|
Log-Analyse und Auswertung: Browser öffnet eigenständig WerbefensterWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
16.12.2012, 20:53 | #1 |
| Browser öffnet eigenständig Werbefenster Hallo liebe Leute, ich habe folgendes Problem: mein Browser (Firefox 13.0.1 unter Windows 7, 32-bit) öffnet wie wild Werbefenster (z.B www.planet49.com, World of Tanks Werbung, survey.nuggad.net etc.)auch wenn ich nicht surfe, bzw. auch wenn ich garnicht am Comuter arbeite. Auch spinnt mein Touchpad ziemlich häufig rum, ich vermute aber dass letzteres mit dem Virus nichts zu tun hat und eher auf Altersschwäche zurückzuführen ist. Weder Malwarebytes noch avira antivir haben bisher was finden können. Auch habe ich HijackThis einen logfile erstellen und automatisch auswerten lassen, die auch nichts auffälliges zutage gebracht hat. Habe aber jetzt gelesen, dass HijackThis bei Windows 7 nicht so dolle sein soll und automat. Auswertungen eh nichts bringen. Daher hier nun die OTL und Gmer-Auswertung entsprechend eurer Anleitung. Habe Komm ich noch um ne komplette Neuinstallation herum oder bin ich schon böse infiziert? Ich hoffe ihr könnt mir helfen und ich habe alle wichtigen Infos angegeben. Vielen Dank schon mal und viele Grüße spzle gmer.log: ---- System - GMER 1.0.15 ---- SSDT 8B6C831E ZwCreateSection SSDT 8B6C8328 ZwRequestWaitReplyPort SSDT 8B6C8323 ZwSetContextThread SSDT 8B6C832D ZwSetSecurityObject SSDT 8B6C8332 ZwSystemDebugControl SSDT 8B6C82BF ZwTerminateProcess ---- Kernel code sections - GMER 1.0.15 ---- .text ntkrnlpa.exe!ZwRollbackEnlistment + 140D 81E44A49 1 Byte [06] .text ntkrnlpa.exe!KiDispatchInterrupt + 5A2 81E7E4D2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3} .text ntkrnlpa.exe!KeRemoveQueueEx + 11F7 81E8562C 4 Bytes [1E, 83, 6C, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 1553 81E85988 4 Bytes [28, 83, 6C, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 1597 81E859CC 4 Bytes [23, 83, 6C, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 1613 81E85A48 4 Bytes [2D, 83, 6C, 8B] .text ntkrnlpa.exe!KeRemoveQueueEx + 1667 81E85A9C 4 Bytes [32, 83, 6C, 8B] .text ... .text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x8BA06000, 0x23097E, 0xE8000020] ---- Devices - GMER 1.0.15 ---- AttachedDevice \Driver\kbdclass \Device\KeyboardClass0 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) AttachedDevice \Driver\kbdclass \Device\KeyboardClass1 Wdf01000.sys (Kernelmodustreiber-Frameworklaufzeit/Microsoft Corporation) Device \Driver\ACPI_HAL \Device\00000053 halmacpi.dll (Hardware Abstraction Layer DLL/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume1 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume2 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) AttachedDevice \Driver\volmgr \Device\HarddiskVolume3 fvevol.sys (BitLocker Drive Encryption Driver/Microsoft Corporation) ---- EOF - GMER 1.0.15 ---- otl.txt: OTL logfile created on: 16.12.2012 18:14:53 - Run 1 OTL by Oldtimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 67,57% Memory free 3,75 Gb Paging File | 2,59 Gb Available in Paging File | 69,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,96 Gb Total Space | 5,56 Gb Free Space | 18,55% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 70,02 Gb Free Space | 44,81% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.12.16 17:45:31 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe PRC - [2012.12.16 15:45:25 | 000,602,112 | ---- | M] (Old***er Tools) -- C:\Users\***\Downloads\OTL.exe PRC - [2012.10.04 15:57:58 | 000,271,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\conhost.exe PRC - [2012.08.08 13:54:51 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe PRC - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.05.24 19:39:22 | 027,112,840 | ---- | M] (Dropbox, Inc.) -- C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe PRC - [2012.05.08 18:02:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe PRC - [2012.05.08 18:01:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe PRC - [2012.05.08 18:01:59 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files\Avira\AntiVir Desktop\avshadow.exe PRC - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe PRC - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.06 20:48:54 | 002,051,880 | ---- | M] (NesterSoft Inc.) -- C:\Program Files\***eLeft3\***eLeft.exe PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe PRC - [2011.01.17 17:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe PRC - [2011.01.17 17:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin PRC - [2010.11.20 13:17:47 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe PRC - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe PRC - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe PRC - [2010.01.08 14:15:24 | 001,118,208 | ---- | M] (Realtek Semiconductor Corp.) -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtWlan.exe PRC - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe PRC - [2009.08.21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe PRC - [2009.08.21 09:29:20 | 000,476,512 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\Power Saver\TPwrMain.exe PRC - [2009.08.05 14:04:54 | 000,738,616 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\FlashCards\TCrdMain.exe PRC - [2009.07.28 14:00:10 | 000,460,088 | ---- | M] (TOSHIBA Corporation) -- C:\Program Files\Toshiba\SmoothView\SmoothView.exe PRC - [2007.05.31 15:21:28 | 000,648,072 | ---- | M] (Microsoft Corporation) -- C:\Windows\WindowsMobile\wmdcBase.exe ========== Modules (No Company Name) ========== MOD - [2012.12.16 17:45:31 | 000,050,477 | ---- | M] () -- C:\Users\***\Downloads\Defogger.exe MOD - [2012.04.10 16:54:14 | 000,985,088 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxml2.dll MOD - [2012.04.10 16:54:14 | 000,170,496 | ---- | M] () -- C:\Program Files\OpenOffice.org 3\program\libxslt.dll MOD - [2009.07.16 15:27:48 | 000,052,536 | ---- | M] () -- C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll MOD - [2009.07.16 15:27:44 | 007,263,544 | ---- | M] () -- C:\Program Files\Toshiba\FlashCards\BlackPng.dll MOD - [2009.03.12 19:08:04 | 000,049,152 | ---- | M] () -- C:\Program Files\Toshiba\PCDiag\NotifyPCD.dll MOD - [2005.04.19 12:53:44 | 000,013,824 | ---- | M] () -- C:\Program Files\***eLeft3\TrayClock.dll ========== Services (SafeList) ========== SRV - [2012.12.12 02:01:37 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012.07.27 21:51:26 | 000,063,960 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.06.18 04:35:57 | 000,113,120 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.05.08 18:02:00 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012.05.08 18:01:59 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2012.03.05 14:08:00 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc) SRV - [2012.02.15 13:30:18 | 000,158,856 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.02.10 10:28:06 | 000,240,408 | ---- | M] (Microsoft Corporation.) [On_Demand | Running] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe -- (BBUpdate) SRV - [2012.02.10 10:28:06 | 000,193,816 | ---- | M] (Microsoft Corporation.) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe -- (BBSvc) SRV - [2011.10.01 08:30:42 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:36 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2010.09.27 10:58:24 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2010.05.20 15:27:24 | 000,139,632 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc) SRV - [2009.12.07 13:49:24 | 000,040,960 | ---- | M] (Realtek) [Auto | Running] -- C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe -- (Realtek87B) SRV - [2009.08.21 09:29:40 | 000,464,224 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV - [2009.07.14 02:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009.07.14 02:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2007.05.31 15:21:24 | 000,379,784 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\wcescomm.dll -- (WcesComm) SRV - [2007.05.31 15:21:18 | 000,183,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Windows\WindowsMobile\rapimgr.dll -- (RapiMgr) ========== Driver Services (SafeList) ========== DRV - [2012.05.08 18:02:00 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012.05.08 18:02:00 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2011.10.01 08:30:42 | 000,019,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftvollh.sys -- (Sftvol) DRV - [2011.10.01 08:30:40 | 000,021,864 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\Sftredirlh.sys -- (Sftredir) DRV - [2011.10.01 08:30:38 | 000,194,408 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftplaylh.sys -- (Sftplay) DRV - [2011.10.01 08:30:36 | 000,579,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\Sftfslh.sys -- (Sftfs) DRV - [2011.09.16 16:08:07 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2010.11.20 13:30:15 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmbus.sys -- (vmbus) DRV - [2010.11.20 13:30:15 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010.11.20 13:30:15 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\storvsc.sys -- (storvsc) DRV - [2010.11.20 11:24:41 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010.11.20 10:59:44 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010.11.20 10:14:45 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010.11.20 10:14:41 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vms3cap.sys -- (s3cap) DRV - [2010.09.27 10:56:00 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2010.05.20 15:27:24 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\nx6000.sys -- (MSHUSBVideo) DRV - [2009.10.08 16:55:33 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2009.07.14 15:28:42 | 000,023,512 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\System32\drivers\TVALZ_O.SYS -- (TVALZ) DRV - [2009.07.14 00:45:33 | 000,083,456 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\serial.sys -- (Serial) DRV - [2009.07.13 23:13:48 | 001,035,776 | ---- | M] (LSI Corp) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\AGRSM.sys -- (AgereSoftModem) DRV - [2009.07.07 07:53:06 | 000,007,680 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\FwLnk.sys -- (FwLnk) DRV - [2009.06.10 13:52:58 | 000,347,648 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\RTL8187B.sys -- (RTL8187B) DRV - [2008.12.01 22:14:34 | 004,179,968 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\atikmdag.sys -- (atikmdag) DRV - [2008.11.16 17:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007.01.18 19:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_***ESTAMP = DB D1 F2 55 68 93 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.update: false FF - prefs.js..extensions.enabledAddons: contextMenuExtension@leo.org:0.3.1 FF - prefs.js..extensions.enabledAddons: {a95d8332-e4b4-6e7f-98ac-20b733364387}:0.6.3 FF - prefs.js..extensions.enabledAddons: {9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}:1.0 FF - prefs.js..network.proxy.type: 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.1: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 14:26:27 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 04:35:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.06.14 14:26:27 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\{9A207F60-3F1C-4ED0-972D-0A4CDFBFF803}: C:\Users\***\AppData\Roaming\13001.023 [2012.07.12 19:08:36 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2012.06.18 04:35:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2012.03.02 23:47:18 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012.05.12 11:32:17 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\27juis64.default\extensions [2012.03.03 18:01:53 | 000,018,789 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\extensions\contextMenuExtension@leo.org.xpi [2012.05.12 11:32:17 | 000,056,640 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\extensions\{a95d8332-e4b4-6e7f-98ac-20b733364387}.xpi [2012.03.03 18:02:12 | 000,001,632 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\27juis64.default\searchplugins\firefox-add-ons.xml [2012.09.30 21:18:56 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\mozilla firefox\extensions [2012.09.30 21:18:56 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012.07.12 19:08:36 | 000,000,000 | ---D | M] (Java Link Helper) -- C:\USERS\***\APPDATA\ROAMING\13001.023 [2012.06.18 04:35:57 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.06.18 04:35:54 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.06.18 04:35:54 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.06.18 04:35:54 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.06.18 04:35:54 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.18 04:35:54 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.18 04:35:54 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [00TCrdMain] C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation) O4 - HKLM..\Run: [SmoothView] C:\Program Files\Toshiba\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TPwrMain] C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE (TOSHIBA Corporation) O4 - HKLM..\Run: [Windows Mobile-based device management] C:\Windows\WindowsMobile\wmdcBase.exe (Microsoft Corporation) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\***eLeft.lnk = C:\Program Files\***eLeft3\***eLeft.exe (NesterSoft Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 8.8.8.8 85.214.73.63 193.189.244.194 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{C8E8A7ED-6150-4553-A1FC-3281FC8DB7F8}: DhcpNameServer = 192.168.220.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D1AA8438-0644-41C9-846B-89EA7E25D191}: DhcpNameServer = 8.8.8.8 85.214.73.63 193.189.244.194 O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012.12.12 01:32:42 | 000,000,000 | ---D | C] -- C:\Users\***\Citrix [4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2012.12.16 18:01:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012.12.16 17:46:13 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012.12.16 13:14:16 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 13:14:16 | 000,014,976 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012.12.16 13:06:06 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2012.12.16 13:05:59 | 1508,081,664 | -HS- | M] () -- C:\hiberfil.sys [2012.12.13 10:26:46 | 000,295,536 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2012.12.12 10:48:10 | 000,029,839 | ---- | M] () -- C:\Users\***\Desktop\Handout Kolloquium kurz.odt [2012.12.12 10:48:09 | 000,000,100 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.Handout Kolloquium kurz.odt# [2012.12.12 10:33:50 | 000,030,144 | ---- | M] () -- C:\Users\***\Desktop\Handout Kolloquium.odt [2012.12.10 11:55:45 | 000,028,326 | ---- | M] () -- C:\Users\***\Desktop\Protokoll 6oder so Figal.odt [2012.12.10 11:55:43 | 000,000,100 | -H-- | M] () -- C:\Users\***\Desktop\.~lock.Protokoll 6oder so Figal.odt# [2012.12.03 11:49:38 | 000,031,744 | ---- | M] () -- C:\Users\***\Desktop\protokoll4odersoFigal.odt [2012.12.01 23:33:49 | 000,227,840 | ---- | M] () -- C:\Users\***\Desktop\Hausarbeit Hauptseminar *** Kiefer 1.12..pdf [2012.11.25 21:30:52 | 000,654,610 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2012.11.25 21:30:52 | 000,616,452 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2012.11.25 21:30:52 | 000,130,192 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2012.11.25 21:30:52 | 000,106,574 | ---- | M] () -- C:\Windows\System32\perfc009.dat [4 C:\Users\***\Desktop\*.tmp files -> C:\Users\***\Desktop\*.tmp -> ] [1 C:\Users\***\AppData\Roaming\*.tmp files -> C:\Users\***\AppData\Roaming\*.tmp -> ] ========== Files Created - No Company Name ========== [2012.12.16 17:46:13 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012.12.12 10:34:07 | 000,000,100 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.Handout Kolloquium kurz.odt# [2012.12.12 10:34:05 | 000,029,839 | ---- | C] () -- C:\Users\***\Desktop\Handout Kolloquium kurz.odt [2012.12.12 03:08:24 | 000,030,144 | ---- | C] () -- C:\Users\***\Desktop\Handout Kolloquium.odt [2012.12.10 11:55:43 | 000,000,100 | -H-- | C] () -- C:\Users\***\Desktop\.~lock.Protokoll 6oder so Figal.odt# [2012.12.10 11:55:41 | 000,028,326 | ---- | C] () -- C:\Users\***\Desktop\Protokoll 6oder so Figal.odt [2012.12.03 11:49:35 | 000,031,744 | ---- | C] () -- C:\Users\***\Desktop\protokoll4odersoFigal.odt [2012.12.01 23:33:49 | 000,227,840 | ---- | C] () -- C:\Users\***\Desktop\Hausarbeit Hauptseminar *** Kiefer 1.12..pdf [2012.08.15 09:05:02 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.08.15 09:05:02 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.07.12 14:22:41 | 000,000,051 | ---- | C] () -- C:\Users\***\AppData\Roaming\blckdom.res [2012.06.14 14:20:25 | 000,256,618 | ---- | C] () -- C:\Windows\hpwins24.dat [2012.06.14 14:20:25 | 000,001,758 | ---- | C] () -- C:\Windows\hpwmdl24.dat [2012.05.24 11:35:31 | 000,081,408 | ---- | C] () -- C:\Windows\cadkasdeinst01.exe [2012.04.15 17:04:15 | 000,000,391 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.03.05 12:17:45 | 000,451,072 | ---- | C] () -- C:\Windows\System32\ISSRemoveSP.exe [2012.03.04 12:27:41 | 000,066,048 | ---- | C] () -- C:\Windows\System32\PrintBrmUi.exe [2012.03.03 17:21:17 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat [2012.03.03 17:21:16 | 000,654,610 | ---- | C] () -- C:\Windows\System32\perfh007.dat [2012.03.03 17:21:16 | 000,130,192 | ---- | C] () -- C:\Windows\System32\perfc007.dat [2012.03.03 17:21:16 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat [2012.03.02 23:38:31 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2011.06.10 06:34:52 | 000,080,416 | ---- | C] () -- C:\Windows\System32\RtNicProp32.dll ========== ZeroAccess Check ========== [2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 02:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both ========== LOP Check ========== [2012.07.12 14:22:53 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.022 [2012.07.12 19:08:36 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\13001.023 [2012.03.30 20:47:12 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Amazon [2012.05.24 11:35:45 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\CAD-KAS [2012.12.16 13:08:01 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Dropbox [2012.11.06 20:23:22 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Foxit Software [2012.07.12 14:22:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\kock [2012.03.14 16:10:48 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Lingo4u [2012.04.08 14:27:51 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\NesterSoft [2012.04.10 21:20:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2012.05.24 12:20:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\pdfforge [2012.12.09 00:57:54 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2012.03.03 15:57:16 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\toshiba [2012.03.03 16:21:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP [2012.07.12 17:59:41 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\UAs [2012.08.03 12:20:00 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Vyeq [2012.03.03 15:10:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\WinBatch [2012.07.12 18:00:13 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\xmldm [2012.08.02 23:34:25 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Zyyf ========== Purity Check ========== < End of report > Extras.txt: OTL Extras logfile created on: 16.12.2012 18:14:53 - Run 1 OTL by Oldtimer - Version 3.2.69.0 Folder = C:\Users\***\Downloads Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 1,87 Gb Total Physical Memory | 1,27 Gb Available Physical Memory | 67,57% Memory free 3,75 Gb Paging File | 2,59 Gb Available in Paging File | 69,25% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 29,96 Gb Total Space | 5,56 Gb Free Space | 18,55% Space Free | Partition Type: NTFS Drive D: | 156,25 Gb Total Space | 70,02 Gb Free Space | 44,81% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- Reg Error: Key error. htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1" inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" () Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" () Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{1B721395-2FB4-484D-A15E-97E6F9923682}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{213F61E1-CB8E-4E65-ABFA-714FF5DE5714}" = lport=990 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{41FB228A-C893-4DF3-8C8E-FA39E88972BB}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{56B76F73-6782-40B2-B16C-F6C16C4A91F2}" = rport=5679 | protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{5862C1BC-E7BC-4AF6-AE9E-6BEC833379CC}" = rport=137 | protocol=17 | dir=out | app=system | "{5EE57062-BB19-4A7B-B6A5-0BC684310FDE}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{603CE5FA-ACCB-4A6C-82D5-C3CC4151970B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | "{6301A82B-C128-4D46-9580-6F07D3089D40}" = lport=2869 | protocol=6 | dir=in | app=system | "{6371E1A9-04D4-4EDF-B663-4EB1FCC40DF0}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{63DFA62F-09C5-4164-A5E0-36FD99B119D1}" = lport=138 | protocol=17 | dir=in | app=system | "{63F357DF-D990-461A-AF31-6FEFD8F89341}" = lport=137 | protocol=17 | dir=in | app=system | "{6834CEA5-03C3-4D5B-B4E3-9A2A0242F909}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | "{6B71C696-CFE9-49CD-912F-6C1E32470842}" = lport=5678 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{6C95A21F-5CB8-4772-B2D7-B30819DE307B}" = lport=53 | protocol=17 | dir=in | name=realtek ap udp prot | "{6D5FCE3F-A889-4FF6-BC17-46C3777D2F2B}" = rport=10243 | protocol=6 | dir=out | app=system | "{7490712B-F5DC-4882-AEE0-498CC87D849E}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{781A106B-8513-47C0-89D0-487189FE8A2B}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{78414D8F-B723-4B3F-A125-C467433E6DDF}" = lport=26675 | protocol=6 | dir=in | name=@%systemroot%\windowsmobile\wmdcbase.exe,-4006 | "{825AF187-4945-4CF9-B391-EF16F2300A48}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | "{903B098F-E24F-41AB-B358-1FBF9362004A}" = rport=445 | protocol=6 | dir=out | app=system | "{9BDDA05E-CA26-4ACE-9A69-EFA3B8C78E69}" = rport=138 | protocol=17 | dir=out | app=system | "{A4D10043-7CAE-4051-9022-9B2DB6257223}" = lport=139 | protocol=6 | dir=in | app=system | "{B32CD4EB-0403-4A82-9E37-3E58861EE9CC}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | "{BF086442-D1E8-46BE-9B8D-D44F74A4DFC4}" = lport=999 | protocol=6 | dir=in | app=%systemroot%\windowsmobile\wmdhost.exe | "{C0EEA53B-984F-484A-A053-78796305B7B2}" = lport=5721 | protocol=6 | dir=in | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{C75289F4-3074-4552-95C8-911629445956}" = lport=445 | protocol=6 | dir=in | app=system | "{C7D77B59-D4EA-43C1-A676-B533934946EF}" = lport=10243 | protocol=6 | dir=in | app=system | "{CEC721C2-4E9A-4A8C-BDA7-BB0D10D4E754}" = rport=139 | protocol=6 | dir=out | app=system | "{D24ADF05-7F37-4E44-9CD8-D3CAB4E5AC1D}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | "{D3EA0074-B0E3-48CB-A72A-2EC09FF4191E}" = lport=1542 | protocol=17 | dir=in | name=realtek wps udp prot | "{E2FCF72A-EEA0-4B27-A600-431D9F924C14}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | "{E7377CE5-835C-4009-A644-AFE6C8CACB15}" = lport=1542 | protocol=6 | dir=in | name=realtek wps tcp prot | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{097CBA45-F2C3-4A9C-B43C-AC4AFBFAD027}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{0A0170F4-CFE9-423B-B6ED-E90F152784BD}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{0FE4E84C-9989-4AFD-8E06-B1187B421435}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | "{12FE2F52-FB89-4038-99EC-1A4B1802BC55}" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | "{15D8C0D0-EA6C-4672-A706-2D3176F0BACF}" = protocol=17 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{1B24A12E-0632-47A0-A1EE-9FBDB6AFDB48}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{1D85734E-E7C2-4AAD-920D-C1EE4855DDEA}" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "{27BDF824-930A-4D18-BBCE-F9056133BD58}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{2CCE02FD-9C73-44DC-BFCD-8C4ED7F9EE5C}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{305C70D9-378E-4917-B16A-4C17C59C808C}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{324E9E28-3534-43BC-913F-2434EFAE97DD}" = protocol=6 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{390A26A6-F8BA-406E-A5C6-3C2EF486EC7A}" = protocol=6 | dir=out | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{3B5D2C09-8516-4190-BD25-CD6DD7B855F1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | "{4FB30A7E-C752-4419-B65C-E95C966BD06E}" = protocol=6 | dir=out | app=system | "{4FD17006-AAE8-4499-9192-7404F090CE47}" = protocol=17 | dir=in | app=c:\program files\realtek\rtl8187b wireless lan utility\rtwlan.exe | "{5A75174A-5F64-446C-85BE-03E446A186BC}" = protocol=6 | dir=in | app=c:\program files\realtek\rtl8187b wireless lan utility\rtwlan.exe | "{60D4E12E-81F4-4D3E-A352-53D4F25AE49D}" = protocol=6 | dir=in | svc=wcescomm | app=%systemroot%\system32\svchost.exe | "{6B380283-CB7B-4032-B21F-19046674B988}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | "{71D55830-1295-43EC-B846-147795479491}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqtra08.exe | "{7375CC45-E1FA-47D7-8305-5C976A715252}" = protocol=17 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{74A067E0-A75C-41B1-945D-C6277EA50D2B}" = protocol=17 | dir=in | app=c:\users\***\appdata\roaming\dropbox\bin\dropbox.exe | "{751C2D6C-835D-45FD-8E6F-857F7932B50E}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | "{82546ED6-2BF0-426E-BD04-529356F79295}" = protocol=6 | dir=out | svc=rapimgr | app=%systemroot%\system32\svchost.exe | "{8307841F-0C2D-4DE1-B697-AC193BEB2968}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{83687304-3567-4999-A4C5-5F411425D4AE}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgplgtupl.exe | "{888F50FE-7028-4AC8-88D3-CCF15D84D855}" = protocol=17 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{91017078-D3BC-414B-A6E8-24FE4D497948}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | "{915362CD-0B05-4BE7-AABD-B9FC4D60FEB5}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgm.exe | "{99A55B8F-1C7F-4D2B-B752-CD638BDA8C0D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{A0751F94-9BB4-45EC-8C36-77930A0FA70E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{B9025920-690C-4054-8E8E-5EC57C3032B3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | "{BB79817B-E8BB-4AF7-9892-EFFDD873F695}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqusgh.exe | "{C400A5BE-9C18-4503-9324-CC11E9DD3308}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{CB2B32E8-6287-461C-85A5-D5EC3D92C60C}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqgpc01.exe | "{D06CDE8C-DD0D-4AFA-B17F-7D39CBFAEF28}" = protocol=6 | dir=in | app=c:\windows\explorer.exe | "{D25C42CF-2BC6-43F4-9ABD-4549A3351A93}" = dir=in | app=c:\program files\hp\hp software update\hpwucli.exe | "{D4A57879-95BC-4C3C-903F-AAB067B7159D}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeexp.exe | "{E4B2532A-C7A6-4769-8304-C6CA5DBA8D63}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifetray.exe | "{E4B5343B-9796-45D5-94A0-A3248AA738D8}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifecam.exe | "{E6649C68-31D4-4472-981B-84C533C6D446}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpqste08.exe | "{E970F939-1FF4-4CD9-AB78-C6D83A589E4E}" = protocol=6 | dir=in | app=c:\program files\microsoft lifecam\lifeenc2.exe | "{ECE448B7-8A4A-4C61-82A0-1EB14C7A1839}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | "{EEC611F9-E112-4993-8B6A-BE3B7891D521}" = protocol=17 | dir=in | app=c:\windows\explorer.exe | "{F0017441-0E75-48C9-9E5A-D857498A6FB3}" = dir=in | app=c:\program files\hp\digital imaging\bin\hpoews01.exe | "{F1537788-FC13-4132-9ACB-4EAC02D00F75}" = dir=in | app=c:\program files\hp\digital imaging\bin\hposid01.exe | "{F3CCA3E8-8F3E-446A-AE83-E8BD8FE77F6E}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | "{FB959F32-7EB0-4EE3-A169-A54D366A261D}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | "{FDD2A394-FC54-4079-94AA-EAC5C5B66117}" = dir=in | app=c:\program files\hp\digital imaging\smart web printing\smartwebprintexe.exe | "TCP Query User{A476C675-36F8-4731-A20C-8C99C934BE89}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe | "UDP Query User{A856CB67-0E88-4513-BCEB-A14D39C725F6}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator "{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant "{097CDB1E-07C9-40F1-9972-F0F9F3A287E4}" = Network "{1458BB78-1DC5-4BC0-B9A3-2B644F5A8105}" = DeviceDiscovery "{150B6201-E9E6-4DFB-960E-CCBD53FBDDED}" = HPProductAssistant "{1CE60928-8325-49A8-8B06-633E48DD2B67}" = Cisco Systems VPN Client 5.0.07.0410 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{26A24AE4-039D-4CA4-87B4-2F83216035FF}" = Java(TM) 6 Update 35 "{2883F6F5-0509-43F3-868C-D50330DD9DD3}" = TOSHIBA Hardware Setup "{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth "{292F0F52-B62D-4E71-921B-89A682402201}" = Toolbox "{2EFA4E4C-7B5F-48F7-A1C0-1AA882B7A9C3}" = HP Update "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3EC62F67-DDFA-434C-9610-1FDF71B8F1D4}" = BPDSoftware_Ini "{401879D1-AC26-43CD-BDDE-E0D5D5608083}" = TOSHIBA Supervisor Password "{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3 "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{5230AAA6-C417-47CA-8028-EF8133B984A6}" = 6000E609a "{5B025634-7D5B-4B8D-BE2A-7943C1CF2D5D}" = Status "{5FC7AB5C-61FC-42DF-A923-5139BCF10D42}" = Microsoft LifeCam "{71CEED82-6D60-4DB7-A351-3564A87F7C96}" = 6000E609_eDocs "{7791308C-85FB-43B9-93F2-7DE9CB7D5C4A}" = HP Officejet 6000 E609 Series "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8EE94FD8-5F52-4463-A340-185D16328158}" = WebReg "{8FF6F5CA-4E30-4E3B-B951-204CAAA2716A}" = SmartWebPrinting "{90140000-006D-0407-0000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010 "{90140011-0061-0407-0000-0000000FF1CE}" = Microsoft Office Home and Student 2010 - Deutsch "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{A80FA752-C491-4ED9-ABF0-4278563160B2}" = 32 Bit HP CIO Components Installer "{AC35A885-0F8F-4857-B7DA-6E8DFB43E6B3}" = HPSSupply "{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.4) - Deutsch "{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation "{BB3447F6-9553-4AA9-960E-0DB5310C5779}" = GPBaseService2 "{BC5DD87B-0143-4D14-AAE6-97109614DC6B}" = SolutionCenter "{BE686891-3C56-4714-AFEF-341A7867BA80}" = REALTEK Wireless LAN Driver and Utility "{C809442E-31F0-418C-A929-74453B741A7B}" = ProductContext "{CBE7EB3D-FBD9-4c74-8156-082D055C0354}" = BPDSoftware "{CD31E63D-47FD-491C-8117-CF201D0AFAB5}" = TrayApp "{D360FA88-17C8-4F14-B67F-13AAF9607B12}" = MarketResearch "{D6C3C9E7-D334-4918-BD57-5B1EF14C207D}" = Bing Bar "{EE7257A2-39A2-4D2F-9DAC-F9F25B8AE1D8}" = Skype™ 5.8 "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F4BD608A-8296-43DA-A400-1E8432AB1304}" = 6000E609_Help "{FA0FF682-CC70-4C57-93CD-E276F3E7537E}" = BufferChm "{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "7-Zip" = 7-Zip 9.20 "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.9 "Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.9 "Audiograbber" = Audiograbber 1.83 SE "Audiograbber-Lame" = Audiograbber MP3-Plugin "Avira AntiVir Desktop" = Avira Free Antivirus "Foxit Reader_is1" = Foxit Reader 5.1 "HP Imaging Device Functions" = HP Imaging Device Functions 14.0 "HP Smart Web Printing" = HP Smart Web Printing 4.60 "HP Solution Center & Imaging Support Tools" = HP Solution Center 14.0 "HPExtendedCapabilities" = HP Customer Participation Program 14.0 "InstallShield_{FEDD27A0-B306-45EF-BF58-B527406B42C8}" = TOSHIBA Value Added Package "ISRF2_15_676852" = Interaktive Sprachreise - Français Sprachkurs 2 "LingoPad_is1" = LingoPad 2.5.1 (Build 325) "Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.65.1.1000 "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Mozilla Firefox 13.0.1 (x86 de)" = Mozilla Firefox 13.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.Click2Run" = Microsoft Office Klick-und-Los 2010 "PDF Editor 3" = PDF Editor 3 "Shop for HP Supplies" = Shop for HP Supplies "SynTPDeinstKey" = Synaptics Pointing Device Driver "***ELEFT3_is1" = ***eLeft "VLC media player" = VLC media player 2.0.1 ========== HKEY_CURRENT_USER Uninstall List ========== [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Dropbox" = Dropbox ========== Last 20 Event Log Errors ========== [ Application Events ] Error - 10.12.2012 11:20:36 | Computer Name = ***-PC | Source = CVHSVC | ID = 100 Description = Nur zur Information. (Patch task for {90140011-0061-0407-0000-0000000FF1CE}): DownloadLatest Failed: Das Zeitlimit für den Vorgang wurde erreicht. Error - 10.12.2012 19:47:27 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 11.12.2012 22:02:09 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 12.12.2012 19:50:51 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 13.12.2012 12:00:53 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 14.12.2012 11:36:30 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 14.12.2012 21:55:08 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 15.12.2012 19:07:47 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 16.12.2012 08:12:12 | Computer Name = ***-PC | Source = MsiInstaller | ID = 11316 Description = Error - 16.12.2012 11:04:44 | Computer Name = ***-PC | Source = Application Hang | ID = 1002 Description = Programm OTL.exe, Version 3.2.69.0 kann nicht mehr unter Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem zu suchen. Prozess-ID: f88 Startzeit: 01cddb9c1f89f222 Endzeit: 10 Anwendungspfad: C:\Users\***\Downloads\OTL.exe Berichts-ID: [ System Events ] Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102 Description = Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 24.07.2012 10:29:05 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102 Description = Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 24.07.2012 10:37:11 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = PNRPSvc | ID = 102 Description = Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7023 Description = Der Dienst "Peer Name Resolution-Protokoll" wurde mit folgendem Fehler beendet: %%-2140993535 Error - 24.07.2012 10:37:27 | Computer Name = ***-PC | Source = Service Control Manager | ID = 7001 Description = Der Dienst "Peernetzwerk-Gruppenzuordnung" ist vom Dienst "Peer Name Resolution-Protokoll" abhängig, der aufgrund folgenden Fehlers nicht gestartet wurde: %%-2140993535 Error - 25.07.2012 05:42:51 | Computer Name = ***-PC | Source = EventLog | ID = 6008 Description = Das System wurde zuvor am ?25.?07.?2012 um 11:41:55 unerwartet heruntergefahren. < End of report > |
16.12.2012, 20:56 | #2 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster Hi,
__________________download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten der pc muss neu aufgesetzt und dann abgesichert werden
__________________ |
16.12.2012, 21:19 | #3 |
| Browser öffnet eigenständig Werbefenster Hi,
__________________danke für die Antwort. Hier der TDSS Killer Report: 21:13:40.0883 4692 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 21:13:40.0914 4692 ============================================================ 21:13:40.0914 4692 Current date / ***e: 2012/12/16 21:13:40.0914 21:13:40.0914 4692 SystemInfo: 21:13:40.0914 4692 21:13:40.0914 4692 OS Version: 6.1.7601 ServicePack: 1.0 21:13:40.0914 4692 Product type: Workstation 21:13:40.0914 4692 ComputerName: ***-PC 21:13:40.0914 4692 UserName: *** 21:13:40.0914 4692 Windows directory: C:\Windows 21:13:40.0914 4692 System windows directory: C:\Windows 21:13:40.0914 4692 Processor architecture: Intel x86 21:13:40.0914 4692 Number of processors: 2 21:13:40.0914 4692 Page size: 0x1000 21:13:40.0914 4692 Boot type: Normal boot 21:13:40.0914 4692 ============================================================ 21:13:42.0177 4692 Drive \Device\Harddisk0\DR0 - Size: 0x2E93E36000 (186.31 Gb), SectorSize: 0x200, Cylinders: 0x5F01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 21:13:42.0193 4692 ============================================================ 21:13:42.0193 4692 \Device\Harddisk0\DR0: 21:13:42.0193 4692 MBR partitions: 21:13:42.0193 4692 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 21:13:42.0193 4692 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x3BEC800 21:13:42.0193 4692 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x3C1F000, BlocksNum 0x1387F800 21:13:42.0193 4692 ============================================================ 21:13:42.0209 4692 C: <-> \Device\Harddisk0\DR0\Partition2 21:13:42.0255 4692 D: <-> \Device\Harddisk0\DR0\Partition3 21:13:42.0255 4692 ============================================================ 21:13:42.0255 4692 Initialize success 21:13:42.0255 4692 ============================================================ 21:13:54.0923 2356 ============================================================ 21:13:54.0923 2356 Scan started 21:13:54.0923 2356 Mode: Manual; SigCheck; TDLFS; 21:13:54.0923 2356 ============================================================ 21:13:56.0046 2356 ================ Scan system memory ======================== 21:13:56.0046 2356 System memory - ok 21:13:56.0046 2356 ================ Scan services ============================= 21:13:56.0280 2356 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 21:13:56.0373 2356 1394ohci - ok 21:13:56.0451 2356 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 21:13:56.0467 2356 ACPI - ok 21:13:56.0498 2356 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 21:13:56.0561 2356 AcpiPmi - ok 21:13:56.0717 2356 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 21:13:56.0732 2356 AdobeARMservice - ok 21:13:56.0795 2356 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 21:13:56.0810 2356 AdobeFlashPlayerUpdateSvc - ok 21:13:56.0857 2356 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 21:13:56.0888 2356 adp94xx - ok 21:13:56.0935 2356 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 21:13:56.0951 2356 adpahci - ok 21:13:56.0966 2356 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 21:13:56.0982 2356 adpu320 - ok 21:13:57.0013 2356 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 21:13:57.0107 2356 AeLookupSvc - ok 21:13:57.0169 2356 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 21:13:57.0247 2356 AFD - ok 21:13:57.0356 2356 [ 7E10E3BB9B258AD8A9300F91214D67B9 ] AgereSoftModem C:\Windows\system32\DRIVERS\AGRSM.sys 21:13:57.0512 2356 AgereSoftModem - ok 21:13:57.0543 2356 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 21:13:57.0559 2356 agp440 - ok 21:13:57.0606 2356 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 21:13:57.0621 2356 aic78xx - ok 21:13:57.0668 2356 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 21:13:57.0715 2356 ALG - ok 21:13:57.0731 2356 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 21:13:57.0746 2356 aliide - ok 21:13:57.0762 2356 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 21:13:57.0777 2356 amdagp - ok 21:13:57.0809 2356 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 21:13:57.0824 2356 amdide - ok 21:13:57.0887 2356 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 21:13:57.0949 2356 AmdK8 - ok 21:13:57.0980 2356 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 21:13:58.0011 2356 AmdPPM - ok 21:13:58.0043 2356 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 21:13:58.0058 2356 amdsata - ok 21:13:58.0089 2356 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 21:13:58.0121 2356 amdsbs - ok 21:13:58.0136 2356 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 21:13:58.0152 2356 amdxata - ok 21:13:58.0230 2356 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 21:13:58.0245 2356 AntiVirSchedulerService - ok 21:13:58.0261 2356 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 21:13:58.0277 2356 AntiVirService - ok 21:13:58.0323 2356 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 21:13:58.0448 2356 AppID - ok 21:13:58.0495 2356 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 21:13:58.0557 2356 AppIDSvc - ok 21:13:58.0589 2356 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 21:13:58.0635 2356 Appinfo - ok 21:13:58.0682 2356 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 21:13:58.0729 2356 AppMgmt - ok 21:13:58.0791 2356 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 21:13:58.0807 2356 arc - ok 21:13:58.0823 2356 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 21:13:58.0838 2356 arcsas - ok 21:13:58.0869 2356 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 21:13:59.0010 2356 AsyncMac - ok 21:13:59.0057 2356 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 21:13:59.0072 2356 atapi - ok 21:13:59.0135 2356 [ 2039E24FE00639A9123DCD6F22D42D74 ] Ati External Event Utility C:\Windows\system32\Ati2evxx.exe 21:13:59.0213 2356 Ati External Event Utility - ok 21:13:59.0478 2356 [ D2E9ACB68FA61C911CC21E07F87705BF ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 21:13:59.0696 2356 atikmdag - ok 21:13:59.0774 2356 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 21:13:59.0837 2356 AudioEndpointBuilder - ok 21:13:59.0837 2356 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 21:13:59.0883 2356 Audiosrv - ok 21:13:59.0899 2356 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 21:13:59.0946 2356 avgntflt - ok 21:13:59.0993 2356 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 21:14:00.0039 2356 avipbb - ok 21:14:00.0055 2356 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 21:14:00.0102 2356 avkmgr - ok 21:14:00.0133 2356 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 21:14:00.0227 2356 AxInstSV - ok 21:14:00.0289 2356 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 21:14:00.0336 2356 b06bdrv - ok 21:14:00.0367 2356 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 21:14:00.0414 2356 b57nd60x - ok 21:14:00.0523 2356 [ A2494901E7226B356B8C1005C45F1C5F ] BBSvc C:\Program Files\Microsoft\BingBar\7.1.361.0\BBSvc.exe 21:14:00.0539 2356 BBSvc - ok 21:14:00.0601 2356 [ 63B1CBBAE4790B5BAC98F01BF9449722 ] BBUpdate C:\Program Files\Microsoft\BingBar\7.1.361.0\SeaPort.exe 21:14:00.0617 2356 BBUpdate - ok 21:14:00.0648 2356 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 21:14:00.0726 2356 BDESVC - ok 21:14:00.0773 2356 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 21:14:00.0804 2356 Beep - ok 21:14:00.0882 2356 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 21:14:00.0929 2356 BFE - ok 21:14:01.0116 2356 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 21:14:01.0178 2356 BITS - ok 21:14:01.0209 2356 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 21:14:01.0225 2356 blbdrive - ok 21:14:01.0272 2356 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 21:14:01.0319 2356 bowser - ok 21:14:01.0350 2356 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 21:14:01.0428 2356 BrFiltLo - ok 21:14:01.0443 2356 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 21:14:01.0490 2356 BrFiltUp - ok 21:14:01.0521 2356 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 21:14:01.0568 2356 Browser - ok 21:14:01.0615 2356 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 21:14:01.0631 2356 Brserid - ok 21:14:01.0662 2356 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 21:14:01.0693 2356 BrSerWdm - ok 21:14:01.0724 2356 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 21:14:01.0755 2356 BrUsbMdm - ok 21:14:01.0755 2356 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 21:14:01.0818 2356 BrUsbSer - ok 21:14:01.0833 2356 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 21:14:01.0865 2356 BTHMODEM - ok 21:14:01.0927 2356 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 21:14:01.0974 2356 bthserv - ok 21:14:02.0005 2356 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 21:14:02.0067 2356 cdfs - ok 21:14:02.0114 2356 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 21:14:02.0161 2356 cdrom - ok 21:14:02.0208 2356 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 21:14:02.0255 2356 CertPropSvc - ok 21:14:02.0286 2356 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 21:14:02.0301 2356 circlass - ok 21:14:02.0348 2356 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 21:14:02.0364 2356 CLFS - ok 21:14:02.0457 2356 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_op***ization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 21:14:02.0473 2356 clr_op***ization_v2.0.50727_32 - ok 21:14:02.0660 2356 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_op***ization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 21:14:02.0738 2356 clr_op***ization_v4.0.30319_32 - ok 21:14:02.0769 2356 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 21:14:02.0801 2356 CmBatt - ok 21:14:02.0847 2356 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 21:14:02.0847 2356 cmdide - ok 21:14:02.0910 2356 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 21:14:02.0941 2356 CNG - ok 21:14:02.0988 2356 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 21:14:02.0988 2356 Compbatt - ok 21:14:03.0035 2356 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 21:14:03.0066 2356 CompositeBus - ok 21:14:03.0097 2356 COMSysApp - ok 21:14:03.0113 2356 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 21:14:03.0128 2356 crcdisk - ok 21:14:03.0191 2356 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 21:14:03.0237 2356 CryptSvc - ok 21:14:03.0284 2356 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 21:14:03.0347 2356 CSC - ok 21:14:03.0409 2356 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 21:14:03.0456 2356 CscService - ok 21:14:03.0549 2356 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 21:14:03.0581 2356 cvhsvc - ok 21:14:03.0627 2356 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 21:14:03.0659 2356 CVirtA - ok 21:14:03.0783 2356 [ 30443EEF52F5FB043654859EAA8E5247 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 21:14:03.0846 2356 CVPND - ok 21:14:03.0924 2356 [ CB90B2762B1A1D0B40496400C55B6ADE ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 21:14:03.0939 2356 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 21:14:03.0939 2356 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 21:14:03.0986 2356 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 21:14:04.0049 2356 DcomLaunch - ok 21:14:04.0095 2356 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 21:14:04.0158 2356 defragsvc - ok 21:14:04.0205 2356 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 21:14:04.0251 2356 DfsC - ok 21:14:04.0298 2356 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 21:14:04.0361 2356 Dhcp - ok 21:14:04.0407 2356 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 21:14:04.0454 2356 discache - ok 21:14:04.0485 2356 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 21:14:04.0501 2356 Disk - ok 21:14:04.0563 2356 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 21:14:04.0579 2356 DNE - ok 21:14:04.0626 2356 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 21:14:04.0704 2356 Dnscache - ok 21:14:04.0751 2356 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 21:14:04.0797 2356 dot3svc - ok 21:14:04.0860 2356 [ B5E479EB83707DD698F66953E922042C ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 21:14:04.0891 2356 Dot4 - ok 21:14:04.0953 2356 [ CAEFD09B6A6249C53A67D55A9A9FCABF ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 21:14:04.0969 2356 Dot4Print - ok 21:14:04.0985 2356 [ CF491FF38D62143203C065260567E2F7 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 21:14:05.0016 2356 dot4usb - ok 21:14:05.0063 2356 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 21:14:05.0141 2356 DPS - ok 21:14:05.0156 2356 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 21:14:05.0203 2356 drmkaud - ok 21:14:05.0265 2356 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 21:14:05.0297 2356 DXGKrnl - ok 21:14:05.0343 2356 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 21:14:05.0375 2356 EapHost - ok 21:14:05.0515 2356 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 21:14:05.0624 2356 ebdrv - ok 21:14:05.0640 2356 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 21:14:05.0702 2356 EFS - ok 21:14:05.0796 2356 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 21:14:05.0858 2356 ehRecvr - ok 21:14:05.0889 2356 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 21:14:05.0952 2356 ehSched - ok 21:14:06.0014 2356 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 21:14:06.0045 2356 elxstor - ok 21:14:06.0061 2356 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 21:14:06.0092 2356 ErrDev - ok 21:14:06.0155 2356 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 21:14:06.0217 2356 EventSystem - ok 21:14:06.0248 2356 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 21:14:06.0279 2356 exfat - ok 21:14:06.0326 2356 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 21:14:06.0373 2356 fastfat - ok 21:14:06.0451 2356 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 21:14:06.0513 2356 Fax - ok 21:14:06.0529 2356 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 21:14:06.0560 2356 fdc - ok 21:14:06.0591 2356 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 21:14:06.0638 2356 fdPHost - ok 21:14:06.0669 2356 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 21:14:06.0701 2356 FDResPub - ok 21:14:06.0747 2356 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 21:14:06.0763 2356 FileInfo - ok 21:14:06.0779 2356 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 21:14:06.0825 2356 Filetrace - ok 21:14:06.0857 2356 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 21:14:06.0872 2356 flpydisk - ok 21:14:06.0903 2356 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 21:14:06.0919 2356 FltMgr - ok 21:14:06.0981 2356 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 21:14:07.0059 2356 FontCache - ok 21:14:07.0122 2356 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 21:14:07.0137 2356 FontCache3.0.0.0 - ok 21:14:07.0153 2356 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 21:14:07.0169 2356 FsDepends - ok 21:14:07.0200 2356 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 21:14:07.0215 2356 Fs_Rec - ok 21:14:07.0262 2356 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 21:14:07.0293 2356 fvevol - ok 21:14:07.0356 2356 [ 0F76E205BDC60364F08A5949082771CA ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys 21:14:07.0387 2356 FwLnk - ok 21:14:07.0449 2356 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 21:14:07.0465 2356 gagp30kx - ok 21:14:07.0512 2356 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 21:14:07.0574 2356 gpsvc - ok 21:14:07.0590 2356 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 21:14:07.0637 2356 hcw85cir - ok 21:14:07.0699 2356 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 21:14:07.0746 2356 HdAudAddService - ok 21:14:07.0761 2356 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 21:14:07.0793 2356 HDAudBus - ok 21:14:07.0824 2356 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 21:14:07.0871 2356 HidBatt - ok 21:14:07.0886 2356 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 21:14:07.0933 2356 HidBth - ok 21:14:07.0964 2356 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 21:14:07.0995 2356 HidIr - ok 21:14:08.0027 2356 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 21:14:08.0073 2356 hidserv - ok 21:14:08.0136 2356 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 21:14:08.0167 2356 HidUsb - ok 21:14:08.0214 2356 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 21:14:08.0276 2356 hkmsvc - ok 21:14:08.0307 2356 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 21:14:08.0385 2356 HomeGroupListener - ok 21:14:08.0432 2356 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 21:14:08.0495 2356 HomeGroupProvider - ok 21:14:08.0619 2356 [ 97AAC45A375168C6A2297BEEB9692E31 ] hpqcxs08 C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll 21:14:08.0635 2356 hpqcxs08 - ok 21:14:08.0651 2356 [ 19A4FB67B1C97EA18EDFF44340973CD9 ] hpqddsvc C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll 21:14:08.0666 2356 hpqddsvc - ok 21:14:08.0713 2356 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 21:14:08.0729 2356 HpSAMD - ok 21:14:08.0760 2356 [ 56FC98F1014EA8DC51B92839C32759EC ] HPSLPSVC C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL 21:14:08.0791 2356 HPSLPSVC - ok 21:14:08.0869 2356 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 21:14:08.0900 2356 HTTP - ok 21:14:08.0947 2356 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 21:14:08.0963 2356 hwpolicy - ok 21:14:09.0025 2356 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 21:14:09.0056 2356 i8042prt - ok 21:14:09.0103 2356 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 21:14:09.0134 2356 iaStorV - ok 21:14:09.0212 2356 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 21:14:09.0243 2356 idsvc - ok 21:14:09.0290 2356 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 21:14:09.0306 2356 iirsp - ok 21:14:09.0368 2356 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 21:14:09.0431 2356 IKEEXT - ok 21:14:09.0462 2356 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 21:14:09.0477 2356 intelide - ok 21:14:09.0493 2356 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 21:14:09.0524 2356 intelppm - ok 21:14:09.0571 2356 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 21:14:09.0618 2356 IPBusEnum - ok 21:14:09.0649 2356 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 21:14:09.0696 2356 IpFilterDriver - ok 21:14:09.0758 2356 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 21:14:09.0821 2356 iphlpsvc - ok 21:14:09.0852 2356 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 21:14:09.0867 2356 IPMIDRV - ok 21:14:09.0899 2356 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 21:14:09.0945 2356 IPNAT - ok 21:14:09.0977 2356 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 21:14:10.0039 2356 IRENUM - ok 21:14:10.0070 2356 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 21:14:10.0086 2356 isapnp - ok 21:14:10.0101 2356 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 21:14:10.0133 2356 iScsiPrt - ok 21:14:10.0179 2356 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 21:14:10.0195 2356 kbdclass - ok 21:14:10.0242 2356 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 21:14:10.0257 2356 kbdhid - ok 21:14:10.0289 2356 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 21:14:10.0304 2356 KeyIso - ok 21:14:10.0351 2356 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 21:14:10.0367 2356 KSecDD - ok 21:14:10.0382 2356 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 21:14:10.0398 2356 KSecPkg - ok 21:14:10.0445 2356 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 21:14:10.0507 2356 KtmRm - ok 21:14:10.0538 2356 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 21:14:10.0601 2356 LanmanServer - ok 21:14:10.0632 2356 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 21:14:10.0663 2356 LanmanWorkstation - ok 21:14:10.0725 2356 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 21:14:10.0772 2356 lltdio - ok 21:14:10.0803 2356 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 21:14:10.0850 2356 lltdsvc - ok 21:14:10.0881 2356 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 21:14:10.0913 2356 lmhosts - ok 21:14:10.0959 2356 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 21:14:10.0975 2356 LSI_FC - ok 21:14:10.0991 2356 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 21:14:11.0022 2356 LSI_SAS - ok 21:14:11.0037 2356 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 21:14:11.0053 2356 LSI_SAS2 - ok 21:14:11.0100 2356 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 21:14:11.0131 2356 LSI_SCSI - ok 21:14:11.0162 2356 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 21:14:11.0209 2356 luafv - ok 21:14:11.0256 2356 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 21:14:11.0287 2356 Mcx2Svc - ok 21:14:11.0303 2356 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 21:14:11.0318 2356 megasas - ok 21:14:11.0365 2356 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 21:14:11.0381 2356 MegaSR - ok 21:14:11.0427 2356 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 21:14:11.0459 2356 MMCSS - ok 21:14:11.0490 2356 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 21:14:11.0521 2356 Modem - ok 21:14:11.0552 2356 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 21:14:11.0583 2356 monitor - ok 21:14:11.0646 2356 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 21:14:11.0661 2356 mouclass - ok 21:14:11.0677 2356 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 21:14:11.0708 2356 mouhid - ok 21:14:11.0755 2356 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 21:14:11.0755 2356 mountmgr - ok 21:14:11.0833 2356 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 21:14:11.0864 2356 MozillaMaintenance - ok 21:14:11.0895 2356 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 21:14:11.0911 2356 mpio - ok 21:14:11.0958 2356 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 21:14:11.0989 2356 mpsdrv - ok 21:14:12.0051 2356 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 21:14:12.0114 2356 MpsSvc - ok 21:14:12.0145 2356 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 21:14:12.0176 2356 MRxDAV - ok 21:14:12.0239 2356 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 21:14:12.0285 2356 mrxsmb - ok 21:14:12.0317 2356 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 21:14:12.0348 2356 mrxsmb10 - ok 21:14:12.0363 2356 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 21:14:12.0395 2356 mrxsmb20 - ok 21:14:12.0426 2356 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 21:14:12.0441 2356 msahci - ok 21:14:12.0519 2356 [ D98350792A7CE82E7459A7C36481BEDA ] MSCamSvc C:\Program Files\Microsoft LifeCam\MSCamS32.exe 21:14:12.0535 2356 MSCamSvc - ok 21:14:12.0566 2356 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 21:14:12.0582 2356 msdsm - ok 21:14:12.0597 2356 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 21:14:12.0644 2356 MSDTC - ok 21:14:12.0675 2356 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 21:14:12.0707 2356 Msfs - ok 21:14:12.0722 2356 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 21:14:12.0769 2356 mshidkmdf - ok 21:14:12.0816 2356 [ 5119FFC2A6B51089CDB0EFDC75808C97 ] MSHUSBVideo C:\Windows\system32\Drivers\nx6000.sys 21:14:12.0831 2356 MSHUSBVideo - ok 21:14:12.0878 2356 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 21:14:12.0894 2356 msisadrv - ok 21:14:12.0941 2356 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 21:14:13.0034 2356 MSiSCSI - ok 21:14:13.0034 2356 msiserver - ok 21:14:13.0112 2356 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 21:14:13.0284 2356 MSKSSRV - ok 21:14:13.0315 2356 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 21:14:13.0362 2356 MSPCLOCK - ok 21:14:13.0377 2356 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 21:14:13.0409 2356 MSPQM - ok 21:14:13.0440 2356 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 21:14:13.0455 2356 MsRPC - ok 21:14:13.0487 2356 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 21:14:13.0502 2356 mssmbios - ok 21:14:13.0518 2356 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 21:14:13.0549 2356 MSTEE - ok 21:14:13.0565 2356 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 21:14:13.0596 2356 MTConfig - ok 21:14:13.0627 2356 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 21:14:13.0643 2356 Mup - ok 21:14:13.0689 2356 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 21:14:13.0736 2356 napagent - ok 21:14:13.0799 2356 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 21:14:13.0830 2356 NativeWifiP - ok 21:14:13.0908 2356 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 21:14:13.0939 2356 NDIS - ok 21:14:13.0955 2356 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 21:14:14.0001 2356 NdisCap - ok 21:14:14.0033 2356 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 21:14:14.0079 2356 NdisTapi - ok 21:14:14.0126 2356 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 21:14:14.0157 2356 Ndisuio - ok 21:14:14.0204 2356 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 21:14:14.0251 2356 NdisWan - ok 21:14:14.0298 2356 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 21:14:14.0329 2356 NDProxy - ok 21:14:14.0438 2356 [ A081CB6FB9A12668F233EB5414BE3A0E ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 21:14:14.0469 2356 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:14:14.0469 2356 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 21:14:14.0516 2356 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 21:14:14.0563 2356 NetBIOS - ok 21:14:14.0610 2356 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 21:14:14.0657 2356 NetBT - ok 21:14:14.0688 2356 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 21:14:14.0703 2356 Netlogon - ok 21:14:14.0750 2356 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 21:14:14.0797 2356 Netman - ok 21:14:14.0828 2356 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 21:14:14.0875 2356 netprofm - ok 21:14:14.0922 2356 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 21:14:14.0937 2356 NetTcpPortSharing - ok 21:14:14.0969 2356 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 21:14:14.0984 2356 nfrd960 - ok 21:14:15.0031 2356 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 21:14:15.0062 2356 NlaSvc - ok 21:14:15.0078 2356 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 21:14:15.0109 2356 Npfs - ok 21:14:15.0140 2356 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 21:14:15.0171 2356 nsi - ok 21:14:15.0203 2356 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 21:14:15.0234 2356 nsiproxy - ok 21:14:15.0312 2356 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 21:14:15.0374 2356 Ntfs - ok 21:14:15.0390 2356 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 21:14:15.0437 2356 Null - ok 21:14:15.0483 2356 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 21:14:15.0499 2356 nvraid - ok 21:14:15.0546 2356 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 21:14:15.0561 2356 nvstor - ok 21:14:15.0577 2356 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 21:14:15.0608 2356 nv_agp - ok 21:14:15.0639 2356 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 21:14:15.0671 2356 ohci1394 - ok 21:14:15.0717 2356 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 21:14:15.0733 2356 ose - ok 21:14:15.0920 2356 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 21:14:16.0154 2356 osppsvc - ok 21:14:16.0201 2356 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 21:14:16.0263 2356 p2pimsvc - ok 21:14:16.0295 2356 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 21:14:16.0341 2356 p2psvc - ok 21:14:16.0373 2356 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 21:14:16.0388 2356 Parport - ok 21:14:16.0419 2356 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 21:14:16.0435 2356 partmgr - ok 21:14:16.0451 2356 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 21:14:16.0482 2356 Parvdm - ok 21:14:16.0529 2356 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 21:14:16.0544 2356 PcaSvc - ok 21:14:16.0575 2356 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 21:14:16.0607 2356 pci - ok 21:14:16.0622 2356 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 21:14:16.0638 2356 pciide - ok 21:14:16.0669 2356 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 21:14:16.0700 2356 pcmcia - ok 21:14:16.0716 2356 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 21:14:16.0731 2356 pcw - ok 21:14:16.0778 2356 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 21:14:16.0841 2356 PEAUTH - ok 21:14:16.0903 2356 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 21:14:16.0997 2356 PeerDistSvc - ok 21:14:17.0106 2356 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 21:14:17.0184 2356 pla - ok 21:14:17.0231 2356 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 21:14:17.0293 2356 PlugPlay - ok 21:14:17.0355 2356 [ 65BC271F337637731D3C71455AE1F476 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 21:14:17.0371 2356 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 21:14:17.0371 2356 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 21:14:17.0418 2356 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 21:14:17.0433 2356 PNRPAutoReg - ok 21:14:17.0465 2356 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 21:14:17.0480 2356 PNRPsvc - ok 21:14:17.0527 2356 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 21:14:17.0558 2356 PolicyAgent - ok 21:14:17.0621 2356 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 21:14:17.0667 2356 Power - ok 21:14:17.0714 2356 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 21:14:17.0761 2356 PptpMiniport - ok 21:14:17.0777 2356 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 21:14:17.0808 2356 Processor - ok 21:14:17.0839 2356 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 21:14:17.0886 2356 ProfSvc - ok 21:14:17.0901 2356 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 21:14:17.0917 2356 ProtectedStorage - ok 21:14:17.0948 2356 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 21:14:17.0979 2356 Psched - ok 21:14:18.0057 2356 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 21:14:18.0120 2356 ql2300 - ok 21:14:18.0151 2356 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 21:14:18.0167 2356 ql40xx - ok 21:14:18.0198 2356 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 21:14:18.0229 2356 QWAVE - ok 21:14:18.0260 2356 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 21:14:18.0276 2356 QWAVEdrv - ok 21:14:18.0401 2356 [ 8F97D374AD1857E1EED85A79F29A1D3D ] RapiMgr C:\Windows\WindowsMobile\rapimgr.dll 21:14:18.0416 2356 RapiMgr - ok 21:14:18.0447 2356 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 21:14:18.0479 2356 RasAcd - ok 21:14:18.0510 2356 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 21:14:18.0557 2356 RasAgileVpn - ok 21:14:18.0603 2356 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 21:14:18.0635 2356 RasAuto - ok 21:14:18.0650 2356 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 21:14:18.0697 2356 Rasl2tp - ok 21:14:18.0759 2356 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 21:14:18.0806 2356 RasMan - ok 21:14:18.0837 2356 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 21:14:18.0900 2356 RasPppoe - ok 21:14:18.0915 2356 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 21:14:18.0962 2356 RasSstp - ok 21:14:19.0009 2356 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 21:14:19.0056 2356 rdbss - ok 21:14:19.0087 2356 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 21:14:19.0103 2356 rdpbus - ok 21:14:19.0134 2356 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 21:14:19.0181 2356 RDPCDD - ok 21:14:19.0243 2356 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 21:14:19.0305 2356 RDPDR - ok 21:14:19.0337 2356 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 21:14:19.0383 2356 RDPENCDD - ok 21:14:19.0399 2356 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 21:14:19.0446 2356 RDPREFMP - ok 21:14:19.0493 2356 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 21:14:19.0539 2356 RDPWD - ok 21:14:19.0617 2356 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 21:14:19.0633 2356 rdyboost - ok 21:14:19.0727 2356 [ BBFCAC1C23B867AE5D7EF96DF40680C5 ] Realtek87B C:\Program Files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe 21:14:19.0742 2356 Realtek87B ( UnsignedFile.Multi.Generic ) - warning 21:14:19.0758 2356 Realtek87B - detected UnsignedFile.Multi.Generic (1) 21:14:19.0773 2356 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 21:14:19.0836 2356 RemoteAccess - ok 21:14:19.0867 2356 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 21:14:19.0914 2356 RemoteRegistry - ok 21:14:19.0945 2356 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 21:14:20.0007 2356 RpcEptMapper - ok 21:14:20.0023 2356 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 21:14:20.0070 2356 RpcLocator - ok 21:14:20.0085 2356 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 21:14:20.0132 2356 RpcSs - ok 21:14:20.0195 2356 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 21:14:20.0226 2356 rspndr - ok 21:14:20.0288 2356 [ 5283B9A27FF230F2FF70D92451FF409A ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys 21:14:20.0335 2356 RTL8167 - ok 21:14:20.0382 2356 [ 7FE5089EB5F624899DE08C30DB4377FC ] RTL8187B C:\Windows\system32\DRIVERS\RTL8187B.sys 21:14:20.0413 2356 RTL8187B ( UnsignedFile.Multi.Generic ) - warning 21:14:20.0413 2356 RTL8187B - detected UnsignedFile.Multi.Generic (1) 21:14:20.0460 2356 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 21:14:20.0491 2356 s3cap - ok 21:14:20.0522 2356 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 21:14:20.0538 2356 SamSs - ok 21:14:20.0569 2356 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 21:14:20.0585 2356 sbp2port - ok 21:14:20.0616 2356 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 21:14:20.0647 2356 SCardSvr - ok 21:14:20.0678 2356 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 21:14:20.0725 2356 scfilter - ok 21:14:20.0772 2356 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 21:14:20.0850 2356 Schedule - ok 21:14:20.0865 2356 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 21:14:20.0897 2356 SCPolicySvc - ok 21:14:20.0943 2356 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 21:14:20.0990 2356 SDRSVC - ok 21:14:21.0037 2356 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 21:14:21.0068 2356 secdrv - ok 21:14:21.0099 2356 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 21:14:21.0146 2356 seclogon - ok 21:14:21.0177 2356 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 21:14:21.0209 2356 SENS - ok 21:14:21.0240 2356 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 21:14:21.0318 2356 SensrSvc - ok 21:14:21.0349 2356 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 21:14:21.0380 2356 Serenum - ok 21:14:21.0411 2356 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 21:14:21.0443 2356 Serial - ok 21:14:21.0458 2356 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 21:14:21.0489 2356 sermouse - ok 21:14:21.0536 2356 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 21:14:21.0599 2356 SessionEnv - ok 21:14:21.0630 2356 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 21:14:21.0708 2356 sffdisk - ok 21:14:21.0739 2356 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 21:14:21.0770 2356 sffp_mmc - ok 21:14:21.0786 2356 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 21:14:21.0817 2356 sffp_sd - ok 21:14:21.0848 2356 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 21:14:21.0911 2356 sfloppy - ok 21:14:21.0973 2356 [ D9B734638DD8DBA9D59AAD3189CD0FAD ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 21:14:22.0004 2356 Sftfs - ok 21:14:22.0067 2356 [ CB73BC422C07FB611F194DA18D1E7F36 ] sftlist C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe 21:14:22.0098 2356 sftlist - ok 21:14:22.0113 2356 [ 2F61BD46C0BFF4EB36E1E359CA17BFC5 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 21:14:22.0129 2356 Sftplay - ok 21:14:22.0145 2356 [ 518BAC0179F94304F422696B47C0EC12 ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 21:14:22.0160 2356 Sftredir - ok 21:14:22.0191 2356 [ 747325236D88B3F05FFD27FF9EC711C5 ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 21:14:22.0191 2356 Sftvol - ok 21:14:22.0223 2356 [ A5812F0281CA5081BF696626F9BF324D ] sftvsa C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe 21:14:22.0254 2356 sftvsa - ok 21:14:22.0301 2356 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 21:14:22.0347 2356 SharedAccess - ok 21:14:22.0394 2356 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 21:14:22.0441 2356 ShellHWDetection - ok 21:14:22.0457 2356 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 21:14:22.0472 2356 sisagp - ok 21:14:22.0535 2356 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 21:14:22.0550 2356 SiSRaid2 - ok 21:14:22.0566 2356 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 21:14:22.0581 2356 SiSRaid4 - ok 21:14:22.0644 2356 [ DB0405D9AAD62F0762E0876AC142B7E1 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 21:14:22.0659 2356 SkypeUpdate - ok 21:14:22.0706 2356 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 21:14:22.0753 2356 Smb - ok 21:14:22.0800 2356 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 21:14:22.0815 2356 SNMPTRAP - ok 21:14:22.0831 2356 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 21:14:22.0847 2356 spldr - ok 21:14:22.0909 2356 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 21:14:22.0971 2356 Spooler - ok 21:14:23.0112 2356 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 21:14:23.0237 2356 sppsvc - ok 21:14:23.0283 2356 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 21:14:23.0330 2356 sppuinotify - ok 21:14:23.0377 2356 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 21:14:23.0424 2356 srv - ok 21:14:23.0471 2356 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 21:14:23.0517 2356 srv2 - ok 21:14:23.0549 2356 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 21:14:23.0580 2356 srvnet - ok 21:14:23.0611 2356 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 21:14:23.0658 2356 SSDPSRV - ok 21:14:23.0705 2356 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 21:14:23.0705 2356 ssmdrv - ok 21:14:23.0736 2356 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 21:14:23.0783 2356 SstpSvc - ok 21:14:23.0798 2356 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 21:14:23.0814 2356 stexstor - ok 21:14:23.0876 2356 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 21:14:23.0923 2356 StiSvc - ok 21:14:23.0970 2356 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 21:14:23.0985 2356 storflt - ok 21:14:24.0017 2356 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 21:14:24.0079 2356 StorSvc - ok 21:14:24.0110 2356 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 21:14:24.0126 2356 storvsc - ok 21:14:24.0141 2356 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 21:14:24.0157 2356 swenum - ok 21:14:24.0188 2356 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 21:14:24.0235 2356 swprv - ok 21:14:24.0297 2356 [ 8BD10DC8809DC69A1C5A795CB10ADD76 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 21:14:24.0344 2356 SynTP - ok 21:14:24.0422 2356 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 21:14:24.0469 2356 SysMain - ok 21:14:24.0500 2356 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 21:14:24.0516 2356 TabletInputService - ok 21:14:24.0578 2356 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 21:14:24.0625 2356 TapiSrv - ok 21:14:24.0656 2356 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 21:14:24.0703 2356 TBS - ok 21:14:24.0781 2356 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 21:14:24.0828 2356 Tcpip - ok 21:14:24.0875 2356 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 21:14:24.0921 2356 TCPIP6 - ok 21:14:24.0937 2356 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 21:14:24.0968 2356 tcpipreg - ok 21:14:25.0015 2356 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 21:14:25.0046 2356 TDPIPE - ok 21:14:25.0077 2356 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 21:14:25.0093 2356 TDTCP - ok 21:14:25.0140 2356 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 21:14:25.0187 2356 tdx - ok 21:14:25.0202 2356 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 21:14:25.0218 2356 TermDD - ok 21:14:25.0280 2356 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 21:14:25.0343 2356 TermService - ok 21:14:25.0374 2356 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 21:14:25.0421 2356 Themes - ok 21:14:25.0436 2356 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 21:14:25.0467 2356 THREADORDER - ok 21:14:25.0545 2356 [ 66C35016E01746715F8F606A9F081BF9 ] TosCoSrv C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe 21:14:25.0577 2356 TosCoSrv - ok 21:14:25.0608 2356 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 21:14:25.0655 2356 TrkWks - ok 21:14:25.0701 2356 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 21:14:25.0764 2356 TrustedInstaller - ok 21:14:25.0811 2356 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 21:14:25.0842 2356 tssecsrv - ok 21:14:25.0889 2356 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 21:14:25.0920 2356 TsUsbFlt - ok 21:14:25.0982 2356 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 21:14:26.0013 2356 tunnel - ok 21:14:26.0060 2356 [ FC24015B4052600C324C43E3A79C0664 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 21:14:26.0091 2356 TVALZ - ok 21:14:26.0123 2356 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 21:14:26.0138 2356 uagp35 - ok 21:14:26.0185 2356 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 21:14:26.0232 2356 udfs - ok 21:14:26.0279 2356 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 21:14:26.0310 2356 UI0Detect - ok 21:14:26.0357 2356 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 21:14:26.0372 2356 uliagpkx - ok 21:14:26.0403 2356 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 21:14:26.0419 2356 umbus - ok 21:14:26.0481 2356 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 21:14:26.0513 2356 UmPass - ok 21:14:26.0559 2356 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 21:14:26.0591 2356 UmRdpService - ok 21:14:26.0637 2356 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 21:14:26.0669 2356 upnphost - ok 21:14:26.0747 2356 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 21:14:26.0778 2356 usbaudio - ok 21:14:26.0809 2356 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 21:14:26.0856 2356 usbccgp - ok 21:14:26.0918 2356 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 21:14:26.0934 2356 usbcir - ok 21:14:26.0949 2356 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 21:14:26.0981 2356 usbehci - ok 21:14:27.0027 2356 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 21:14:27.0074 2356 usbhub - ok 21:14:27.0121 2356 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys 21:14:27.0137 2356 usbohci - ok 21:14:27.0183 2356 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 21:14:27.0199 2356 usbprint - ok 21:14:27.0246 2356 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 21:14:27.0293 2356 usbscan - ok 21:14:27.0308 2356 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 21:14:27.0339 2356 USBSTOR - ok 21:14:27.0371 2356 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 21:14:27.0386 2356 usbuhci - ok 21:14:27.0433 2356 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 21:14:27.0464 2356 usbvideo - ok 21:14:27.0511 2356 [ D82F43D15FDAA666856C0190CB73E7C9 ] usb_rndisx C:\Windows\system32\drivers\usb8023x.sys 21:14:27.0558 2356 usb_rndisx - ok 21:14:27.0589 2356 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 21:14:27.0620 2356 UxSms - ok 21:14:27.0651 2356 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 21:14:27.0667 2356 VaultSvc - ok 21:14:27.0698 2356 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 21:14:27.0714 2356 vdrvroot - ok 21:14:27.0776 2356 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 21:14:27.0839 2356 vds - ok 21:14:27.0870 2356 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 21:14:27.0917 2356 vga - ok 21:14:27.0932 2356 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 21:14:27.0963 2356 VgaSave - ok 21:14:28.0010 2356 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 21:14:28.0026 2356 vhdmp - ok 21:14:28.0057 2356 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 21:14:28.0073 2356 viaagp - ok 21:14:28.0088 2356 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 21:14:28.0119 2356 ViaC7 - ok 21:14:28.0182 2356 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 21:14:28.0197 2356 viaide - ok 21:14:28.0213 2356 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 21:14:28.0244 2356 vmbus - ok 21:14:28.0260 2356 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 21:14:28.0291 2356 VMBusHID - ok 21:14:28.0307 2356 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 21:14:28.0322 2356 volmgr - ok 21:14:28.0353 2356 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 21:14:28.0385 2356 volmgrx - ok 21:14:28.0416 2356 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 21:14:28.0431 2356 volsnap - ok 21:14:28.0463 2356 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 21:14:28.0494 2356 vsmraid - ok 21:14:28.0556 2356 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 21:14:28.0619 2356 VSS - ok 21:14:28.0650 2356 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 21:14:28.0681 2356 vwifibus - ok 21:14:28.0712 2356 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 21:14:28.0728 2356 vwififlt - ok 21:14:28.0775 2356 [ 55187FD710E27D5095D10A472C8BAF1C ] W32***e C:\Windows\system32\w32***e.dll 21:14:28.0837 2356 W32***e - ok 21:14:28.0868 2356 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 21:14:28.0899 2356 WacomPen - ok 21:14:28.0962 2356 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 21:14:28.0993 2356 WANARP - ok 21:14:29.0009 2356 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 21:14:29.0040 2356 Wanarpv6 - ok 21:14:29.0149 2356 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe 21:14:29.0196 2356 WatAdminSvc - ok 21:14:29.0274 2356 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 21:14:29.0352 2356 wbengine - ok 21:14:29.0399 2356 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 21:14:29.0430 2356 WbioSrvc - ok 21:14:29.0492 2356 [ 59E19BD13C3BDB857646B9E436BA27F7 ] WcesComm C:\Windows\WindowsMobile\wcescomm.dll 21:14:29.0508 2356 WcesComm - ok 21:14:29.0570 2356 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 21:14:29.0601 2356 wcncsvc - ok 21:14:29.0633 2356 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 21:14:29.0648 2356 WcsPlugInService - ok 21:14:29.0679 2356 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 21:14:29.0695 2356 Wd - ok 21:14:29.0757 2356 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 21:14:29.0773 2356 Wdf01000 - ok 21:14:29.0820 2356 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 21:14:29.0898 2356 WdiServiceHost - ok 21:14:29.0913 2356 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 21:14:29.0929 2356 WdiSystemHost - ok 21:14:29.0976 2356 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 21:14:30.0023 2356 WebClient - ok 21:14:30.0038 2356 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 21:14:30.0069 2356 Wecsvc - ok 21:14:30.0085 2356 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 21:14:30.0132 2356 wercplsupport - ok 21:14:30.0179 2356 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 21:14:30.0225 2356 WerSvc - ok 21:14:30.0257 2356 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 21:14:30.0303 2356 WfpLwf - ok 21:14:30.0335 2356 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 21:14:30.0350 2356 WIMMount - ok 21:14:30.0413 2356 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 21:14:30.0475 2356 WinDefend - ok 21:14:30.0475 2356 WinHttpAutoProxySvc - ok 21:14:30.0553 2356 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 21:14:30.0584 2356 Winmgmt - ok 21:14:30.0678 2356 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 21:14:30.0740 2356 WinRM - ok 21:14:30.0803 2356 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 21:14:30.0818 2356 WinUsb - ok 21:14:30.0881 2356 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 21:14:30.0912 2356 Wlansvc - ok 21:14:31.0021 2356 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 21:14:31.0068 2356 wlidsvc - ok 21:14:31.0115 2356 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 21:14:31.0146 2356 WmiAcpi - ok 21:14:31.0208 2356 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 21:14:31.0239 2356 wmiApSrv - ok 21:14:31.0333 2356 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 21:14:31.0411 2356 WMPNetworkSvc - ok 21:14:31.0442 2356 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 21:14:31.0489 2356 WPCSvc - ok 21:14:31.0520 2356 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 21:14:31.0567 2356 WPDBusEnum - ok 21:14:31.0598 2356 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 21:14:31.0645 2356 ws2ifsl - ok 21:14:31.0661 2356 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 21:14:31.0692 2356 wscsvc - ok 21:14:31.0707 2356 WSearch - ok 21:14:31.0817 2356 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 21:14:31.0895 2356 wuauserv - ok 21:14:31.0926 2356 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 21:14:31.0957 2356 WudfPf - ok 21:14:32.0004 2356 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 21:14:32.0051 2356 WUDFRd - ok 21:14:32.0082 2356 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 21:14:32.0144 2356 wudfsvc - ok 21:14:32.0191 2356 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 21:14:32.0222 2356 WwanSvc - ok 21:14:32.0269 2356 ================ Scan global =============================== 21:14:32.0300 2356 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 21:14:32.0331 2356 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 21:14:32.0347 2356 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll 21:14:32.0378 2356 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 21:14:32.0409 2356 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 21:14:32.0425 2356 [Global] - ok 21:14:32.0425 2356 ================ Scan MBR ================================== 21:14:32.0441 2356 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 21:14:32.0721 2356 \Device\Harddisk0\DR0 - ok 21:14:32.0721 2356 ================ Scan VBR ================================== 21:14:32.0737 2356 [ DDCBD9FE3C0C3D3F0D87321798AB1165 ] \Device\Harddisk0\DR0\Partition1 21:14:32.0737 2356 \Device\Harddisk0\DR0\Partition1 - ok 21:14:32.0768 2356 [ 48A2ACED1E5025A64DCF1249F9B0B39F ] \Device\Harddisk0\DR0\Partition2 21:14:32.0768 2356 \Device\Harddisk0\DR0\Partition2 - ok 21:14:32.0784 2356 [ 65C3836DA08F51E948412CFE80251B0B ] \Device\Harddisk0\DR0\Partition3 21:14:32.0799 2356 \Device\Harddisk0\DR0\Partition3 - ok 21:14:32.0799 2356 ============================================================ 21:14:32.0799 2356 Scan finished 21:14:32.0799 2356 ============================================================ 21:14:32.0815 5628 Detected object count: 5 21:14:32.0815 5628 Actual detected object count: 5 21:14:47.0167 5628 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 21:14:47.0167 5628 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:14:47.0167 5628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:14:47.0167 5628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:14:47.0183 5628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - skipped by user 21:14:47.0183 5628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:14:47.0183 5628 Realtek87B ( UnsignedFile.Multi.Generic ) - skipped by user 21:14:47.0183 5628 Realtek87B ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:14:47.0183 5628 RTL8187B ( UnsignedFile.Multi.Generic ) - skipped by user 21:14:47.0183 5628 RTL8187B ( UnsignedFile.Multi.Generic ) - User select action: Skip |
16.12.2012, 21:33 | #4 | |
/// Malware-holic | Browser öffnet eigenständig Werbefenster hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.12.2012, 23:56 | #5 |
| Browser öffnet eigenständig Werbefenster Hi, danke; hier der Logfile: Combofix Logfile: Code:
ATTFilter ComboFix 12-12-14.01 - *** 16.12.2012 23:39:43.1.2 - x86 Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.1918.1054 [GMT 1:00] ausgeführt von:: c:\users\***\Downloads\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\users\Public\sdelevURL.tmp c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{197200DD-02B0-47FA-A7F7-731730D600C8}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{2A8FEBDD-49CD-48EB-856D-5D13E2DC8155}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{542E7CA0-45CF-4368-AE90-339DF3AF396A}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{55F8B5A8-EF65-4D66-9791-F3F400B87C93}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{560776E3-38C3-40FD-8D59-5362DED2C9BC}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{71285EEE-9FA0-415D-9FE1-BEFF375998E0}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{94B80594-F302-43D6-B737-EC055787A507}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{99E12A96-E9C9-4882-9441-66BE297CB1CF}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A07A84D0-9D5C-4BE2-AADB-493E7071E433}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{A3F19C17-77BC-49CB-A50F-D586AE32A51C}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{ADA82429-79ED-4AC2-8212-A29C985B8C4A}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{B22BE4CB-A5A5-464E-90D5-42F7F7C4B65A}.xps c:\users\***\AppData\Local\Microsoft\Windows\Temporary Internet Files\{C632FE8A-F267-4568-AF8B-7236D7B85FF6}.xps c:\users\***\AppData\Roaming\AcroIEHelpe.txt c:\users\***\AppData\Roaming\srvblck5.tmp c:\windows\security\Database\tmp.edb . . ((((((((((((((((((((((( Dateien erstellt von 2012-11-16 bis 2012-12-16 )))))))))))))))))))))))))))))) . . 2012-12-16 22:49 . 2012-12-16 22:49 -------- d-----w- c:\users\***\AppData\Local\temp 2012-12-16 22:49 . 2012-12-16 22:49 -------- d-----w- c:\users\Default\AppData\Local\temp 2012-12-15 23:06 . 2012-12-15 23:07 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1BA7BB2-E4B2-4CDE-A3BC-048BFCFF4C46}\offreg.dll 2012-12-14 10:51 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{A1BA7BB2-E4B2-4CDE-A3BC-048BFCFF4C46}\mpengine.dll 2012-12-12 23:51 . 2012-11-16 16:33 149536 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2012-12-12 23:51 . 2012-11-14 01:48 420864 ----a-w- c:\windows\system32\vbscript.dll 2012-12-12 23:51 . 2012-11-14 01:44 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2012-12-12 23:51 . 2012-11-14 01:51 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2012-12-12 23:51 . 2012-11-14 01:49 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2012-12-12 16:30 . 2012-11-02 05:11 376832 ----a-w- c:\windows\system32\dpnet.dll 2012-12-12 00:32 . 2012-12-12 00:32 -------- d-----w- c:\users\***\Citrix . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2012-12-12 01:01 . 2012-04-19 08:21 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2012-12-12 01:01 . 2012-03-02 22:15 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2012-10-16 07:39 . 2012-11-28 08:50 561664 ----a-w- c:\windows\apppatch\AcLayers.dll 2012-10-09 17:40 . 2012-11-15 13:26 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll 2012-10-09 17:40 . 2012-11-15 13:26 193536 ----a-w- c:\windows\system32\dhcpcore6.dll 2012-10-03 16:58 . 2012-11-15 13:27 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys 2012-10-03 16:42 . 2012-11-15 13:27 242176 ----a-w- c:\windows\system32\nlasvc.dll 2012-10-03 16:42 . 2012-11-15 13:27 52224 ----a-w- c:\windows\system32\nlaapi.dll 2012-10-03 16:42 . 2012-11-15 13:27 175104 ----a-w- c:\windows\system32\netcorehc.dll 2012-10-03 16:42 . 2012-11-15 13:27 18944 ----a-w- c:\windows\system32\netevent.dll 2012-10-03 16:42 . 2012-11-15 13:27 156672 ----a-w- c:\windows\system32\ncsi.dll 2012-10-03 16:40 . 2012-11-15 13:27 499712 ----a-w- c:\windows\system32\iphlpsvc.dll 2012-10-03 15:21 . 2012-11-15 13:27 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys 2012-09-30 20:18 . 2012-09-30 20:18 477168 ----a-w- c:\windows\system32\npdeployJava1.dll 2012-09-30 20:18 . 2012-04-10 15:52 473072 ----a-w- c:\windows\system32\deployJava1.dll 2012-09-29 18:54 . 2012-03-03 15:15 22856 ----a-w- c:\windows\system32\drivers\mbam.sys 2012-09-25 22:47 . 2012-11-15 13:26 78336 ----a-w- c:\windows\system32\synceng.dll 2012-06-18 03:35 . 2012-03-02 22:46 85472 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legi***e Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1] @="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2] @="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3] @="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}" [HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}] 2012-02-14 22:58 94208 ----a-w- c:\users\***\AppData\Roaming\Dropbox\bin\DropboxExt.14.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-02-15 17146504] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2009-07-20 1545512] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664] "TPwrMain"="c:\program files\TOSHIBA\Power Saver\TPwrMain.EXE" [2009-08-21 476512] "SmoothView"="c:\program files\Toshiba\SmoothView\SmoothView.exe" [2009-07-28 460088] "00TCrdMain"="c:\program files\TOSHIBA\FlashCards\TCrdMain.exe" [2009-08-05 738616] "LifeCam"="c:\program files\Microsoft LifeCam\LifeExp.exe" [2010-05-20 119152] "Windows Mobile-based device management"="c:\windows\WindowsMobile\wmdcBase.exe" [2007-05-31 648072] "HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2011-05-10 49208] "Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008] "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696] . c:\users\***\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ Dropbox.lnk - c:\users\***\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-5-24 27112840] OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592] ***eLeft.lnk - c:\program files\***eLeft3\***eLeft.exe [2012-4-8 2051880] . c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\ HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2010-5-28 276328] VPN Client.lnk - c:\windows\Installer\{1CE60928-8325-49A8-8B06-633E48DD2B67}\Icon3E5562ED7.ico [2012-7-23 6144] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "ConsentPromptBehaviorUser"= 3 (0x3) "EnableUIADesktopToggle"= 0 (0x0) . R2 BBSvc;BingBar Service;c:\program files\Microsoft\BingBar\7.1.361.0\BBSvc.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 MSHUSBVideo;NX6000/NX3000/VX2000/VX5000/VX5500/VX7000/Cinema Filter Driver;c:\windows\system32\Drivers\nx6000.sys [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 cvhsvc;Client Virtualization Handler;c:\program files\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [x] S2 Realtek87B;Realtek87B;c:\program files\REALTEK\RTL8187B Wireless LAN Utility\RtlService.exe [x] S2 sftlist;Application Virtualization Client;c:\program files\Microsoft Application Virtualization Client\sftlist.exe [x] S3 BBUpdate;BBUpdate;c:\program files\Microsoft\BingBar\7.1.361.0\SeaPort.exe [x] S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [x] S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x] S3 RTL8187B;Realtek RTL8187B Wireless 802.11b/g 54Mbps USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\RTL8187B.sys [x] S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [x] S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [x] S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [x] S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [x] S3 sftvsa;Application Virtualization Service Agent;c:\program files\Microsoft Application Virtualization Client\sftvsa.exe [x] . . --- Andere Dienste/Treiber im Speicher --- . *NewlyCreated* - 86066603 *Deregistered* - 86066603 . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12 HPService REG_MULTI_SZ HPSLPSVC hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc WindowsMobile REG_MULTI_SZ wcescomm rapimgr LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr . Inhalt des "geplante Tasks" Ordners . 2012-12-16 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-19 01:01] . . ------- Zusätzlicher Suchlauf ------- . TCP: DhcpNameServer = 8.8.8.8 85.214.73.63 193.189.244.194 FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\27juis64.default\ FF - prefs.js: network.proxy.type - 0 FF - ExtSQL: !HIDDEN! 2012-06-14 15:26; smartwebprinting@hp.com; c:\program files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 FF - user.js: network.cookie.cookieBehavior - 0 FF - user.js: privacy.clearOnShutdown.cookies - false FF - user.js: security.warn_viewing_mixed - false FF - user.js: security.warn_viewing_mixed.show_once - false FF - user.js: security.warn_submit_insecure - false FF - user.js: security.warn_submit_insecure.show_once - false . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 "MSCurrentCountry"=dword:000000b5 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2012-12-16 23:51:12 ComboFix-quarantined-files.txt 2012-12-16 22:51 . Vor Suchlauf: 6.032.797.696 Bytes frei Nach Suchlauf: 8.216.047.616 Bytes frei . - - End Of File - - D0104C2148B44B7CAAAA939B8DFC7C37 oh ich hab gerade gesehen, dass ichs vom desktop hätte ausführen sollen. Mist. Ist das schlimm? Soll ichs einfach noch mals vom Desktop aus starten? LG spzle |
18.12.2012, 13:15 | #6 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster Nein, is ok. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Browser öffnet eigenständig Werbefenster |
28.12.2012, 21:56 | #7 |
| Browser öffnet eigenständig Werbefenster Hallo, sorry dass ich so spät antworte. Weihnachten und so..... also Malwarebytes hat leider nichts gefunden. heute haben sich auch zum ersten mal seit längerer zeit wieder die werbefenster geöffnet hier trotzdem ma der logfile Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2012.12.28.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 *** :: ***-PC [Administrator] 28.12.2012 18:02:24 mbam-log-2012-12-28 (18-02-24).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 311353 Laufzeit: 2 Stunde(n), 10 Minute(n), 40 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Danke schonmal und nen guten rusch! |
03.01.2013, 17:00 | #8 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster Hi ich hatte nun Urlaub gehabt, deswegen sorry meinerseits. lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
04.01.2013, 10:40 | #9 |
| Browser öffnet eigenständig Werbefenster Hi, kein stress...ich hab zeit hier die liste: 7-Zip 9.20 15.04.2012 notwendig Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Flash Player 11 Plugin Adobe Systems Incorporated 12.12.2012 6,00MB 11.5.502.135 notwendig Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 06.09.2012 121MB 10.1.4 notwendig Amazon MP3 Downloader 1.0.9 30.03.2012 unnötig Amazon MP3-Downloader 1.0.9 16.04.2012 unnötig Audiograbber 1.83 SE Audiograbber Deutschland 15.04.2012 1.83 SE notwendig Audiograbber MP3-Plugin AG 15.04.2012 1.0 notwendig Avira Free Antivirus Avira 17.11.2012 109MB 12.1.9.1236 notwendig Bing Bar Microsoft Corporation 18.06.2012 464KB 7.1.361.0 unbekannt CCleaner Piriform 19.12.2012 3.26 unbekannt Cisco Systems VPN Client 5.0.07.0410 Cisco Systems, Inc. 23.07.2012 11,5MB 5.0.7 notwendig Dropbox Dropbox, Inc. 03.01.2013 1.6.11 notwendig Foxit Reader 5.1 Foxit Corporation 04.03.2012 30,8MB 5.1.4.104 notwendig Google Earth Google 25.06.2012 107MB 6.2.2.6613 notwendig HP Customer Participation Program 14.0 HP 14.06.2012 14.0 unbekannt HP Imaging Device Functions 14.0 HP 14.06.2012 14.0 unbekannt HP Officejet 6000 E609 Series HP 14.06.2012 14.0 notwendig HP Smart Web Printing 4.60 HP 14.06.2012 4.60 unbekannt HP Solution Center 14.0 HP 14.06.2012 14.0 unbekannt HP Update Hewlett-Packard 21.06.2012 3,98MB 5.003.001.001 unbekannt Interaktive Sprachreise - Français Sprachkurs 2 digital publishing AG 03.03.2012 notwendig ] Java(TM) 6 Update 35 Oracle 30.09.2012 95,7MB 6.0.350 unbekannt (aber vermutlich notwendig LingoPad 2.5.1 (Build 325) Lingo4you GbR 14.03.2012 2.5.1 unbekannt Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 28.12.2012 18,4MB 1.70.0.1100 notwendig Microsoft .NET Framework 4 Client Profile Microsoft Corporation 03.03.2012 38,8MB 4.0.30319 unbekannt Microsoft LifeCam Microsoft Corporation 13.03.2012 49,9MB 3.22.270.0 notwendig Microsoft Office Home and Student 2010 - Deutsch Microsoft Corporation 03.03.2012 14.0.6114.5002 notwendig Microsoft Office Klick-und-Los 2010 Microsoft Corporation 03.03.2012 14.0.4763.1000 unbekannt Microsoft Silverlight Microsoft Corporation 16.06.2012 34,6MB 4.1.10329.0 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 10.04.2012 594KB 9.0.30729.4148 unbekannt Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 12.04.2012 600KB 9.0.30729.6161 unbekannt Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 04.03.2012 16,5MB 10.0.40219 unbekannt Mozilla Firefox 13.0.1 (x86 de) Mozilla 18.06.2012 35,8MB 13.0.1 notwendig Mozilla Maintenance Service Mozilla 18.06.2012 309KB 13.0.1 unbekannt OpenOffice.org 3.3 OpenOffice.org 10.04.2012 412MB 3.3.9567 notwendig PDF Editor 3 24.05.2012 unnötig PDFCreator Frank Heindörfer, Philip Chinery 24.05.2012 1.3.2 unnötig REALTEK Wireless LAN Driver and Utility 05.03.2012 1.00.0145 unbekannt Shop for HP Supplies HP 14.06.2012 14.0 unbekannt Skype™ 6.0 Skype Technologies S.A. 02.01.2013 20,3MB 6.0.126 notwendig Synaptics Pointing Device Driver Synaptics Incorporated 08.11.2012 13.2.6.1 unbekannt ***eLeft NesterSoft Inc. 08.04.2012 3.57 unbekannt TOSHIBA Hardware Setup TOSHIBA Corporation 25.06.2012 2.00.11 unbekannt TOSHIBA Supervisor Password 01.04.2012 2.00.03PLV unbekannt TOSHIBA Value Added Package TOSHIBA Corporation 03.03.2012 50,6MB 1.2.28 unbekannt VLC media player 2.0.1 VideoLAN 29.03.2012 2.0.1 notwendig Windows Live ID Sign-in Assistant Microsoft Corporation 14.06.2012 5,51MB 6.500.3165.0 unbekannt Windows Mobile-Gerätecenter 14.06.2012 unbekannt |
05.01.2013, 18:13 | #10 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster deinstaliere: Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: Amazon : beide Bing Java downloade Java jre: Java-Downloads für alle Betriebssysteme klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: PDF Editor PDFCreator Shop Öffne ccleaner, analysieren, starten, PC neustarten Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 12:55 | #11 |
| Browser öffnet eigenständig Werbefenster Hi, tut mir leid, dass das so lange gedauert hat. unistress und so. hier die textdatei vom Adw-cleaner. dankeschön noch mal # AdwCleaner v2.105 - Datei am 17/01/2013 um 12:51:38 erstellt # Aktualisiert am 08/01/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Suche] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gefunden : HKCU\Software\Softonic ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v13.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\27juis64.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [760 octets] - [17/01/2013 12:51:38] ########## EOF - C:\AdwCleaner[R1].txt - [819 octets] ########## |
17.01.2013, 19:10 | #12 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster Immer mit der Ruhe. Downloade Dir bitte AdwCleaner auf deinen Desktop.
neustarten, teste, wie der PC läuft + Programme wie Browser.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
09.02.2013, 21:06 | #13 |
| Browser öffnet eigenständig Werbefenster Hallo, sorry, dass ich mich nicht mehr gemeldet habe, aber ich habe herausgefunden, weshalb die werbefenster sich öffnen (das ist natürlich keine entschuldigung - ich hätte mich trotzdem früher melden müssen - aber vielleicht eine erklärung). in jedem falle scheinen die werbetabs immer dann aufzugehen, wenn in einem tab/fenster mein e-mail-account bei mail.com geöffnet ist - selbst dann, wenn ich diesen tab/ dieses fenster überhaupt nich betrachte! seit ich adblock plus installiert habe, ist auf jeden fall ruhe. ich war mir aber echt nicht im klaren darüber, dass werbeanzeigen auf homepages eigenständig tabs öffnen können, ohne dass man eine seite neu lädt. es tut mir leid, dass dieses unwissen dazu geführt hat, dass ich dir hier deine zeit geraubt habe. Sinnlos war die Aktion ja aber trotzdem nicht - zunächst weil ja einige programme trotzdem was gefunden haben und dann auch durch deine tipps bezüglich java und adope reader. an dieser stelle also ein fettes dankeschön für deine hilfe hier trotzdem nochmal der logfile vom adw-cleaner:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.107 - Datei am 21/01/2013 um 20:34:40 erstellt # Aktualisiert am 21/01/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16457 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v13.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\27juis64.default\prefs.js C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\27juis64.default\user.js ... Gelöscht ! [OK] Die Datei ist sauber. ************************* AdwCleaner[R1].txt - [887 octets] - [17/01/2013 12:51:38] AdwCleaner[S1].txt - [1200 octets] - [21/01/2013 20:34:40] ########## EOF - C:\AdwCleaner[S1].txt - [1260 octets] ########## ich hoffe, dass mein computer jetzt soweit ok ist? oder soll ich noch irgendetwas machen? danke nochmal und viele grüße spzle |
11.02.2013, 13:11 | #14 |
/// Malware-holic | Browser öffnet eigenständig Werbefenster hi wir müssten noch mal mit adw cleaner rann, lösche deine Version: Downloade Dir bitte AdwCleaner auf deinen Desktop.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
19.03.2013, 23:37 | #15 |
| Browser öffnet eigenständig Werbefenster Hi, hat mal wieder länger gedauert....sorry hier der log-file:AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.115 - Datei am 19/03/2013 um 23:28:34 erstellt # Aktualisiert am 17/03/2013 von Xplode # Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Ordner Gelöscht : C:\ProgramData\APN ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Freeze.com ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16470 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v13.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\27juis64.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [802 octets] - [19/03/2013 23:28:34] ########## EOF - C:\AdwCleaner[S1].txt - [861 octets] ########## |
Themen zu Browser öffnet eigenständig Werbefenster |
.com, 32 bit, 7-zip, antivir, application/pdf:, audiograbber, auswerten, avira, bingbar, browser, comuter, desktop, downloader, error, failed, firefox, flash player, hijack, hijackthis, home, infiziert?, install.exe, logfile, mp3, msiinstaller, officejet, plug-in, problem, realtek, scan, software, system, virus, werbefenster, werbung, windows |