfehidk C:\Windows\system32\drivers\mfehidk.sys
18:59:32.0401 3352 mfehidk - ok
18:59:32.0416 3352 [ 9171F3CA5DDD1D6A590B295F90E1E3BB ] mferkdet C:\Windows\system32\drivers\mferkdet.sys
18:59:32.0416 3352 mferkdet - ok
18:59:32.0463 3352 [ 958E4A10C7C2C80714882542934C6912 ] mfevtp C:\Windows\system32\mfevtps.exe
18:59:32.0479 3352 mfevtp - ok
18:59:32.0541 3352 [ 07A474725D2DC08759496F58164795CB ] mfewfpk C:\Windows\system32\drivers\mfewfpk.sys
18:59:32.0541 3352 mfewfpk - ok
18:59:32.0619 3352 [ FAFE367D032ED82E9332B4C741A20216 ] Microsoft Office Groove Audit Service C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe
18:59:32.0619 3352 Microsoft Office Groove Audit Service - ok
18:59:32.0666 3352 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
18:59:32.0666 3352 MMCSS - ok
18:59:32.0728 3352 MobilityService - ok
18:59:32.0760 3352 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
18:59:32.0760 3352 Modem - ok
18:59:32.0791 3352 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:59:32.0791 3352 monitor - ok
18:59:32.0806 3352 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:59:32.0806 3352 mouclass - ok
18:59:32.0806 3352 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:59:32.0806 3352 mouhid - ok
18:59:32.0838 3352 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
18:59:32.0838 3352 MountMgr - ok
18:59:32.0869 3352 [ 511D011289755DD9F9A7579FB0B064E6 ] mpio C:\Windows\system32\drivers\mpio.sys
18:59:32.0869 3352 mpio - ok
18:59:32.0884 3352 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:59:32.0884 3352 mpsdrv - ok
18:59:32.0947 3352 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
18:59:32.0962 3352 MpsSvc - ok
18:59:32.0978 3352 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
18:59:32.0978 3352 Mraid35x - ok
18:59:33.0009 3352 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:59:33.0009 3352 MRxDAV - ok
18:59:33.0056 3352 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:59:33.0056 3352 mrxsmb - ok
18:59:33.0087 3352 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:59:33.0087 3352 mrxsmb10 - ok
18:59:33.0103 3352 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:59:33.0103 3352 mrxsmb20 - ok
18:59:33.0134 3352 [ 28023E86F17001F7CD9B15A5BC9AE07D ] msahci C:\Windows\system32\drivers\msahci.sys
18:59:33.0134 3352 msahci - ok
18:59:33.0165 3352 [ 4468B0F385A86ECDDAF8D3CA662EC0E7 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:59:33.0165 3352 msdsm - ok
18:59:33.0196 3352 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
18:59:33.0196 3352 MSDTC - ok
18:59:33.0228 3352 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:59:33.0228 3352 Msfs - ok
18:59:33.0243 3352 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:59:33.0243 3352 msisadrv - ok
18:59:33.0274 3352 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:59:33.0274 3352 MSiSCSI - ok
18:59:33.0290 3352 msiserver - ok
18:59:33.0352 3352 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:59:33.0352 3352 MSKSSRV - ok
18:59:33.0384 3352 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:59:33.0384 3352 MSPCLOCK - ok
18:59:33.0430 3352 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:59:33.0430 3352 MSPQM - ok
18:59:33.0462 3352 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:59:33.0462 3352 MsRPC - ok
18:59:33.0508 3352 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:59:33.0508 3352 mssmbios - ok
18:59:33.0555 3352 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:59:33.0555 3352 MSTEE - ok
18:59:33.0602 3352 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
18:59:33.0602 3352 Mup - ok
18:59:33.0649 3352 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
18:59:33.0649 3352 napagent - ok
18:59:33.0680 3352 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:59:33.0680 3352 NativeWifiP - ok
18:59:33.0727 3352 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:59:33.0742 3352 NDIS - ok
18:59:33.0758 3352 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:59:33.0758 3352 NdisTapi - ok
18:59:33.0774 3352 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:59:33.0774 3352 Ndisuio - ok
18:59:33.0836 3352 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:59:33.0836 3352 NdisWan - ok
18:59:33.0852 3352 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:59:33.0852 3352 NDProxy - ok
18:59:33.0914 3352 [ 51C6D8BFBD4EA5B62A1BA7F4469250D3 ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll
18:59:33.0914 3352 Net Driver HPZ12 - ok
18:59:33.0930 3352 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:59:33.0930 3352 NetBIOS - ok
18:59:33.0961 3352 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
18:59:33.0961 3352 netbt - ok
18:59:33.0976 3352 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
18:59:33.0976 3352 Netlogon - ok
18:59:34.0023 3352 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
18:59:34.0023 3352 Netman - ok
18:59:34.0039 3352 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
18:59:34.0054 3352 netprofm - ok
18:59:34.0086 3352 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
18:59:34.0086 3352 NetTcpPortSharing - ok
18:59:34.0288 3352 [ E559EA9138C77B5D1FDA8C558764A25F ] NETw5v32 C:\Windows\system32\DRIVERS\NETw5v32.sys
18:59:34.0304 3352 NETw5v32 - ok
18:59:34.0320 3352 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:59:34.0320 3352 nfrd960 - ok
18:59:34.0366 3352 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
18:59:34.0366 3352 NlaSvc - ok
18:59:34.0382 3352 NMSAccess - ok
18:59:34.0444 3352 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:59:34.0444 3352 Npfs - ok
18:59:34.0476 3352 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
18:59:34.0476 3352 nsi - ok
18:59:34.0538 3352 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:59:34.0538 3352 nsiproxy - ok
18:59:34.0632 3352 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:59:34.0663 3352 Ntfs - ok
18:59:34.0663 3352 [ CB76F68BA0D57C5D25B538981B1C611C ] NTIBackupSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe
18:59:34.0663 3352 NTIBackupSvc - ok
18:59:34.0678 3352 [ 2757D2BA59AEE155209E24942AB127C9 ] NTIDrvr C:\Windows\system32\DRIVERS\NTIDrvr.sys
18:59:34.0678 3352 NTIDrvr - ok
18:59:34.0725 3352 [ 547BFA3591C70674B0BFC99354AB78B3 ] NTIPPKernel C:\Program Files\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys
18:59:34.0725 3352 NTIPPKernel - ok
18:59:34.0756 3352 [ DF1C10A75DF7E50195FC417F88A33227 ] NTISchedulerSvc C:\Program Files\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe
18:59:34.0756 3352 NTISchedulerSvc - ok
18:59:34.0788 3352 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
18:59:34.0788 3352 ntrigdigi - ok
18:59:34.0819 3352 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
18:59:34.0819 3352 Null - ok
18:59:34.0850 3352 [ 2C7AC27710E8D41C1EB7D1599187D237 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
18:59:34.0866 3352 NVHDA - ok
18:59:35.0224 3352 [ CB0D6F8F65B8766FF2AAAA78881FD9F8 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:59:35.0380 3352 nvlddmkm - ok
18:59:35.0412 3352 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:59:35.0412 3352 nvraid - ok
18:59:35.0427 3352 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:59:35.0427 3352 nvstor - ok
18:59:35.0458 3352 [ 15315BB51E9025FE41B482681C6E7BA2 ] nvsvc C:\Windows\system32\nvvsvc.exe
18:59:35.0458 3352 nvsvc - ok
18:59:35.0490 3352 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:59:35.0490 3352 nv_agp - ok
18:59:35.0490 3352 NwlnkFlt - ok
18:59:35.0505 3352 NwlnkFwd - ok
18:59:35.0614 3352 [ E54AA592A65F317390EEE386A8821692 ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
18:59:35.0614 3352 odserv - ok
18:59:35.0677 3352 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:59:35.0677 3352 ohci1394 - ok
18:59:35.0708 3352 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:59:35.0708 3352 ose - ok
18:59:35.0770 3352 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
18:59:35.0786 3352 p2pimsvc - ok
18:59:35.0802 3352 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
18:59:35.0802 3352 p2psvc - ok
18:59:35.0817 3352 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
18:59:35.0817 3352 Parport - ok
18:59:35.0864 3352 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:59:35.0864 3352 partmgr - ok
18:59:35.0895 3352 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:59:35.0895 3352 Parvdm - ok
18:59:35.0926 3352 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
18:59:35.0926 3352 PcaSvc - ok
18:59:35.0989 3352 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
18:59:35.0989 3352 pci - ok
18:59:36.0036 3352 [ FC175F5DDAB666D7F4D17449A547626F ] pciide C:\Windows\system32\drivers\pciide.sys
18:59:36.0036 3352 pciide - ok
18:59:36.0082 3352 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:59:36.0082 3352 pcmcia - ok
18:59:36.0129 3352 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:59:36.0145 3352 PEAUTH - ok
18:59:36.0223 3352 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
18:59:36.0254 3352 pla - ok
18:59:36.0301 3352 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:59:36.0301 3352 PlugPlay - ok
18:59:36.0316 3352 [ 79834AA2FBF9FE81EEBB229024F6F7FC ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
18:59:36.0316 3352 Pml Driver HPZ12 - ok
18:59:36.0394 3352 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
18:59:36.0394 3352 PNRPAutoReg - ok
18:59:36.0410 3352 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
18:59:36.0410 3352 PNRPsvc - ok
18:59:36.0504 3352 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:59:36.0504 3352 PolicyAgent - ok
18:59:36.0519 3352 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:59:36.0519 3352 PptpMiniport - ok
18:59:36.0550 3352 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
18:59:36.0550 3352 Processor - ok
18:59:36.0597 3352 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
18:59:36.0597 3352 ProfSvc - ok
18:59:36.0597 3352 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
18:59:36.0613 3352 ProtectedStorage - ok
18:59:36.0660 3352 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
18:59:36.0660 3352 PSched - ok
18:59:36.0675 3352 [ AB94285FF6C6BC5433407D8D182A4BB4 ] PSDFilter C:\Windows\system32\DRIVERS\psdfilter.sys
18:59:36.0675 3352 PSDFilter - ok
18:59:36.0691 3352 [ 2AAF9A5D7A63D26BFAEA853C5F2292BC ] PSDNServ C:\Windows\system32\DRIVERS\PSDNServ.sys
18:59:36.0691 3352 PSDNServ - ok
18:59:36.0706 3352 [ 0EB8CEC99855BEAE5B0D02C2302619EF ] psdvdisk C:\Windows\system32\DRIVERS\PSDVdisk.sys
18:59:36.0706 3352 psdvdisk - ok
18:59:36.0784 3352 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:59:36.0800 3352 ql2300 - ok
18:59:36.0816 3352 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:59:36.0816 3352 ql40xx - ok
18:59:36.0862 3352 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
18:59:36.0862 3352 QWAVE - ok
18:59:36.0878 3352 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:59:36.0878 3352 QWAVEdrv - ok
18:59:36.0894 3352 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:59:36.0894 3352 RasAcd - ok
18:59:36.0894 3352 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
18:59:36.0894 3352 RasAuto - ok
18:59:36.0925 3352 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:59:36.0925 3352 Rasl2tp - ok
18:59:36.0987 3352 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
18:59:37.0003 3352 RasMan - ok
18:59:37.0003 3352 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:59:37.0018 3352 RasPppoe - ok
18:59:37.0034 3352 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:59:37.0034 3352 RasSstp - ok
18:59:37.0050 3352 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:59:37.0050 3352 rdbss - ok
18:59:37.0065 3352 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:59:37.0065 3352 RDPCDD - ok
18:59:37.0112 3352 [ FBC0BACD9C3D7F6956853F64A66E252D ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
18:59:37.0112 3352 rdpdr - ok
18:59:37.0143 3352 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:59:37.0143 3352 RDPENCDD - ok
18:59:37.0206 3352 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:59:37.0221 3352 RDPWD - ok
18:59:37.0268 3352 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
18:59:37.0268 3352 RemoteAccess - ok
18:59:37.0315 3352 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:59:37.0315 3352 RemoteRegistry - ok
18:59:37.0362 3352 [ 6482707F9F4DA0ECBAB43B2E0398A101 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
18:59:37.0362 3352 RFCOMM - ok
18:59:37.0408 3352 [ 17E0BEF5CA5C9CE52CC8082AC6EBC449 ] RichVideo C:\Program Files\Cyberlink\Shared files\RichVideo.exe
18:59:37.0408 3352 RichVideo - ok
18:59:37.0440 3352 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
18:59:37.0440 3352 RpcLocator - ok
18:59:37.0502 3352 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
18:59:37.0502 3352 RpcSs - ok
18:59:37.0533 3352 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:59:37.0533 3352 rspndr - ok
18:59:37.0549 3352 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
18:59:37.0549 3352 SamSs - ok
18:59:37.0580 3352 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:59:37.0580 3352 sbp2port - ok
18:59:37.0642 3352 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:59:37.0642 3352 SCardSvr - ok
18:59:37.0736 3352 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
18:59:37.0752 3352 Schedule - ok
18:59:37.0798 3352 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
18:59:37.0798 3352 SCPolicySvc - ok
18:59:37.0845 3352 [ 126EA89BCC413EE45E3004FB0764888F ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
18:59:37.0845 3352 sdbus - ok
18:59:37.0876 3352 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:59:37.0876 3352 SDRSVC - ok
18:59:37.0908 3352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:59:37.0908 3352 secdrv - ok
18:59:37.0939 3352 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
18:59:37.0939 3352 seclogon - ok
18:59:37.0954 3352 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
18:59:37.0954 3352 SENS - ok
18:59:37.0986 3352 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:59:37.0986 3352 Serenum - ok
18:59:38.0032 3352 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
18:59:38.0032 3352 Serial - ok
18:59:38.0064 3352 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:59:38.0064 3352 sermouse - ok
18:59:38.0110 3352 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
18:59:38.0126 3352 SessionEnv - ok
18:59:38.0157 3352 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:59:38.0157 3352 sffdisk - ok
18:59:38.0188 3352 [ E95D451F7EA3E583AEC75F3B3EE42DC5 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:59:38.0188 3352 sffp_mmc - ok
18:59:38.0220 3352 [ 3D0EA348784B7AC9EA9BD9F317980979 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:59:38.0220 3352 sffp_sd - ok
18:59:38.0251 3352 [ C33BFBD6E9E41FCD9FFEF9729E9FAED6 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
18:59:38.0251 3352 sfloppy - ok
18:59:38.0313 3352 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:59:38.0313 3352 SharedAccess - ok
18:59:38.0391 3352 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:59:38.0407 3352 ShellHWDetection - ok
18:59:38.0438 3352 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:59:38.0438 3352 sisagp - ok
18:59:38.0485 3352 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
18:59:38.0485 3352 SiSRaid2 - ok
18:59:38.0516 3352 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:59:38.0516 3352 SiSRaid4 - ok
18:59:38.0656 3352 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
18:59:38.0734 3352 slsvc - ok
18:59:38.0781 3352 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
18:59:38.0797 3352 SLUINotify - ok
18:59:38.0812 3352 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:59:38.0812 3352 Smb - ok
18:59:38.0859 3352 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:59:38.0859 3352 SNMPTRAP - ok
18:59:38.0906 3352 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
18:59:38.0922 3352 spldr - ok
18:59:38.0937 3352 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
18:59:38.0953 3352 Spooler - ok
18:59:39.0015 3352 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:59:39.0031 3352 srv - ok
18:59:39.0062 3352 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:59:39.0062 3352 srv2 - ok
18:59:39.0109 3352 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:59:39.0109 3352 srvnet - ok
18:59:39.0124 3352 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:59:39.0140 3352 SSDPSRV - ok
18:59:39.0156 3352 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:59:39.0171 3352 SstpSvc - ok
18:59:39.0187 3352 [ F92254B0BCFCD10CAAC7BCCC7CB7F467 ] StarOpen C:\Windows\system32\drivers\StarOpen.sys
18:59:39.0187 3352 StarOpen - ok
18:59:39.0249 3352 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
18:59:39.0249 3352 stisvc - ok
18:59:39.0280 3352 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:59:39.0280 3352 swenum - ok
18:59:39.0327 3352 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
18:59:39.0327 3352 swprv - ok
18:59:39.0358 3352 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
18:59:39.0358 3352 Symc8xx - ok
18:59:39.0374 3352 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
18:59:39.0374 3352 Sym_hi - ok
18:59:39.0421 3352 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
18:59:39.0421 3352 Sym_u3 - ok
18:59:39.0452 3352 [ BF7AA84D5AF0FAA0978C840E63B17DBF ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:59:39.0468 3352 SynTP - ok
18:59:39.0483 3352 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
18:59:39.0499 3352 SysMain - ok
18:59:39.0530 3352 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:59:39.0546 3352 TabletInputService - ok
18:59:39.0577 3352 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
18:59:39.0592 3352 TapiSrv - ok
18:59:39.0608 3352 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
18:59:39.0608 3352 TBS - ok
18:59:39.0655 3352 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:59:39.0670 3352 Tcpip - ok
18:59:39.0686 3352 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
18:59:39.0702 3352 Tcpip6 - ok
18:59:39.0733 3352 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:59:39.0733 3352 tcpipreg - ok
18:59:39.0764 3352 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:59:39.0764 3352 TDPIPE - ok
18:59:39.0795 3352 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:59:39.0795 3352 TDTCP - ok
18:59:39.0842 3352 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:59:39.0842 3352 tdx - ok
18:59:39.0889 3352 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:59:39.0889 3352 TermDD - ok
18:59:39.0951 3352 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
18:59:39.0967 3352 TermService - ok
18:59:39.0982 3352 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
18:59:39.0982 3352 Themes - ok
18:59:40.0029 3352 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
18:59:40.0029 3352 THREADORDER - ok
18:59:40.0060 3352 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
18:59:40.0076 3352 TrkWks - ok
18:59:40.0138 3352 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:59:40.0138 3352 TrustedInstaller - ok
18:59:40.0185 3352 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:59:40.0185 3352 tssecsrv - ok
18:59:40.0216 3352 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
18:59:40.0216 3352 tunmp - ok
18:59:40.0263 3352 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:59:40.0263 3352 tunnel - ok
18:59:40.0279 3352 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:59:40.0279 3352 uagp35 - ok
18:59:40.0326 3352 [ F763E070843EE2803DE1395002B42938 ] UBHelper C:\Windows\system32\drivers\UBHelper.sys
18:59:40.0326 3352 UBHelper - ok
18:59:40.0357 3352 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:59:40.0372 3352 udfs - ok
18:59:40.0404 3352 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:59:40.0404 3352 UI0Detect - ok
18:59:40.0435 3352 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:59:40.0435 3352 uliagpkx - ok
18:59:40.0466 3352 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
18:59:40.0466 3352 uliahci - ok
18:59:40.0497 3352 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
18:59:40.0497 3352 UlSata - ok
18:59:40.0528 3352 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
18:59:40.0528 3352 ulsata2 - ok
18:59:40.0544 3352 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:59:40.0560 3352 umbus - ok
18:59:40.0591 3352 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
18:59:40.0606 3352 upnphost - ok
18:59:40.0638 3352 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:59:40.0653 3352 usbccgp - ok
18:59:40.0684 3352 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:59:40.0684 3352 usbcir - ok
18:59:40.0731 3352 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:59:40.0731 3352 usbehci - ok
18:59:40.0762 3352 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:59:40.0762 3352 usbhub - ok
18:59:40.0794 3352 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:59:40.0794 3352 usbohci - ok
18:59:40.0825 3352 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
18:59:40.0825 3352 usbprint - ok
18:59:40.0872 3352 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
18:59:40.0872 3352 usbscan - ok
18:59:40.0918 3352 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:59:40.0934 3352 USBSTOR - ok
18:59:40.0965 3352 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:59:40.0965 3352 usbuhci - ok
18:59:40.0996 3352 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:59:40.0996 3352 usbvideo - ok
18:59:41.0043 3352 [ 35C9095FA7076466AFBFC5B9EC4B779E ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
18:59:41.0043 3352 usb_rndisx - ok
18:59:41.0090 3352 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
18:59:41.0090 3352 UxSms - ok
18:59:41.0121 3352 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
18:59:41.0137 3352 vds - ok
18:59:41.0152 3352 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:59:41.0152 3352 vga - ok
18:59:41.0168 3352 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
18:59:41.0168 3352 VgaSave - ok
18:59:41.0199 3352 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:59:41.0199 3352 viaagp - ok
18:59:41.0215 3352 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:59:41.0215 3352 ViaC7 - ok
18:59:41.0215 3352 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
18:59:41.0230 3352 viaide - ok
18:59:41.0246 3352 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:59:41.0246 3352 volmgr - ok
18:59:41.0308 3352 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:59:41.0324 3352 volmgrx - ok
18:59:41.0355 3352 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:59:41.0355 3352 volsnap - ok
18:59:41.0386 3352 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:59:41.0386 3352 vsmraid - ok
18:59:41.0433 3352 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
18:59:41.0449 3352 VSS - ok
18:59:41.0496 3352 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
18:59:41.0511 3352 W32Time - ok
18:59:41.0558 3352 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:59:41.0558 3352 WacomPen - ok
18:59:41.0589 3352 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
18:59:41.0589 3352 Wanarp - ok
18:59:41.0589 3352 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:59:41.0589 3352 Wanarpv6 - ok
18:59:41.0620 3352 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:59:41.0620 3352 wcncsvc - ok
18:59:41.0652 3352 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:59:41.0652 3352 WcsPlugInService - ok
18:59:41.0667 3352 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
18:59:41.0667 3352 Wd - ok
18:59:41.0730 3352 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:59:41.0730 3352 Wdf01000 - ok
18:59:41.0745 3352 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:59:41.0761 3352 WdiServiceHost - ok
18:59:41.0761 3352 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:59:41.0761 3352 WdiSystemHost - ok
18:59:41.0808 3352 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
18:59:41.0808 3352 WebClient - ok
18:59:41.0854 3352 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:59:41.0854 3352 Wecsvc - ok
18:59:41.0886 3352 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:59:41.0886 3352 wercplsupport - ok
18:59:41.0901 3352 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
18:59:41.0917 3352 WerSvc - ok
18:59:41.0948 3352 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
18:59:41.0948 3352 winbondcir - ok
18:59:41.0995 3352 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:59:41.0995 3352 WinDefend - ok
18:59:42.0010 3352 WinHttpAutoProxySvc - ok
18:59:42.0073 3352 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:59:42.0073 3352 Winmgmt - ok
18:59:42.0120 3352 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
18:59:42.0135 3352 WinRM - ok
18:59:42.0198 3352 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:59:42.0198 3352 Wlansvc - ok
18:59:42.0213 3352 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:59:42.0213 3352 WmiAcpi - ok
18:59:42.0260 3352 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:59:42.0260 3352 wmiApSrv - ok
18:59:42.0338 3352 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:59:42.0354 3352 WMPNetworkSvc - ok
18:59:42.0400 3352 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:59:42.0400 3352 WPCSvc - ok
18:59:42.0447 3352 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:59:42.0447 3352 WPDBusEnum - ok
18:59:42.0572 3352 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
18:59:42.0588 3352 WPFFontCache_v0400 - ok
18:59:42.0619 3352 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:59:42.0619 3352 ws2ifsl - ok
18:59:42.0650 3352 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
18:59:42.0666 3352 wscsvc - ok
18:59:42.0666 3352 WSearch - ok
18:59:42.0775 3352 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:59:42.0790 3352 wuauserv - ok
18:59:42.0806 3352 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:59:42.0806 3352 WUDFRd - ok
18:59:42.0837 3352 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:59:42.0837 3352 wudfsvc - ok
18:59:42.0868 3352 [ 4D840C6AF3C020ED3A35EFBA9025CF4A ] {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} C:\Program Files\Acer Arcade Deluxe\PlayMovie\000.fcl
18:59:42.0868 3352 {49DE1C67-83F8-4102-99E0-C16DCC7EEC796} - ok
18:59:42.0884 3352 ================ Scan global ===============================
18:59:42.0900 3352 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
18:59:42.0931 3352 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:59:42.0946 3352 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
18:59:43.0009 3352 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
18:59:43.0009 3352 [Global] - ok
18:59:43.0009 3352 ================ Scan MBR ==================================
18:59:43.0040 3352 [ 7BA4C7EA1EF33A92F5F01BE63EDACB6A ] \Device\Harddisk0\DR0
18:59:45.0396 3352 \Device\Harddisk0\DR0 - ok
18:59:47.0642 3352 [ F05261C246CE4B3C544521FFFF7AEF5D ] \Device\Harddisk1\DR1
18:59:49.0857 3352 \Device\Harddisk1\DR1 - ok
18:59:49.0857 3352 [ 65E858A8A0293BE11A920B0BC99D695E ] \Device\Harddisk2\DR2
18:59:50.0356 3352 \Device\Harddisk2\DR2 - ok
18:59:50.0356 3352 ================ Scan VBR ==================================
18:59:50.0356 3352 [ 13967C48220510FAEEC4479EA76643EE ] \Device\Harddisk0\DR0\Partition1
18:59:50.0372 3352 \Device\Harddisk0\DR0\Partition1 - ok
18:59:50.0403 3352 [ 91D042E946A7B87701E8212A09570D71 ] \Device\Harddisk0\DR0\Partition2
18:59:50.0403 3352 \Device\Harddisk0\DR0\Partition2 - ok
18:59:50.0403 3352 [ 8A3AFCD4AA2BCFFBC6FF4AD3B89BEC62 ] \Device\Harddisk1\DR1\Partition1
18:59:50.0403 3352 \Device\Harddisk1\DR1\Partition1 - ok
18:59:50.0403 3352 [ BF240BAAB1B6AE7B712C20B11C30CCC6 ] \Device\Harddisk2\DR2\Partition1
18:59:50.0419 3352 \Device\Harddisk2\DR2\Partition1 - ok
18:59:50.0419 3352 ============================================================
18:59:50.0419 3352 Scan finished
18:59:50.0419 3352 ============================================================
18:59:50.0434 2512 Detected object count: 0
18:59:50.0434 2512 Actual detected object count: 0
19:00:12.0181 3604 Deinitialize success
Stefan |
|
16.10.2012, 06:58
| #4 | |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Ich sehe, dass Du sogenannte Peer to Peer oder Filesharing Programme verwendest. In deinem Fall uTorrent. Diese Programme erlauben es Dir, Daten mit anderen Usern auszutauschen. Leider ist auch p2p oder Filesharing nicht ausgenommen, infizierte Dateien zu verteilen und dies ist auch ein Grund warum sich Malware so schnell verbreitet. Es ist also möglich, dass Du Dir eine Infizierte Datei herunterladest. Du kannst niemals wissen, woher diese stammen. Daher sollte diese Art Software mit äußerster Vorsicht benutzt werden. Ein ebenfalls wichtiger Punkt ist, dass das Verbreiten von Media und Entertainment Dateien in den meisten Ländern der Welt gegen Copyright Rechte verstößt. Natürlich gibt es auch einen legalen Weg zur Nutzung dieses Service. Zum Beispiel zum Downloaden von Linux oder Open Office. Denoch würde ich Dich ersuchen, diese Art von Software nicht weiterhin zu verwenden. Bitte gehe zu Start --> Systemsteuerung --> Software und deinstalliere die oben erwähnte Software. Bitte gib Bescheid wenn Du eines der gelisteten Programme nicht finden kannst. Software deinstallieren
__________________ Kein Asylrecht für Trojaner!  Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
16.10.2012, 18:20
| #5 | |
| | Das Programm kann diese Webseite nicht anzeigen Die Ask Toolbar konnte ich nicht deinstallieren. Ich bekomme nachdem ich bestätige, dass ich die Software deinstallieren möchte, folgende Fehlermeldung: Zitat:
|
|
17.10.2012, 06:46
| #6 |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Scan mit adwCleaner Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ --> Das Programm kann diese Webseite nicht anzeigen |
|
17.10.2012, 18:40
| #7 |
| | Das Programm kann diese Webseite nicht anzeigenCode:
ATTFilter # AdwCleaner v2.005 - Datei am 17/10/2012 um 19:38:15 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - HOME-OFFICE
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gefunden : C:\Program Files\Ask.com
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\AskToolbar
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Stefan\AppData\LocalLow\PriceGong
Ordner Gefunden : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gefunden : HKCU\Software\Ask.com
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\Software\AskToolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Scheduled Update for Ask Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gefunden : HKU\S-1-5-21-320668150-471368870-2867487428-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gefunden : HKU\S-1-5-21-320668150-471368870-2867487428-1000\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [4951 octets] - [17/10/2012 19:38:15]
########## EOF - C:\AdwCleaner[R1].txt - [5011 octets] ##########
|
|
18.10.2012, 06:55
| #8 |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Schritt 1: Fix mit adwcleaner
Schritt 2: Neues OTL-Log
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
18.10.2012, 18:55
| #9 |
| | Das Programm kann diese Webseite nicht anzeigen Hier die dre Logfiles: Code:
ATTFilter # AdwCleaner v2.005 - Datei am 18/10/2012 um 19:26:17 erstellt
# Aktualisiert am 14/10/2012 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : Stefan - HOME-OFFICE
# Bootmodus : Abgesicherter Modus mit Netzwerkunterstützung
# Ausgeführt unter : C:\Users\Stefan\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Stefan\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Toolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{171DEBEB-C3D4-40B7-AC73-056A5EBA4A7E}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\App Management\ARPCache\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2786678
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16421
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [5080 octets] - [17/10/2012 19:38:15]
AdwCleaner[S1].txt - [4564 octets] - [18/10/2012 19:26:17]
########## EOF - C:\AdwCleaner[S1].txt - [4624 octets] ##########
Code:
ATTFilter OTL logfile created on: 18.10.2012 19:40:10 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,09% Memory free 6,18 Gb Paging File | 5,76 Gb Available in Paging File | 93,20% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 144,04 Gb Total Space | 60,64 Gb Free Space | 42,10% Space Free | Partition Type: NTFS Drive D: | 624,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Drive E: | 144,04 Gb Total Space | 19,56 Gb Free Space | 13,58% Space Free | Partition Type: NTFS Computer Name: HOME-OFFICE | User Name: Stefan | Logged in as Administrator. Boot Mode: SafeMode with Networking | Scan Mode: Current user Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Stefan\Desktop\OTL.exe (OldTimer Tools) PRC - c:\Programme\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) PRC - C:\Programme\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Windows\System32\mfevtps.exe (McAfee, Inc.) PRC - C:\Programme\Common Files\Mcafee\SystemCore\mfefire.exe (McAfee, Inc.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== ========== Services (SafeList) ========== SRV - (NMSAccess) -- E:\CDBurnerXP\NMSAccessU.exe File not found SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (McODS) -- C:\Programme\McAfee\VirusScan\mcods.exe (McAfee, Inc.) SRV - (MBAMService) -- E:\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- E:\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (McProxy) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNASvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McNaiAnn) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mcmscsvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McMPFSvc) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (McAfee SiteAdvisor Service) -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.) SRV - (mfevtp) -- C:\Windows\System32\mfevtps.exe (McAfee, Inc.) SRV - (mfefire) -- C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe () SRV - (McShield) -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe () SRV - (IGBASVC) -- C:\Programme\Acer\Acer Bio Protection\BASVC.exe () SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ETService) -- C:\Programme\Acer\Empowering Technology\Service\ETService.exe () SRV - (AgereModemAudio) -- C:\Windows\System32\agrsmsvc.exe (Agere Systems) SRV - (eDataSecurity Service) -- C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSService.exe (Egis Incorporated) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (CLHNService) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\CLHNService.exe () SRV - (MobilityService) -- C:\ACER\Mobility Center\MobilityService.exe () SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (Microsoft Office Groove Audit Service) -- C:\Programme\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (cfwids) -- C:\Windows\System32\drivers\cfwids.sys (McAfee, Inc.) DRV - (mfewfpk) -- C:\Windows\System32\drivers\mfewfpk.sys (McAfee, Inc.) DRV - (mferkdet) -- C:\Windows\System32\drivers\mferkdet.sys (McAfee, Inc.) DRV - (mfehidk) -- C:\Windows\System32\drivers\mfehidk.sys (McAfee, Inc.) DRV - (mfefirek) -- C:\Windows\System32\drivers\mfefirek.sys (McAfee, Inc.) DRV - (mfebopk) -- C:\Windows\System32\drivers\mfebopk.sys (McAfee, Inc.) DRV - (mfeavfk) -- C:\Windows\System32\drivers\mfeavfk.sys (McAfee, Inc.) DRV - (mfeapfk) -- C:\Windows\System32\drivers\mfeapfk.sys (McAfee, Inc.) DRV - (HipShieldK) -- C:\Windows\System32\drivers\HipShieldK.sys (McAfee, Inc.) DRV - (AlfaFF) -- C:\Windows\System32\drivers\AlfaFF.sys (Alfa Corporation) DRV - (StarOpen) -- C:\Windows\System32\drivers\StarOpen.sys () DRV - (nvlddmkm) -- C:\Windows\System32\drivers\nvlddmkm.sys (NVIDIA Corporation) DRV - (NVHDA) -- C:\Windows\System32\drivers\nvhda32v.sys (NVIDIA Corporation) DRV - ({49DE1C67-83F8-4102-99E0-C16DCC7EEC796}) -- C:\Programme\Acer Arcade Deluxe\PlayMovie\000.fcl (Cyberlink Corp.) DRV - (NETw5v32) -- C:\Windows\System32\drivers\NETw5v32.sys (Intel Corporation) DRV - (ATSWPDRV) -- C:\Windows\System32\drivers\atswpdrv.sys (AuthenTec, Inc.) DRV - (JMCR) -- C:\Windows\System32\drivers\jmcr.sys (JMicron Technology Corp.) DRV - (A310) -- C:\Windows\System32\drivers\AVerA310USB.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (BDASwCap) -- C:\Windows\System32\drivers\AVerA310Cap.sys (AVerMedia TECHNOLOGIES, Inc.) DRV - (AgereSoftModem) -- C:\Windows\System32\drivers\AGRSM.sys (Agere Systems) DRV - (NTIPPKernel) -- C:\Programme\Acer Arcade Deluxe\HomeMedia\Kernel\DMP\NTIPPKernel.sys (Cyberlink Corp.) DRV - (winbondcir) -- C:\Windows\System32\drivers\winbondcir.sys (Winbond Electronics Corporation) DRV - (int15) -- C:\Windows\System32\drivers\int15.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0910&m=aspire_7730g IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0910&m=aspire_7730g IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0c07&s=2&o=vp32&d=0910&m=aspire_7730g IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://global.acer.com [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.at/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) IE - HKCU\..\URLSearchHook: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} - No CLSID value found IE - HKCU\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKCU\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rlz=1I7ACAW_deAT397&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6A9571C3-0024-4488-8610-8A8A22CBFDE3}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ACAW_deAT397 IE - HKCU\..\SearchScopes\{70D46D94-BF1E-45ED-B567-48701376298E}: "URL" = hxxp://127.0.0.1:4664/search&s=MidcpX9htUuCX-zDJzFDLQPygU8?q={searchTerms} IE - HKCU\..\SearchScopes\{7FE19DCB-6737-4126-AC33-89B4E34D9F49}: "URL" = hxxp://search.yahoo.com/search?fr=mcafee&p={SearchTerms} IE - HKCU\..\SearchScopes\{DECA3892-BA8F-44b8-A993-A466AD694AE4}: "URL" = hxxp://search.yahoo.com/search?fr=mcafee&p={searchTerms} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: E:\Programme\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/MSC,version=10: c:\progra~1\mcafee\msc\npmcsn~1.dll () FF - HKLM\Software\MozillaPlugins\@mcafee.com/SAFFPlugin: C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{4ED1F68A-5463-4931-9384-8FFF5ED91D92}: C:\Program Files\McAfee\SiteAdvisor [2012.08.26 10:57:41 | 000,000,000 | ---D | M] ========== Chrome ========== CHR - homepage: hxxp://www.google.at/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms} CHR - homepage: hxxp://www.google.at/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\22.0.1229.94\pdf.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\McChPlg.dll CHR - plugin: McAfee SiteAdvisor (Enabled) = C:\Program Files\McAfee\SiteAdvisor\npmcffplg32.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 8.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.240.7 (Enabled) = E:\Programme\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U24 (Enabled) = E:\Programme\bin\new_plugin\npjp2.dll CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Windows Presentation Foundation (Enabled) = c:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll CHR - plugin: McAfee SecurityCenter (Enabled) = c:\progra~1\mcafee\msc\npmcsn~1.dll CHR - Extension: YouTube = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: SiteAdvisor = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho\3.50.146.2_0\ CHR - Extension: Google Mail = C:\Users\Stefan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2006.09.18 23:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found. O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Programme\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O2 - BHO: (ShowBarObj Class) - {83A2F9B1-01A2-4AA5-87D1-45B6B8505E96} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\ActiveToolBand.dll (Egis) O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - E:\Programme\bin\jp2ssv.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O3 - HKLM\..\Toolbar: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477e-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O3 - HKCU\..\Toolbar\ShellBrowser: (Acer eDataSecurity Management) - {5CBE3B7C-1E47-477E-A7DD-396DB0476E29} - C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDStoolbar.dll (Egis Incorporated.) O4 - HKLM..\Run: [ArcadeDeluxeAgent] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\ArcadeDeluxeAgent.exe (CyberLink Corp.) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\Acer Arcade Deluxe\Acer Arcade Deluxe\Kernel\CLML\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [eAudio] C:\Program Files\Acer\Empowering Technology\eAudio\eAudio.exe (Acer Incorporated) O4 - HKLM..\Run: [eDataSecurity Loader] C:\Programme\Acer\Empowering Technology\eDataSecurity\x86\eDSLoader.exe (Egis Incorporated) O4 - HKLM..\Run: [ePower_DMC] C:\Programme\Acer\Empowering Technology\ePower\ePower_DMC.exe (Acer Inc.) O4 - HKLM..\Run: [eRecoveryService] File not found O4 - HKLM..\Run: [IAAnotif] C:\Programme\Intel\Intel Matrix Storage Manager\IAAnotif.exe (Intel Corporation) O4 - HKLM..\Run: [LManager] C:\Programme\Launch Manager\QtZgAcer.EXE (Dritek System Inc.) O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.) O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\Windows\System32\NvMcTray.dll (NVIDIA Corporation) O4 - HKLM..\Run: [PlayMovie] C:\Program Files\Acer Arcade Deluxe\PlayMovie\PMVService.exe (Acer Corp.) O4 - HKLM..\Run: [PLFSetI] C:\Windows\PLFSetI.exe () O4 - HKLM..\Run: [ProductReg] C:\Program Files\Acer\WR_PopUp\ProductReg.exe (Acer) O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor) O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation) O4 - HKLM..\Run: [ZPdtWzdVitaKey MC3000] C:\Program Files\Acer\Acer Bio Protection\PdtWzd.exe (Arachnoid Biometrics Identification Group Corp.) O4 - HKCU..\Run: [EA Core] "C:\Program Files\Electronic Arts\EADM\Core.exe" -silent File not found O4 - HKCU..\Run: [hsjgymndwrwwvbx] C:\Windows\hsjgymnd.exe () O4 - HKCU..\Run: [MyTomTomSA.exe] C:\Program Files\MyTomTom 3\MyTomTomSA.exe (TomTom) O4 - HKCU..\Run: [WMPNSCFG] C:\Programme\Windows Media Player\wmpnscfg.exe (Microsoft Corporation) O4 - HKCU..\RunOnce: [Report] C:\AdwCleaner[S1].txt () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0 O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra 'Tools' menuitem : Quick-Launching Area - {10954C80-4F0F-11d3-B17C-00C0DFE39736} - C:\Programme\Acer\Acer Bio Protection\PwdBank.exe () O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O13 - gopher Prefix: missing O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet) O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 213.153.32.129 213.153.32.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{296062EF-7AD9-4997-95C7-8E27B9EFBE88}: DhcpNameServer = 213.153.32.129 213.153.32.1 O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Programme\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - c:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Programme\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.) O18 - Protocol\Filter\application/x-mfe-ipt {3EF5086B-5478-4598-A054-786C45D75692} - c:\Programme\McAfee\MSC\McSnIePl.dll (McAfee, Inc.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL) - C:\Programme\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - Winlogon\Notify\AWinNotifyVitaKey MC3000: DllName - (C:\Program Files\Acer\Acer Bio Protection\WinNotify.dll) - C:\Programme\Acer\Acer Bio Protection\WinNotify.dll (Arachnoid Biometrics Identification Group Corp.) O24 - Desktop WallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O24 - Desktop BackupWallPaper: C:\Users\Stefan\AppData\Roaming\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 23:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [1998.08.19 15:07:30 | 000,000,057 | R--- | M] () - D:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{8baf7736-c3fb-11df-b854-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{8baf7736-c3fb-11df-b854-806e6f6e6963}\Shell\AutoRun\command - "" = D:\LAUNCHER\LAUNCHER.EXE -- [2000.04.18 17:42:24 | 003,973,120 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.10.18 19:40:26 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee [2012.10.17 19:34:50 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome [2012.10.15 18:57:56 | 002,213,464 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Desktop\tdsskiller.exe [2012.10.15 18:41:13 | 004,731,392 | ---- | C] (AVAST Software) -- C:\Users\Stefan\Desktop\aswMBR.exe [2012.10.13 20:37:11 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.13 18:12:07 | 000,000,000 | ---D | C] -- C:\Users\Stefan\AppData\Roaming\Malwarebytes [2012.10.13 18:11:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.10.13 18:11:51 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.10.13 18:11:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.10.10 20:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\effmqrlxwspjgri [2012.10.10 09:42:18 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tzres.dll [2012.10.10 09:42:06 | 003,602,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2012.10.10 09:42:06 | 003,550,080 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2012.10.03 19:53:32 | 000,146,872 | ---- | C] (McAfee, Inc.) -- C:\Windows\System32\drivers\HipShieldK.sys [2012.09.23 10:55:23 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.09.23 10:55:21 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.09.23 10:55:20 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.09.23 10:55:20 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.09.23 10:55:20 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.09.23 10:55:19 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.09.23 10:55:19 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.09.23 10:55:17 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.09.20 18:26:14 | 000,000,000 | ---D | C] -- C:\Users\Stefan\Desktop\entwickelte Fotos ========== Files - Modified Within 30 Days ========== [2012.10.18 19:40:26 | 000,001,739 | ---- | M] () -- C:\Users\Public\Desktop\McAfee AntiVirus Plus.lnk [2012.10.18 19:34:50 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.10.18 19:29:48 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.001 [2012.10.18 19:29:41 | 000,000,000 | ---- | M] () -- C:\Windows\System32\LogConfigTemp.xml [2012.10.18 19:29:36 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.10.18 19:29:35 | 000,003,216 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.10.17 19:36:06 | 000,538,941 | ---- | M] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.17 19:34:51 | 000,001,967 | ---- | M] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.10.17 19:00:57 | 000,000,012 | ---- | M] () -- C:\Windows\bthservsdp.dat [2012.10.16 18:50:01 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2012.10.15 18:57:56 | 002,213,464 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Stefan\Desktop\tdsskiller.exe [2012.10.15 18:56:38 | 000,643,150 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.10.15 18:56:38 | 000,595,386 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.10.15 18:56:38 | 000,130,804 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.10.15 18:56:38 | 000,103,460 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.10.15 18:41:14 | 004,731,392 | ---- | M] (AVAST Software) -- C:\Users\Stefan\Desktop\aswMBR.exe [2012.10.13 20:31:04 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Stefan\Desktop\OTL.exe [2012.10.13 18:11:52 | 000,000,574 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.11 14:12:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.10.11 13:48:34 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2012.10.10 20:00:55 | 000,074,128 | ---- | M] () -- C:\ProgramData\zllllqnaifuwriy [2012.10.10 20:00:49 | 000,108,544 | ---- | M] () -- C:\Windows\hsjgymnd.exe [2012.10.10 20:00:49 | 000,108,544 | ---- | M] () -- C:\ProgramData\hsjgymnd.exe [2012.10.09 20:12:37 | 000,696,760 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.10.09 20:12:37 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.10.09 12:53:59 | 000,055,302 | ---- | M] () -- C:\ProgramData\nvModes.dat ========== Files Created - No Company Name ========== [2012.10.17 19:36:05 | 000,538,941 | ---- | C] () -- C:\Users\Stefan\Desktop\adwcleaner.exe [2012.10.17 19:34:51 | 000,001,967 | ---- | C] () -- C:\Users\Stefan\Desktop\Google Chrome.lnk [2012.10.13 18:11:52 | 000,000,574 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.10.10 20:00:54 | 000,108,544 | ---- | C] () -- C:\Windows\hsjgymnd.exe [2012.10.10 20:00:54 | 000,108,544 | ---- | C] () -- C:\ProgramData\hsjgymnd.exe [2012.10.10 20:00:51 | 000,074,128 | ---- | C] () -- C:\ProgramData\zllllqnaifuwriy [2011.12.01 10:31:48 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Local\{05272B56-CAB9-4617-BF33-0F7FF83C2E61} [2011.12.01 10:30:03 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Local\{14384ED3-FC17-4561-A1AE-D7D3EF21F093} [2011.10.15 12:27:02 | 000,000,000 | ---- | C] () -- C:\Users\Stefan\AppData\Local\{64DEE8E4-4952-4E52-98F2-F9C7E72516F1} [2011.04.05 19:30:01 | 000,164,302 | ---- | C] () -- C:\Windows\hpoins19.dat [2011.04.05 19:29:36 | 000,026,952 | ---- | C] () -- C:\Windows\hpomdl19.dat [2011.03.27 13:50:36 | 000,117,248 | ---- | C] () -- C:\Windows\System32\EhStorAuthn.dll [2011.03.27 13:49:50 | 000,107,612 | ---- | C] () -- C:\Windows\System32\StructuredQuerySchema.bin [2010.12.12 18:12:57 | 000,097,280 | ---- | C] () -- C:\Users\Stefan\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.10.03 13:07:55 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.001 [2010.10.03 12:12:25 | 000,055,302 | ---- | C] () -- C:\ProgramData\nvModes.dat [2010.09.19 15:26:04 | 000,000,680 | ---- | C] () -- C:\Users\Stefan\AppData\Local\d3d9caps.dat ========== ZeroAccess Check ========== [2006.11.02 14:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 19:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.10 23:28:20 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.10 23:28:26 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 18.10.2012 19:40:10 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Stefan\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000C07 | Country: Österreich | Language: DEA | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,40 Gb Available Physical Memory | 80,09% Memory free
6,18 Gb Paging File | 5,76 Gb Available in Paging File | 93,20% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 60,64 Gb Free Space | 42,10% Space Free | Partition Type: NTFS
Drive D: | 624,24 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive E: | 144,04 Gb Total Space | 19,56 Gb Free Space | 13,58% Space Free | Partition Type: NTFS
Computer Name: HOME-OFFICE | User Name: Stefan | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiSpyware]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 0
"DisableNotifications" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{004629FE-712F-4CD4-8169-05C5028B61C5}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{19FC7287-8F27-4AB4-B5DE-4B9C3BC188A6}" = lport=138 | protocol=17 | dir=in | app=system |
"{21D3E5C8-6AFB-403D-A929-4BD1F8BE3C77}" = rport=139 | protocol=6 | dir=out | app=system |
"{395265CC-13D5-4534-A261-96A664D1A5D1}" = lport=137 | protocol=17 | dir=in | app=system |
"{48F0FC68-8786-491A-80D6-DF2F515C088E}" = lport=139 | protocol=6 | dir=in | app=system |
"{7094F6FF-46E6-4238-B397-20B51A9217A5}" = lport=445 | protocol=6 | dir=in | app=system |
"{9C5BBE80-5400-44E3-8FDB-4C83FF7EEA06}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{A4FB7BB2-7D87-4E1D-872A-9CFD7CF43330}" = rport=138 | protocol=17 | dir=out | app=system |
"{AA2759E4-C4AA-4AC9-8D93-840A7A24C3D2}" = rport=137 | protocol=17 | dir=out | app=system |
"{AB527BFF-E749-4ABC-B438-B3D0DEABB319}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office12\outlook.exe |
"{C3BFB6CF-B85D-4E8F-9DCB-0E85D5C92C87}" = rport=445 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0CDF01C2-E67E-4D8D-92E9-888603F5B249}" = dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{102FA129-EF42-461A-BEFA-CE2459E924B3}" = dir=in | app=c:\program files\acer arcade deluxe\homemedia\homemedia.exe |
"{12184E5A-9CE2-4B47-95F3-2A883A973399}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{2B2A2A98-4409-4521-A7AC-073207076AA1}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{30725DB0-FE78-43B2-8FD1-45C1599AB623}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{379EC35C-E9AE-4E04-9C29-8B26F5F447C0}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{449624C0-B221-4970-955C-3D36E9B3DF7E}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\onenote.exe |
"{455A26F0-C6B0-46EF-82ED-33468C2FB9C7}" = dir=in | app=c:\program files\cyberlink\powerdirector\pdr.exe |
"{45D64954-7C9D-4C81-A519-0939B8D9BD1D}" = protocol=6 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"{64AA257C-E0E9-41D3-B3CA-6364B55DA433}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\playmovie.exe |
"{6CD7465E-A131-4A77-B8C0-C0A10F6ABAE5}" = protocol=6 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{7747FBD3-D431-465C-8343-0B56CAF39601}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{7A5410BD-A6D4-4FEC-B983-93D961176DED}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{866B6A73-B2B0-4BA1-98F1-C1DCB6BB786E}" = protocol=17 | dir=in | app=c:\users\stefan\frostwire\frostwire.exe |
"{8737DBFA-FFA7-4D38-9D17-1590EC698208}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\backupsvc.exe |
"{948A5EA1-5C81-40D2-ACBE-AB558DB42C93}" = protocol=17 | dir=in | app=c:\program files\firefly studios\stronghold\stronghold.exe |
"{A0BC2558-E3A4-41E0-A7E3-DAFC0434278C}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{A0C311F6-01FE-46EE-BBBB-A31546E2C522}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{AE9BC1CA-DCC9-4BA5-A63E-F063B81FB240}" = dir=in | app=c:\program files\acer arcade deluxe\playmovie\pmvservice.exe |
"{BC3D4632-0058-4489-A7E2-05D654ED0601}" = protocol=6 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\schedulersvc.exe |
"{C0EF3C4D-57F9-44AD-AF40-94865709A519}" = protocol=6 | dir=in | app=c:\users\stefan\frostwire\frostwire.exe |
"{D39A46CB-E774-427A-9FBA-9FAB1B5929D8}" = protocol=17 | dir=in | app=c:\program files\common files\mcafee\mcsvchost\mcsvhost.exe |
"{D523B6B2-2394-48D1-91AF-21BB5C206C78}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office12\groove.exe |
"{DBC71D6E-5325-45CF-8F72-EA52CE052DCC}" = protocol=17 | dir=in | app=c:\program files\newtech infosystems\nti backup now 5\client\agentsvc.exe |
"{F7667B19-E082-44BB-89BD-8B095F032344}" = dir=in | app=c:\program files\acer arcade deluxe\acer arcade deluxe\acer arcade deluxe.exe |
"{FDAD20F5-197D-46BE-B1F7-A60E13492C55}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03D1988F-469F-4843-8E6E-E5FE9D17889D}" = WIDCOMM Bluetooth Software 6.0.1.6300
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0D2E9DCB-9938-475E-B4DD-8851738852FF}" = AIO_Scan
"{10F498FF-5392-4DF3-8F73-FE172A9F3800}" = Winbond CIR Device Drivers
"{11316260-6666-467B-AC34-183FCB5D4335}" = Acer Mobility Center Plug-In
"{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now Standard
"{13D85C14-2B85-419F-AC41-C7F21E68B25D}" = Acer eSettings Management
"{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"{1746EA69-DCB6-4408-B5A5-E75F55439CDF}" = Scan
"{179C56A4-F57F-4561-8BBF-F911D26EB435}" = WebReg
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1945A4B5-73B6-4DE9-99A3-05261B7FDED0}" = Shared C Run-time for x86
"{22DD005D-0EF1-4E3E-92F8-49D89E31479A}" = 1400
"{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"{26604C7E-A313-4D12-867F-7C6E7820BE4C}" = JMicron JMB38X Flash Media Controller
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java(TM) 6 Update 24
"{31A5ED9F-E07B-4F6E-8179-27325BAAC502}" = AuthenTec Fingerprint Sensor Minimum Install
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4412F224-3849-4461-A3E9-DEEF8D252790}" = Visual Studio C++ 10.0 Runtime
"{49F2B650-2D7B-4F59-B33D-346F63776BD3}" = DocProc
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{57265292-228A-41FA-9AEC-4620CBCC2739}" = Acer eAudio Management
"{58E5844B-7CE2-413D-83D1-99294BF6C74F}" = Acer ePower Management
"{5B63A470-9334-44D1-AF61-6CE2DB565AE9}" = Orion
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{67D3F1A0-A1F2-49b7-B9EE-011277B170CD}" = HPProductAssistant
"{6A3C2391-BCE2-4D28-A336-73B953B4502F}" = 1400Trb
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{6FBE200D-1F00-40B7-BF48-FEB265AADE94}" = 1400_Help
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{79DD56FC-DB8B-47F5-9C80-78B62E05F9BC}" = Acer ScreenSaver
"{7A7DC702-DEDE-42A8-8722-B3BA724D546F}" = Fax
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7F811A54-5A09-4579-90E1-C93498E230D9}" = Acer eRecovery Management
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110111700}" = Zuma Deluxe
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-11029123}" = Bricks of Egypt
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110322783}" = Big Kahuna Reef
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110411970}" = Chuzzle
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111118433}" = Mystery Case Files - Huntsville
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111199750}" = Cake Mania
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111252743}" = Mahjong Escape Ancient China
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111324990}" = Kick N Rush
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111543617}" = Backspin Billiards
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111692950}" = Mahjongg Artifacts
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111771833}" = Jewel Quest Solitaire
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111796363}" = Mystery Solitaire - Secret Island
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111872660}" = Diner Dash Flo on the Go
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112531267}" = Chicken Invaders 3
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112615863}" = Agatha Christie Death on the Nile
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-112920767}" = Alice Greenfingers
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113009953}" = Turbo Pizza
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-113080210}" = Azada
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8F1B6239-FEA0-450A-A950-B05276CE177C}" = Acer Empowering Technology
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{2AB528A5-BB1B-4EBE-8E51-AD0C4CD33CA9}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{58FC5E37-DD28-4D4A-A549-125744C6763C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{888B9AC7-8F5C-456B-A27A-157A6C310E52}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DCBECE36-8F23-4B33-925E-A1C6183C0DBD}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{910F4A29-1134-49E0-AD8B-56E4A3152BD1}" = Die Sims™ 3 Traumkarrieren
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95D08F4E-DFC2-4ce3-ACB7-8C8E206217E9}" = MarketResearch
"{978C25EE-5777-46e4-8988-732C297CBDBD}" = Status
"{9B1FD9CE-0776-4f0b-A6F5-C6AB7B650CDF}" = Destinations
"{A36CD345-625C-4d6c-B3E2-76E1248CB451}" = SolutionCenter
"{A3B7C670-4A1E-4EE2-950E-C875BC1965D0}" = Copy
"{A5633652-3795-4829-BB0B-644F0279E279}" = Acer eDataSecurity Management
"{A64A5576-D862-44F8-89DC-2B17FCC9B86E}" = Broadcom Gigabit Integrated Controller
"{A77255C4-AFCB-44A3-BF0F-2091A71FFD9E}" = Acer Crystal Eye Webcam 2.0.8
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0
"{BE77A81F-B315-4666-9BF3-AE70C0ADB057}" = BufferChm
"{C05D8CDB-417D-4335-A38C-A0659EDFD6B8}" = Die Sims™ 3
"{C716522C-3731-4667-8579-40B098294500}" = Toolbox
"{C916D86C-AB76-49c7-B0E4-A946E0FD9BC2}" = HP Photosmart, Officejet, PSC and Deskjet All-In-One Driver Software 8.0.B
"{C917BA70-28A3-4C74-B163-41FD8C8E1A5A}" = Stronghold
"{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE386A4E-D0DA-4208-8235-BCE43275C694}" = LightScribe 1.4.142.1
"{D36DD326-7280-11D8-97C8-000129760CBE}" = PhotoNow!
"{DDD5104F-1C44-49EB-9E6B-29EC5D27658B}" = HP Update
"{E06F04B9-45E6-4AC0-8083-85F7515F40F7}" = UnloadSupport
"{E09575B2-498D-4C8B-A9D2-623F78574F29}" = AIO_CDB_Software
"{E3E71D07-CD27-46CB-8448-16D4FB29AA13}" = Microsoft WSE 3.0 Runtime
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{EB21A812-671B-4D08-B974-2A347F0D8F70}" = HP Photosmart Essential
"{EB75DE50-5754-4F6F-875D-126EDF8E4CB3}" = HPSSupply
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FF075778-6E50-47ed-991D-3B07FD4E3250}" = TrayApp
"7-Zip" = 7-Zip 9.20
"Access 97rt PAN EURO G" = Access 97rt PAN EURO G
"Acer Acer Bio Protection 6.0.00.13" = Acer Bio Protection
AAA 6.0.00.13
"Acer GameZone Console_is1" = Acer GameZone Console 2.0.1.1
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Agere Systems Soft Modem" = Agere Systems HDA Modem
"AVerMedia A310 (MiniCard, DVB-T)" = AVerMedia A310 (MiniCard, DVB-T) 1.1.0.27
"CCleaner" = CCleaner
"EADM" = EA Download Manager
"ENTERPRISE" = Microsoft Office Enterprise 2007
"FastStone Capture" = FastStone Capture 5.3
"Free PDF to Word Doc Converter_is1" = Free PDF to Word Doc Converter v1.1
"FrostWire" = FrostWire 4.21.1
"FUSSBALL MANAGER 09" = FUSSBALL MANAGER 09
"FUSSBALL MANAGER 10" = FUSSBALL MANAGER 10
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"GridVista" = Acer GridVista
"HF_Bestellassistent" = HappyFoto Bestellassistent (nur entfernen)
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"HP Imaging Device Functions" = HP Imaging Device Functions 8.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center 8.0
"HPExtendedCapabilities" = HP Customer Participation Program 8.0
"HPOCR" = HP OCR Software 8.0
"InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}" = NTI Backup Now 5
"InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}" = eSobi v2
"InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}" = NTI Media Maker 8
"InstallShield_{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Acer Arcade Deluxe
"InstallShield_{CB099890-1D5F-11D5-9EA9-0050BAE317E1}" = PowerDirector
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.0.1400
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MSC" = McAfee AntiVirus Plus
"MyTomTom" = MyTomTom 3.2.0.700
"NVIDIA Drivers" = NVIDIA Drivers
"Siedler3Deinstall" = Siedler3
"Siedler3MissionUninstall" = DIE SIEDLER III MISSION CD
"SimCity 3000 Deutschland" = SimCity 3000 Deutschland
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"VLC media player" = VLC media player 1.1.9
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"HappyFoto - Bestellassistent" = HappyFoto - Bestellassistent
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 23.04.2012 17:20:18 | Computer Name = Home-Office | Source = Windows Search Service | ID = 3013
Description =
Error - 25.04.2012 14:14:21 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 26.04.2012 03:42:19 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2012 03:50:01 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2012 04:52:57 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 27.04.2012 06:01:23 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2012 06:25:52 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2012 06:30:16 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 28.04.2012 07:37:16 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 29.04.2012 11:46:39 | Computer Name = Home-Office | Source = WinMgmt | ID = 10
Description =
Error - 29.04.2012 12:03:28 | Computer Name = Home-Office | Source = Application Error | ID = 1000
Description = Fehlerhafte Anwendung Explorer.EXE, Version 6.0.6002.18005, Zeitstempel
0x49e01da5, fehlerhaftes Modul btwapi.dll, Version 6.0.1.6300, Zeitstempel 0x47b2020e,
Ausnahmecode 0xc0000005, Fehleroffset 0x0004b091, Prozess-ID 0xe44, Anwendungsstartzeit
01cd261f39b2aaae.
[ System Events ]
Error - 18.10.2012 13:29:40 | Computer Name = Home-Office | Source = Service Control Manager | ID = 7000
Description =
Error - 18.10.2012 13:34:52 | Computer Name = Home-Office | Source = EventLog | ID = 6008
Description = Das System wurde zuvor am 18.10.2012 um 19:30:26 unerwartet heruntergefahren.
Error - 18.10.2012 13:35:23 | Computer Name = Home-Office | Source = Service Control Manager | ID = 7001
Description =
Error - 18.10.2012 13:35:23 | Computer Name = Home-Office | Source = Service Control Manager | ID = 7026
Description =
Error - 18.10.2012 13:36:05 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
Error - 18.10.2012 13:36:15 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
Error - 18.10.2012 13:36:18 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
Error - 18.10.2012 13:36:23 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
Error - 18.10.2012 13:36:50 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
Error - 18.10.2012 13:39:04 | Computer Name = Home-Office | Source = DCOM | ID = 10005
Description =
< End of report >
|
|
19.10.2012, 08:08
| #10 |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Schritt 1: Fix mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O4 - HKCU..\Run: [hsjgymndwrwwvbx] C:\Windows\hsjgymnd.exe ()
[2012.10.10 20:00:55 | 000,000,000 | ---D | C] -- C:\ProgramData\effmqrlxwspjgri
[2012.10.10 20:00:55 | 000,074,128 | ---- | M] () -- C:\ProgramData\zllllqnaifuwriy
[2012.10.10 20:00:49 | 000,108,544 | ---- | M] () -- C:\ProgramData\hsjgymnd.exe
:COMMANDS
[emptyjava]
[emptytemp]
[emptyflash]
Schritt 2: MBAM Downloade Dir bitte Malwarebytes
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
19.10.2012, 18:10
| #11 |
| | Das Programm kann diese Webseite nicht anzeigenCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\hsjgymndwrwwvbx deleted successfully.
C:\Windows\hsjgymnd.exe moved successfully.
C:\ProgramData\effmqrlxwspjgri folder moved successfully.
C:\ProgramData\zllllqnaifuwriy moved successfully.
C:\ProgramData\hsjgymnd.exe moved successfully.
========== COMMANDS ==========
[EMPTYJAVA]
User: All Users
User: Default
User: Default User
User: Public
User: Stefan
->Java cache emptied: 14930463 bytes
Total Java Files Cleaned = 14,00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Public
User: Stefan
->Temp folder emptied: 692923116 bytes
->Temporary Internet Files folder emptied: 672174260 bytes
->Java cache emptied: 0 bytes
->Google Chrome cache emptied: 6420309 bytes
->Flash cache emptied: 39282 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 158248116 bytes
RecycleBin emptied: 101506036 bytes
Total Files Cleaned = 1.556,00 mb
[EMPTYFLASH]
User: All Users
User: Default
User: Default User
User: Public
User: Stefan
->Flash cache emptied: 0 bytes
Total Flash Files Cleaned = 0,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 10192012_175228
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.10.19.11 Windows Vista Service Pack 2 x86 NTFS (Abgesichertenmodus/Netzwerkfähig) Internet Explorer 9.0.8112.16421 Stefan :: HOME-OFFICE [Administrator] Schutz: Deaktiviert 19.10.2012 19:02:07 mbam-log-2012-10-19 (19-02-07).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 188936 Laufzeit: 3 Minute(n), 44 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
22.10.2012, 06:41
| #12 |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Wie verhält sich der Rechner?
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
22.10.2012, 18:54
| #13 |
| | Das Programm kann diese Webseite nicht anzeigen Hallo, ich kann mich anmelden, danach gehts noch immer nicht sehr weit. Der Desktop erscheint, ich kann aber nichts machen (Ordner öffnen, ins Startmenü gehen o.ä.). Es sieht so aus als ob der Rechner nicht fertig startet, manche Symbole am Desktop erscheinen nicht usw. Liebe Grüße, Stefan |
|
23.10.2012, 06:18
| #14 | |
| /// Malwareteam | Das Programm kann diese Webseite nicht anzeigen Combofix Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ Kein Asylrecht für Trojaner! Proud Member of UNITE Hinweis: Ich bin nur werktags erreichbar! Anfragen über PM werden ignoriert! Du bist zufrieden mit uns? Dann unterstütze das Trojaner-Board! |
|
23.10.2012, 23:18
| #15 |
| | Das Programm kann diese Webseite nicht anzeigenCode:
ATTFilter ComboFix 12-10-23.01 - Stefan 23.10.2012 22:25:10.1.2 - x86 NETWORK
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.43.1031.18.3066.2481 [GMT 2:00]
ausgeführt von:: C:\Users\Stefan\Desktop\ComboFix.exe
AV: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {ADA629C7-7F48-5689-624A-3B76997E0892}
FW: McAfee Firewall *Enabled* {959DA8E2-3527-57D1-4915-924367AD4FE9}
SP: McAfee Anti-Virus und Anti-Spyware *Enabled/Updated* {16C7C823-5972-5907-58FA-0004E2F9422F}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
C:\Program Files\Acer\Acer Bio Protection\PwdFilter.dll
C:\Users\Stefan\AppData\Roaming\.#
C:\Windows\IsUn0407.exe
C:\Windows\system32\test
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\Service_nvsvc
|
|
| Themen zu Das Programm kann diese Webseite nicht anzeigen |
| abgesicherten, anzeige, anzeigen, bildschirm, ebenfalls, eingabe, heute, hilfe!, interne, internet, komplett, malwarebytes, meldung, modus, problem, programm, situation, starte, surfe, surfen, taskmanager, trojaner-board, vista, webseite, windows |
Textbox.
Linear-Darstellung
