| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Google öffnet falsche SeitenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.12.2012, 21:24
| #1 |
 |  Google öffnet falsche Seiten Hallo, ich kann seit Sonntag keine Seiten in Google mehr öffnen, ohne dass ich auf irgendwelche seltsamen Seiten weitergeleitet werden, bzw. mein Browser mich daran hindert, wegen Malware. Habe das Problem in Chrome, Firefox und Explorer. Avira findet nichts.. Vielleicht kann mir ja wer helfen. Habe versucht, das Problem selbst zu lösen, aber es scheint aufwendiger zu sein. Noch dazu öffnet mein Windows Sicherheitscenter sich nicht mehr, alle Einstellungen sind auf "aktiviert", aber dennoch scheint es deaktiviert zu sein. Schonmal danke vorab! |
|
04.12.2012, 21:33
| #2 |
| /// Malware-holic   | Google öffnet falsche Seiten hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.12.2012, 22:57
| #3 |
| | Google öffnet falsche Seiten Ich habe nur die OLT.txt bekommen:OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 12/4/2012 10:22:38 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Katha\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.80 Gb Total Physical Memory | 2.27 Gb Available Physical Memory | 59.83% Memory free 7.60 Gb Paging File | 5.94 Gb Available in Paging File | 78.15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 178.00 Gb Total Space | 59.00 Gb Free Space | 33.15% Space Free | Partition Type: NTFS Drive D: | 265.53 Gb Total Space | 265.20 Gb Free Space | 99.88% Space Free | Partition Type: NTFS Computer Name: KATHA-PC | User Name: Katha | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/04 21:40:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katha\Desktop\OTL.exe PRC - [2012/08/08 15:44:31 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\Katha\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012/05/09 05:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/09 05:51:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2011/12/20 14:52:04 | 002,783,312 | ---- | M] (Samsung Electronics) -- C:\Program Files (x86)\Samsung\Samsung Update Plus\SUPBackground.exe PRC - [2011/09/04 11:45:26 | 003,398,736 | ---- | M] (SAMSUNG Electronics) -- C:\Program Files (x86)\Samsung\Samsung Support Center\SSCKbdHk.exe PRC - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010/11/28 11:44:42 | 000,943,984 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\dmhkcore.exe PRC - [2010/11/28 09:09:40 | 007,053,168 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Easy Display Manager\WifiManager.exe PRC - [2010/11/17 09:24:54 | 004,387,632 | ---- | M] (SEC) -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\WCScheduler.exe PRC - [2010/08/19 09:22:36 | 000,775,336 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\MovieColorEnhancer.exe PRC - [2010/02/10 15:29:52 | 000,719,360 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Program Files (x86)\SAMSUNG\EasySpeedUpManager\EasySpeedUpManager.exe ========== Modules (No Company Name) ========== MOD - [2010/07/05 11:42:58 | 000,203,776 | ---- | M] () -- C:\Program Files (x86)\Samsung\Movie Color Enhancer\WinCRT.dll MOD - [2010/05/07 15:22:18 | 001,636,864 | ---- | M] () -- C:\Program Files (x86)\Samsung\Samsung Recovery Solution 5\Resdll.dll MOD - [2006/08/12 04:48:40 | 000,049,152 | ---- | M] () -- C:\Program Files (x86)\Samsung\Easy Display Manager\HookDllPS2.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/09/22 10:10:10 | 000,057,184 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Mesh\wlcrasvc.exe -- (wlcrasvc) SRV:64bit: - [2010/08/09 20:04:12 | 000,166,704 | ---- | M] (Samsung Electronics CO., LTD.) [Disabled | Stopped] -- C:\Windows\SysNative\SUPDSvc.exe -- (Samsung UPD Service) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/11/09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012/10/29 21:37:01 | 000,115,168 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012/10/09 20:14:18 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/09/19 15:21:14 | 000,795,072 | ---- | M] (Spigot, Inc.) [Disabled | Stopped] -- C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe -- (Application Updater) SRV - [2012/07/27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012/05/09 05:51:51 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/09 05:51:50 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2011/09/01 02:22:18 | 000,169,624 | ---- | M] (Adobe Systems Incorporated) [Disabled | Stopped] -- C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor10.0) SRV - [2011/03/04 11:45:08 | 001,529,856 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2011/01/17 08:36:00 | 002,009,704 | ---- | M] (NVIDIA Corporation) [Disabled | Stopped] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012/07/09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012/05/09 05:51:51 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/09 05:51:51 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/10/19 15:56:15 | 000,027,760 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011/03/04 11:51:50 | 000,306,536 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV:64bit: - [2011/02/11 16:27:37 | 000,022,752 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\vpnva64.sys -- (vpnva) DRV:64bit: - [2011/01/17 08:36:00 | 000,025,960 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\nvpciflt.sys -- (nvpciflt) DRV:64bit: - [2010/11/25 20:31:32 | 000,409,192 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010/11/10 00:04:14 | 000,031,088 | ---- | M] (CyberLink Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\clwvd.sys -- (clwvd) DRV:64bit: - [2010/09/22 23:36:48 | 000,048,488 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\fssfltr.sys -- (fssfltr) DRV:64bit: - [2010/09/14 05:45:52 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2010/09/14 05:45:50 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2010/09/14 05:45:48 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2010/09/14 05:45:44 | 000,760,168 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/09/02 01:06:00 | 001,577,472 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\athrx.sys -- (athr) DRV:64bit: - [2010/08/30 12:17:36 | 000,289,280 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/08/25 20:36:02 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/05/21 05:02:40 | 001,377,840 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010/03/19 03:00:00 | 000,055,856 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV:64bit: - [2010/02/27 00:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/08 07:32:00 | 000,014,992 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\CVirtA64.sys -- (CVirtA) DRV:64bit: - [2009/09/17 21:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/07/14 01:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/28 07:38:04 | 000,013,824 | ---- | M] (SAMSUNG ELECTRONICS) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\SABI.sys -- (SABI) DRV:64bit: - [2009/05/18 12:17:08 | 000,034,152 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2008/11/16 17:39:44 | 000,157,968 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\dne64x.sys -- (DNE) DRV:64bit: - [2008/03/17 11:06:14 | 000,115,328 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV - [2010/12/16 15:21:55 | 000,015,144 | ---- | M] (Windows (R) 2003 DDK 3790 provider) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\rtport.sys -- (rtport) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SMSTDF&pc=MASM&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2832419 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung.msn.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://search.conduit.com?SearchSource=10&ctid=CT2832419 IE - HKCU\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) IE - HKCU\..\URLSearchHook: {0c5f997d-f664-4afb-9652-ea7fd92f383d} - No CLSID value found IE - HKCU\..\URLSearchHook: {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) IE - HKCU\..\SearchScopes,DefaultScope = {952D5608-A54C-4646-80C0-2E236500AA58} IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=100478&babsrc=SP_ss&mntrId=9636441100000000000000059a3c7800 IE - HKCU\..\SearchScopes\{952D5608-A54C-4646-80C0-2E236500AA58}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKCU\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2832419 IE - HKCU\..\SearchScopes\{FB3C1EFB-3B4F-4C4D-9818-305795A81034}: "URL" = hxxp://websearch.ask.com/custom/java/redirect?client=ie&tb=ORJ&o=100000026&src=crm&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com Search" FF - prefs.js..browser.search.defaultenginename: "Ask.com Search" FF - prefs.js..browser.search.order.1: "Ask.com Search" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de" FF - prefs.js..extensions.enabledAddons: 2020Player_IKEA@2020Technologies.com:5.0.93.0 FF - prefs.js..extensions.enabledAddons: DivXWebPlayer@divx.com:2.0.2.039 FF - prefs.js..extensions.enabledAddons: grooveshredder@code.argee.org:1.14.10 FF - prefs.js..extensions.enabledAddons: nogroovesharkads@tobbi.tk:2.0.6 FF - prefs.js..extensions.enabledAddons: personas@christopher.beard:1.6.2 FF - prefs.js..extensions.enabledAddons: {8AA36F4F-6DC7-4c06-77AF-5035170634FE}:2012.02.14 FF - prefs.js..extensions.enabledAddons: pdfforge@mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledAddons: wtxpcom@mybrowserbar.com:6.3 FF - prefs.js..extensions.enabledAddons: groovesharkUnlocker@overlord1337:1.3 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.7 FF - prefs.js..extensions.enabledAddons: {dc572301-7619-498c-a57d-39143191b318}:0.4.0.3.1 FF - prefs.js..extensions.enabledAddons: {15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}:1.0.5 FF - prefs.js..extensions.enabledAddons: {d40f5e7b-d2cf-4856-b441-cc613eeffbe3}:1.68 FF - prefs.js..keyword.URL: "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=ORJ&o=&locale=&apn_uid=F0A0F375-7DEE-43E2-BEA2-14194D16F135&apn_ptnrs=&apn_sauid=FAFB1D08-937A-4A55-8C76-F6510F1BE50D&apn_dtid=OSJ000&&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_4_402_287.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3508.1109: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll (Google) FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Users\Katha\AppData\Roaming\Mozilla\plugins\npgtpo3dautoplugin.dll () FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\Katha\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\Katha\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/03/03 16:15:04 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{8AA36F4F-6DC7-4c06-77AF-5035170634FE}: C:\ProgramData\Swiss Academic Software\Citavi Picker\Firefox [2012/06/10 16:07:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/10/29 21:37:03 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 16.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/09/25 08:17:28 | 000,000,000 | ---D | M] [2011/05/13 16:26:08 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\Extensions [2012/12/04 21:28:31 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions [2012/11/07 21:17:07 | 000,000,000 | ---D | M] (PriceGongbar Community Toolbar) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions\{0c5f997d-f664-4afb-9652-ea7fd92f383d} [2011/12/07 14:05:11 | 000,000,000 | ---D | M] (DealPly) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions\{EB9394A3-4AD6-4918-9537-31A1FD8E8EDF} [2011/12/28 12:57:01 | 000,000,000 | ---D | M] (20-20 3D Viewer - IKEA) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions\2020Player_IKEA@2020Technologies.com [2012/04/13 18:41:17 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions\engine@conduit.com [2011/12/07 14:03:24 | 000,000,000 | ---D | M] (Babylon) -- C:\Users\Katha\AppData\Roaming\mozilla\Firefox\Profiles\vlgl55pu.default\extensions\ffxtlbr@babylon.com [2012/11/13 20:58:51 | 000,070,963 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\canitbecheaper@trafficbroker.co.uk.xpi [2011/05/30 17:59:46 | 000,550,833 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\DivXWebPlayer@divx.com.xpi [2012/11/13 21:51:38 | 000,029,022 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\groovesharkUnlocker@overlord1337.xpi [2012/03/25 19:04:46 | 000,089,261 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\grooveshredder@code.argee.org.xpi [2012/04/26 06:36:11 | 000,003,284 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\nogroovesharkads@tobbi.tk.xpi [2011/05/13 17:15:32 | 000,330,316 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\personas@christopher.beard.xpi [2012/12/04 20:35:15 | 000,035,923 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\{15fe27f3-e5ab-2d59-4c5c-dadc7945bdbd}.xpi [2012/11/23 06:55:25 | 000,035,614 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012/12/04 20:35:15 | 000,138,614 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2012/12/04 20:02:36 | 000,710,866 | ---- | M] () (No name found) -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2012/08/23 11:53:43 | 000,002,299 | ---- | M] () -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\searchplugins\askcom.xml [2012/09/27 06:41:35 | 000,002,306 | ---- | M] () -- C:\Users\Katha\AppData\Roaming\mozilla\firefox\profiles\vlgl55pu.default\searchplugins\askcomsearch.xml [2012/09/11 07:53:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/26 11:59:32 | 000,000,000 | ---D | M] (Widgi Toolbar Platform) -- C:\PROGRAM FILES (X86)\COMMON FILES\SPIGOT\WTXPCOM [2012/09/26 11:59:32 | 000,000,000 | ---D | M] (pdfforge Toolbar) -- C:\PROGRAM FILES (X86)\PDFFORGE TOOLBAR\FF [2012/06/10 16:07:56 | 000,000,000 | ---D | M] (Citavi Picker) -- C:\PROGRAMDATA\SWISS ACADEMIC SOFTWARE\CITAVI PICKER\FIREFOX [2012/10/29 21:37:02 | 000,261,600 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/04/29 17:28:27 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011/12/07 14:02:55 | 000,002,310 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012/08/30 08:17:13 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/04/29 17:28:27 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/04/29 17:28:27 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/04/29 17:28:27 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/04/29 17:28:27 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.de/ CHR - default_search_provider: Google (Enabled) CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding} CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter} CHR - homepage: hxxp://www.google.de/ CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Users\Katha\AppData\Local\Google\Chrome\Application\23.0.1271.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\Katha\AppData\Local\Google\Chrome\Application\23.0.1271.95\pdf.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Users\Katha\AppData\Local\Google\Chrome\Application\23.0.1271.95\gcswf32.dll CHR - plugin: Shockwave Flash (Disabled) = C:\Users\Katha\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll CHR - plugin: Shockwave Flash (Enabled) = C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_2_202_235.dll CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll CHR - plugin: Java Deployment Toolkit 6.0.290.11 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npdeployJava1.dll CHR - plugin: Java(TM) Platform SE 6 U29 (Enabled) = C:\Program Files (x86)\Java\jre6\bin\new_plugin\npjp2.dll CHR - plugin: 2007 Microsoft Office system (Enabled) = C:\Program Files (x86)\Mozilla Firefox\plugins\NPOFF12.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: DivX VOD Helper Plug-in (Enabled) = C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll CHR - plugin: DivX Plus Web Player (Enabled) = C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll CHR - plugin: Windows Live\u0099 Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - plugin: Google Update (Enabled) = C:\Users\Katha\AppData\Local\Google\Update\1.3.21.111\npGoogleUpdate3.dll CHR - Extension: YouTube = C:\Users\Katha\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\ CHR - Extension: Google-Suche = C:\Users\Katha\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\ CHR - Extension: Mehr Leistung und Videoformate f\u00FCr dein HTML5 \u003Cvideo\u003E = C:\Users\Katha\AppData\Local\Google\Chrome\User Data\Default\Extensions\nneajnkjbffgblleaoojgaacokifdkhm\2.1.2.145_0\ CHR - Extension: Google Mail = C:\Users\Katha\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\ O1 HOSTS File: ([2011/10/25 21:23:14 | 000,000,854 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 activate.adobe.com O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (DealPly) - {A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} - C:\Program Files (x86)\DealPly\DealPlyIE.dll File not found O2 - BHO: (W2PBrowser Class) - {AA609D72-8482-4076-8991-8CDAE5B93BCB} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (pdfforge Toolbar) - {B922D405-6D13-4A2B-AE89-08A030DA4402} - C:\Program Files (x86)\pdfforge Toolbar\IE\6.3\pdfforgeToolbarIE.dll (Spigot, Inc.) O3 - HKLM\..\Toolbar: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0C5F997D-F664-4AFB-9652-EA7FD92F383D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {30F9B915-B755-4826-820B-08FBA6BD249D} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime File not found O4 - Startup: C:\Users\Katha\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Katha\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Katha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: &Citavi Picker... - C:\ProgramData\Swiss Academic Software\Citavi Picker\Internet Explorer\ShowContextMenu.html () O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Katha\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: Samsung AnyWeb Print - {328ECD19-C167-40eb-A0C7-16FE7634105E} - C:\Program Files\Samsung AnyWeb Print\W2PBrowser.dll () O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0025-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_25-windows-i586.cab (Java Plug-in 1.6.0_25) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0029-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 1.6.0_29) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_29-windows-i586.cab (Java Plug-in 10.7.2) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{26412D68-E530-46DF-ABFB-4EF53081FF28}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\grooveLocalGWS - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Handler\wlpg - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~1\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - AppInit_DLLs: (C:\Windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\Windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{c70993a9-359c-11e2-9936-e81132048bb0}\Shell - "" = AutoRun O33 - MountPoints2\{c70993a9-359c-11e2-9936-e81132048bb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c70993be-359c-11e2-9936-e81132048bb0}\Shell - "" = AutoRun O33 - MountPoints2\{c70993be-359c-11e2-9936-e81132048bb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c70993c1-359c-11e2-9936-e81132048bb0}\Shell - "" = AutoRun O33 - MountPoints2\{c70993c1-359c-11e2-9936-e81132048bb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe O33 - MountPoints2\{c70993f1-359c-11e2-9936-e81132048bb0}\Shell - "" = AutoRun O33 - MountPoints2\{c70993f1-359c-11e2-9936-e81132048bb0}\Shell\AutoRun\command - "" = F:\AutoRun.exe O33 - MountPoints2\{c8e15fb9-3651-11e2-8130-e81132048bb0}\Shell - "" = AutoRun O33 - MountPoints2\{c8e15fb9-3651-11e2-8130-e81132048bb0}\Shell\AutoRun\command - "" = G:\AutoRun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Audible Download Manager.lnk - - File not found MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^vpngui.exe.lnk - C:\Windows\Installer\{5FDC06BF-3D3D-4367-8FFB-4FAFCB61972D}\Icon09DB8A851.exe - () MsConfig:64bit - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^WISO Mein Steuer-Sparbuch heute.lnk - C:\PROGRA~2\WISO\STEUER~1\MSHAKT~1.EXE - () MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: AdobeAAMUpdater-1.0 - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: ApnUpdater - hkey= - key= - C:\Program Files (x86)\Ask.com\Updater\Updater.exe (Ask) MsConfig:64bit - StartUpReg: AppleSyncNotifier - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe (Apple Inc.) MsConfig:64bit - StartUpReg: APSDaemon - hkey= - key= - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) MsConfig:64bit - StartUpReg: avgnt - hkey= - key= - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) MsConfig:64bit - StartUpReg: DivXUpdate - hkey= - key= - C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () MsConfig:64bit - StartUpReg: Google Update - hkey= - key= - C:\Users\Katha\AppData\Local\Google\Update\GoogleUpdate.exe (Google Inc.) MsConfig:64bit - StartUpReg: GrooveMonitor - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: PDFPrint - hkey= - key= - C:\Program Files (x86)\PDF24\pdf24.exe (Geek Software GmbH) MsConfig:64bit - StartUpReg: RtHDVCpl - hkey= - key= - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) MsConfig:64bit - StartUpReg: SearchSettings - hkey= - key= - C:\Program Files (x86)\Common Files\Spigot\Search Settings\SearchSettings.exe (Spigot, Inc.) MsConfig:64bit - StartUpReg: SunJavaUpdateSched - hkey= - key= - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig:64bit - StartUpReg: SynTPEnh - hkey= - key= - C:\Program Files\Synaptics\SynTP\SynTPEnh.exe (Synaptics Incorporated) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2012/12/04 21:40:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Katha\Desktop\OTL.exe [2012/12/04 21:37:18 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight [2012/12/04 21:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight [2012/12/04 21:35:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Microsoft Silverlight [2012/12/04 21:29:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi [2012/12/01 23:00:41 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2012/12/01 23:00:41 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/12/01 23:00:41 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/24 09:14:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mobile Partner [2012/11/24 09:14:07 | 001,003,008 | ---- | C] (DiBcom SA) -- C:\Windows\SysNative\drivers\mod7700.sys [2012/11/24 09:14:07 | 000,119,296 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbnet.sys [2012/11/24 09:14:07 | 000,117,120 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbfake.sys [2012/11/24 09:14:07 | 000,115,328 | ---- | C] (Huawei Technologies Co., Ltd.) -- C:\Windows\SysNative\drivers\ewusbmdm.sys [2012/11/24 09:14:07 | 000,029,696 | ---- | C] (Huawei Tech. Co., Ltd.) -- C:\Windows\SysNative\drivers\ewdcsc.sys [2012/11/24 09:12:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mobile Partner [2012/05/24 20:53:45 | 000,739,832 | ---- | C] (Google Inc.) -- C:\Users\Katha\GoogleEarthPluginSetup.exe [2012/04/21 10:31:49 | 000,849,056 | ---- | C] (Amazon Services LLC) -- C:\Users\Katha\WISO_Steuer_Sparbuch_2012_für_Steuerjahr_2011_Downloader.exe [2012/04/13 18:40:59 | 006,112,160 | ---- | C] (PriceGong) -- C:\Users\Katha\PriceGongEF.exe [2012/03/12 20:33:55 | 1025,493,776 | ---- | C] (Microsoft Corporation) -- C:\Users\Katha\X17-75062.exe [2012/02/25 11:08:11 | 010,450,168 | ---- | C] (Geek Software GmbH ) -- C:\Users\Katha\pdf24-44creator.exe [2012/02/25 10:47:55 | 018,590,304 | ---- | C] (pdfforge GbR) -- C:\Users\Katha\PDFCreator-1_2_3_setup.exe [2012/02/07 19:46:47 | 010,324,304 | ---- | C] (Geek Software GmbH ) -- C:\Users\Katha\pdf24-creator.exe [2011/12/07 13:48:14 | 014,392,619 | ---- | C] (Gougelet Pierre-e ) -- C:\Users\Katha\XnView1985-win-full.exe [2011/11/07 23:18:06 | 014,598,944 | ---- | C] (Mozilla) -- C:\Users\Katha\Firefox_Setup_8.0.exe [2011/06/28 13:31:00 | 008,034,304 | ---- | C] (Irfan Skiljan) -- C:\Program Files\irfanview_plugins_430_setup.exe [2011/06/06 17:45:57 | 003,208,568 | ---- | C] (TeamViewer GmbH) -- C:\Users\Katha\TeamViewer_Setup_de.exe [2011/06/06 15:46:02 | 000,568,640 | ---- | C] (Google Inc.) -- C:\Users\Katha\ChromeSetup.exe [2011/05/13 22:10:00 | 003,081,376 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe [2011/05/13 22:05:22 | 003,328,512 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\flashplayer10_2_p3_64bit_plugin_111710.exe [2011/05/07 21:28:40 | 021,984,416 | ---- | C] (DVDVideoSoft Limited. ) -- C:\Program Files\FreeYouTubeToMP3Converter37.exe [2011/04/26 21:29:04 | 001,291,624 | ---- | C] (Microsoft Corporation) -- C:\Program Files\wlsetup-web__1_.exe [2011/04/22 13:00:25 | 016,791,288 | ---- | C] (Dropbox, Inc.) -- C:\Users\Katha\Dropbox 1.1.24.exe [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012/12/04 22:22:17 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 22:22:17 | 000,014,144 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/04 22:14:54 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\EYLZDMRVME.job [2012/12/04 22:14:42 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012/12/04 22:14:36 | 4081,569,792 | -HS- | M] () -- C:\hiberfil.sys [2012/12/04 22:14:02 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/12/04 21:47:03 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1002UA.job [2012/12/04 21:40:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Katha\Desktop\OTL.exe [2012/12/02 08:05:20 | 000,001,068 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1002Core.job [2012/11/30 23:49:26 | 000,002,483 | ---- | M] () -- C:\Users\Katha\Desktop\Google Chrome.lnk [2012/11/29 00:01:06 | 000,131,072 | RHS- | M] () -- C:\Windows\SysWow64\wiatrace2.dll [2012/11/26 13:30:52 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012/11/26 13:30:52 | 000,654,844 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2012/11/26 13:30:52 | 000,616,686 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2012/11/26 13:30:52 | 000,130,426 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2012/11/26 13:30:52 | 000,106,808 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2012/11/15 19:11:38 | 000,441,160 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [6 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] ========== Files Created - No Company Name ========== [2012/11/29 00:01:06 | 000,131,072 | RHS- | C] () -- C:\Windows\SysWow64\wiatrace2.dll [2012/11/29 00:01:06 | 000,000,304 | ---- | C] () -- C:\Windows\tasks\EYLZDMRVME.job [2012/11/15 08:26:51 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf [2012/11/15 08:15:07 | 000,000,003 | ---- | C] () -- C:\Windows\SysNative\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf [2012/06/10 16:01:09 | 071,878,544 | ---- | C] () -- C:\Users\Katha\CitaviSetup.exe [2012/06/01 18:25:50 | 000,870,681 | ---- | C] () -- C:\Windows\PlagiarismFinder 2.1 Uninstaller.exe [2012/04/21 11:01:39 | 000,000,080 | ---- | C] () -- C:\Windows\wiso.ini [2012/02/07 19:22:15 | 002,790,572 | ---- | C] ( ) -- C:\Users\Katha\pdftkb36_setup.exe [2012/01/15 20:48:44 | 000,001,472 | ---- | C] () -- C:\Users\Katha\AppData\Local\RecConfig.xml [2011/12/07 14:02:58 | 000,098,304 | ---- | C] () -- C:\Windows\SysWow64\redmonnt.dll [2011/11/14 16:03:14 | 001,376,768 | ---- | C] () -- C:\Users\Katha\7z920-x64.msi [2011/11/07 21:57:38 | 002,893,852 | ---- | C] () -- C:\Users\Katha\install_flashplayer110.zip [2011/10/19 10:07:31 | 000,033,752 | ---- | C] () -- C:\Users\Katha\ClarendonLTStd-Bold.otf [2011/09/24 10:46:58 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2011/05/13 16:53:31 | 000,002,019 | ---- | C] () -- C:\Program Files\Adobe Reader X.lnk [2011/05/07 21:30:21 | 000,001,239 | ---- | C] () -- C:\Program Files\DVDVideoSoft Free Studio.lnk [2011/05/07 21:30:10 | 000,001,398 | ---- | C] () -- C:\Program Files\Free YouTube to MP3 Converter.lnk [2011/05/04 08:13:03 | 000,247,053 | ---- | C] () -- C:\Program Files\mp3DC213.exe [2011/04/25 10:04:46 | 000,001,890 | ---- | C] () -- C:\Program Files\IrfanView Thumbnails.lnk [2011/04/25 10:04:46 | 000,000,998 | ---- | C] () -- C:\Program Files\IrfanView.lnk [2011/04/22 12:56:29 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011/04/22 11:17:58 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2011/04/20 20:02:32 | 000,142,704 | ---- | C] () -- C:\Windows\wiainst64.exe [2011/04/20 20:01:41 | 000,484,656 | ---- | C] () -- C:\Windows\ssndii.exe [2011/04/20 20:01:28 | 000,258,864 | ---- | C] () -- C:\Windows\SUPDRun.exe [2010/12/09 18:53:00 | 000,870,560 | ---- | C] () -- C:\Windows\SysWow64\igkrng575.bin [2010/12/09 18:53:00 | 000,208,896 | ---- | C] () -- C:\Windows\SysWow64\iglhsip32.dll [2010/12/09 18:53:00 | 000,143,360 | ---- | C] () -- C:\Windows\SysWow64\iglhcp32.dll [2010/12/09 18:52:59 | 000,104,796 | ---- | C] () -- C:\Windows\SysWow64\igfcg575m.bin [2010/12/09 18:52:58 | 000,127,868 | ---- | C] () -- C:\Windows\SysWow64\igcompkrng575.bin [2010/12/09 03:17:18 | 000,307,200 | ---- | C] () -- C:\Windows\SetDisplayResolution.exe [2010/12/09 02:14:56 | 000,001,574 | ---- | C] () -- C:\Windows\HotFixList.ini ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/12/07 14:02:52 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\Babylon [2011/10/26 10:25:11 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1 [2012/12/04 22:16:06 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\Dropbox [2011/08/30 21:21:22 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\DVDVideoSoft [2011/05/07 21:30:24 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\DVDVideoSoftIEHelpers [2011/04/25 10:04:45 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\IrfanView [2011/10/30 12:56:00 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\No Company Name [2012/02/25 10:49:58 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\pdfforge [2012/06/01 18:25:59 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\PlagiarismFinder [2011/04/20 20:01:16 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\Samsung [2011/12/26 19:52:51 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\SoftGrid Client [2012/06/10 17:04:52 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\Swiss Academic Software [2011/04/22 11:20:12 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\TP [2012/10/13 17:31:45 | 000,000,000 | ---D | M] -- C:\Users\Katha\AppData\Roaming\XnView ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/02/15 13:32:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012/12/04 22:14:34 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2009/07/14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2010/12/09 01:43:38 | 000,000,000 | ---D | M] -- C:\Intel [2012/03/12 21:19:57 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009/07/14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012/12/04 21:35:55 | 000,000,000 | R--D | M] -- C:\Program Files [2012/12/04 21:35:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2012/10/07 10:05:04 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011/04/20 19:53:15 | 000,000,000 | -HSD | M] -- C:\Recovery [2012/12/04 22:25:32 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011/04/20 19:55:18 | 000,000,000 | R--D | M] -- C:\Users [2012/10/14 23:11:05 | 000,000,000 | ---D | M] -- C:\Windows < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009/07/14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009/07/14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009/07/14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009/07/14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010/11/20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] [2009/07/14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009/07/14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2011/06/06 15:46:12 | 000,001,068 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1002Core.job [2011/06/06 15:46:13 | 000,001,120 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskUserS-1-5-21-2614301483-2537791305-717444225-1002UA.job [2011/11/07 23:14:53 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job [2012/11/29 00:01:06 | 000,000,304 | ---- | C] () -- C:\Windows\Tasks\EYLZDMRVME.job < MD5 for: AGP440.SYS > [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009/07/14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009/07/14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009/07/14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009/07/14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EVENTLOG.DLL > [2008/06/06 06:03:52 | 000,007,216 | ---- | M] () MD5=C2A279A458A06DE2C83D842AA042B5A8 -- C:\Program Files\CyberLink\PowerDirector\EventLog.dll < MD5 for: EXPLORER.EXE > [2011/02/26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011/02/26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009/07/14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011/02/26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009/10/31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011/02/26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011/02/25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011/02/26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010/11/20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009/08/03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011/02/25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009/10/31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009/08/03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010/11/20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009/10/31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009/08/03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009/07/14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009/10/31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011/02/26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009/08/03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\drivers\iaStor.sys [2010/09/13 10:24:26 | 000,437,272 | ---- | M] (Intel Corporation) MD5=F7CE9BE72EDAC499B713ECA6DAE5D26F -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_2b0c50dc63f09dae\iaStor.sys < MD5 for: IASTORV.SYS > [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011/03/11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011/03/11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011/03/11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009/07/14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009/07/14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010/11/20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010/11/20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009/07/14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009/07/14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011/03/11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011/03/11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011/03/11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009/07/14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009/07/14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010/11/20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010/11/20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010/11/20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009/07/14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009/07/14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010/11/20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010/11/20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009/07/14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009/07/14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010/11/20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010/11/20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009/07/14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2009/10/28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009/10/28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009/07/14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2009/07/14 02:15:21 | 000,462,848 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\Windows\system32\FirewallAPI.dll [2012/11/29 00:01:06 | 000,131,072 | RHS- | M] () Unable to obtain MD5 -- C:\Windows\system32\wiatrace2.dll [6 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011/11/14 16:03:18 | 001,376,768 | ---- | M] () -- C:\Users\Katha\7z920-x64.msi [2011/06/06 15:46:03 | 000,568,640 | ---- | M] (Google Inc.) -- C:\Users\Katha\ChromeSetup.exe [2012/06/10 16:03:44 | 071,878,544 | ---- | M] () -- C:\Users\Katha\CitaviSetup.exe [2011/10/19 10:07:32 | 000,033,752 | ---- | M] () -- C:\Users\Katha\ClarendonLTStd-Bold.otf [2011/04/20 19:58:08 | 000,000,148 | ---- | M] () -- C:\Users\Katha\DiskScrP.txt [2011/04/22 13:00:53 | 016,791,288 | ---- | M] (Dropbox, Inc.) -- C:\Users\Katha\Dropbox 1.1.24.exe [2011/11/07 23:18:37 | 014,598,944 | ---- | M] (Mozilla) -- C:\Users\Katha\Firefox_Setup_8.0.exe [2012/05/24 20:53:47 | 000,739,832 | ---- | M] (Google Inc.) -- C:\Users\Katha\GoogleEarthPluginSetup.exe [2011/11/07 22:32:14 | 002,893,852 | ---- | M] () -- C:\Users\Katha\install_flashplayer110.zip [2012/12/04 22:50:12 | 004,194,304 | -HS- | M] () -- C:\Users\Katha\NTUSER.DAT [2012/12/04 22:50:12 | 000,262,144 | -HS- | M] () -- C:\Users\Katha\ntuser.dat.LOG1 [2011/04/20 19:55:19 | 000,000,000 | -HS- | M] () -- C:\Users\Katha\ntuser.dat.LOG2 [2011/04/20 20:27:44 | 000,065,536 | -HS- | M] () -- C:\Users\Katha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011/04/20 20:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\Katha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011/04/20 20:27:44 | 000,524,288 | -HS- | M] () -- C:\Users\Katha\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011/04/20 19:55:19 | 000,000,020 | -HS- | M] () -- C:\Users\Katha\ntuser.ini [2012/02/25 11:08:21 | 010,450,168 | ---- | M] (Geek Software GmbH ) -- C:\Users\Katha\pdf24-44creator.exe [2012/02/07 19:47:04 | 010,324,304 | ---- | M] (Geek Software GmbH ) -- C:\Users\Katha\pdf24-creator.exe [2012/02/25 10:48:03 | 018,590,304 | ---- | M] (pdfforge GbR) -- C:\Users\Katha\PDFCreator-1_2_3_setup.exe [2012/02/07 19:22:27 | 002,790,572 | ---- | M] ( ) -- C:\Users\Katha\pdftkb36_setup.exe [2012/04/13 18:41:02 | 006,112,160 | ---- | M] (PriceGong) -- C:\Users\Katha\PriceGongEF.exe [2011/06/06 17:46:10 | 003,208,568 | ---- | M] (TeamViewer GmbH) -- C:\Users\Katha\TeamViewer_Setup_de.exe [2011/06/14 11:26:41 | 000,012,800 | -HS- | M] () -- C:\Users\Katha\Thumbs.db [2012/04/21 10:31:50 | 000,849,056 | ---- | M] (Amazon Services LLC) -- C:\Users\Katha\WISO_Steuer_Sparbuch_2012_für_Steuerjahr_2011_Downloader.exe [2012/03/12 21:09:10 | 1025,493,776 | ---- | M] (Microsoft Corporation) -- C:\Users\Katha\X17-75062.exe [2011/12/07 13:48:36 | 014,392,619 | ---- | M] (Gougelet Pierre-e ) -- C:\Users\Katha\XnView1985-win-full.exe < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
05.12.2012, 22:13
| #4 |
| /// Malware-holic | Google öffnet falsche Seiten hi passt dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
[2012/11/29 00:01:06 | 000,131,072 | RHS- | M] () -- C:\Windows\SysWow64\wiatrace2.dll
[2012/12/04 22:14:54 | 000,000,304 | ---- | M] () -- C:\Windows\tasks\EYLZDMRVME.job
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren. starte in den normalen modus. falls du keine symbole hast, dann rechtsklick, ansicht, desktop symbole einblenden Hinweis: Die Datei bitte wie in der Anleitung zum UpChannel angegeben auch da hochladen. Bitte NICHT die ZIP-Datei hier als Anhang in den Thread posten! Drücke bitte die  + E Taste.
 downloade get info: http://markusg.trojaner-board.de/GetInfo.exe doppelklicke die .exe im selben ordner wird nun eine .txt erstellt: summary-info.txt diese doppelklicken und deren inhalt posten. Frage: hast du zum infektionszeitpunkt, bzw evtl. einen tag davor, etwas runtergeladen und instaliert bzw ausgeführt? wurdest du beim besuch einer seite aufgefordert etwas zu instalieren bzw runterzuladen? diese infos hätte ich auch gern als private nachicht.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 22:53
| #5 |
| | Google öffnet falsche Seiten Tausend Dank für deine schnelle Hilfe! Upload hat geklappt. Ich weiß leider nicht mehr genau, seit wann das Problem auftritt. Meine mich aber zu erinnern, in den letzten Tagen nichts runtergeladen oder ausgeführt zu haben. Hier das Textdokument nach dem Neustart: Code:
ATTFilter All processes killed
========== OTL ==========
C:\Windows\SysWOW64\wiatrace2.dll moved successfully.
C:\Windows\Tasks\EYLZDMRVME.job moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: All Users
User: Default
->Flash cache emptied: 56466 bytes
User: Default User
->Flash cache emptied: 0 bytes
User: Katha
->Flash cache emptied: 682 bytes
User: Public
User: UpdatusUser
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Katha
->Temp folder emptied: 6992428019 bytes
->Temporary Internet Files folder emptied: 208810170 bytes
->Java cache emptied: 2662108 bytes
->FireFox cache emptied: 173414211 bytes
->Google Chrome cache emptied: 67779478 bytes
->Flash cache emptied: 0 bytes
User: Public
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 376397925 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67966 bytes
RecycleBin emptied: 601768690 bytes
Total Files Cleaned = 8,033.00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 12052012_222932
Files\Folders moved on Reboot...
C:\Users\Katha\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
Code:
ATTFilter System volume information: dwHighDateTime = 0x1cb97cf,dwLowDateTime = 0xad452f6e
System32: dwHighDateTime = 0x1ca0431,dwLowDateTime = 0xfec9a6f8
dwSerialNumber = 0x96364411
|
|
05.12.2012, 22:56
| #6 |
| /// Malware-holic | Google öffnet falsche Seiten Hi danke schön. Das Problem, besteht laut Log, seit 29.11.2012 Evtl an diesem, oder vorhergehenen Tag was geladen, bzw eine Google suche durchgeführt, oder andere Suchmaschine, und dabei aufgefordert worden, was zu instalieren?
__________________ --> Google öffnet falsche Seiten |
|
05.12.2012, 23:06
| #7 |
| | Google öffnet falsche Seiten Ja, habe am 28.11. wohl etwas ausgeführt, finde die Datei noch in meinem Download Ordner. Jetzt sagt mein AntiVir auch, dass die Datei schädlich wäre. Kann aber anhand des Namens leider nicht erkennen, was das war. Und meine Chronik habe ich in dem Browser, mit dem ich es ausgeführt habe, leider schon gelöscht. Und am 29.11. habe ich circa gegen Mitternacht noch eine andere Anwendung ausgeführt. Die erkenne ich sogar wieder. Schicke dir gleich den Link. |
|
05.12.2012, 23:26
| #8 |
| /// Malware-holic | Google öffnet falsche Seiten Hi kannst du mir mal nen gefallen tun. Wenn du die Datei noch hast, dann lad sie mal in den Upload channel hoch. Wenn sie bei Avira in der Quarantäne ist: Rechtsklick avira Schirm, deaktivieren Dann avira, verwaltung, Quarantäne Wähle die Datei aus, wiederherstellen. Dann ist die wieder im Download ordner. File-Upload.net - Ihr kostenloser File Hoster! dort hochladen, link als private nachicht an mich. Datei wieder in Quarantäne, Archiv löschen, Papierkorb leeren, avira ein.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 23:37
| #9 |
| /// Malware-holic | Google öffnet falsche Seiten Man, du bist echt flott :-) Weist du noch, von wo du die hast? ist es von der seite, die du mir gesendet hast?
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 23:41
| #10 |
| | Google öffnet falsche Seiten Das weiß ich leider nicht mehr. Die Seite, deren Link du hast, habe ich erst einen Tag später besucht. Im Chrome habe ich leider am Wochenende meinen Verlauf gelöscht, so dass ich es nicht mehr nachverfolgen kann. |
|
05.12.2012, 23:43
| #11 |
| /// Malware-holic | Google öffnet falsche Seiten Schade, kann man aber nichts machen. Aber die Datei ist auf jeden fall der Übeltäter :-) download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
05.12.2012, 23:51
| #12 |
| | Google öffnet falsche Seiten Was meinst du denn jetzt mit "Log posten"? Nochmal diesen OTL Scan machen? Denn tdss killer hat nichts gefunden. |
|
06.12.2012, 00:01
| #13 |
| /// Malware-holic | Google öffnet falsche Seiten Du sollst den TDSS killer laden, wie beschrieben ausführen und den Bericht hier einstellen, bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.12.2012, 00:10
| #14 |
| | Google öffnet falsche Seiten Ach ok, danke. Hier der Bericht: Code:
ATTFilter 00:07:14.0352 4740 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
00:07:14.0638 4740 ============================================================
00:07:14.0638 4740 Current date / time: 2012/12/06 00:07:14.0638
00:07:14.0638 4740 SystemInfo:
00:07:14.0638 4740
00:07:14.0638 4740 OS Version: 6.1.7601 ServicePack: 1.0
00:07:14.0638 4740 Product type: Workstation
00:07:14.0638 4740 ComputerName: KATHA-PC
00:07:14.0639 4740 UserName: Katha
00:07:14.0639 4740 Windows directory: C:\Windows
00:07:14.0639 4740 System windows directory: C:\Windows
00:07:14.0639 4740 Running under WOW64
00:07:14.0639 4740 Processor architecture: Intel x64
00:07:14.0639 4740 Number of processors: 4
00:07:14.0639 4740 Page size: 0x1000
00:07:14.0639 4740 Boot type: Normal boot
00:07:14.0639 4740 ============================================================
00:07:15.0323 4740 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
00:07:15.0333 4740 ============================================================
00:07:15.0333 4740 \Device\Harddisk0\DR0:
00:07:15.0333 4740 MBR partitions:
00:07:15.0333 4740 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
00:07:15.0333 4740 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x16400000
00:07:15.0356 4740 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x16433000, BlocksNum 0x2130D000
00:07:15.0356 4740 ============================================================
00:07:15.0403 4740 C: <-> \Device\Harddisk0\DR0\Partition2
00:07:15.0439 4740 D: <-> \Device\Harddisk0\DR0\Partition3
00:07:15.0439 4740 ============================================================
00:07:15.0439 4740 Initialize success
00:07:15.0439 4740 ============================================================
00:08:02.0064 3636 ============================================================
00:08:02.0064 3636 Scan started
00:08:02.0064 3636 Mode: Manual; SigCheck; TDLFS;
00:08:02.0064 3636 ============================================================
00:08:02.0064 3636 ============================================================
00:08:02.0064 3636 Scan finished
00:08:02.0064 3636 ============================================================
00:08:02.0080 4324 Detected object count: 0
00:08:02.0080 4324 Actual detected object count: 0
00:08:13.0218 4448 ============================================================
00:08:13.0218 4448 Scan started
00:08:13.0218 4448 Mode: Manual; SigCheck; TDLFS;
00:08:13.0218 4448 ============================================================
00:08:13.0218 4448 ============================================================
00:08:13.0218 4448 Scan finished
00:08:13.0218 4448 ============================================================
00:08:13.0234 4644 Detected object count: 0
00:08:13.0234 4644 Actual detected object count: 0
00:08:23.0124 1052 ============================================================
00:08:23.0124 1052 Scan started
00:08:23.0124 1052 Mode: Manual; SigCheck; TDLFS;
00:08:23.0124 1052 ============================================================
00:08:23.0499 1052 ================ Scan system memory ========================
00:08:23.0499 1052 System memory - ok
00:08:23.0499 1052 ================ Scan services =============================
00:08:23.0686 1052 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
00:08:23.0795 1052 1394ohci - ok
00:08:23.0873 1052 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
00:08:23.0920 1052 ACPI - ok
00:08:23.0982 1052 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
00:08:24.0013 1052 AcpiPmi - ok
00:08:24.0201 1052 [ C245E08EC469A52A622EFDC9787A0DCC ] AdobeActiveFileMonitor10.0 C:\Program Files (x86)\Adobe\Elements 10 Organizer\PhotoshopElementsFileAgent.exe
00:08:24.0216 1052 AdobeActiveFileMonitor10.0 - ok
00:08:24.0388 1052 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
00:08:24.0403 1052 AdobeARMservice - ok
00:08:24.0544 1052 [ 0CB0AA071C7B86A64F361DCFDF357329 ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
00:08:24.0575 1052 AdobeFlashPlayerUpdateSvc - ok
00:08:24.0622 1052 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
00:08:24.0669 1052 adp94xx - ok
00:08:24.0700 1052 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
00:08:24.0731 1052 adpahci - ok
00:08:24.0762 1052 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
00:08:24.0793 1052 adpu320 - ok
00:08:24.0825 1052 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
00:08:24.0918 1052 AeLookupSvc - ok
00:08:24.0981 1052 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
00:08:25.0012 1052 AFD - ok
00:08:25.0059 1052 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
00:08:25.0074 1052 agp440 - ok
00:08:25.0105 1052 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
00:08:25.0137 1052 ALG - ok
00:08:25.0168 1052 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
00:08:25.0183 1052 aliide - ok
00:08:25.0215 1052 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
00:08:25.0230 1052 amdide - ok
00:08:25.0277 1052 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
00:08:25.0293 1052 AmdK8 - ok
00:08:25.0324 1052 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
00:08:25.0339 1052 AmdPPM - ok
00:08:25.0402 1052 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
00:08:25.0433 1052 amdsata - ok
00:08:25.0449 1052 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
00:08:25.0480 1052 amdsbs - ok
00:08:25.0511 1052 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
00:08:25.0527 1052 amdxata - ok
00:08:25.0651 1052 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
00:08:25.0683 1052 AntiVirSchedulerService - ok
00:08:25.0714 1052 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
00:08:25.0745 1052 AntiVirService - ok
00:08:25.0776 1052 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
00:08:25.0870 1052 AppID - ok
00:08:25.0901 1052 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
00:08:25.0995 1052 AppIDSvc - ok
00:08:26.0041 1052 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
00:08:26.0135 1052 Appinfo - ok
00:08:26.0197 1052 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
00:08:26.0213 1052 Apple Mobile Device - ok
00:08:26.0307 1052 [ 52AD9ED5BD05E7801AF5EFD99652C74F ] Application Updater C:\Program Files (x86)\Application Updater\ApplicationUpdater.exe
00:08:26.0353 1052 Application Updater - ok
00:08:26.0385 1052 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
00:08:26.0416 1052 arc - ok
00:08:26.0431 1052 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
00:08:26.0463 1052 arcsas - ok
00:08:26.0494 1052 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
00:08:26.0587 1052 AsyncMac - ok
00:08:26.0634 1052 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
00:08:26.0665 1052 atapi - ok
00:08:26.0728 1052 [ EB49321363D953F27F05E5BEDBB68A32 ] athr C:\Windows\system32\DRIVERS\athrx.sys
00:08:26.0790 1052 athr - ok
00:08:26.0868 1052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
00:08:26.0962 1052 AudioEndpointBuilder - ok
00:08:26.0993 1052 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
00:08:27.0087 1052 AudioSrv - ok
00:08:27.0149 1052 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
00:08:27.0243 1052 avgntflt - ok
00:08:27.0305 1052 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
00:08:27.0336 1052 avipbb - ok
00:08:27.0399 1052 [ 248DB59FC86DE44D2779F4C7FB1A567D ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
00:08:27.0414 1052 avkmgr - ok
00:08:27.0477 1052 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
00:08:27.0523 1052 AxInstSV - ok
00:08:27.0570 1052 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
00:08:27.0601 1052 b06bdrv - ok
00:08:27.0617 1052 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
00:08:27.0664 1052 b57nd60a - ok
00:08:27.0711 1052 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
00:08:27.0742 1052 BDESVC - ok
00:08:27.0773 1052 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
00:08:27.0867 1052 Beep - ok
00:08:27.0929 1052 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
00:08:28.0023 1052 BFE - ok
00:08:28.0085 1052 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
00:08:28.0194 1052 BITS - ok
00:08:28.0241 1052 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
00:08:28.0257 1052 blbdrive - ok
00:08:28.0303 1052 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
00:08:28.0335 1052 bowser - ok
00:08:28.0350 1052 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
00:08:28.0397 1052 BrFiltLo - ok
00:08:28.0428 1052 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
00:08:28.0459 1052 BrFiltUp - ok
00:08:28.0506 1052 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
00:08:28.0537 1052 Browser - ok
00:08:28.0569 1052 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
00:08:28.0600 1052 Brserid - ok
00:08:28.0615 1052 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
00:08:28.0647 1052 BrSerWdm - ok
00:08:28.0678 1052 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
00:08:28.0709 1052 BrUsbMdm - ok
00:08:28.0725 1052 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
00:08:28.0756 1052 BrUsbSer - ok
00:08:28.0818 1052 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
00:08:28.0849 1052 BthEnum - ok
00:08:28.0865 1052 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
00:08:28.0896 1052 BTHMODEM - ok
00:08:28.0927 1052 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
00:08:28.0974 1052 BthPan - ok
00:08:29.0021 1052 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
00:08:29.0068 1052 BTHPORT - ok
00:08:29.0115 1052 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
00:08:29.0208 1052 bthserv - ok
00:08:29.0271 1052 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
00:08:29.0302 1052 BTHUSB - ok
00:08:29.0333 1052 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
00:08:29.0411 1052 cdfs - ok
00:08:29.0473 1052 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
00:08:29.0505 1052 cdrom - ok
00:08:29.0551 1052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
00:08:29.0645 1052 CertPropSvc - ok
00:08:29.0676 1052 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
00:08:29.0723 1052 circlass - ok
00:08:29.0770 1052 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
00:08:29.0801 1052 CLFS - ok
00:08:29.0863 1052 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
00:08:29.0895 1052 clr_optimization_v2.0.50727_32 - ok
00:08:29.0941 1052 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
00:08:29.0957 1052 clr_optimization_v2.0.50727_64 - ok
00:08:30.0035 1052 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
00:08:30.0066 1052 clr_optimization_v4.0.30319_32 - ok
00:08:30.0113 1052 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
00:08:30.0144 1052 clr_optimization_v4.0.30319_64 - ok
00:08:30.0175 1052 [ 50F92C943F18B070F166D019DFAB3D9A ] clwvd C:\Windows\system32\DRIVERS\clwvd.sys
00:08:30.0207 1052 clwvd - ok
00:08:30.0238 1052 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
00:08:30.0269 1052 CmBatt - ok
00:08:30.0285 1052 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
00:08:30.0316 1052 cmdide - ok
00:08:30.0378 1052 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
00:08:30.0425 1052 CNG - ok
00:08:30.0456 1052 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
00:08:30.0487 1052 Compbatt - ok
00:08:30.0550 1052 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
00:08:30.0581 1052 CompositeBus - ok
00:08:30.0597 1052 COMSysApp - ok
00:08:30.0628 1052 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
00:08:30.0643 1052 crcdisk - ok
00:08:30.0690 1052 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
00:08:30.0721 1052 CryptSvc - ok
00:08:30.0846 1052 [ 344546D11D7E6D9F481E9D3ABC6E76CB ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
00:08:30.0893 1052 cvhsvc - ok
00:08:30.0940 1052 [ 44BDDEB03C84A1C993C992FFB5700357 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA64.sys
00:08:30.0955 1052 CVirtA - ok
00:08:31.0080 1052 [ 98C413E1A2FB6E5A4C101C25B3D0B275 ] CVPND C:\Program Files (x86)\Cisco Systems\VPN Client\cvpnd.exe
00:08:31.0158 1052 CVPND - ok
00:08:31.0205 1052 [ 79AF0E203D089AF442A3F70ED00A37FB ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys
00:08:31.0236 1052 CVPNDRVA - ok
00:08:31.0299 1052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
00:08:31.0392 1052 DcomLaunch - ok
00:08:31.0439 1052 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
00:08:31.0533 1052 defragsvc - ok
00:08:31.0579 1052 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
00:08:31.0657 1052 DfsC - ok
00:08:31.0704 1052 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
00:08:31.0735 1052 Dhcp - ok
00:08:31.0767 1052 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
00:08:31.0860 1052 discache - ok
00:08:31.0891 1052 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
00:08:31.0923 1052 Disk - ok
00:08:32.0001 1052 [ 05CB5910B3CA6019FC3CCA815EE06FFB ] DNE C:\Windows\system32\DRIVERS\dne64x.sys
00:08:32.0016 1052 DNE - ok
00:08:32.0063 1052 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
00:08:32.0094 1052 Dnscache - ok
00:08:32.0141 1052 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
00:08:32.0235 1052 dot3svc - ok
00:08:32.0297 1052 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
00:08:32.0375 1052 DPS - ok
00:08:32.0422 1052 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
00:08:32.0453 1052 drmkaud - ok
00:08:32.0500 1052 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
00:08:32.0562 1052 DXGKrnl - ok
00:08:32.0593 1052 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
00:08:32.0687 1052 EapHost - ok
00:08:32.0796 1052 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
00:08:32.0905 1052 ebdrv - ok
00:08:32.0952 1052 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
00:08:32.0968 1052 EFS - ok
00:08:33.0030 1052 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
00:08:33.0077 1052 ehRecvr - ok
00:08:33.0124 1052 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
00:08:33.0155 1052 ehSched - ok
00:08:33.0202 1052 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
00:08:33.0249 1052 elxstor - ok
00:08:33.0280 1052 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
00:08:33.0311 1052 ErrDev - ok
00:08:33.0358 1052 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
00:08:33.0420 1052 EventSystem - ok
00:08:33.0451 1052 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
00:08:33.0545 1052 exfat - ok
00:08:33.0576 1052 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
00:08:33.0654 1052 fastfat - ok
00:08:33.0701 1052 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
00:08:33.0732 1052 Fax - ok
00:08:33.0748 1052 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
00:08:33.0779 1052 fdc - ok
00:08:33.0810 1052 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
00:08:33.0888 1052 fdPHost - ok
00:08:33.0888 1052 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
00:08:33.0982 1052 FDResPub - ok
00:08:33.0997 1052 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
00:08:34.0029 1052 FileInfo - ok
00:08:34.0075 1052 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
00:08:34.0169 1052 Filetrace - ok
00:08:34.0185 1052 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
00:08:34.0216 1052 flpydisk - ok
00:08:34.0263 1052 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
00:08:34.0294 1052 FltMgr - ok
00:08:34.0356 1052 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
00:08:34.0419 1052 FontCache - ok
00:08:34.0481 1052 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
00:08:34.0497 1052 FontCache3.0.0.0 - ok
00:08:34.0543 1052 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
00:08:34.0575 1052 FsDepends - ok
00:08:34.0621 1052 [ 6C06701BF1DB05405804D7EB610991CE ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys
00:08:34.0637 1052 fssfltr - ok
00:08:34.0731 1052 [ 4CE9DAC1518FF7E77BD213E6394B9D77 ] fsssvc C:\Program Files (x86)\Windows Live\Family Safety\fsssvc.exe
00:08:34.0809 1052 fsssvc - ok
00:08:34.0840 1052 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
00:08:34.0855 1052 Fs_Rec - ok
00:08:34.0902 1052 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
00:08:34.0949 1052 fvevol - ok
00:08:34.0980 1052 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
00:08:35.0011 1052 gagp30kx - ok
00:08:35.0043 1052 GameConsoleService - ok
00:08:35.0105 1052 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
00:08:35.0214 1052 gpsvc - ok
00:08:35.0245 1052 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
00:08:35.0261 1052 hcw85cir - ok
00:08:35.0308 1052 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
00:08:35.0355 1052 HdAudAddService - ok
00:08:35.0417 1052 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
00:08:35.0448 1052 HDAudBus - ok
00:08:35.0479 1052 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
00:08:35.0511 1052 HECIx64 - ok
00:08:35.0542 1052 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
00:08:35.0557 1052 HidBatt - ok
00:08:35.0573 1052 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
00:08:35.0620 1052 HidBth - ok
00:08:35.0635 1052 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
00:08:35.0667 1052 HidIr - ok
00:08:35.0682 1052 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
00:08:35.0776 1052 hidserv - ok
00:08:35.0838 1052 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
00:08:35.0869 1052 HidUsb - ok
00:08:35.0901 1052 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
00:08:35.0994 1052 hkmsvc - ok
00:08:36.0057 1052 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
00:08:36.0088 1052 HomeGroupListener - ok
00:08:36.0135 1052 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
00:08:36.0166 1052 HomeGroupProvider - ok
00:08:36.0213 1052 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
00:08:36.0228 1052 HpSAMD - ok
00:08:36.0275 1052 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
00:08:36.0384 1052 HTTP - ok
00:08:36.0415 1052 hwdatacard - ok
00:08:36.0462 1052 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
00:08:36.0493 1052 hwpolicy - ok
00:08:36.0556 1052 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
00:08:36.0587 1052 i8042prt - ok
00:08:36.0618 1052 [ F7CE9BE72EDAC499B713ECA6DAE5D26F ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
00:08:36.0665 1052 iaStor - ok
00:08:36.0712 1052 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
00:08:36.0743 1052 iaStorV - ok
00:08:36.0805 1052 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
00:08:36.0868 1052 idsvc - ok
00:08:37.0149 1052 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\Windows\system32\DRIVERS\igdkmd64.sys
00:08:37.0461 1052 igfx - ok
00:08:37.0507 1052 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
00:08:37.0539 1052 iirsp - ok
00:08:37.0585 1052 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
00:08:37.0679 1052 IKEEXT - ok
00:08:37.0741 1052 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys
00:08:37.0757 1052 Impcd - ok
00:08:37.0866 1052 [ B54138716EC5945BAE6914AD8DA086C0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
00:08:37.0991 1052 IntcAzAudAddService - ok
00:08:38.0038 1052 [ C6C1F19205DA83C801BE7C25F4E2EE07 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys
00:08:38.0053 1052 IntcDAud - ok
00:08:38.0100 1052 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
00:08:38.0131 1052 intelide - ok
00:08:38.0163 1052 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
00:08:38.0194 1052 intelppm - ok
00:08:38.0225 1052 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
00:08:38.0319 1052 IPBusEnum - ok
00:08:38.0365 1052 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
00:08:38.0443 1052 IpFilterDriver - ok
00:08:38.0506 1052 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
00:08:38.0553 1052 iphlpsvc - ok
00:08:38.0584 1052 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
00:08:38.0615 1052 IPMIDRV - ok
00:08:38.0646 1052 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
00:08:38.0740 1052 IPNAT - ok
00:08:38.0771 1052 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
00:08:38.0802 1052 IRENUM - ok
00:08:38.0849 1052 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
00:08:38.0880 1052 isapnp - ok
00:08:38.0911 1052 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
00:08:38.0943 1052 iScsiPrt - ok
00:08:38.0974 1052 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
00:08:39.0005 1052 kbdclass - ok
00:08:39.0036 1052 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
00:08:39.0052 1052 kbdhid - ok
00:08:39.0083 1052 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
00:08:39.0114 1052 KeyIso - ok
00:08:39.0145 1052 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
00:08:39.0177 1052 KSecDD - ok
00:08:39.0223 1052 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
00:08:39.0239 1052 KSecPkg - ok
00:08:39.0301 1052 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
00:08:39.0379 1052 ksthunk - ok
00:08:39.0411 1052 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
00:08:39.0520 1052 KtmRm - ok
00:08:39.0567 1052 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
00:08:39.0676 1052 LanmanServer - ok
00:08:39.0707 1052 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
00:08:39.0801 1052 LanmanWorkstation - ok
00:08:39.0832 1052 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
00:08:39.0925 1052 lltdio - ok
00:08:39.0972 1052 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
00:08:40.0066 1052 lltdsvc - ok
00:08:40.0081 1052 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
00:08:40.0159 1052 lmhosts - ok
00:08:40.0175 1052 LMS - ok
00:08:40.0222 1052 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
00:08:40.0237 1052 LSI_FC - ok
00:08:40.0269 1052 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
00:08:40.0284 1052 LSI_SAS - ok
00:08:40.0300 1052 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
00:08:40.0331 1052 LSI_SAS2 - ok
00:08:40.0347 1052 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
00:08:40.0378 1052 LSI_SCSI - ok
00:08:40.0409 1052 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
00:08:40.0503 1052 luafv - ok
00:08:40.0565 1052 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
00:08:40.0596 1052 Mcx2Svc - ok
00:08:40.0612 1052 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
00:08:40.0627 1052 megasas - ok
00:08:40.0659 1052 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
00:08:40.0690 1052 MegaSR - ok
00:08:40.0768 1052 [ 123271BD5237AB991DC5C21FDF8835EB ] Microsoft Office Groove Audit Service C:\Program Files (x86)\Microsoft Office\Office12\GrooveAuditService.exe
00:08:40.0799 1052 Microsoft Office Groove Audit Service - ok
00:08:40.0815 1052 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
00:08:40.0908 1052 MMCSS - ok
00:08:40.0924 1052 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
00:08:41.0017 1052 Modem - ok
00:08:41.0049 1052 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
00:08:41.0095 1052 monitor - ok
00:08:41.0111 1052 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
00:08:41.0142 1052 mouclass - ok
00:08:41.0158 1052 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
00:08:41.0189 1052 mouhid - ok
00:08:41.0236 1052 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
00:08:41.0251 1052 mountmgr - ok
00:08:41.0361 1052 [ 8BE15F71DE6FF33FC56DCDE7B2B9EFE8 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
00:08:41.0376 1052 MozillaMaintenance - ok
00:08:41.0407 1052 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
00:08:41.0439 1052 mpio - ok
00:08:41.0470 1052 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
00:08:41.0563 1052 mpsdrv - ok
00:08:41.0626 1052 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
00:08:41.0735 1052 MpsSvc - ok
00:08:41.0782 1052 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
00:08:41.0813 1052 MRxDAV - ok
00:08:41.0860 1052 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
00:08:41.0875 1052 mrxsmb - ok
00:08:41.0938 1052 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
00:08:41.0969 1052 mrxsmb10 - ok
00:08:41.0985 1052 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
00:08:42.0000 1052 mrxsmb20 - ok
00:08:42.0016 1052 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
00:08:42.0047 1052 msahci - ok
00:08:42.0078 1052 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
00:08:42.0109 1052 msdsm - ok
00:08:42.0125 1052 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
00:08:42.0156 1052 MSDTC - ok
00:08:42.0187 1052 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
00:08:42.0281 1052 Msfs - ok
00:08:42.0312 1052 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
00:08:42.0406 1052 mshidkmdf - ok
00:08:42.0437 1052 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
00:08:42.0468 1052 msisadrv - ok
00:08:42.0499 1052 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
00:08:42.0593 1052 MSiSCSI - ok
00:08:42.0609 1052 msiserver - ok
00:08:42.0655 1052 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
00:08:42.0733 1052 MSKSSRV - ok
00:08:42.0749 1052 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
00:08:42.0827 1052 MSPCLOCK - ok
00:08:42.0843 1052 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
00:08:42.0921 1052 MSPQM - ok
00:08:42.0967 1052 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
00:08:42.0999 1052 MsRPC - ok
00:08:43.0045 1052 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
00:08:43.0061 1052 mssmbios - ok
00:08:43.0092 1052 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
00:08:43.0170 1052 MSTEE - ok
00:08:43.0201 1052 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
00:08:43.0217 1052 MTConfig - ok
00:08:43.0248 1052 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
00:08:43.0264 1052 Mup - ok
00:08:43.0326 1052 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
00:08:43.0420 1052 napagent - ok
00:08:43.0467 1052 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
00:08:43.0513 1052 NativeWifiP - ok
00:08:43.0576 1052 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
00:08:43.0638 1052 NDIS - ok
00:08:43.0685 1052 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
00:08:43.0763 1052 NdisCap - ok
00:08:43.0794 1052 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
00:08:43.0888 1052 NdisTapi - ok
00:08:43.0919 1052 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
00:08:44.0013 1052 Ndisuio - ok
00:08:44.0059 1052 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
00:08:44.0153 1052 NdisWan - ok
00:08:44.0184 1052 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
00:08:44.0262 1052 NDProxy - ok
00:08:44.0293 1052 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
00:08:44.0371 1052 NetBIOS - ok
00:08:44.0418 1052 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
00:08:44.0496 1052 NetBT - ok
00:08:44.0527 1052 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
00:08:44.0543 1052 Netlogon - ok
00:08:44.0590 1052 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
00:08:44.0683 1052 Netman - ok
00:08:44.0715 1052 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
00:08:44.0808 1052 netprofm - ok
00:08:44.0839 1052 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
00:08:44.0871 1052 NetTcpPortSharing - ok
00:08:44.0902 1052 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
00:08:44.0917 1052 nfrd960 - ok
00:08:44.0964 1052 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
00:08:44.0995 1052 NlaSvc - ok
00:08:45.0011 1052 NOBU - ok
00:08:45.0027 1052 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
00:08:45.0120 1052 Npfs - ok
00:08:45.0151 1052 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
00:08:45.0229 1052 nsi - ok
00:08:45.0261 1052 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
00:08:45.0339 1052 nsiproxy - ok
00:08:45.0432 1052 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
00:08:45.0526 1052 Ntfs - ok
00:08:45.0541 1052 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
00:08:45.0619 1052 Null - ok
00:08:45.0963 1052 [ FBE6AC1C3591CB67543FAD15ABD26BCB ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
00:08:46.0524 1052 nvlddmkm - ok
00:08:46.0571 1052 [ 680C5BAF7D0190B1485068FC4BA75F1C ] nvpciflt C:\Windows\system32\DRIVERS\nvpciflt.sys
00:08:46.0587 1052 nvpciflt - ok
00:08:46.0618 1052 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
00:08:46.0649 1052 nvraid - ok
00:08:46.0680 1052 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
00:08:46.0711 1052 nvstor - ok
00:08:46.0758 1052 [ 147B0D17255FD796F990CC6F745605C5 ] nvsvc C:\Windows\system32\nvvsvc.exe
00:08:46.0821 1052 nvsvc - ok
00:08:46.0914 1052 [ 812BF9531C827E1D8029843CDDB2B5D6 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
00:08:47.0008 1052 nvUpdatusService - ok
00:08:47.0055 1052 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
00:08:47.0086 1052 nv_agp - ok
00:08:47.0148 1052 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
00:08:47.0179 1052 odserv - ok
00:08:47.0226 1052 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
00:08:47.0242 1052 ohci1394 - ok
00:08:47.0304 1052 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
00:08:47.0320 1052 ose - ok
00:08:47.0523 1052 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
00:08:47.0741 1052 osppsvc - ok
00:08:47.0819 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
00:08:47.0866 1052 p2pimsvc - ok
00:08:47.0881 1052 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
00:08:47.0928 1052 p2psvc - ok
00:08:47.0959 1052 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
00:08:47.0991 1052 Parport - ok
00:08:48.0037 1052 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
00:08:48.0053 1052 partmgr - ok
00:08:48.0084 1052 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
00:08:48.0131 1052 PcaSvc - ok
00:08:48.0178 1052 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
00:08:48.0193 1052 pci - ok
00:08:48.0240 1052 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
00:08:48.0256 1052 pciide - ok
00:08:48.0303 1052 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
00:08:48.0318 1052 pcmcia - ok
00:08:48.0349 1052 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
00:08:48.0381 1052 pcw - ok
00:08:48.0396 1052 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
00:08:48.0505 1052 PEAUTH - ok
00:08:48.0599 1052 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
00:08:48.0630 1052 PerfHost - ok
00:08:48.0693 1052 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
00:08:48.0817 1052 pla - ok
00:08:48.0880 1052 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
00:08:48.0911 1052 PlugPlay - ok
00:08:48.0958 1052 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
00:08:48.0973 1052 PNRPAutoReg - ok
00:08:49.0005 1052 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
00:08:49.0036 1052 PNRPsvc - ok
00:08:49.0083 1052 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
00:08:49.0176 1052 PolicyAgent - ok
00:08:49.0207 1052 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
00:08:49.0301 1052 Power - ok
00:08:49.0348 1052 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
00:08:49.0441 1052 PptpMiniport - ok
00:08:49.0488 1052 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
00:08:49.0504 1052 Processor - ok
00:08:49.0535 1052 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
00:08:49.0566 1052 ProfSvc - ok
00:08:49.0597 1052 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
00:08:49.0613 1052 ProtectedStorage - ok
00:08:49.0675 1052 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
00:08:49.0753 1052 Psched - ok
00:08:49.0831 1052 [ 87B04878A6D59D6C79251DC960C674C1 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
00:08:49.0847 1052 PxHlpa64 - ok
00:08:49.0894 1052 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
00:08:49.0972 1052 ql2300 - ok
00:08:50.0019 1052 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
00:08:50.0034 1052 ql40xx - ok
00:08:50.0065 1052 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
00:08:50.0112 1052 QWAVE - ok
00:08:50.0128 1052 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
00:08:50.0175 1052 QWAVEdrv - ok
00:08:50.0190 1052 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
00:08:50.0284 1052 RasAcd - ok
00:08:50.0331 1052 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
00:08:50.0409 1052 RasAgileVpn - ok
00:08:50.0440 1052 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
00:08:50.0533 1052 RasAuto - ok
00:08:50.0580 1052 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
00:08:50.0674 1052 Rasl2tp - ok
00:08:50.0736 1052 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
00:08:50.0830 1052 RasMan - ok
00:08:50.0861 1052 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
00:08:50.0939 1052 RasPppoe - ok
00:08:50.0970 1052 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
00:08:51.0048 1052 RasSstp - ok
00:08:51.0095 1052 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
00:08:51.0189 1052 rdbss - ok
00:08:51.0204 1052 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
00:08:51.0235 1052 rdpbus - ok
00:08:51.0235 1052 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
00:08:51.0313 1052 RDPCDD - ok
00:08:51.0360 1052 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
00:08:51.0454 1052 RDPENCDD - ok
00:08:51.0469 1052 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
00:08:51.0563 1052 RDPREFMP - ok
00:08:51.0594 1052 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
00:08:51.0625 1052 RDPWD - ok
00:08:51.0672 1052 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
00:08:51.0703 1052 rdyboost - ok
00:08:51.0735 1052 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
00:08:51.0828 1052 RemoteAccess - ok
00:08:51.0844 1052 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
00:08:51.0953 1052 RemoteRegistry - ok
00:08:52.0000 1052 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
00:08:52.0031 1052 RFCOMM - ok
00:08:52.0047 1052 RichVideo - ok
00:08:52.0093 1052 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
00:08:52.0187 1052 RpcEptMapper - ok
00:08:52.0234 1052 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
00:08:52.0265 1052 RpcLocator - ok
00:08:52.0312 1052 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
00:08:52.0405 1052 RpcSs - ok
00:08:52.0437 1052 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
00:08:52.0530 1052 rspndr - ok
00:08:52.0561 1052 [ BFE0EF0C4C15820698F50AD73AF5E35F ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
00:08:52.0608 1052 RTL8167 - ok
00:08:52.0671 1052 [ 4CA0DBA9E224473D664C25E411F5A3BD ] rtport C:\Windows\SysWOW64\drivers\rtport.sys
00:08:52.0702 1052 rtport - ok
00:08:52.0717 1052 [ 62DB6CC4B0818F1B5F3441241B098F12 ] SABI C:\Windows\system32\Drivers\SABI.sys
00:08:52.0749 1052 SABI - ok
00:08:52.0764 1052 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
00:08:52.0780 1052 SamSs - ok
00:08:52.0811 1052 [ D641337B75B9A9D5AE10687AA1097755 ] Samsung UPD Service C:\Windows\System32\SUPDSvc.exe
00:08:52.0842 1052 Samsung UPD Service - ok
00:08:52.0873 1052 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
00:08:52.0905 1052 sbp2port - ok
00:08:52.0936 1052 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
00:08:53.0029 1052 SCardSvr - ok
00:08:53.0061 1052 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
00:08:53.0139 1052 scfilter - ok
00:08:53.0201 1052 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
00:08:53.0295 1052 Schedule - ok
00:08:53.0341 1052 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
00:08:53.0419 1052 SCPolicySvc - ok
00:08:53.0466 1052 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
00:08:53.0497 1052 SDRSVC - ok
00:08:53.0529 1052 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
00:08:53.0622 1052 secdrv - ok
00:08:53.0653 1052 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
00:08:53.0747 1052 seclogon - ok
00:08:53.0778 1052 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
00:08:53.0872 1052 SENS - ok
00:08:53.0887 1052 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
00:08:53.0919 1052 SensrSvc - ok
00:08:53.0950 1052 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
00:08:53.0981 1052 Serenum - ok
00:08:53.0997 1052 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
00:08:54.0028 1052 Serial - ok
00:08:54.0090 1052 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
00:08:54.0121 1052 sermouse - ok
00:08:54.0168 1052 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
00:08:54.0262 1052 SessionEnv - ok
00:08:54.0293 1052 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
00:08:54.0324 1052 sffdisk - ok
00:08:54.0340 1052 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
00:08:54.0355 1052 sffp_mmc - ok
00:08:54.0371 1052 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
00:08:54.0402 1052 sffp_sd - ok
00:08:54.0433 1052 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
00:08:54.0449 1052 sfloppy - ok
00:08:54.0496 1052 [ A40ABFDCB75F835FDF3CE0CC64E4250D ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
00:08:54.0543 1052 Sftfs - ok
00:08:54.0574 1052 sftlist - ok
00:08:54.0621 1052 [ 411769ED1CB12D2B44217734347BDB7A ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
00:08:54.0652 1052 Sftplay - ok
00:08:54.0667 1052 [ A14D0DF34BBB00EA94DA16193D0C7957 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
00:08:54.0683 1052 Sftredir - ok
00:08:54.0699 1052 [ 393B22ADDD89979EB1C60898F51C3648 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
00:08:54.0714 1052 Sftvol - ok
00:08:54.0714 1052 sftvsa - ok
00:08:54.0777 1052 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
00:08:54.0870 1052 SharedAccess - ok
00:08:54.0917 1052 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
00:08:55.0026 1052 ShellHWDetection - ok
00:08:55.0057 1052 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
00:08:55.0073 1052 SiSRaid2 - ok
00:08:55.0104 1052 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
00:08:55.0135 1052 SiSRaid4 - ok
00:08:55.0213 1052 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
00:08:55.0229 1052 SkypeUpdate - ok
00:08:55.0260 1052 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
00:08:55.0354 1052 Smb - ok
00:08:55.0401 1052 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
00:08:55.0432 1052 SNMPTRAP - ok
00:08:55.0463 1052 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
00:08:55.0479 1052 spldr - ok
00:08:55.0525 1052 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
00:08:55.0572 1052 Spooler - ok
00:08:55.0681 1052 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
00:08:55.0853 1052 sppsvc - ok
00:08:55.0869 1052 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
00:08:55.0962 1052 sppuinotify - ok
00:08:55.0993 1052 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
00:08:56.0025 1052 srv - ok
00:08:56.0056 1052 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
00:08:56.0087 1052 srv2 - ok
00:08:56.0103 1052 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
00:08:56.0134 1052 srvnet - ok
00:08:56.0165 1052 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
00:08:56.0259 1052 SSDPSRV - ok
00:08:56.0274 1052 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
00:08:56.0352 1052 SstpSvc - ok
00:08:56.0383 1052 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
00:08:56.0399 1052 stexstor - ok
00:08:56.0446 1052 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
00:08:56.0461 1052 StillCam - ok
00:08:56.0524 1052 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
00:08:56.0586 1052 stisvc - ok
00:08:56.0633 1052 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
00:08:56.0649 1052 swenum - ok
00:08:56.0695 1052 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
00:08:56.0789 1052 swprv - ok
00:08:56.0867 1052 [ 14FEB5052837D9277520088DCE549036 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
00:08:56.0945 1052 SynTP - ok
00:08:57.0023 1052 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
00:08:57.0101 1052 SysMain - ok
00:08:57.0148 1052 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
00:08:57.0179 1052 TabletInputService - ok
00:08:57.0241 1052 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
00:08:57.0319 1052 TapiSrv - ok
00:08:57.0351 1052 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
00:08:57.0444 1052 TBS - ok
00:08:57.0522 1052 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
00:08:57.0616 1052 Tcpip - ok
00:08:57.0694 1052 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
00:08:57.0787 1052 TCPIP6 - ok
00:08:57.0834 1052 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
00:08:57.0850 1052 tcpipreg - ok
00:08:57.0897 1052 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
00:08:57.0928 1052 TDPIPE - ok
00:08:57.0959 1052 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
00:08:57.0990 1052 TDTCP - ok
00:08:58.0037 1052 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
00:08:58.0131 1052 tdx - ok
00:08:58.0146 1052 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
00:08:58.0162 1052 TermDD - ok
00:08:58.0209 1052 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
00:08:58.0302 1052 TermService - ok
00:08:58.0333 1052 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
00:08:58.0365 1052 Themes - ok
00:08:58.0380 1052 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
00:08:58.0474 1052 THREADORDER - ok
00:08:58.0489 1052 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
00:08:58.0567 1052 TrkWks - ok
00:08:58.0630 1052 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
00:08:58.0708 1052 TrustedInstaller - ok
00:08:58.0755 1052 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
00:08:58.0833 1052 tssecsrv - ok
00:08:58.0864 1052 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
00:08:58.0895 1052 TsUsbFlt - ok
00:08:58.0942 1052 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
00:08:59.0035 1052 tunnel - ok
00:08:59.0067 1052 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
00:08:59.0082 1052 uagp35 - ok
00:08:59.0129 1052 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
00:08:59.0223 1052 udfs - ok
00:08:59.0254 1052 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
00:08:59.0285 1052 UI0Detect - ok
00:08:59.0316 1052 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
00:08:59.0347 1052 uliagpkx - ok
00:08:59.0379 1052 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
00:08:59.0394 1052 umbus - ok
00:08:59.0425 1052 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
00:08:59.0457 1052 UmPass - ok
00:08:59.0457 1052 UNS - ok
00:08:59.0488 1052 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
00:08:59.0597 1052 upnphost - ok
00:08:59.0628 1052 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
00:08:59.0659 1052 USBAAPL64 - ok
00:08:59.0691 1052 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
00:08:59.0722 1052 usbccgp - ok
00:08:59.0769 1052 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
00:08:59.0800 1052 usbcir - ok
00:08:59.0815 1052 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
00:08:59.0847 1052 usbehci - ok
00:08:59.0878 1052 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
00:08:59.0909 1052 usbhub - ok
00:08:59.0940 1052 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
00:08:59.0971 1052 usbohci - ok
00:09:00.0003 1052 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
00:09:00.0034 1052 usbprint - ok
00:09:00.0065 1052 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
00:09:00.0096 1052 USBSTOR - ok
00:09:00.0096 1052 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
00:09:00.0127 1052 usbuhci - ok
00:09:00.0174 1052 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
00:09:00.0205 1052 usbvideo - ok
00:09:00.0221 1052 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
00:09:00.0330 1052 UxSms - ok
00:09:00.0330 1052 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
00:09:00.0361 1052 VaultSvc - ok
00:09:00.0408 1052 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
00:09:00.0439 1052 vdrvroot - ok
00:09:00.0502 1052 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
00:09:00.0595 1052 vds - ok
00:09:00.0627 1052 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
00:09:00.0658 1052 vga - ok
00:09:00.0673 1052 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
00:09:00.0767 1052 VgaSave - ok
00:09:00.0798 1052 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
00:09:00.0829 1052 vhdmp - ok
00:09:00.0861 1052 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
00:09:00.0892 1052 viaide - ok
00:09:00.0939 1052 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
00:09:00.0970 1052 volmgr - ok
00:09:01.0001 1052 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
00:09:01.0048 1052 volmgrx - ok
00:09:01.0095 1052 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
00:09:01.0126 1052 volsnap - ok
00:09:01.0157 1052 vpnagent - ok
00:09:01.0204 1052 [ E526A69D932538AE8BC96B3F4A5A90B1 ] vpnva C:\Windows\system32\DRIVERS\vpnva64.sys
00:09:01.0219 1052 vpnva - ok
00:09:01.0251 1052 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
00:09:01.0282 1052 vsmraid - ok
00:09:01.0360 1052 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
00:09:01.0485 1052 VSS - ok
00:09:01.0500 1052 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
00:09:01.0547 1052 vwifibus - ok
00:09:01.0563 1052 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
00:09:01.0609 1052 vwififlt - ok
00:09:01.0641 1052 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
00:09:01.0734 1052 W32Time - ok
00:09:01.0750 1052 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
00:09:01.0781 1052 WacomPen - ok
00:09:01.0828 1052 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
00:09:01.0906 1052 WANARP - ok
00:09:01.0906 1052 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
00:09:01.0999 1052 Wanarpv6 - ok
00:09:02.0062 1052 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
00:09:02.0140 1052 WatAdminSvc - ok
00:09:02.0202 1052 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
00:09:02.0280 1052 wbengine - ok
00:09:02.0311 1052 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
00:09:02.0343 1052 WbioSrvc - ok
00:09:02.0389 1052 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
00:09:02.0452 1052 wcncsvc - ok
00:09:02.0467 1052 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
00:09:02.0499 1052 WcsPlugInService - ok
00:09:02.0530 1052 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
00:09:02.0545 1052 Wd - ok
00:09:02.0592 1052 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
00:09:02.0639 1052 Wdf01000 - ok
00:09:02.0655 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
00:09:02.0701 1052 WdiServiceHost - ok
00:09:02.0717 1052 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
00:09:02.0748 1052 WdiSystemHost - ok
00:09:02.0795 1052 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
00:09:02.0842 1052 WebClient - ok
00:09:02.0873 1052 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
00:09:02.0967 1052 Wecsvc - ok
00:09:02.0982 1052 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
00:09:03.0076 1052 wercplsupport - ok
00:09:03.0107 1052 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
00:09:03.0201 1052 WerSvc - ok
00:09:03.0232 1052 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
00:09:03.0325 1052 WfpLwf - ok
00:09:03.0357 1052 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
00:09:03.0372 1052 WIMMount - ok
00:09:03.0403 1052 WinDefend - ok
00:09:03.0403 1052 WinHttpAutoProxySvc - ok
00:09:03.0481 1052 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
00:09:03.0575 1052 Winmgmt - ok
00:09:03.0669 1052 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
00:09:03.0793 1052 WinRM - ok
00:09:03.0871 1052 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
00:09:03.0903 1052 WinUsb - ok
00:09:03.0965 1052 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
00:09:04.0027 1052 Wlansvc - ok
00:09:04.0090 1052 [ 06C8FA1CF39DE6A735B54D906BA791C6 ] wlcrasvc C:\Program Files\Windows Live\Mesh\wlcrasvc.exe
00:09:04.0105 1052 wlcrasvc - ok
00:09:04.0246 1052 [ 7E47C328FC4768CB8BEAFBCFAFA70362 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
00:09:04.0355 1052 wlidsvc - ok
00:09:04.0386 1052 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
00:09:04.0417 1052 WmiAcpi - ok
00:09:04.0449 1052 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
00:09:04.0480 1052 wmiApSrv - ok
00:09:04.0527 1052 WMPNetworkSvc - ok
00:09:04.0558 1052 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
00:09:04.0589 1052 WPCSvc - ok
00:09:04.0620 1052 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
00:09:04.0651 1052 WPDBusEnum - ok
00:09:04.0683 1052 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
00:09:04.0761 1052 ws2ifsl - ok
00:09:04.0776 1052 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
00:09:04.0823 1052 wscsvc - ok
00:09:04.0823 1052 WSearch - ok
00:09:04.0917 1052 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
00:09:05.0041 1052 wuauserv - ok
00:09:05.0073 1052 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
00:09:05.0104 1052 WudfPf - ok
00:09:05.0135 1052 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
00:09:05.0166 1052 WUDFRd - ok
00:09:05.0213 1052 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
00:09:05.0244 1052 wudfsvc - ok
00:09:05.0275 1052 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
00:09:05.0322 1052 WwanSvc - ok
00:09:05.0353 1052 ================ Scan global ===============================
00:09:05.0385 1052 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
00:09:05.0416 1052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:09:05.0431 1052 [ F46BBAAC1C4980F4D0DD463F190A42D3 ] C:\Windows\system32\winsrv.dll
00:09:05.0463 1052 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
00:09:05.0478 1052 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
00:09:05.0494 1052 [Global] - ok
00:09:05.0494 1052 ================ Scan MBR ==================================
00:09:05.0494 1052 [ 2E5DEBB2116B3417023E0D6562D7ED07 ] \Device\Harddisk0\DR0
00:09:06.0087 1052 \Device\Harddisk0\DR0 - ok
00:09:06.0087 1052 ================ Scan VBR ==================================
00:09:06.0087 1052 [ 0785D9AF30764A5D86006B02EF3F87DA ] \Device\Harddisk0\DR0\Partition1
00:09:06.0087 1052 \Device\Harddisk0\DR0\Partition1 - ok
00:09:06.0118 1052 [ DC01737EC758FF100747BD6849E5AFBE ] \Device\Harddisk0\DR0\Partition2
00:09:06.0118 1052 \Device\Harddisk0\DR0\Partition2 - ok
00:09:06.0149 1052 [ 320993F79482A86372FC88B1F901B5CE ] \Device\Harddisk0\DR0\Partition3
00:09:06.0149 1052 \Device\Harddisk0\DR0\Partition3 - ok
00:09:06.0149 1052 ============================================================
00:09:06.0149 1052 Scan finished
00:09:06.0149 1052 ============================================================
00:09:06.0165 4928 Detected object count: 0
00:09:06.0165 4928 Actual detected object count: 0
|
|
06.12.2012, 00:22
| #15 | |
| /// Malware-holic | Google öffnet falsche Seiten Fein. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Google öffnet falsche Seiten |
| aktiviert, avira, browser, deaktiviert, einstellungen, falsche, falsche seiten, firefox, google, lösen, nicht mehr, problem, schei, seite, seiten, seltsame, seltsamen, sicherheitscenter, sonntag, versuch, versucht, weitergeleitet, windows, öffnen, öffnet |
Linear-Darstellung
