| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Windows Firewall wird immer wieder unbemerkt deaktiviertWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.11.2012, 17:26
| #1 |
 |  Windows Firewall wird immer wieder unbemerkt deaktiviert Hallo liebes Helferteam, mein Problem ist, dass meine Windows Firewall sich immer wieder deaktiviert. Anschließend sind dann immer Netzwerkkennung und Freigabe von Dateien aktiviert. Mein AVG Internet Security 2012 hat nichts gefunden und der Windows Defender auch nicht. Nun hat Malwarebytes bereits ein infiziertes Objekt gefunden (PUP.BundleInstaller.OL). Die beiden log-Dateien von OTL habe ich nun. Nun schonmal vielen Dank, für die Mühe, sich überhaupt mit meinem Problem zu beschäftigen. Viele Grüße Densi |
|
28.11.2012, 13:13
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Firewall wird immer wieder unbemerkt deaktiviert Hallo und
__________________ Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Zitat:
Bitte beachten => http://www.trojaner-board.de/125889-...tml#post941520
__________________ |
|
28.11.2012, 20:10
| #3 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert Hallo, ich versuchs mal... das mit dem "code-tags" habe ich glaub ich nicht verstanden. Ich würde jetzt vermuten, vorher und nachher das Wort: code in den Klammern zu setzen. Ist das korrekt?
__________________Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.11.27.04 Windows Vista Service Pack 2 x86 NTFS Internet Explorer 9.0.8112.16421 Denise :: DENISE-JÜRGENPC [Administrator] Schutz: Aktiviert 27.11.2012 14:57:43 mbam-log-2012-11-27 (14-57-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 502102 Laufzeit: 2 Stunde(n), 24 Minute(n), 4 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\Denise\Downloads\Miro_setup.exe (PUP.BundleInstaller.OI) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) 2012/11/27 14:56:55 +0100 DENISE-JÜRGENPC Denise MESSAGE Executing scheduled update: Daily 2012/11/27 14:57:01 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting protection 2012/11/27 14:57:01 +0100 DENISE-JÜRGENPC Denise MESSAGE Protection started successfully 2012/11/27 14:57:01 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/27 14:57:08 +0100 DENISE-JÜRGENPC Denise MESSAGE Scheduled update executed successfully: database updated from version v2012.09.29.05 to version v2012.11.27.04 2012/11/27 14:57:15 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/27 14:57:15 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting database refresh 2012/11/27 14:57:15 +0100 DENISE-JÜRGENPC Denise MESSAGE Stopping IP protection 2012/11/27 14:57:16 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection stopped successfully 2012/11/27 14:57:20 +0100 DENISE-JÜRGENPC Denise MESSAGE Database refreshed successfully 2012/11/27 14:57:20 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/27 14:57:28 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/27 17:36:24 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting protection 2012/11/27 17:36:24 +0100 DENISE-JÜRGENPC Denise MESSAGE Protection started successfully 2012/11/27 17:36:24 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/27 17:36:31 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/27 19:21:22 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting protection 2012/11/27 19:21:23 +0100 DENISE-JÜRGENPC Denise MESSAGE Protection started successfully 2012/11/27 19:21:23 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/27 19:21:32 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/28 08:05:17 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting protection 2012/11/28 08:05:17 +0100 DENISE-JÜRGENPC Denise MESSAGE Protection started successfully 2012/11/28 08:05:17 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/28 08:05:29 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/28 14:25:31 +0100 DENISE-JÜRGENPC Denise MESSAGE Executing scheduled update: Daily 2012/11/28 14:25:37 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting protection 2012/11/28 14:25:37 +0100 DENISE-JÜRGENPC Denise MESSAGE Protection started successfully 2012/11/28 14:25:37 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/28 14:25:57 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully 2012/11/28 14:26:15 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting database refresh 2012/11/28 14:26:15 +0100 DENISE-JÜRGENPC Denise MESSAGE Scheduled update executed successfully: database updated from version v2012.11.27.04 to version v2012.11.28.05 2012/11/28 14:26:15 +0100 DENISE-JÜRGENPC Denise MESSAGE Stopping IP protection 2012/11/28 14:26:15 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection stopped successfully 2012/11/28 14:26:19 +0100 DENISE-JÜRGENPC Denise MESSAGE Database refreshed successfully 2012/11/28 14:26:19 +0100 DENISE-JÜRGENPC Denise MESSAGE Starting IP protection 2012/11/28 14:26:26 +0100 DENISE-JÜRGENPC Denise MESSAGE IP Protection started successfully OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 27.11.2012 15:09:42 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Downloads
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,69% Memory free
4,21 Gb Paging File | 2,52 Gb Available in Paging File | 59,91% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 119,00 Gb Total Space | 30,59 Gb Free Space | 25,70% Space Free | Partition Type: NTFS
Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,70% Space Free | Partition Type: FAT32
Drive F: | 7,45 Gb Total Space | 7,10 Gb Free Space | 95,25% Space Free | Partition Type: FAT32
Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with &IrfanView] -- "C:\Program Files\IrfanView\i_view32.exe" "%1 /thumbs" (Irfan Skiljan)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~3\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{19080638-8C48-47BD-87C1-9EF02369AD25}" = lport=2869 | protocol=6 | dir=in | name=windows live communications platform (upnp) |
"{704EFA8B-BE03-4760-904B-6D4A4714D187}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{C058F94E-17F9-4522-B98C-8AB43C6E36C9}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{C8CD4EF4-DC0A-4BBE-95FD-9F3A1A244D80}" = lport=2869 | protocol=6 | dir=in | app=system |
"{CE7EE7DF-391D-4DC8-B23B-12C642359BF4}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=c:\windows\system32\svchost.exe |
"{E14A8239-3D3F-49AF-8AA9-2040F13E3B93}" = lport=1900 | protocol=17 | dir=in | name=windows live communications platform (ssdp) |
"{E8A1D415-5B49-4DE7-9C9C-C912CD263B1C}" = lport=2869 | protocol=6 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{00BEAB8D-9F8D-4FFD-841B-E479554CC438}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{075016DB-4E8F-4F4F-B0DB-F69F0FC6E047}" = dir=in | app=c:\program files\windows live\contacts\wlcomm.exe |
"{1CD78567-1F75-495D-B99B-140E7BC26801}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{2CB38845-212D-40F7-A8A3-997011EEB275}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgnsx.exe |
"{31AAA460-ED14-485B-B7AB-1CAA18F52040}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{3D19BC9F-2CAF-4FA7-8C31-0C259062218E}" = protocol=6 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{3D74EECD-B8D7-4AAE-B6CC-B3A4C3C3B102}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{4736BDE5-5862-4725-996B-E47F86BA5C04}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{4B3999FA-24F8-4EE8-A054-9867D9D1A8F9}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{4E836FA6-7802-499B-ACEC-57F9E67B07E3}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{52C89931-E481-4AF1-A8FA-F9D3D0383088}" = protocol=6 | dir=out | app=system |
"{5EEAF428-8CBE-4515-AC6F-182F58FBB2B1}" = protocol=6 | dir=in | app=c:\program files\teamviewer\version7\teamviewer_service.exe |
"{6226A2A8-D83C-45B6-9EED-AE2CD4F16D21}" = protocol=17 | dir=out | app=c:\program files\windows media player\wmplayer.exe |
"{67CFF8B0-3C97-48E9-8D36-CDFE9E0E938C}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{7201CBB8-9E1B-4EF9-B5AF-4CAA67628D7D}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{8F9C88B3-A655-48C0-8564-70D16DA28252}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgemcx.exe |
"{91FDC911-DF89-40FD-B98B-C4206C85E909}" = protocol=17 | dir=in | app=c:\program files\teamviewer\version7\teamviewer.exe |
"{972FF6A0-34A5-43DF-929B-80F4329E0642}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"{A28800CC-3053-4DF3-BB82-728B763B2AAE}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe |
"{AF0472B4-163F-4B10-8FFF-D9DEEF0377FB}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{AFFB9506-5687-4E51-A3FC-90D37251245D}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\player\clipinc-player.exe |
"{BED0DD59-F9FC-4179-97AC-CBE1FD6905DB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgmfapx.exe |
"{C5DDC2B1-7689-4CCA-9DD7-958E7651ACE6}" = dir=in | app=c:\program files\windows live\mesh\moe.exe |
"{CC11E569-E948-4540-83EE-093ADACAF20F}" = protocol=17 | dir=in | app=c:\program files\windows media player\wmplayer.exe |
"{E2848AEB-4345-405C-A167-A7F8B3A0585D}" = protocol=17 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"{E33B09A0-E877-481B-B835-0F30F07F1D53}" = dir=in | app=c:\program files\windows live\messenger\msnmsgr.exe |
"{E3B843D3-A2B2-4801-A0EE-F2CC1BE5EC84}" = protocol=6 | dir=out | svc=upnphost | app=c:\windows\system32\svchost.exe |
"{E563006E-D037-467F-B771-F1DCF3FE07D1}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe |
"{EE40C132-9B48-4C2A-B8F1-E128FF8F2ED7}" = protocol=6 | dir=in | app=c:\program files\tobit clipinc\player\radiorecorder.exe |
"{F467C94C-1E10-4587-BD96-9ED418DF3BCF}" = protocol=17 | dir=in | app=c:\program files\tobit clipinc\server\clipinc-server.exe |
"{F5A94E66-E3DE-4DFE-B3DC-5E4E556B0DDB}" = protocol=6 | dir=in | app=c:\program files\avg\avg2012\avgdiagex.exe |
"TCP Query User{0721EEA2-0D77-4969-82B1-B5E02BBD6494}C:\program files\internet explorer\iexplore.exe" = protocol=6 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"TCP Query User{C472579B-CEB4-434A-8259-2248988F2CF0}C:\program files\real\realplayer\realplay.exe" = protocol=6 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"TCP Query User{DA227161-D47A-46BB-AAC4-E5C3B5C6D47E}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=6 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"TCP Query User{E87C4FFF-BAF6-448F-BC7F-765F24EFDCE4}C:\windows\ehome\ehexthost.exe" = protocol=6 | dir=in | app=c:\windows\ehome\ehexthost.exe |
"TCP Query User{FC585045-91B0-4175-8FF4-2391E32B2EB2}C:\program files\java\jre6\bin\java.exe" = protocol=6 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{65002842-FC7E-4CBE-9755-E432834A7319}C:\program files\internet explorer\iexplore.exe" = protocol=17 | dir=in | app=c:\program files\internet explorer\iexplore.exe |
"UDP Query User{70B41F12-C46A-457E-86F5-05C798B066CE}C:\program files\java\jre6\bin\java.exe" = protocol=17 | dir=in | app=c:\program files\java\jre6\bin\java.exe |
"UDP Query User{7799B9E6-A47A-4001-B64B-05F4F03B34A7}C:\program files\concept design\onlinetv 5\onlinetv.exe" = protocol=17 | dir=in | app=c:\program files\concept design\onlinetv 5\onlinetv.exe |
"UDP Query User{A6D0F184-A149-4C1D-B83A-885E3F452796}C:\program files\real\realplayer\realplay.exe" = protocol=17 | dir=in | app=c:\program files\real\realplayer\realplay.exe |
"UDP Query User{D0D8F64F-5A38-4E25-91EB-AA40D629F4ED}C:\windows\ehome\ehexthost.exe" = protocol=17 | dir=in | app=c:\windows\ehome\ehexthost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{02602409-9189-4567-BC07-562605243B69}" = Windows Live Remote Client Resources
"{0481A2EA-DA1D-4D10-A7C3-F8237948F6B5}" = Messenger Companion
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{0B0F231F-CE6A-483D-AA23-77B364F75917}" = Windows Live Installer
"{11AFE21E-B193-430D-B57A-DFF7815BB962}" = Ulead PhotoImpact 12
"{14897D5B-E7A5-43C6-AFC4-95C24A0194FF}_is1" = concept/design Hit-Recorder 3
"{19A4A990-5343-4FF7-B3B5-6F046C091EDF}" = Windows Live Remote Client
"{1BA1DBDC-5431-46FD-A66F-A17EB1C439EE}" = Windows Live Messenger
"{1DDB95A4-FD7B-4517-B3F1-2BCAA96879E6}" = Windows Live Writer Resources
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F6AB0E7-8CDD-4B93-8A23-AA9EB2FEFCE4}" = Junk Mail filter update
"{200FEC62-3C34-4D60-9CE8-EC372E01C08F}" = Windows Live SOXE Definitions
"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"{227E8782-B2F4-4E97-B0EE-49DE9CC1C0C0}" = Windows Live Remote Service
"{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{27CC6AB1-E72B-4179-AF1A-EAE507EBAF51}_is1" = ConvertHelper 2.2
"{27FDF949-69CE-435A-8372-339F72336AC5}" = MEDIONbox
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{2D6E3D97-1FDF-4993-AC75-72F59EC445C5}" = Windows Live Family Safety
"{3248F0A8-6813-11D6-A77B-00B0D0150090}" = J2SE Runtime Environment 5.0 Update 9
"{3336F667-9049-4D46-98B6-4C743EEBC5B1}" = Windows Live Photo Gallery
"{34F0D55F-C386-4195-9A5B-961D3F6ACD46}" = InterVideo MediaOne Gallery
"{37B33B16-2535-49E7-8990-32668708A0A3}" = Windows Live UX Platform Language Pack
"{399C37FB-08AF-493B-BFED-20FBD85EDF7F}" = Suyin Live Camera
"{3A65A74A-5B6E-451A-92D8-50F1182BBE9A}" = Windows Live Remote Service Resources
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{43002AE2-4093-49E0-A03D-990EE184C568}" = Lyrics Plugin for Windows Media Player
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C552FD3-2CCD-4E00-AC64-0681DBB3F8B5}" = OpenOffice.org 3.4
"{4EA2F95F-A537-4d17-9E7F-6B3FF8D9BBE3}" = Microsoft Works
"{50316C0A-CC2A-460A-9EA5-F486E54AC17D}_is1" = AVG PC Tuneup 2011
"{55D9E026-DCB0-46FF-B60A-68B972228CF6}" = Autodesk Design Review 2010
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{5783F2D7-8028-0409-0000-0060B0CE6BBA}" = DWG TrueView 2010
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411
"{5DD4FCBD-A3C1-4155-9E17-4161C70AAABA}" = Segoe UI
"{612C34C7-5E90-47D8-9B5C-0F717DD82726}" = swMSM
"{61727820-9C0B-42A3-BF08-831A62E466A4}" = Schreiben und Tippen lernen mit der Anlauttabelle
"{65DA2EC9-0642-47E9-AAE2-B5267AA14D75}" = Activation Assistant for the 2007 Microsoft Office suites
"{682B3E4F-696A-42DE-A41C-4C07EA1678B4}" = Windows Live SOXE
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D9B4C6B-7879-477A-B5EE-7DF068B91F34}" = PdfGrabber 5.0
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{78A96B4C-A643-4D0F-98C2-A8E16A6669F9}" = Windows Live Messenger Companion Core
"{7EE873AF-46BB-4B5D-BA6F-CFE4B0566E22}" = TuneUp Utilities Language Pack (de-DE)
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110261550}" = Shape Solitaire
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83C292B7-38A5-440B-A731-07070E81A64F}" = Windows Live PIMT Platform
"{859D4022-B76D-40DE-96EF-C90CDA263F44}" = Windows Live Writer
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek 8169 PCI, 8168 and 8101E PCIe Ethernet Network Card Driver for Windows Vista
"{895722FE-25FE-4854-95AC-B0C42F9DBEDA}" = REALTEK RTL8187B Wireless LAN Driver
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A261769-9640-4DB4-B877-3E00C61967F3}_is1" = concept/design onlineTV 5
"{8C6D6116-B724-4810-8F2D-D047E6B7D68E}" = Mesh Runtime
"{8DD46C6A-0056-4FEC-B70A-28BB16A1F11F}" = MSVCRT
"{8F8D9297-FDD2-405A-97E7-E52C7B2F97B3}" = Ulead VideoStudio SE DVD
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_HOMESTUDENTR_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_HOMESTUDENTR_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_HOMESTUDENTR_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_HOMESTUDENTR_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel(R) Matrix Storage Manager
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{92EA4134-10D1-418A-91E1-5A0453131A38}" = Windows Live Movie Maker
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95140000-007A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook Connector
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9D56775A-93F3-44A3-8092-840E3826DE30}" = Windows Live Mail
"{A726AE06-AAA3-43D1-87E3-70F510314F04}" = Windows Live Writer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9BDCA6B-3653-467B-AC83-94367DA3BFE3}" = Windows Live Photo Common
"{AA047D7C-5E7C-4878-B75C-77589151B563}" = SUYIN webcam
"{AAAFC670-569B-4A2F-82B4-42945E0DE3EF}" = Windows Live Writer
"{ABEC4C47-2E98-49BF-AF8E-06316B6B2BB9}" = AVG 2012
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch
"{ACFBE99B-6981-4513-B17E-A2683CEB9EE5}" = Windows Live Mesh
"{AF0CE7C0-A3E4-4D73-988B-B29187EC6E9A}" = QuickTime
"{AF844339-2F8A-4593-81B3-9F4C54038C4E}" = Windows Live MIME IFilter
"{B113D18C-67B0-4FB7-B329-E89B66194AE6}" = Windows Live Fotogalerie
"{B1239994-A850-44E2-BED8-E70A21124E16}" = Windows Live Mail
"{B3579F43-021F-43D2-A392-C0CAAE2A89DA}" = WinLernen Körpernetze
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{B69C390B-826F-473C-86EB-7AD4950818C3}" = AVG 2012
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{B8B4D43C-EAA0-4EEC-B93E-D4D012316286}" = Free DWG Viewer 6.2
"{C2AB7DC4-489E-4BE9-887A-52262FBADBE0}" = Windows Live Photo Common
"{C5398A89-516C-4DAF-BA07-EE7949090E56}" = Windows Live Mesh ActiveX control for remote connections
"{C6150D8A-86ED-41D3-87BB-F3BB51B0B77F}" = Windows Live ID Sign-in Assistant
"{C7340571-7773-4A8C-9EBC-4E4243B38C76}" = Microsoft XML Parser
"{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}" = HP Product Detection
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCC8E84E-AB61-4EC0-890D-8B553915B3AD}" = TVsweeper
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CE95A79E-E4FC-4FFF-8A75-29F04B942FF2}" = Windows Live UX Platform
"{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.3.9
"{D3742F82-1C1A-4DCC-ABBD-0E7C3C0185CC}" = TuneUp Utilities
"{D45240D3-B6B3-4FF9-B243-54ECE3E10066}" = Windows Live Communications Platform
"{DECDCB7C-58CC-4865-91AF-627F9798FE48}" = Windows Live Mesh
"{E09C4DB7-630C-4F06-A631-8EA7239923AF}" = D3DX10
"{E1180142-3B31-4DCC-9D27-7AC2D37662BF}" = LightScribe 1.4.124.1
"{E4E88B54-4777-4659-967A-2EED1E6AFD83}" = Windows Live Movie Maker
"{E5B21F11-6933-4E0B-A25C-7963E3C07D11}" = Windows Live Messenger
"{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.10
"{EF67AE1A-6B31-4C98-91A9-F195D8702150}" = Google Drive
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F5266D28-E0B2-4130-BFC5-EE155AD514DC}" = Apple Application Support
"{F5A4F780-DF0C-444F-BA82-637CCF5C8052}" = Windows Live Family Safety
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{F90D6825-8F1F-4E3A-9E42-A9C8A9DD1031}" = Nero 7 Essentials
"{F95E4EE0-0C6E-4273-B6B9-91FD6F071D76}" = Windows Live Essentials
"{FE0646A7-19D0-41B4-A2BB-2C35D644270D}" = Windows Live OneCare safety scanner
"Activation Assistant for the 2007 Microsoft Office suites" = Activation Assistant for the 2007 Microsoft Office suites
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.6
"ALDI Foto Service D" = ALDI Foto Service
"ALDI Nord Foto Manager Free D" = ALDI Nord Foto Manager Free
"Aldi Nord Fotoservice_is1" = Aldi Nord Fotoservice
"ALDI Nord Online Druck Service" = ALDI Nord Online Druck Service 4.6
"Autodesk Design Review 2010" = Autodesk Design Review 2010
"AVG" = AVG 2012
"AVG Secure Search" = AVG Security Toolbar
"AVS Media Player_is1" = AVS Media Player 3.1
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"BFG-Vergessene Laender - Erste Siedler" = Vergessene Länder: Erste Siedler ™
"CCleaner" = CCleaner
"Chronicles of Mystery/DE-German_is1" = Das Vermächtnis: Testament of Sin
"ClearProg" = ClearProg 1.5.0 Final
"Committed – Das Geheimnis von Shady Pines_is1" = Committed – Das Geheimnis von Shady Pines
"DWG TrueView 2010" = DWG TrueView 2010
"FileZilla Client" = FileZilla Client 3.3.5
"FormatFactory" = FormatFactory 2.90
"Google Chrome" = Google Chrome
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"InstallShield_{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8
"IrfanView" = IrfanView (remove only)
"LetsTrade" = LetsTrade Komponenten
"LHTTSGED" = L&H TTS3000 Deutsch
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000
"MEDION Fotos auf CD Nord D" = MEDION Fotos auf CD Nord 6.0.2.0 (D)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Mozilla Firefox 17.0 (x86 de)" = Mozilla Firefox 17.0 (x86 de)
"NSM" = Norton Family
"RealPlayer 15.0" = RealPlayer
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"TeamViewer 7" = TeamViewer 7
"Tobit ClipInc Server" = WDR RadioRecorder
"Totalcmd" = Total Commander (Remove or Repair)
"TuneUp Utilities" = TuneUp Utilities
"ViewpointMediaPlayer" = Viewpoint Media Player
"VLC media player" = VLC media player 1.1.7
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"WinLiveSuite" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
"Yahoo! Messenger" = Yahoo! Messenger
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:13 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
Error - 18.11.2012 18:14:14 | Computer Name = Denise-JürgenPC | Source = Windows Search Service | ID = 3013
Description =
[ Media Center Events ]
Error - 17.04.2008 17:49:12 | Computer Name = Denise-JürgenPC | Source = MCUpdate | ID = 0
Description = DownloadPackgeTask.SubTasksComplete: Download von Paket MCESpotlight
gescheitert.
[ System Events ]
Error - 15.11.2012 01:59:23 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 01:59:31 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 02:00:32 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description =
Error - 15.11.2012 02:00:40 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10016
Description =
Error - 17.11.2012 06:24:10 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
Error - 17.11.2012 06:28:38 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 17.11.2012 06:28:39 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 17.11.2012 06:28:39 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-Servicing | ID = 4375
Description =
Error - 17.11.2012 06:35:55 | Computer Name = Denise-JürgenPC | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description =
Error - 20.11.2012 15:13:23 | Computer Name = Denise-JürgenPC | Source = DCOM | ID = 10005
Description =
< End of report >
OTL Logfile: Code:
ATTFilter OTL logfile created on: 27.11.2012 15:09:42 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Denise\Downloads Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,99 Gb Total Physical Memory | 0,51 Gb Available Physical Memory | 25,69% Memory free 4,21 Gb Paging File | 2,52 Gb Available in Paging File | 59,91% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 119,00 Gb Total Space | 30,59 Gb Free Space | 25,70% Space Free | Partition Type: NTFS Drive D: | 30,04 Gb Total Space | 4,12 Gb Free Space | 13,70% Space Free | Partition Type: FAT32 Drive F: | 7,45 Gb Total Space | 7,10 Gb Free Space | 95,25% Space Free | Partition Type: FAT32 Computer Name: DENISE-JÜRGENPC | User Name: Denise | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Denise\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\AVG Secure Search\vprot.exe () PRC - C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () PRC - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Programme\Norton Family\Engine\2.6.0.52\ccsvchst.exe (Symantec Corporation) PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\AVG\AVG2012\avgrsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgnsx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgemcx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) PRC - C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\AVG\AVG2012\avgcsrvx.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corp.) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesApp32.exe (TuneUp Software) PRC - C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Tobit ClipInc\Server\ClipInc-Server.exe () PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Windows Mail\WinMail.exe (Microsoft Corporation) PRC - C:\Programme\Medion\MEDIONbox\Program\GCS.exe (Empolis GmbH) PRC - c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) PRC - C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) PRC - C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) PRC - C:\Windows\System32\wpcumi.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\AVG Secure Search\vprot.exe () MOD - C:\Programme\Common Files\AVG Secure Search\DNTInstaller\13.2.0\avgdttbx.dll () MOD - C:\Programme\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\SiteSafety.dll () MOD - C:\Programme\FileZilla FTP Client\fzshellext.dll () ========== Services (SafeList) ========== SRV - (TuneUp.Defrag) -- C:\Programme\TuneUp Utilities 2010\TuneUpDefragService.exe (TuneUp Software) SRV - (vToolbarUpdater13.2.0) -- C:\Programme\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe () SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (Skype C2C Service) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe (Skype Technologies S.A.) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (TeamViewer7) -- C:\Programme\TeamViewer\Version7\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (NSM) -- C:\Program Files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe (Symantec Corporation) SRV - (AVGIDSAgent) -- C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (avgfws) -- C:\Programme\AVG\AVG2012\avgfws.exe (AVG Technologies CZ, s.r.o.) SRV - (fsssvc) -- C:\Programme\Windows Live\Family Safety\fsssvc.exe (Microsoft Corporation) SRV - (avgwd) -- C:\Programme\AVG\AVG2012\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corp.) SRV - (wlcrasvc) -- C:\Programme\Windows Live\Mesh\wlcrasvc.exe (Microsoft Corporation) SRV - (TuneUp.UtilitiesSvc) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe (TuneUp Software) SRV - (UxTuneUp) -- C:\Windows\System32\uxtuneup.dll (TuneUp Software) SRV - (ClipInc001) -- C:\Program Files\Tobit ClipInc\Server\ClipInc-Server.exe () SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (GnabService) -- c:\Programme\Common Files\Gnab\Service\ServiceController.exe (Empolis GmbH) SRV - (IviRegMgr) -- C:\Programme\Common Files\InterVideo\RegMgr\iviRegMgr.exe (InterVideo) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (IAANTMON) -- C:\Programme\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UleadBurningHelper) -- C:\Programme\Common Files\Ulead Systems\DVD\ULCDRSvr.exe (Ulead Systems, Inc.) ========== Driver Services (SafeList) ========== DRV - (NwlnkFwd) -- system32\DRIVERS\nwlnkfwd.sys File not found DRV - (NwlnkFlt) -- system32\DRIVERS\nwlnkflt.sys File not found DRV - (mailKmd) -- File not found DRV - (IpInIp) -- system32\DRIVERS\ipinip.sys File not found DRV - (blbdrive) -- C:\Windows\system32\drivers\blbdrive.sys File not found DRV - (MBAMSwissArmy) -- C:\Windows\System32\drivers\mbamswissarmy.sys (Malwarebytes Corporation) DRV - (SymEvent) -- C:\Windows\System32\drivers\SYMEVENT.SYS (Symantec Corporation) DRV - (avgtp) -- C:\Windows\System32\drivers\avgtpx86.sys (AVG Technologies) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (Avgtdix) -- C:\Windows\System32\drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.) DRV - (ccSet_NSM) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys (Symantec Corporation) DRV - (Avgldx86) -- C:\Windows\System32\drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.) DRV - (SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys (Symantec Corporation) DRV - (AVGIDSHX) -- C:\Windows\System32\drivers\avgidshx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgrkx86) -- C:\Windows\System32\drivers\avgrkx86.sys (AVG Technologies CZ, s.r.o.) DRV - (Avgmfx86) -- C:\Windows\System32\drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.) DRV - (AVGIDSShim) -- C:\Windows\System32\drivers\avgidsshimx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSFilter) -- C:\Windows\System32\drivers\avgidsfilterx.sys (AVG Technologies CZ, s.r.o. ) DRV - (AVGIDSDriver) -- C:\Windows\System32\drivers\avgidsdriverx.sys (AVG Technologies CZ, s.r.o. ) DRV - (Avgfwfd) -- C:\Windows\System32\drivers\avgfwd6x.sys (AVG Technologies CZ, s.r.o.) DRV - (tbhsd) -- C:\Windows\System32\drivers\tbhsd.sys (RapidSolution Software AG) DRV - (TuneUpUtilitiesDrv) -- C:\Programme\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys (TuneUp Software) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ACEDRV07) -- C:\Windows\System32\drivers\ACEDRV07.sys (Protect Software GmbH) DRV - (RTL8187B) -- C:\Windows\System32\drivers\rtl8187B.sys (Realtek Semiconductor Corporation ) DRV - (RTL8169) -- C:\Windows\System32\drivers\Rtlh86.sys (Realtek Corporation ) DRV - (SNP2UVC) -- C:\Windows\System32\drivers\snp2uvc.sys () DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (smserial) -- C:\Windows\System32\drivers\smserial.sys (Motorola Inc.) DRV - (R300) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (Hotkey) -- C:\Windows\System32\drivers\HOTKEY.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.aldi.com IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2613550 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\.DEFAULT\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-18\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.windowslive.de/startseite.aspx IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.msn.de/ [binary data] IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.de/ IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 68 7B 82 CA 63 D4 CB 01 [binary data] IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\URLSearchHook: {872b5b88-9db5-4310-bdd0-ac189557e5f5} - No CLSID value found IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGLJ_de IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={42DBA148-8D55-4D91-A7C5-A4F49F5CF8C2}&mid=1ba64ddc0bec47d1b6c5d15f9567fafc-91b532326ad25d70d2501b7f6309cd58319b5e48&lang=en&ds=or011&pr=fr&d=2012-09-07 22:58:59&v=12.2.0.5&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\{E3FCDD0E-5495-4FB5-B232-A90628C3FEA9}: "URL" = https://ixquick.com/do/metasearch.pl?query={searchTerms}&cat=web&pl=ie&language=deutsch IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\SearchScopes\Live Search: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&mkt=de-DE&FORM=MICGEP IE - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.9 FF - prefs.js..extensions.enabledAddons: %7Bd10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d%7D:2.0.3 FF - prefs.js..extensions.enabledAddons: %7B20a82645-c095-46ed-80e3-08825760534b%7D:0.0.0 FF - prefs.js..extensions.enabledAddons: %7B0153E448-190B-4987-BDE1-F256CADA672F%7D:15.0.6 FF - prefs.js..extensions.enabledAddons: %7BCAFEEFAC-0016-0000-0035-ABCDEFFEDCBA%7D:6.0.35 FF - prefs.js..extensions.enabledAddons: %7B6D5C8FC4-DE46-41bf-9092-93F0F78E9115%7D:2.6.0.52 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_110.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\system32\Adobe\Director\np32dsw_1167637.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files\Common Files\AVG Secure Search\SiteSafetyInstaller\13.2.0\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@checkpoint.com/FFApi: File not found FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3538.0513: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll () FF - HKLM\Software\MozillaPlugins\@zylom.com/ZylomGamesPlayer: C:\ProgramData\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll (Zylom) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\ [2012.09.11 18:23:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.09.24 15:22:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{6D5C8FC4-DE46-41bf-9092-93F0F78E9115}: C:\ProgramData\Norton\{78CA3BF0-9C3B-40e1-B46D-38C877EF059A}\NSM_2.6.0.43\coFFFw\ [2012.11.27 14:27:17 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.11.22 23:21:59 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.11.22 23:21:59 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Thunderbird\Extensions\\{0E810812-F4BB-4309-942A-755587587A5E}: C:\Program Files\BullGuard Software\BullGuard\antispam\tbspamfilter [2011.07.04 16:59:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Extensions [2012.05.17 11:44:40 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions [2012.05.17 11:44:40 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\Denise\AppData\Roaming\mozilla\Firefox\Profiles\xmour6lv.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2012.04.30 14:19:55 | 000,634,964 | ---- | M] () (No name found) -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.11.25 12:43:18 | 000,001,610 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\ixquick-https---deutsch.xml [2012.02.15 18:03:18 | 000,002,422 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-byskipity-de.xml [2012.01.19 13:38:59 | 000,002,135 | ---- | M] () -- C:\Users\Denise\AppData\Roaming\mozilla\firefox\profiles\xmour6lv.default\searchplugins\s-amazon-de.xml [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2012.10.30 13:32:41 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.23 15:58:43 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.11.27 14:27:17 | 000,000,000 | ---D | M] (Norton Family) -- C:\PROGRAMDATA\NORTON\{78CA3BF0-9C3B-40E1-B46D-38C877EF059A}\NSM_2.6.0.43\COFFFW [2012.09.24 15:22:19 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2009.09.01 16:10:53 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION [2012.11.20 22:55:20 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.09.24 15:21:42 | 000,129,176 | ---- | M] (RealPlayer) -- C:\Program Files\mozilla firefox\plugins\nprpplugin.dll [2012.06.27 06:22:49 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.08 14:03:01 | 000,003,573 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\avg-secure-search.xml [2012.09.23 19:52:54 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.27 06:22:49 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.27 06:22:49 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.27 06:22:49 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.27 06:22:49 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - homepage: hxxp://www.google.com/ CHR - Extension: AVG Secure Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdgpjclefcppbhifgmbncakhhphkggdb\12.2.0.5_0\ CHR - Extension: YouTube = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: AVG Safe Search = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\jmfkcklnlgedgbglfkkgedjfmejoahla\12.0.0.2210_0\ CHR - Extension: AVG Do Not Track = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndibdjnfmopecpmkdieinmbadjfpblof\12.0.0.2166_0\ CHR - Extension: Google Mail = C:\Users\Denise\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.02.17 13:21:52 | 000,292,116 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O1 - Hosts: ::1 localhost O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.123topsearch.com O1 - Hosts: 127.0.0.1 123topsearch.com O1 - Hosts: 127.0.0.1 www.132.com O1 - Hosts: 127.0.0.1 132.com O1 - Hosts: 127.0.0.1 www.136136.net O1 - Hosts: 10059 more lines... O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Programme\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Norton Family BHO) - {B8E07826-0971-4f16-B133-047B88034E89} - C:\Programme\Norton Family\Engine\2.6.0.52\coieplg.dll (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {95B7759C-8C7F-4BF1-B163-73684A933233} - C:\Programme\AVG Secure Search\13.2.0.5\AVG Secure Search_toolbar.dll () O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {872B5B88-9DB5-4310-BDD0-AC189557E5F5} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {E7DF6BFF-55A5-4EB7-A673-4ED3E9456D39} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {EE2AC4E5-B0B0-4EC6-88A9-BCA1A32AB107} - No CLSID value found. O3 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found. O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG2012\avgtray.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [ROC_roc_ssl_v12] C:\Program Files\AVG Secure Search\ROC_roc_ssl_v12.exe () O4 - HKLM..\Run: [vProt] C:\Program Files\AVG Secure Search\vprot.exe () O4 - HKLM..\Run: [WPCUMI] C:\Windows\System32\wpcumi.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [WindowsWelcomeCenter] C:\Windows\System32\oobefldr.dll (Microsoft Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: TaskbarNoNotification = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: LogonHoursAction = 2 O7 - HKU\S-1-5-21-3489115444-3111152892-1366146225-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DontDisplayLogonHoursWarnings = 1 O8 - Extra context menu item: Nach Microsoft &Excel exportieren - C:\Programme\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Windows\System32\wpclsp.dll (Microsoft Corporation) O13 - gopher Prefix: missing O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} hxxp://messenger.zone.msn.com/MessengerGamesContent/GameContent/de/uno1/GAME_UNO1.cab (UnoCtrl Class) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} hxxp://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} hxxp://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class) O16 - DPF: {CAFEEFAC-0015-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_09-windows-i586.cab (Java Plug-in 1.5.0_09) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0017-0000-0007-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_07-windows-i586.cab (Java Plug-in 1.7.0_07) O16 - DPF: {CAFEEFAC-0017-0000-0009-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.7.0/jinstall-1_7_0_09-windows-i586.cab (Java Plug-in 1.7.0_09) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 10.9.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{310825A3-322D-4107-AFC5-1E187FC18390}: DhcpNameServer = 192.168.2.1 O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Programme\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Programme\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Programme\Common Files\microsoft shared\Information Retrieval\msitss.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Programme\Windows Live\Messenger\msgrapp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Programme\Common Files\microsoft shared\Web Components\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Programme\Common Files\microsoft shared\Web Components\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Programme\Common Files\AVG Secure Search\ViProtocolInstaller\13.2.0\ViProtocol.dll () O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Handler\wlpg {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Programme\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O24 - Desktop WallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O24 - Desktop BackupWallPaper: C:\Users\Denise\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O33 - MountPoints2\{5bdb9506-3e7a-11e0-be0a-0016d383130f}\Shell - "" = AutoRun O33 - MountPoints2\{5bdb9506-3e7a-11e0-be0a-0016d383130f}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O33 - MountPoints2\{eff206c9-7c52-11de-9825-806e6f6e6963}\Shell\AutoRun\command - "" = F:\VLCPortable.bat O33 - MountPoints2\{fe469e65-5fb5-11dc-8a00-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{fe469e65-5fb5-11dc-8a00-806e6f6e6963}\Shell\AutoRun\command - "" = E:\Setup.exe O33 - MountPoints2\G\Shell - "" = AutoRun O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\LaunchU3.exe -a O34 - HKLM BootExecute: (autocheck autochk *) O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) ========== Files/Folders - Created Within 30 Days ========== [2012.11.27 14:56:45 | 000,040,776 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.27 14:56:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Roaming\Malwarebytes [2012.11.27 14:55:52 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2012.11.27 14:55:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2012.11.27 14:55:50 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2012.11.27 14:55:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2012.11.26 22:04:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{6A526607-F3B6-402D-AA23-26134FF18592} [2012.11.25 23:23:10 | 000,202,144 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.sys [2012.11.25 23:23:09 | 000,134,304 | R--- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.sys [2012.11.25 23:23:03 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM\0206000.034 [2012.11.25 23:10:55 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{99EE0528-90C8-4427-8AA5-2E71AF03D139} [2012.11.25 10:43:02 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3CAE899F-CF32-475D-A283-A46948E11563} [2012.11.24 10:56:07 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2012.11.24 10:56:07 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2012.11.23 17:50:28 | 000,246,760 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.23 17:49:43 | 000,174,056 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.23 17:49:43 | 000,093,672 | ---- | C] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.23 17:14:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{1BA53757-F880-4557-88B6-489BF1116B34} [2012.11.22 23:21:22 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime [2012.11.22 23:21:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer [2012.11.22 22:19:26 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{5201D3EE-30A2-4463-82D6-8D0A951F1B9E} [2012.11.21 16:05:09 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{374F8F64-6E2B-4DEF-8480-3983EAA63A36} [2012.11.20 17:52:07 | 000,030,024 | ---- | C] (TuneUp Software) -- C:\Windows\System32\uxtuneup.dll [2012.11.20 17:52:07 | 000,021,320 | ---- | C] (TuneUp Software) -- C:\Windows\System32\authuitu.dll [2012.11.20 17:49:20 | 000,030,536 | ---- | C] (TuneUp Software) -- C:\Windows\System32\TURegOpt.exe [2012.11.20 17:49:06 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities [2012.11.20 17:46:37 | 000,000,000 | ---D | C] -- C:\Program Files\TuneUp Utilities 2010 [2012.11.20 16:43:28 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{41E519CC-5C45-4CBE-A95D-686DA58A944C} [2012.11.19 18:40:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Fugazo [2012.11.19 18:32:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Committed – Das Geheimnis von Shady Pines [2012.11.19 18:32:20 | 000,000,000 | ---D | C] -- C:\Program Files\astragon [2012.11.18 16:00:35 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F09D83D0-748C-4A4A-A2E6-1744C5FCD45A} [2012.11.17 15:20:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{DD27ABA4-FBF3-452A-8AD4-950DAB954601} [2012.11.17 11:26:14 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2012.11.17 11:26:13 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2012.11.17 11:26:13 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2012.11.17 11:26:11 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2012.11.17 11:26:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2012.11.17 11:26:09 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2012.11.16 14:35:17 | 002,047,488 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2012.11.16 14:26:39 | 000,075,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\synceng.dll [2012.11.16 14:13:31 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8868A5E0-F1D7-42F1-98B6-24F8073FF108} [2012.11.15 16:08:14 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C2624663-A705-4982-AFBB-25BE6585FFBB} [2012.11.14 15:00:04 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{67AF8C00-A5E3-4D9D-A9FE-B9D64C7C3CAC} [2012.11.13 13:28:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0D11F6CB-A810-4813-B972-BA8E3A341BE4} [2012.11.12 18:23:29 | 000,142,496 | ---- | C] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared [2012.11.12 18:23:29 | 000,000,000 | ---D | C] -- C:\Program Files\Symantec [2012.11.12 18:23:16 | 000,000,000 | ---D | C] -- C:\Windows\System32\drivers\NSM [2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Family [2012.11.12 18:23:15 | 000,000,000 | ---D | C] -- C:\Program Files\Norton Family [2012.11.12 18:23:01 | 000,000,000 | ---D | C] -- C:\Program Files\NortonInstaller [2012.11.12 17:53:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2012.11.12 17:53:13 | 000,000,000 | ---D | C] -- C:\ProgramData\NortonInstaller [2012.11.12 14:06:53 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{0A39610F-F3CA-4880-97C3-3B5D07A96B5E} [2012.11.11 23:00:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{3DD1B218-94BD-4116-B1D9-48D8F30853EF} [2012.11.10 14:16:10 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{8DFBE69C-3E0C-48CF-909C-25BCF0765882} [2012.11.09 17:08:45 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{B98A27C4-3D17-4346-84A3-D478BF5CA972} [2012.11.08 17:06:03 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{C3ED5C37-F433-492A-97B7-91A8177F646E} [2012.11.07 18:49:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FormatFactory [2012.11.07 15:41:27 | 000,000,000 | ---D | C] -- C:\Users\Denise\Filme [2012.11.07 15:37:51 | 000,000,000 | ---D | C] -- C:\Users\Denise\Documents\FFOutput [2012.11.07 15:16:38 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{F7E49BEA-E4C9-4D3B-8DD3-225546950404} [2012.11.06 22:47:16 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{E5458238-46C6-4FE5-9D04-E424257F91BA} [2012.10.31 18:02:48 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{142169DB-546F-4F6D-92A6-9477E7469F3A} [2012.10.30 18:47:30 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{CE7596DD-85E8-43B3-B9D9-775F52F07731} [2012.10.29 19:43:24 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{42BE08CF-83D5-4E01-93A4-1C702B4B0744} [2012.10.29 01:57:20 | 000,000,000 | ---D | C] -- C:\Users\Denise\AppData\Local\{86E3BECD-7468-4BC4-83EB-2AF672A45926} [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.11.27 14:57:17 | 000,040,776 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbamswissarmy.sys [2012.11.27 14:55:53 | 000,000,910 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.27 14:33:39 | 000,000,680 | RHS- | M] () -- C:\Users\Denise\ntuser.pol [2012.11.27 14:31:15 | 000,641,942 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.27 14:31:15 | 000,607,500 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.27 14:31:15 | 000,132,646 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.27 14:31:15 | 000,109,534 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2012.11.27 14:26:56 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 14:26:55 | 000,003,568 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0 [2012.11.27 14:26:41 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.11.27 09:28:48 | 101,384,767 | ---- | M] () -- C:\Windows\System32\drivers\AVG\incavi.avm [2012.11.26 19:07:20 | 000,001,975 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2012.11.25 12:34:22 | 000,000,172 | ---- | M] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini [2012.11.23 17:49:30 | 000,093,672 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\WindowsAccessBridge.dll [2012.11.23 17:49:13 | 000,246,760 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaws.exe [2012.11.23 17:49:13 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\javaw.exe [2012.11.23 17:49:09 | 000,174,056 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\java.exe [2012.11.23 17:49:01 | 000,746,984 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2012.11.23 16:40:15 | 000,000,808 | ---- | M] () -- C:\Users\Public\Desktop\CCleaner.lnk [2012.11.20 17:52:02 | 000,001,871 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.20 17:52:02 | 000,001,857 | ---- | M] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.19 21:21:12 | 000,658,291 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavichjg.avm [2012.11.19 18:33:09 | 000,001,206 | ---- | M] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk [2012.11.17 12:04:43 | 000,501,512 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.11.12 18:23:29 | 000,142,496 | ---- | M] (Symantec Corporation) -- C:\Windows\System32\drivers\SYMEVENT.SYS [2012.11.12 18:23:29 | 000,007,446 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.12 18:23:29 | 000,000,806 | ---- | M] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2012.11.08 14:02:57 | 000,026,984 | ---- | M] (AVG Technologies) -- C:\Windows\System32\drivers\avgtpx86.sys [2012.11.07 15:37:39 | 000,078,336 | ---- | M] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.11.07 09:23:33 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.11.07 06:51:56 | 000,697,272 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2012.11.07 06:51:56 | 000,073,656 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2012.11.03 10:40:20 | 000,629,730 | ---- | M] () -- C:\Windows\System32\drivers\AVG\iavifw.avm [1 C:\Windows\System32\drivers\*.tmp files -> C:\Windows\System32\drivers\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.11.27 14:55:53 | 000,000,910 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.11.25 23:23:10 | 000,007,601 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.cat [2012.11.25 23:23:10 | 000,001,455 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\symrdr.inf [2012.11.25 23:23:09 | 000,007,611 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.cat [2012.11.25 23:23:09 | 000,000,828 | R--- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\ccsetx86.inf [2012.11.25 23:23:03 | 000,000,172 | ---- | C] () -- C:\Windows\System32\drivers\NSM\0206000.034\isolate.ini [2012.11.20 17:49:08 | 000,001,871 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp 1-Klick-Wartung.lnk [2012.11.20 17:49:08 | 000,001,857 | ---- | C] () -- C:\Users\Public\Desktop\TuneUp Utilities.lnk [2012.11.20 17:49:06 | 000,001,869 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TuneUp Utilities.lnk [2012.11.19 18:33:09 | 000,001,206 | ---- | C] () -- C:\Users\Denise\Desktop\Committed – Das Geheimnis von Shady Pines.lnk [2012.11.12 18:23:29 | 000,007,446 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.CAT [2012.11.12 18:23:29 | 000,000,806 | ---- | C] () -- C:\Windows\System32\drivers\SYMEVENT.INF [2011.11.06 09:18:40 | 000,000,000 | ---- | C] () -- C:\Users\Denise\AppData\Local\{71897A78-F9E8-4B86-8741-8A13688EB115} [2011.02.16 15:56:19 | 000,042,747 | ---- | C] () -- C:\Users\Denise\Scannen0001.jpg [2010.12.11 14:04:17 | 000,004,096 | -H-- | C] () -- C:\Users\Denise\AppData\Local\keyfile3.drm [2010.11.17 21:39:16 | 001,734,144 | ---- | C] () -- C:\Users\Denise\SK_Fasching.pps [2010.10.19 18:13:22 | 000,000,552 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d8caps.dat [2010.09.12 14:19:57 | 124,354,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 2.mp3 [2010.09.12 14:19:47 | 104,674,560 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Teil 1.mp3 [2010.09.12 14:19:45 | 023,226,240 | ---- | C] () -- C:\Users\Denise\Die Känguruh-Chroniken Zugabe.mp3 [2010.08.05 16:32:49 | 000,145,697 | -H-- | C] () -- C:\Users\Denise\Cache.mxc3 [2009.12.12 23:38:48 | 000,024,375 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\mdbu.bin [2009.09.30 16:27:31 | 001,290,240 | ---- | C] () -- C:\Users\Denise\Zuma.exe [2009.09.03 23:26:31 | 000,000,051 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\AVSMediaPlayer.m3u [2009.01.13 16:09:50 | 000,000,680 | ---- | C] () -- C:\Users\Denise\AppData\Local\d3d9caps.dat [2009.01.06 15:15:34 | 000,693,765 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.exe [2009.01.06 15:15:34 | 000,013,615 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\unins000.dat [2008.03.03 20:11:18 | 000,000,094 | ---- | C] () -- C:\Users\Denise\AppData\Local\fusioncache.dat [2008.01.11 22:47:39 | 000,000,680 | RHS- | C] () -- C:\Users\Denise\ntuser.pol [2007.11.14 11:41:24 | 000,256,000 | ---- | C] () -- C:\Users\Denise\DieFrau.pps [2007.11.03 18:51:55 | 000,000,305 | ---- | C] () -- C:\ProgramData\addr_file.html [2007.10.04 10:23:12 | 000,078,336 | ---- | C] () -- C:\Users\Denise\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2007.09.12 08:33:49 | 000,007,458 | ---- | C] () -- C:\Users\Denise\AppData\Roaming\wklnhst.dat ========== ZeroAccess Check ========== [2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 07:28:19 | 000,614,912 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 07:28:25 | 000,347,648 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2011.12.02 18:24:34 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\AVG2012 [2011.02.25 15:49:00 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\FirstColony [2011.11.16 12:58:33 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\Mp3tag [2012.03.22 19:49:10 | 000,000,000 | ---D | M] -- C:\Users\Celine\AppData\Roaming\TuneUp Software [2010.03.12 22:55:58 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Autodesk [2011.11.24 20:02:14 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\AVG [2011.11.23 14:27:48 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\AVG2012 [2009.10.15 20:09:09 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\bhv-Edu [2008.12.30 12:34:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\bhv4Kids [2010.08.03 10:00:13 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CheckPoint [2009.01.01 20:31:01 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Chromeflower [2010.05.16 11:08:48 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CocoonSoftware [2010.02.12 14:57:13 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\concept design [2009.01.01 20:30:45 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\CrystalSpace [2011.11.19 15:24:38 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DVDVideoSoft [2011.11.23 17:00:02 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\DVDVideoSoftIEHelpers [2010.05.16 13:38:44 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Engelmann Media [2010.11.03 21:13:43 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\ERS G-Studio [2011.10.09 11:31:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FileZilla [2010.12.25 21:12:12 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\FirstColony [2010.11.04 14:07:42 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Flood Light Games [2009.11.17 16:41:06 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\gbrainy [2007.10.26 19:47:24 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\GHISLER [2007.11.16 13:02:00 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\InterVideo [2010.10.25 18:05:17 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\KIDDINX [2009.12.12 23:19:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\MAGIX [2012.06.05 20:02:24 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\OpenOffice.org [2012.09.07 22:00:41 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Participatory Culture Foundation [2008.11.26 15:52:03 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\PixelPlanet [2009.08.26 09:24:20 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Schreibwerkstatt [2007.09.12 14:38:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Sonavis [2012.05.15 15:41:54 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TeamViewer [2009.02.16 13:29:19 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Template [2011.11.19 13:01:30 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Tobit [2012.11.20 17:48:44 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TuneUp Software [2012.11.19 00:10:34 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\TVcentral-Core [2007.09.10 19:15:35 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Ulead Systems [2012.05.19 00:26:30 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Windows Live Writer [2008.09.10 16:04:11 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\Windows-Optimierer [2011.06.04 21:54:04 | 000,000,000 | ---D | M] -- C:\Users\Denise\AppData\Roaming\xVideoServiceThief ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 889 bytes -> C:\Users\Denise\Documents\AW_ Ersatzteilbestellung Kundennr_ 13820973.eml:OECustomProperty @Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Robert mail wkw.eml:OECustomProperty @Alternate Data Stream - 526 bytes -> C:\Users\Denise\Documents\Email von Robert.eml:OECustomProperty @Alternate Data Stream - 139 bytes -> C:\ProgramData\TEMP:2A8A3140 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:4F8BECB9 @Alternate Data Stream - 137 bytes -> C:\ProgramData\TEMP:0B4227B4 @Alternate Data Stream - 132 bytes -> C:\ProgramData\TEMP:6BF0805F @Alternate Data Stream - 128 bytes -> C:\ProgramData\TEMP:25249477 @Alternate Data Stream - 107 bytes -> C:\ProgramData\TEMP:B268A25C @Alternate Data Stream - 101 bytes -> C:\ProgramData\TEMP:E32966C0 < End of report > So, jetzt habe ich hoffentlich alles soweit richtig gemacht.  Übrigens: auch wenn es mal 4 Tage dauern sollte... ich bin froh, geholfen zu bekommen. Das darf dann auch mal etwas Zeit in Anspruch nehmen. Bisher konnte man mir nie helfen. Ich half mir immer selbst  Einen schönen Abend noch Densi |
|
29.11.2012, 10:50
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviertCode:
ATTFilter PRC - C:\Programme\Norton Family\Engine\2.6.0.52\ccsvchst.exe (Symantec Corporation)
PRC - C:\Programme\AVG\AVG2012\avgidsagent.exe (AVG Technologies CZ, s.r.o.)
Mehr als einer ist kontraproduktiv, verwende entweder AVG oder Norton (oder einen anderen deinerWahl wie zB Avast oder MSE) aber nicht beides oder noch mehr von denen gleichzeitig  Zu einem Virenscanner kannst du noch Malwarebytes Free verwenden
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
29.11.2012, 13:02
| #5 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert Hallo das hängt damit zusammen, dass meine Tochter Norton drauf hat und dieses Norton Family lediglich der Kinderschutz ist. Der läuft nicht als Virenscanner, sondern ist eine reine Kinderschutzsoftware von Norton. Das eigentliche Norton ist nur auf ihrem Rechner installiert. LG Densi |
|
29.11.2012, 13:44
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert OK, ich hab es als weiteren Virenscanner interpretiert  Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten. GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ --> Windows Firewall wird immer wieder unbemerkt deaktiviert |
|
29.11.2012, 15:29
| #7 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert also mit GMR hat sich der Rechner richtig aufgehängt. Erst ist das Programm abgestürzt und beim zweiten Mal hat er sich dann aufgebaumelt und ich musste den Strom kappen, um überhaupt wieder was machenzu können. hier nun den anderen log: Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-11-29 15:10:37
-----------------------------
15:10:37.914 OS Version: Windows 6.0.6002 Service Pack 2
15:10:37.914 Number of processors: 2 586 0xE0C
15:10:37.914 ComputerName: DENISE-JÜRGENPC UserName: Denise
15:10:41.377 Initialize success
15:10:51.589 AVAST engine download error: 0
15:11:02.415 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-0
15:11:02.415 Disk 0 Vendor: WDC_WD16 04.0 Size: 152627MB BusType: 3
15:11:02.477 Disk 0 MBR read successfully
15:11:02.477 Disk 0 MBR scan
15:11:02.493 Disk 0 Windows VISTA default MBR code
15:11:02.493 Disk 0 Partition - 00 0F Extended LBA 30772 MB offset 249553710
15:11:02.493 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 121852 MB offset 63
15:11:02.524 Disk 0 Partition 2 00 0B FAT32 MSWIN4.1 30772 MB offset 249553773
15:11:02.524 Disk 0 scanning sectors +312576705
15:11:02.680 Disk 0 scanning C:\Windows\system32\drivers
15:11:14.723 Service scanning
15:11:36.626 Modules scanning
15:12:04.550 Disk 0 trace - called modules:
15:12:04.581 ntoskrnl.exe CLASSPNP.SYS disk.sys acpi.sys hal.dll iaStor.sys
15:12:04.581 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86d1a390]
15:12:04.581 3 CLASSPNP.SYS[88dba8b3] -> nt!IofCallDriver -> [0x859ee7a8]
15:12:04.597 5 acpi.sys[836446bc] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-0[0x859f4030]
15:12:04.597 Scan finished successfully
15:12:57.272 Disk 0 MBR has been saved successfully to "C:\Users\Denise\MBR.dat"
15:12:57.288 The log file has been saved successfully to "C:\Users\Denise\aswMBR.txt"
Densi |
|
29.11.2012, 15:40
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.11.2012, 16:54
| #9 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert dank dem Tipp, wo ich die log finde: Code:
ATTFilter 16:46:56.0197 2668 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
16:46:56.0291 2668 ============================================================
16:46:56.0291 2668 Current date / time: 2012/11/29 16:46:56.0291
16:46:56.0291 2668 SystemInfo:
16:46:56.0291 2668
16:46:56.0291 2668 OS Version: 6.0.6002 ServicePack: 2.0
16:46:56.0291 2668 Product type: Workstation
16:46:56.0291 2668 ComputerName: DENISE-JÜRGENPC
16:46:56.0291 2668 UserName: Denise
16:46:56.0291 2668 Windows directory: C:\Windows
16:46:56.0291 2668 System windows directory: C:\Windows
16:46:56.0291 2668 Processor architecture: Intel x86
16:46:56.0291 2668 Number of processors: 2
16:46:56.0291 2668 Page size: 0x1000
16:46:56.0291 2668 Boot type: Normal boot
16:46:56.0291 2668 ============================================================
16:46:56.0946 2668 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:46:56.0946 2668 ============================================================
16:46:56.0946 2668 \Device\Harddisk0\DR0:
16:46:56.0946 2668 MBR partitions:
16:46:56.0977 2668 \Device\Harddisk0\DR0\Partition1: MBR, Type 0xB, StartLBA 0xEDFE36D, BlocksNum 0x3C1A754
16:46:56.0977 2668 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0xEDFE2EF
16:46:56.0977 2668 ============================================================
16:46:57.0009 2668 C: <-> \Device\Harddisk0\DR0\Partition2
16:46:57.0024 2668 D: <-> \Device\Harddisk0\DR0\Partition1
16:46:57.0024 2668 ============================================================
16:46:57.0024 2668 Initialize success
16:46:57.0024 2668 ============================================================
16:47:12.0156 1640 ============================================================
16:47:12.0156 1640 Scan started
16:47:12.0156 1640 Mode: Manual; SigCheck; TDLFS;
16:47:12.0156 1640 ============================================================
16:47:12.0390 1640 ================ Scan system memory ========================
16:47:12.0390 1640 System memory - ok
16:47:12.0390 1640 ================ Scan services =============================
16:47:12.0624 1640 [ 4E5451DD0AEC8504D7F8030DD2D4C416 ] ACEDRV07 C:\Windows\system32\drivers\ACEDRV07.sys
16:47:12.0765 1640 ACEDRV07 ( UnsignedFile.Multi.Generic ) - warning
16:47:12.0765 1640 ACEDRV07 - detected UnsignedFile.Multi.Generic (1)
16:47:12.0827 1640 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
16:47:12.0921 1640 ACPI - ok
16:47:13.0030 1640 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:47:13.0045 1640 AdobeARMservice - ok
16:47:13.0201 1640 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:47:13.0217 1640 AdobeFlashPlayerUpdateSvc - ok
16:47:13.0311 1640 [ 2EDC5BBAC6C651ECE337BDE8ED97C9FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
16:47:13.0357 1640 adp94xx - ok
16:47:13.0389 1640 [ B84088CA3CDCA97DA44A984C6CE1CCAD ] adpahci C:\Windows\system32\drivers\adpahci.sys
16:47:13.0420 1640 adpahci - ok
16:47:13.0451 1640 [ 7880C67BCCC27C86FD05AA2AFB5EA469 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
16:47:13.0467 1640 adpu160m - ok
16:47:13.0529 1640 [ 9AE713F8E30EFC2ABCCD84904333DF4D ] adpu320 C:\Windows\system32\drivers\adpu320.sys
16:47:13.0545 1640 adpu320 - ok
16:47:13.0591 1640 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:47:13.0638 1640 AeLookupSvc - ok
16:47:13.0716 1640 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
16:47:13.0779 1640 AFD - ok
16:47:13.0825 1640 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
16:47:13.0841 1640 aic78xx - ok
16:47:13.0903 1640 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
16:47:13.0950 1640 ALG - ok
16:47:14.0013 1640 [ 496EDA16A127AC9A38BB285BEF17DBB5 ] aliide C:\Windows\system32\drivers\aliide.sys
16:47:14.0028 1640 aliide - ok
16:47:14.0106 1640 [ 2B13E304C9DFDFA5EB582F6A149FA2C7 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:47:14.0122 1640 amdagp - ok
16:47:14.0169 1640 [ 6F65F4147C54398D7280B18CEBBED215 ] amdide C:\Windows\system32\drivers\amdide.sys
16:47:14.0184 1640 amdide - ok
16:47:14.0231 1640 [ DC487885BCEF9F28EECE6FAC0E5DDFC5 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
16:47:14.0434 1640 AmdK7 - ok
16:47:14.0449 1640 [ 0CA0071DA4315B00FC1328CA86B425DA ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
16:47:14.0527 1640 AmdK8 - ok
16:47:14.0590 1640 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
16:47:14.0652 1640 Appinfo - ok
16:47:14.0668 1640 [ 5F673180268BB1FDB69C99B6619FE379 ] arc C:\Windows\system32\drivers\arc.sys
16:47:14.0683 1640 arc - ok
16:47:14.0730 1640 [ 957F7540B5E7F602E44648C7DE5A1C05 ] arcsas C:\Windows\system32\drivers\arcsas.sys
16:47:14.0746 1640 arcsas - ok
16:47:14.0808 1640 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:47:14.0855 1640 AsyncMac - ok
16:47:14.0902 1640 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
16:47:14.0917 1640 atapi - ok
16:47:14.0980 1640 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:47:15.0027 1640 AudioEndpointBuilder - ok
16:47:15.0042 1640 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:47:15.0073 1640 Audiosrv - ok
16:47:15.0120 1640 [ C46BA2C177DF0B84F9C0BFC1E4574DC7 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6x.sys
16:47:15.0136 1640 Avgfwfd - ok
16:47:15.0292 1640 [ BD5D11CEDBCDE4FA97D2387E7069B1FF ] avgfws C:\Program Files\AVG\AVG2012\avgfws.exe
16:47:15.0463 1640 avgfws - ok
16:47:15.0651 1640 [ F6A528DE535396C2FB1A4E3C6F00CEC4 ] AVGIDSAgent C:\Program Files\AVG\AVG2012\AVGIDSAgent.exe
16:47:16.0009 1640 AVGIDSAgent - ok
16:47:16.0056 1640 [ 1074F787080068C71303B61FAE7E7CA4 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdriverx.sys
16:47:16.0072 1640 AVGIDSDriver - ok
16:47:16.0103 1640 [ 61A7E0B02F82CFF3DB2445BBE50B3589 ] AVGIDSFilter C:\Windows\system32\DRIVERS\avgidsfilterx.sys
16:47:16.0119 1640 AVGIDSFilter - ok
16:47:16.0165 1640 [ D63D83659EEDF60B3A3E620281A888E5 ] AVGIDSHX C:\Windows\system32\DRIVERS\avgidshx.sys
16:47:16.0197 1640 AVGIDSHX - ok
16:47:16.0243 1640 [ BAF975B72062F53D327788E99D64197E ] AVGIDSShim C:\Windows\system32\DRIVERS\avgidsshimx.sys
16:47:16.0259 1640 AVGIDSShim - ok
16:47:16.0306 1640 [ DCB09125C8B4766A88C86914B65487C1 ] Avgldx86 C:\Windows\system32\DRIVERS\avgldx86.sys
16:47:16.0337 1640 Avgldx86 - ok
16:47:16.0368 1640 [ CCDD61545AAEA265977E4B1EFDC74E8C ] Avgmfx86 C:\Windows\system32\DRIVERS\avgmfx86.sys
16:47:16.0384 1640 Avgmfx86 - ok
16:47:16.0415 1640 [ 1FD90B28D2C3100BF4500199C8AD6358 ] Avgrkx86 C:\Windows\system32\DRIVERS\avgrkx86.sys
16:47:16.0431 1640 Avgrkx86 - ok
16:47:16.0462 1640 [ C0BC3B2E3FD625E7F55E1FF863E94592 ] Avgtdix C:\Windows\system32\DRIVERS\avgtdix.sys
16:47:16.0477 1640 Avgtdix - ok
16:47:16.0524 1640 [ 57D83B82117C2DDB9D7E9AEA691CEDFC ] avgtp C:\Windows\system32\drivers\avgtpx86.sys
16:47:16.0540 1640 avgtp - ok
16:47:16.0571 1640 [ EA1145DEBCD508FD25BD1E95C4346929 ] avgwd C:\Program Files\AVG\AVG2012\avgwdsvc.exe
16:47:16.0602 1640 avgwd - ok
16:47:16.0649 1640 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
16:47:16.0696 1640 Beep - ok
16:47:16.0774 1640 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
16:47:16.0821 1640 BFE - ok
16:47:16.0899 1640 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
16:47:17.0023 1640 BITS - ok
16:47:17.0039 1640 blbdrive - ok
16:47:17.0117 1640 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:47:17.0133 1640 bowser - ok
16:47:17.0179 1640 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
16:47:17.0226 1640 BrFiltLo - ok
16:47:17.0242 1640 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
16:47:17.0304 1640 BrFiltUp - ok
16:47:17.0335 1640 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
16:47:17.0382 1640 Browser - ok
16:47:17.0413 1640 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
16:47:17.0460 1640 Brserid - ok
16:47:17.0491 1640 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
16:47:17.0569 1640 BrSerWdm - ok
16:47:17.0585 1640 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
16:47:17.0663 1640 BrUsbMdm - ok
16:47:17.0679 1640 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
16:47:17.0741 1640 BrUsbSer - ok
16:47:17.0772 1640 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
16:47:17.0850 1640 BTHMODEM - ok
16:47:17.0959 1640 [ 41CD31307E054F878EA3FD7F7D2C2922 ] ccSet_NSM C:\Windows\system32\drivers\NSM\0206000.034\ccSetx86.sys
16:47:17.0975 1640 ccSet_NSM - ok
16:47:18.0037 1640 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:47:18.0100 1640 cdfs - ok
16:47:18.0131 1640 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:47:18.0178 1640 cdrom - ok
16:47:18.0256 1640 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
16:47:18.0303 1640 CertPropSvc - ok
16:47:18.0349 1640 [ DA8E0AFC7BAA226C538EF53AC2F90897 ] circlass C:\Windows\system32\drivers\circlass.sys
16:47:18.0412 1640 circlass - ok
16:47:18.0459 1640 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
16:47:18.0490 1640 CLFS - ok
16:47:18.0552 1640 ClipInc001 - ok
16:47:18.0630 1640 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:47:18.0646 1640 clr_optimization_v2.0.50727_32 - ok
16:47:18.0786 1640 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:47:18.0802 1640 clr_optimization_v4.0.30319_32 - ok
16:47:18.0849 1640 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:47:18.0911 1640 CmBatt - ok
16:47:18.0942 1640 [ 59172A0724F2AB769F31D61B0571D75B ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:47:18.0958 1640 cmdide - ok
16:47:18.0989 1640 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:47:19.0005 1640 Compbatt - ok
16:47:19.0005 1640 COMSysApp - ok
16:47:19.0051 1640 [ 2A213AE086BBEC5E937553C7D9A2B22C ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
16:47:19.0067 1640 crcdisk - ok
16:47:19.0098 1640 [ 22A7F883508176489F559EE745B5BF5D ] Crusoe C:\Windows\system32\drivers\crusoe.sys
16:47:19.0161 1640 Crusoe - ok
16:47:19.0223 1640 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:47:19.0270 1640 CryptSvc - ok
16:47:19.0332 1640 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
16:47:19.0395 1640 DcomLaunch - ok
16:47:19.0457 1640 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:47:19.0504 1640 DfsC - ok
16:47:19.0644 1640 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
16:47:19.0847 1640 DFSR - ok
16:47:19.0909 1640 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
16:47:19.0956 1640 Dhcp - ok
16:47:20.0003 1640 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
16:47:20.0019 1640 disk - ok
16:47:20.0081 1640 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:47:20.0143 1640 Dnscache - ok
16:47:20.0190 1640 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
16:47:20.0237 1640 dot3svc - ok
16:47:20.0284 1640 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
16:47:20.0346 1640 DPS - ok
16:47:20.0409 1640 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:47:20.0440 1640 drmkaud - ok
16:47:20.0518 1640 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:47:20.0611 1640 DXGKrnl - ok
16:47:20.0689 1640 [ F88FB26547FD2CE6D0A5AF2985892C48 ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
16:47:20.0752 1640 E1G60 - ok
16:47:20.0830 1640 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
16:47:20.0877 1640 EapHost - ok
16:47:20.0939 1640 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
16:47:20.0955 1640 Ecache - ok
16:47:21.0079 1640 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:47:21.0111 1640 ehRecvr - ok
16:47:21.0157 1640 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
16:47:21.0204 1640 ehSched - ok
16:47:21.0220 1640 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
16:47:21.0267 1640 ehstart - ok
16:47:21.0329 1640 [ E8F3F21A71720C84BCF423B80028359F ] elxstor C:\Windows\system32\drivers\elxstor.sys
16:47:21.0345 1640 elxstor - ok
16:47:21.0407 1640 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
16:47:21.0516 1640 EMDMgmt - ok
16:47:21.0579 1640 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
16:47:21.0641 1640 EventSystem - ok
16:47:21.0688 1640 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
16:47:21.0735 1640 exfat - ok
16:47:21.0781 1640 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:47:21.0828 1640 fastfat - ok
16:47:21.0844 1640 [ 63BDADA84951B9C03E641800E176898A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:47:21.0922 1640 fdc - ok
16:47:21.0953 1640 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
16:47:21.0984 1640 fdPHost - ok
16:47:22.0015 1640 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
16:47:22.0093 1640 FDResPub - ok
16:47:22.0125 1640 [ B2B2C38E916184FF8523C7439DDD417F ] FETNDIS C:\Windows\system32\DRIVERS\fetnd5.sys
16:47:22.0203 1640 FETNDIS - ok
16:47:22.0234 1640 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:47:22.0249 1640 FileInfo - ok
16:47:22.0296 1640 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:47:22.0343 1640 Filetrace - ok
16:47:22.0359 1640 [ 6603957EFF5EC62D25075EA8AC27DE68 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:47:22.0421 1640 flpydisk - ok
16:47:22.0468 1640 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:47:22.0483 1640 FltMgr - ok
16:47:22.0593 1640 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
16:47:22.0686 1640 FontCache - ok
16:47:22.0780 1640 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:47:22.0780 1640 FontCache3.0.0.0 - ok
16:47:22.0858 1640 [ B0082808A6856A252F7CDD939892CE50 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
16:47:22.0873 1640 fssfltr - ok
16:47:23.0045 1640 [ 28DDEEEC44E988657B732CF404D504CB ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe
16:47:23.0170 1640 fsssvc - ok
16:47:23.0232 1640 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:47:23.0263 1640 Fs_Rec - ok
16:47:23.0341 1640 [ 4E1CD0A45C50A8882616CAE5BF82F3C5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
16:47:23.0357 1640 gagp30kx - ok
16:47:23.0435 1640 [ 51B2D8629E1A0F463682F365D56325CB ] GnabService c:\program files\common files\gnab\service\servicecontroller.exe
16:47:23.0435 1640 GnabService ( UnsignedFile.Multi.Generic ) - warning
16:47:23.0435 1640 GnabService - detected UnsignedFile.Multi.Generic (1)
16:47:23.0513 1640 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
16:47:23.0575 1640 gpsvc - ok
16:47:23.0669 1640 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:23.0685 1640 gupdate - ok
16:47:23.0716 1640 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
16:47:23.0731 1640 gupdatem - ok
16:47:23.0778 1640 [ CB04C744BE0A61B1D648FAED182C3B59 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:47:23.0872 1640 HdAudAddService - ok
16:47:23.0919 1640 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
16:47:24.0012 1640 HDAudBus - ok
16:47:24.0028 1640 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
16:47:24.0121 1640 HidBth - ok
16:47:24.0137 1640 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
16:47:24.0215 1640 HidIr - ok
16:47:24.0262 1640 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
16:47:24.0293 1640 hidserv - ok
16:47:24.0340 1640 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
16:47:24.0371 1640 HidUsb - ok
16:47:24.0402 1640 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:47:24.0449 1640 hkmsvc - ok
16:47:24.0511 1640 [ 8B566EA71D5B76157A9CDB78F25A5731 ] Hotkey C:\Windows\system32\drivers\Hotkey.sys
16:47:24.0543 1640 Hotkey ( UnsignedFile.Multi.Generic ) - warning
16:47:24.0543 1640 Hotkey - detected UnsignedFile.Multi.Generic (1)
16:47:24.0558 1640 [ DF353B401001246853763C4B7AAA6F50 ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
16:47:24.0574 1640 HpCISSs - ok
16:47:24.0621 1640 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:47:24.0745 1640 HTTP - ok
16:47:24.0777 1640 [ 324C2152FF2C61ABAE92D09F3CCA4D63 ] i2omp C:\Windows\system32\drivers\i2omp.sys
16:47:24.0792 1640 i2omp - ok
16:47:24.0855 1640 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
16:47:24.0901 1640 i8042prt - ok
16:47:24.0948 1640 [ D72F2A013ADA9E2DDA417887A8DFD217 ] IAANTMON C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
16:47:24.0948 1640 IAANTMON ( UnsignedFile.Multi.Generic ) - warning
16:47:24.0948 1640 IAANTMON - detected UnsignedFile.Multi.Generic (1)
16:47:25.0089 1640 [ 9378D57E2B96C0A185D844770AD49948 ] ialm C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:25.0338 1640 ialm - ok
16:47:25.0369 1640 [ DE01BF14FFB150C779FD561BD0E3C5C5 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
16:47:25.0416 1640 iaStor - ok
16:47:25.0463 1640 [ C957BF4B5D80B46C5017BF0101E6C906 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
16:47:25.0479 1640 iaStorV - ok
16:47:25.0572 1640 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:47:25.0666 1640 idsvc - ok
16:47:25.0791 1640 [ 9378D57E2B96C0A185D844770AD49948 ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
16:47:25.0884 1640 igfx - ok
16:47:25.0915 1640 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
16:47:25.0931 1640 iirsp - ok
16:47:25.0993 1640 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
16:47:26.0071 1640 IKEEXT - ok
16:47:26.0165 1640 [ AEF2FA29204056B81BC4CBF30260DEE1 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
16:47:26.0305 1640 IntcAzAudAddService - ok
16:47:26.0368 1640 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
16:47:26.0383 1640 intelide - ok
16:47:26.0415 1640 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:47:26.0461 1640 intelppm - ok
16:47:26.0508 1640 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:47:26.0555 1640 IPBusEnum - ok
16:47:26.0586 1640 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:47:26.0633 1640 IpFilterDriver - ok
16:47:26.0680 1640 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:47:26.0742 1640 iphlpsvc - ok
16:47:26.0758 1640 IpInIp - ok
16:47:26.0805 1640 [ 40F34F8ABA2A015D780E4B09138B6C17 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
16:47:26.0867 1640 IPMIDRV - ok
16:47:26.0914 1640 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
16:47:26.0976 1640 IPNAT - ok
16:47:27.0007 1640 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:47:27.0054 1640 IRENUM - ok
16:47:27.0085 1640 [ 350FCA7E73CF65BCEF43FAE1E4E91293 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:47:27.0101 1640 isapnp - ok
16:47:27.0163 1640 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
16:47:27.0179 1640 iScsiPrt - ok
16:47:27.0210 1640 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
16:47:27.0226 1640 iteatapi - ok
16:47:27.0241 1640 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
16:47:27.0257 1640 iteraid - ok
16:47:27.0319 1640 [ 5DCE7EED60BAE992BAB7F5FF1CE60641 ] Iviaspi C:\Windows\system32\drivers\iviaspi.sys
16:47:27.0335 1640 Iviaspi - ok
16:47:27.0366 1640 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
16:47:27.0382 1640 IviRegMgr - ok
16:47:27.0429 1640 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:47:27.0444 1640 kbdclass - ok
16:47:27.0475 1640 [ D2600CB17B7408B4A83F231DC9A11AC3 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
16:47:27.0538 1640 kbdhid - ok
16:47:27.0569 1640 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
16:47:27.0585 1640 KeyIso - ok
16:47:27.0647 1640 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:47:27.0678 1640 KSecDD - ok
16:47:27.0756 1640 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
16:47:27.0819 1640 KtmRm - ok
16:47:27.0865 1640 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
16:47:27.0912 1640 LanmanServer - ok
16:47:27.0975 1640 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:47:28.0006 1640 LanmanWorkstation - ok
16:47:28.0068 1640 [ 6E5DAC168D1FF9843E84A59D51D31107 ] LightScribeService C:\Program Files\Common Files\LightScribe\LSSrvc.exe
16:47:28.0084 1640 LightScribeService ( UnsignedFile.Multi.Generic ) - warning
16:47:28.0084 1640 LightScribeService - detected UnsignedFile.Multi.Generic (1)
16:47:28.0115 1640 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:47:28.0162 1640 lltdio - ok
16:47:28.0209 1640 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:47:28.0255 1640 lltdsvc - ok
16:47:28.0287 1640 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
16:47:28.0365 1640 lmhosts - ok
16:47:28.0411 1640 [ A2262FB9F28935E862B4DB46438C80D2 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
16:47:28.0427 1640 LSI_FC - ok
16:47:28.0458 1640 [ 30D73327D390F72A62F32C103DAF1D6D ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
16:47:28.0474 1640 LSI_SAS - ok
16:47:28.0489 1640 [ E1E36FEFD45849A95F1AB81DE0159FE3 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
16:47:28.0505 1640 LSI_SCSI - ok
16:47:28.0552 1640 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
16:47:28.0599 1640 luafv - ok
16:47:28.0599 1640 mailKmd - ok
16:47:28.0677 1640 [ 500D089CE760D83DA2B6CBA681AA9949 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
16:47:28.0692 1640 MBAMProtector - ok
16:47:28.0895 1640 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
16:47:28.0926 1640 MBAMScheduler - ok
16:47:28.0989 1640 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
16:47:29.0051 1640 MBAMService - ok
16:47:29.0129 1640 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:47:29.0160 1640 Mcx2Svc - ok
16:47:29.0207 1640 [ D153B14FC6598EAE8422A2037553ADCE ] megasas C:\Windows\system32\drivers\megasas.sys
16:47:29.0223 1640 megasas - ok
16:47:29.0269 1640 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
16:47:29.0316 1640 MMCSS - ok
16:47:29.0363 1640 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
16:47:29.0425 1640 Modem - ok
16:47:29.0472 1640 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:47:29.0519 1640 monitor - ok
16:47:29.0566 1640 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:47:29.0597 1640 mouclass - ok
16:47:29.0597 1640 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:47:29.0675 1640 mouhid - ok
16:47:29.0737 1640 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
16:47:29.0753 1640 MountMgr - ok
16:47:29.0769 1640 [ 583A41F26278D9E0EA548163D6139397 ] mpio C:\Windows\system32\drivers\mpio.sys
16:47:29.0784 1640 mpio - ok
16:47:29.0831 1640 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:47:29.0847 1640 mpsdrv - ok
16:47:29.0909 1640 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
16:47:29.0987 1640 MpsSvc - ok
16:47:30.0018 1640 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
16:47:30.0034 1640 Mraid35x - ok
16:47:30.0081 1640 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:47:30.0112 1640 MRxDAV - ok
16:47:30.0174 1640 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:47:30.0221 1640 mrxsmb - ok
16:47:30.0252 1640 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:47:30.0299 1640 mrxsmb10 - ok
16:47:30.0315 1640 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:47:30.0346 1640 mrxsmb20 - ok
16:47:30.0377 1640 [ 86068B8B54A5EB092F51657F00B2222A ] msahci C:\Windows\system32\drivers\msahci.sys
16:47:30.0393 1640 msahci - ok
16:47:30.0439 1640 [ 3FC82A2AE4CC149165A94699183D3028 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:47:30.0455 1640 msdsm - ok
16:47:30.0502 1640 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
16:47:30.0549 1640 MSDTC - ok
16:47:30.0611 1640 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:47:30.0642 1640 Msfs - ok
16:47:30.0720 1640 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:47:30.0720 1640 msisadrv - ok
16:47:30.0767 1640 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:47:30.0814 1640 MSiSCSI - ok
16:47:30.0829 1640 msiserver - ok
16:47:30.0892 1640 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:47:30.0939 1640 MSKSSRV - ok
16:47:31.0001 1640 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:47:31.0048 1640 MSPCLOCK - ok
16:47:31.0110 1640 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:47:31.0141 1640 MSPQM - ok
16:47:31.0188 1640 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:47:31.0219 1640 MsRPC - ok
16:47:31.0235 1640 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
16:47:31.0251 1640 mssmbios - ok
16:47:31.0282 1640 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:47:31.0329 1640 MSTEE - ok
16:47:31.0375 1640 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
16:47:31.0391 1640 Mup - ok
16:47:31.0438 1640 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
16:47:31.0485 1640 napagent - ok
16:47:31.0547 1640 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:47:31.0578 1640 NativeWifiP - ok
16:47:31.0719 1640 [ 3BAE2BFCB6D69E19C8373F635DD544DC ] NBService C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
16:47:31.0781 1640 NBService - ok
16:47:31.0843 1640 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:47:31.0875 1640 NDIS - ok
16:47:31.0921 1640 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:47:31.0953 1640 NdisTapi - ok
16:47:31.0999 1640 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:47:32.0046 1640 Ndisuio - ok
16:47:32.0077 1640 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:47:32.0124 1640 NdisWan - ok
16:47:32.0171 1640 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:47:32.0218 1640 NDProxy - ok
16:47:32.0249 1640 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:47:32.0296 1640 NetBIOS - ok
16:47:32.0343 1640 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
16:47:32.0389 1640 netbt - ok
16:47:32.0421 1640 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
16:47:32.0436 1640 Netlogon - ok
16:47:32.0483 1640 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
16:47:32.0514 1640 Netman - ok
16:47:32.0561 1640 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
16:47:32.0608 1640 netprofm - ok
16:47:32.0639 1640 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:47:32.0655 1640 NetTcpPortSharing - ok
16:47:32.0701 1640 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
16:47:32.0717 1640 nfrd960 - ok
16:47:32.0748 1640 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
16:47:32.0811 1640 NlaSvc - ok
16:47:32.0935 1640 [ 193FA51DDDD0BFFDED1C340F0434999A ] NMIndexingService C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
16:47:32.0967 1640 NMIndexingService - ok
16:47:33.0029 1640 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:47:33.0060 1640 Npfs - ok
16:47:33.0091 1640 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
16:47:33.0138 1640 nsi - ok
16:47:33.0169 1640 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:47:33.0232 1640 nsiproxy - ok
16:47:33.0325 1640 [ 8D11DA92F83D8C8281689739BEF05FD5 ] NSM C:\Program Files\Norton Family\Engine\2.6.0.52\ccSvcHst.exe
16:47:33.0341 1640 NSM - ok
16:47:33.0435 1640 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:47:33.0544 1640 Ntfs - ok
16:47:33.0591 1640 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
16:47:33.0669 1640 ntrigdigi - ok
16:47:33.0731 1640 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
16:47:33.0840 1640 Null - ok
16:47:33.0887 1640 [ E69E946F80C1C31C53003BFBF50CBB7C ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:47:33.0903 1640 nvraid - ok
16:47:33.0949 1640 [ 9E0BA19A28C498A6D323D065DB76DFFC ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:47:33.0965 1640 nvstor - ok
16:47:33.0996 1640 [ 07C186427EB8FCC3D8D7927187F260F7 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:47:34.0012 1640 nv_agp - ok
16:47:34.0027 1640 NwlnkFlt - ok
16:47:34.0043 1640 NwlnkFwd - ok
16:47:34.0121 1640 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
16:47:34.0168 1640 odserv - ok
16:47:34.0215 1640 [ 6F310E890D46E246E0E261A63D9B36B4 ] ohci1394 C:\Windows\system32\DRIVERS\ohci1394.sys
16:47:34.0246 1640 ohci1394 - ok
16:47:34.0293 1640 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
16:47:34.0324 1640 ose - ok
16:47:34.0386 1640 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
16:47:34.0495 1640 p2pimsvc - ok
16:47:34.0511 1640 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
16:47:34.0558 1640 p2psvc - ok
16:47:34.0589 1640 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:47:34.0667 1640 Parport - ok
16:47:34.0698 1640 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:47:34.0714 1640 partmgr - ok
16:47:34.0745 1640 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:47:34.0807 1640 Parvdm - ok
16:47:34.0854 1640 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
16:47:34.0917 1640 PcaSvc - ok
16:47:34.0963 1640 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
16:47:34.0995 1640 pci - ok
16:47:35.0041 1640 [ 304048C2565A803D091CCA1AC945F593 ] pciide C:\Windows\system32\drivers\pciide.sys
16:47:35.0057 1640 pciide - ok
16:47:35.0073 1640 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
16:47:35.0104 1640 pcmcia - ok
16:47:35.0151 1640 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:47:35.0275 1640 PEAUTH - ok
16:47:35.0369 1640 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
16:47:35.0509 1640 pla - ok
16:47:35.0556 1640 [ 875E4E0661F3A5994DF9E5E3A0A4F96B ] PLFlash DeviceIoControl Service C:\Windows\system32\IoctlSvc.exe
16:47:35.0556 1640 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - warning
16:47:35.0556 1640 PLFlash DeviceIoControl Service - detected UnsignedFile.Multi.Generic (1)
16:47:35.0603 1640 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:47:35.0634 1640 PlugPlay - ok
16:47:35.0681 1640 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
16:47:35.0712 1640 PNRPAutoReg - ok
16:47:35.0759 1640 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
16:47:35.0790 1640 PNRPsvc - ok
16:47:35.0853 1640 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:47:35.0899 1640 PolicyAgent - ok
16:47:35.0931 1640 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:47:35.0977 1640 PptpMiniport - ok
16:47:36.0024 1640 [ 0E3CEF5D28B40CF273281D620C50700A ] Processor C:\Windows\system32\drivers\processr.sys
16:47:36.0087 1640 Processor - ok
16:47:36.0133 1640 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
16:47:36.0165 1640 ProfSvc - ok
16:47:36.0180 1640 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
16:47:36.0196 1640 ProtectedStorage - ok
16:47:36.0243 1640 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
16:47:36.0274 1640 PSched - ok
16:47:36.0352 1640 [ CCDAC889326317792480C0A67156A1EC ] ql2300 C:\Windows\system32\drivers\ql2300.sys
16:47:36.0445 1640 ql2300 - ok
16:47:36.0477 1640 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
16:47:36.0492 1640 ql40xx - ok
16:47:36.0539 1640 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
16:47:36.0586 1640 QWAVE - ok
16:47:36.0617 1640 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:47:36.0633 1640 QWAVEdrv - ok
16:47:36.0757 1640 [ E642B131FB74CAF4BB8A014F31113142 ] R300 C:\Windows\system32\DRIVERS\atikmdag.sys
16:47:36.0960 1640 R300 - ok
16:47:37.0007 1640 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:47:37.0054 1640 RasAcd - ok
16:47:37.0101 1640 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
16:47:37.0163 1640 RasAuto - ok
16:47:37.0210 1640 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:47:37.0257 1640 Rasl2tp - ok
16:47:37.0303 1640 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
16:47:37.0350 1640 RasMan - ok
16:47:37.0381 1640 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:47:37.0413 1640 RasPppoe - ok
16:47:37.0459 1640 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:47:37.0475 1640 RasSstp - ok
16:47:37.0506 1640 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:47:37.0569 1640 rdbss - ok
16:47:37.0600 1640 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:47:37.0647 1640 RDPCDD - ok
16:47:37.0693 1640 [ E8BD98D46F2ED77132BA927FCCB47D8B ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
16:47:37.0771 1640 rdpdr - ok
16:47:37.0787 1640 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:47:37.0818 1640 RDPENCDD - ok
16:47:37.0865 1640 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:47:37.0912 1640 RDPWD - ok
16:47:37.0959 1640 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
16:47:38.0005 1640 RemoteAccess - ok
16:47:38.0052 1640 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:47:38.0068 1640 RemoteRegistry - ok
16:47:38.0130 1640 [ D85E3FA9F5B1F29BB4ED185C450D1470 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
16:47:38.0161 1640 rimmptsk - ok
16:47:38.0193 1640 [ DB8EB01C58C9FADA00C70B1775278AE0 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
16:47:38.0239 1640 rimsptsk - ok
16:47:38.0271 1640 [ 6C1F93C0760C9F79A1869D07233DF39D ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
16:47:38.0302 1640 rismxdp - ok
16:47:38.0349 1640 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
16:47:38.0395 1640 RpcLocator - ok
16:47:38.0427 1640 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
16:47:38.0473 1640 RpcSs - ok
16:47:38.0505 1640 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:47:38.0567 1640 rspndr - ok
16:47:38.0583 1640 [ B8B159FA669C6386A458FCD468EBB1E6 ] RTL8169 C:\Windows\system32\DRIVERS\Rtlh86.sys
16:47:38.0645 1640 RTL8169 - ok
16:47:38.0707 1640 [ 0F2D736066656DEE1C791087E0751E99 ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys
16:47:38.0754 1640 RTL8187B - ok
16:47:38.0770 1640 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
16:47:38.0785 1640 SamSs - ok
16:47:38.0817 1640 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:47:38.0832 1640 sbp2port - ok
16:47:38.0879 1640 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:47:38.0910 1640 SCardSvr - ok
16:47:38.0988 1640 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
16:47:39.0066 1640 Schedule - ok
16:47:39.0097 1640 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
16:47:39.0129 1640 SCPolicySvc - ok
16:47:39.0191 1640 [ 8F36B54688C31EED4580129040C6A3D3 ] sdbus C:\Windows\system32\DRIVERS\sdbus.sys
16:47:39.0222 1640 sdbus - ok
16:47:39.0253 1640 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:47:39.0316 1640 SDRSVC - ok
16:47:39.0331 1640 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:47:39.0409 1640 secdrv - ok
16:47:39.0456 1640 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
16:47:39.0503 1640 seclogon - ok
16:47:39.0519 1640 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
16:47:39.0581 1640 SENS - ok
16:47:39.0597 1640 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:47:39.0675 1640 Serenum - ok
16:47:39.0706 1640 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:47:39.0815 1640 Serial - ok
16:47:39.0831 1640 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
16:47:39.0877 1640 sermouse - ok
16:47:39.0940 1640 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
16:47:39.0987 1640 SessionEnv - ok
16:47:40.0033 1640 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
16:47:40.0080 1640 sffdisk - ok
16:47:40.0111 1640 [ 8FD08A310645FE872EEEC6E08C6BF3EE ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:47:40.0189 1640 sffp_mmc - ok
16:47:40.0236 1640 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
16:47:40.0267 1640 sffp_sd - ok
16:47:40.0299 1640 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
16:47:40.0361 1640 sfloppy - ok
16:47:40.0408 1640 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:47:40.0470 1640 SharedAccess - ok
16:47:40.0517 1640 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:47:40.0579 1640 ShellHWDetection - ok
16:47:40.0595 1640 [ CEDD6F4E7D84E9F98B34B3FE988373AA ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
16:47:40.0611 1640 SiSRaid2 - ok
16:47:40.0657 1640 [ DF843C528C4F69D12CE41CE462E973A7 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
16:47:40.0673 1640 SiSRaid4 - ok
16:47:40.0907 1640 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
16:47:41.0141 1640 Skype C2C Service - ok
16:47:41.0219 1640 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
16:47:41.0235 1640 SkypeUpdate - ok
16:47:41.0375 1640 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
16:47:41.0609 1640 slsvc - ok
16:47:41.0656 1640 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
16:47:41.0687 1640 SLUINotify - ok
16:47:41.0734 1640 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:47:41.0781 1640 Smb - ok
16:47:41.0859 1640 [ C8A58FC905C9184FA70E37F71060C64D ] smserial C:\Windows\system32\DRIVERS\smserial.sys
16:47:41.0968 1640 smserial - ok
16:47:42.0015 1640 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:47:42.0030 1640 SNMPTRAP - ok
16:47:42.0124 1640 [ 53D1E2ECBF26B313FFDD2B8BA3D2F66E ] SNP2UVC C:\Windows\system32\DRIVERS\snp2uvc.sys
16:47:42.0280 1640 SNP2UVC - ok
16:47:42.0311 1640 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
16:47:42.0327 1640 spldr - ok
16:47:42.0389 1640 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
16:47:42.0405 1640 Spooler - ok
16:47:42.0467 1640 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:47:42.0498 1640 srv - ok
16:47:42.0561 1640 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:47:42.0607 1640 srv2 - ok
16:47:42.0670 1640 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:47:42.0685 1640 srvnet - ok
16:47:42.0732 1640 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:47:42.0779 1640 SSDPSRV - ok
16:47:42.0857 1640 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:47:42.0873 1640 ssmdrv - ok
16:47:42.0935 1640 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:47:42.0951 1640 SstpSvc - ok
16:47:43.0013 1640 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
16:47:43.0138 1640 stisvc - ok
16:47:43.0185 1640 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
16:47:43.0200 1640 swenum - ok
16:47:43.0247 1640 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
16:47:43.0294 1640 swprv - ok
16:47:43.0341 1640 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
16:47:43.0356 1640 Symc8xx - ok
16:47:43.0387 1640 [ C940F10C31E2C60CC967FFD6A370720C ] SymEvent C:\Windows\system32\Drivers\SYMEVENT.SYS
16:47:43.0403 1640 SymEvent - ok
16:47:43.0497 1640 [ BB77096DC7F6E408D44C0BC6D2641850 ] SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} C:\Windows\System32\Drivers\NSM\0206000.034\SymRdr.SYS
16:47:43.0528 1640 SYMRDR_{78CA3BF0-9C3B-40e1-B46D-38C877EF059A} - ok
16:47:43.0543 1640 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
16:47:43.0559 1640 Sym_hi - ok
16:47:43.0590 1640 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
16:47:43.0606 1640 Sym_u3 - ok
16:47:43.0668 1640 [ 3196C5DF63D5E86FC0041AE0C816B80F ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
16:47:43.0684 1640 SynTP - ok
16:47:43.0746 1640 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
16:47:43.0824 1640 SysMain - ok
16:47:43.0855 1640 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:47:43.0887 1640 TabletInputService - ok
16:47:43.0933 1640 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
16:47:43.0996 1640 TapiSrv - ok
16:47:44.0058 1640 [ 77BD6143C6DCE0A1BF7B5571BED860DC ] tbhsd C:\Windows\system32\drivers\tbhsd.sys
16:47:44.0074 1640 tbhsd - ok
16:47:44.0121 1640 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
16:47:44.0183 1640 TBS - ok
16:47:44.0245 1640 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:47:44.0339 1640 Tcpip - ok
16:47:44.0370 1640 [ EE7E10BED85C312C1D5D30C435BDDA9F ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
16:47:44.0433 1640 Tcpip6 - ok
16:47:44.0479 1640 [ 2C2D4CFF5E09C73908F9B5AF49A51365 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:47:44.0526 1640 tcpipreg - ok
16:47:44.0557 1640 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:47:44.0589 1640 TDPIPE - ok
16:47:44.0635 1640 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:47:44.0682 1640 TDTCP - ok
16:47:44.0729 1640 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:47:44.0760 1640 tdx - ok
16:47:44.0916 1640 [ 9C1F776825207C203CB44CA3C63B5A6E ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe
16:47:45.0119 1640 TeamViewer7 - ok
16:47:45.0135 1640 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
16:47:45.0150 1640 TermDD - ok
16:47:45.0197 1640 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
16:47:45.0275 1640 TermService - ok
16:47:45.0306 1640 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
16:47:45.0322 1640 Themes - ok
16:47:45.0353 1640 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
16:47:45.0384 1640 THREADORDER - ok
16:47:45.0415 1640 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
16:47:45.0447 1640 TrkWks - ok
16:47:45.0509 1640 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:47:45.0556 1640 TrustedInstaller - ok
16:47:45.0603 1640 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:47:45.0649 1640 tssecsrv - ok
16:47:45.0743 1640 [ 6EB2DC366A0D69FF7295ADF7C4253475 ] TuneUp.Defrag C:\Program Files\TuneUp Utilities 2010\TuneUpDefragService.exe
16:47:45.0805 1640 TuneUp.Defrag - ok
16:47:45.0915 1640 [ 38556055313BC87C21457E000BBAECA2 ] TuneUp.UtilitiesSvc C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesService32.exe
16:47:45.0977 1640 TuneUp.UtilitiesSvc - ok
16:47:46.0024 1640 [ F2107C9D85EC0DF116939CCCE06AE697 ] TuneUpUtilitiesDrv C:\Program Files\TuneUp Utilities 2010\TuneUpUtilitiesDriver32.sys
16:47:46.0039 1640 TuneUpUtilitiesDrv - ok
16:47:46.0086 1640 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
16:47:46.0117 1640 tunmp - ok
16:47:46.0164 1640 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:47:46.0195 1640 tunnel - ok
16:47:46.0211 1640 [ C3ADE15414120033A36C0F293D4A4121 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:47:46.0227 1640 uagp35 - ok
16:47:46.0273 1640 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:47:46.0305 1640 udfs - ok
16:47:46.0367 1640 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:47:46.0398 1640 UI0Detect - ok
16:47:46.0461 1640 [ F13DA74969897359A88F2A739F54A250 ] UleadBurningHelper C:\Program Files\Common Files\Ulead Systems\DVD\ULCDRSvr.exe
16:47:46.0476 1640 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - warning
16:47:46.0476 1640 UleadBurningHelper - detected UnsignedFile.Multi.Generic (1)
16:47:46.0492 1640 [ 75E6890EBFCE0841D3291B02E7A8BDB0 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:47:46.0523 1640 uliagpkx - ok
16:47:46.0554 1640 [ 3CD4EA35A6221B85DCC25DAA46313F8D ] uliahci C:\Windows\system32\drivers\uliahci.sys
16:47:46.0570 1640 uliahci - ok
16:47:46.0601 1640 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
16:47:46.0617 1640 UlSata - ok
16:47:46.0648 1640 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
16:47:46.0663 1640 ulsata2 - ok
16:47:46.0695 1640 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
16:47:46.0726 1640 umbus - ok
16:47:46.0773 1640 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
16:47:46.0804 1640 upnphost - ok
16:47:46.0851 1640 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:47:46.0897 1640 usbccgp - ok
16:47:46.0913 1640 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:47:46.0991 1640 usbcir - ok
16:47:47.0053 1640 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:47:47.0100 1640 usbehci - ok
16:47:47.0131 1640 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:47:47.0178 1640 usbhub - ok
16:47:47.0194 1640 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:47:47.0287 1640 usbohci - ok
16:47:47.0319 1640 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:47:47.0365 1640 usbprint - ok
16:47:47.0428 1640 [ A508C9BD8724980512136B039BBA65E9 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:47:47.0459 1640 usbscan - ok
16:47:47.0490 1640 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:47:47.0553 1640 USBSTOR - ok
16:47:47.0584 1640 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:47:47.0615 1640 usbuhci - ok
16:47:47.0662 1640 [ 0A6B81F01BC86399482E27E6FDA7B33B ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
16:47:47.0740 1640 usbvideo - ok
16:47:47.0787 1640 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
16:47:47.0849 1640 UxSms - ok
16:47:47.0896 1640 [ 5BCE34CFE78E80DDE4FD1F3249565BBB ] UxTuneUp C:\Windows\System32\uxtuneup.dll
16:47:47.0911 1640 UxTuneUp - ok
16:47:47.0958 1640 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
16:47:48.0052 1640 vds - ok
16:47:48.0130 1640 [ 7D92BE0028ECDEDEC74617009084B5EF ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:47:48.0192 1640 vga - ok
16:47:48.0255 1640 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
16:47:48.0301 1640 VgaSave - ok
16:47:48.0333 1640 [ 045D9961E591CF0674A920B6BA3BA5CB ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:47:48.0348 1640 viaagp - ok
16:47:48.0379 1640 [ 56A4DE5F02F2E88182B0981119B4DD98 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
16:47:48.0442 1640 ViaC7 - ok
16:47:48.0473 1640 [ 7AA7EC9A08DC2C39649C413B1A26E298 ] viaide C:\Windows\system32\drivers\viaide.sys
16:47:48.0504 1640 viaide - ok
16:47:48.0520 1640 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:47:48.0535 1640 volmgr - ok
16:47:48.0582 1640 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:47:48.0613 1640 volmgrx - ok
16:47:48.0645 1640 [ 147281C01FCB1DF9252DE2A10D5E7093 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:47:48.0660 1640 volsnap - ok
16:47:48.0691 1640 [ D984439746D42B30FC65A4C3546C6829 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
16:47:48.0707 1640 vsmraid - ok
16:47:48.0801 1640 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
16:47:48.0879 1640 VSS - ok
16:47:49.0019 1640 [ 7D110D645030C05A06C3CD08D1E47D0A ] vToolbarUpdater13.2.0 C:\Program Files\Common Files\AVG Secure Search\vToolbarUpdater\13.2.0\ToolbarUpdater.exe
16:47:49.0081 1640 vToolbarUpdater13.2.0 - ok
16:47:49.0128 1640 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
16:47:49.0175 1640 W32Time - ok
16:47:49.0191 1640 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
16:47:49.0253 1640 WacomPen - ok
16:47:49.0300 1640 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
16:47:49.0331 1640 Wanarp - ok
16:47:49.0331 1640 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:47:49.0362 1640 Wanarpv6 - ok
16:47:49.0393 1640 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:47:49.0425 1640 wcncsvc - ok
16:47:49.0440 1640 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:47:49.0487 1640 WcsPlugInService - ok
16:47:49.0518 1640 [ AFC5AD65B991C1E205CF25CFDBF7A6F4 ] Wd C:\Windows\system32\drivers\wd.sys
16:47:49.0534 1640 Wd - ok
16:47:49.0612 1640 [ B6F0A7AD6D4BD325FBCD8BAC96CD8D96 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:47:49.0643 1640 Wdf01000 - ok
16:47:49.0690 1640 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:47:49.0752 1640 WdiServiceHost - ok
16:47:49.0752 1640 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:47:49.0799 1640 WdiSystemHost - ok
16:47:49.0846 1640 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
16:47:49.0893 1640 WebClient - ok
16:47:49.0939 1640 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:47:50.0002 1640 Wecsvc - ok
16:47:50.0033 1640 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:47:50.0095 1640 wercplsupport - ok
16:47:50.0142 1640 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
16:47:50.0189 1640 WerSvc - ok
16:47:50.0251 1640 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:47:50.0267 1640 WinDefend - ok
16:47:50.0283 1640 WinHttpAutoProxySvc - ok
16:47:50.0345 1640 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:47:50.0361 1640 Winmgmt - ok
16:47:50.0439 1640 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
16:47:50.0563 1640 WinRM - ok
16:47:50.0657 1640 [ B0E6FAA0F0EAD4772C545A3737EFB47F ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe
16:47:50.0657 1640 WisLMSvc ( UnsignedFile.Multi.Generic ) - warning
16:47:50.0657 1640 WisLMSvc - detected UnsignedFile.Multi.Generic (1)
16:47:50.0735 1640 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:47:50.0844 1640 Wlansvc - ok
16:47:51.0016 1640 [ 6067ACEF367E79914AF628FA1E9B5330 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
16:47:51.0031 1640 wlcrasvc - ok
16:47:51.0141 1640 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:47:51.0281 1640 wlidsvc - ok
16:47:51.0312 1640 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
16:47:51.0359 1640 WmiAcpi - ok
16:47:51.0406 1640 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:47:51.0453 1640 wmiApSrv - ok
16:47:51.0562 1640 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:47:51.0624 1640 WMPNetworkSvc - ok
16:47:51.0671 1640 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:47:51.0702 1640 WPCSvc - ok
16:47:51.0749 1640 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:47:51.0780 1640 WPDBusEnum - ok
16:47:51.0952 1640 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
16:47:52.0014 1640 WPFFontCache_v0400 - ok
16:47:52.0045 1640 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:47:52.0077 1640 ws2ifsl - ok
16:47:52.0123 1640 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
16:47:52.0155 1640 wscsvc - ok
16:47:52.0170 1640 WSearch - ok
16:47:52.0264 1640 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:47:52.0435 1640 wuauserv - ok
16:47:52.0498 1640 [ AC13CB789D93412106B0FB6C7EB2BCB6 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:47:52.0545 1640 WUDFRd - ok
16:47:52.0591 1640 [ 575A4190D989F64732119E4114045A4F ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:47:52.0638 1640 wudfsvc - ok
16:47:52.0685 1640 ================ Scan global ===============================
16:47:52.0716 1640 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
16:47:52.0763 1640 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:52.0794 1640 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
16:47:52.0857 1640 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
16:47:52.0857 1640 [Global] - ok
16:47:52.0857 1640 ================ Scan MBR ==================================
16:47:52.0872 1640 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
16:47:53.0512 1640 \Device\Harddisk0\DR0 - ok
16:47:53.0512 1640 ================ Scan VBR ==================================
16:47:53.0527 1640 [ 04F8AC9F3E3667E716E9DFE8CAAA6810 ] \Device\Harddisk0\DR0\Partition1
16:47:53.0543 1640 \Device\Harddisk0\DR0\Partition1 - ok
16:47:53.0543 1640 [ 4B1D68FD8CA15EE4266C68622C739133 ] \Device\Harddisk0\DR0\Partition2
16:47:53.0543 1640 \Device\Harddisk0\DR0\Partition2 - ok
16:47:53.0543 1640 ============================================================
16:47:53.0543 1640 Scan finished
16:47:53.0543 1640 ============================================================
16:47:53.0559 2540 Detected object count: 8
16:47:53.0559 2540 Actual detected object count: 8
16:48:36.0100 2540 ACEDRV07 ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 ACEDRV07 ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0100 2540 GnabService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 GnabService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0100 2540 Hotkey ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 Hotkey ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0100 2540 IAANTMON ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 IAANTMON ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0100 2540 LightScribeService ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 LightScribeService ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0100 2540 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0100 2540 PLFlash DeviceIoControl Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0115 2540 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0115 2540 UleadBurningHelper ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:48:36.0115 2540 WisLMSvc ( UnsignedFile.Multi.Generic ) - skipped by user
16:48:36.0115 2540 WisLMSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
16:51:37.0883 4552 Deinitialize success
|
|
29.11.2012, 17:38
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Downloade dir bitte Farbar's Service Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.11.2012, 17:47
| #11 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviertCode:
ATTFilter Farbar Service Scanner Version: 09-11-2012
Ran by Denise (administrator) on 29-11-2012 at 17:44:56
Running from "C:\Users\Denise\Downloads"
Windows Vista (TM) Home Premium Service Pack 2 (X86)
Boot Mode: Normal
****************************************************************
Internet Services:
============
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.
IE proxy is enabled.
Windows Firewall:
=============
Firewall Disabled Policy:
==================
System Restore:
============
System Restore Disabled Policy:
========================
Security Center:
============
Other Services:
==============
File Check:
========
C:\Windows\system32\nsisvc.dll => MD5 is legit
C:\Windows\system32\Drivers\nsiproxy.sys => MD5 is legit
C:\Windows\system32\dhcpcsvc.dll => MD5 is legit
C:\Windows\system32\Drivers\afd.sys => MD5 is legit
C:\Windows\system32\Drivers\tdx.sys => MD5 is legit
C:\Windows\system32\Drivers\tcpip.sys => MD5 is legit
C:\Windows\system32\dnsrslvr.dll => MD5 is legit
C:\Windows\system32\mpssvc.dll => MD5 is legit
C:\Windows\system32\bfe.dll => MD5 is legit
C:\Windows\system32\Drivers\mpsdrv.sys => MD5 is legit
C:\Windows\system32\SDRSVC.dll => MD5 is legit
C:\Windows\system32\vssvc.exe => MD5 is legit
C:\Windows\system32\wscsvc.dll => MD5 is legit
C:\Windows\system32\wbem\WMIsvc.dll => MD5 is legit
C:\Windows\system32\svchost.exe => MD5 is legit
C:\Windows\system32\rpcss.dll => MD5 is legit
**** End of log ****
ich habe den Eindruck, dass ich kapiere, was gemacht werden muss kann man schon sagen, was da los ist? |
|
29.11.2012, 20:20
| #12 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Irgendwas stimmt da nicht, bite ein Log mit CF machen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.11.2012, 21:40
| #13 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert Ich finde leider die Datei nicht und hatte vergessen, den Text zu kopieren und nun? und nun funktioniert der windows sicherheitscenter nicht mehr und lässt sich auch nicht mehr einschalten :-( die firewall ist nach wie vor manuell einzuschalten. |
|
29.11.2012, 22:29
| #14 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Firewall wird immer wieder unbemerkt deaktiviert Es steht alles in der Anleitung Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.11.2012, 22:45
| #15 |
| | Windows Firewall wird immer wieder unbemerkt deaktiviert Dort habe ich gesucht, aber nichts gefunden. Ich habe auch auf C: per Suchprogramm suchen lassen, aber es wurde nichts gefunden. Vielleicht mache ich etwas falsch? Im Windowsordner habe ich folgendes gefunden: Code:
ATTFilter 11/27/2012 17:31:53 - PFRO Error: \??\C:\Users\Denise\Downloads\Miro_setup.exe, |delete operation|, 0xc0000034
11/27/2012 17:31:53 - 0 Successful PFRO operations
11/29/2012 21:27:28 - PFRO Error: \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, |delete operation|, 0xc0000034
11/29/2012 21:27:28 - PFRO Error: \??\C:\test0123, \??\C:\Qoobox\Quarantine\C\MoveEx_test0123.vir, 0xc0000034
11/29/2012 21:27:28 - 1 Successful PFRO operations
|
|
| Themen zu Windows Firewall wird immer wieder unbemerkt deaktiviert |
| avg, bereits, dateien, deaktiviert, defender, firewall, freigabe, gefunde, helfer, helferteam, immer wieder, infiziertes, inter, interne, internet, malwarebytes, nichts, objekt, problem, schließe, schonmal, security, unbemerkt, windows, windows firewall, überhaupt |
Linear-Darstellung
