| |
| |||||||
Log-Analyse und Auswertung: Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
19.12.2012, 18:27
| #1 |
| |  Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Hallo leute, letztens ist mir beim BF3 spielen einfach des Spiel abgestürtzt nachdem ich Aftermath installiert hatte, zugleich war der chrome auch unten und es ging im internet gar nichts mehr, es kam noch ein komisches metallisches Geräusch aus meinen lautsprechern dann wars des .... Als dann noch die Meldung von Malwarebytes kam- Malwarebytes hat ausgehenden port 8 blockiert und avast hat im win temp Ordner Win32 Downloader-MIU [Trj] gefunden 2012/12/17 03:03:30 +0100 OC-PC OC IP-BLOCK 66.150.164.249 (Type: outgoing, Port: 8) 2012/12/17 03:03:38 +0100 OC-PC OC IP-BLOCK 66.150.164.249 (Type: outgoing, Port: 8) 2012/12/17 03:03:38 +0100 OC-PC OC IP-BLOCK 66.150.164.249 (Type: outgoing, Port: 8) Dateiname:\WindowsTemp\WER1CA8.tmp.hdmp (dazu gibts kein log) Ich dachte mir nichts dabei und hab dann die Festplatte formatiert und Windows neu installiert, gestern kam dann des ganze nochmal. Wie soll ich jetzt vorgehen? |
|
19.12.2012, 19:49
| #2 | |
| /// TB-Ausbilder  | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es:Schritt 2: Scan mit aswMBR Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen. Schritt 4: Scan mit DDS (+ attach) Downloade dir bitte DDS (von sUBs) von einem der folgenden Downloadspiegel und speichere die Datei auf deinem Desktop.
__________________ |
|
19.12.2012, 20:17
| #3 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Danke dir schonmal im vorraus.
__________________Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-19 20:07:28
-----------------------------
20:07:28.520 OS Version: Windows x64 6.1.7601 Service Pack 1
20:07:28.520 Number of processors: 4 586 0x403
20:07:28.521 ComputerName: OC-PC UserName: OC
20:07:29.056 Initialize success
20:07:29.124 AVAST engine defs: 12121900
20:08:09.096 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
20:08:09.101 Disk 0 Vendor: ST3160811AS 3.AAE Size: 152623MB BusType: 3
20:08:09.107 Disk 1 \Device\Harddisk1\DR1 -> \Device\Ide\IdeDeviceP1T0L0-1
20:08:09.113 Disk 1 Vendor: ST3160811AS 3.AAE Size: 152623MB BusType: 3
20:08:09.120 Disk 2 \Device\Harddisk2\DR2 -> \Device\Ide\IdeDeviceP2T0L0-4
20:08:09.126 Disk 2 Vendor: ST3160811AS 3.AAE Size: 152623MB BusType: 3
20:08:09.152 Disk 0 MBR read successfully
20:08:09.155 Disk 0 MBR scan
20:08:09.158 Disk 0 Windows 7 default MBR code
20:08:09.173 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
20:08:09.181 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 152521 MB offset 206848
20:08:09.201 Disk 0 scanning C:\Windows\system32\drivers
20:08:14.858 Service scanning
20:08:28.377 Modules scanning
20:08:28.399 Disk 0 trace - called modules:
20:08:28.419 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys ataport.SYS pciide.sys PCIIDEX.SYS hal.dll atapi.sys
20:08:28.430 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8005e3f060]
20:08:28.441 3 CLASSPNP.SYS[fffff880019ba43f] -> nt!IofCallDriver -> [0xfffffa8005d07940]
20:08:28.452 5 ACPI.sys[fffff88000f1d7a1] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0xfffffa80061c2060]
20:08:29.020 AVAST engine scan C:\Windows
20:08:30.320 AVAST engine scan C:\Windows\system32
20:10:55.244 AVAST engine scan C:\Windows\system32\drivers
20:11:01.592 AVAST engine scan C:\Users\OC
20:14:00.824 AVAST engine scan C:\ProgramData
20:14:11.507 Scan finished successfully
20:14:28.688 Disk 0 MBR has been saved successfully to "C:\Users\OC\Desktop\MBR.dat"
20:14:28.693 The log file has been saved successfully to "C:\Users\OC\Desktop\aswMBR.txt"
Code:
ATTFilter 20:18:09.0336 4352 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
20:18:09.0572 4352 ============================================================
20:18:09.0573 4352 Current date / time: 2012/12/19 20:18:09.0572
20:18:09.0573 4352 SystemInfo:
20:18:09.0573 4352
20:18:09.0573 4352 OS Version: 6.1.7601 ServicePack: 1.0
20:18:09.0573 4352 Product type: Workstation
20:18:09.0573 4352 ComputerName: OC-PC
20:18:09.0573 4352 UserName: OC
20:18:09.0573 4352 Windows directory: C:\Windows
20:18:09.0573 4352 System windows directory: C:\Windows
20:18:09.0573 4352 Running under WOW64
20:18:09.0573 4352 Processor architecture: Intel x64
20:18:09.0573 4352 Number of processors: 4
20:18:09.0573 4352 Page size: 0x1000
20:18:09.0573 4352 Boot type: Normal boot
20:18:09.0573 4352 ============================================================
20:18:10.0151 4352 Drive \Device\Harddisk0\DR0 - Size: 0x2542FCDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x50C0, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
20:18:12.0808 4352 Drive \Device\Harddisk1\DR1 - Size: 0x2542FCDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:18:15.0410 4352 Drive \Device\Harddisk2\DR2 - Size: 0x2542FCDE00 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C00, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
20:18:15.0420 4352 Drive \Device\Harddisk3\DR3 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
20:18:15.0827 4352 ============================================================
20:18:15.0827 4352 \Device\Harddisk0\DR0:
20:18:15.0850 4352 MBR partitions:
20:18:15.0850 4352 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
20:18:15.0850 4352 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x129E4800
20:18:15.0850 4352 \Device\Harddisk1\DR1:
20:18:15.0866 4352 MBR partitions:
20:18:15.0866 4352 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x12A17670
20:18:15.0866 4352 \Device\Harddisk2\DR2:
20:18:15.0877 4352 MBR partitions:
20:18:15.0877 4352 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x12A14BC1
20:18:15.0877 4352 \Device\Harddisk3\DR3:
20:18:15.0877 4352 MBR partitions:
20:18:15.0877 4352 \Device\Harddisk3\DR3\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x74706D71
20:18:15.0877 4352 ============================================================
20:18:15.0904 4352 C: <-> \Device\Harddisk0\DR0\Partition2
20:18:15.0923 4352 F: <-> \Device\Harddisk1\DR1\Partition1
20:18:15.0937 4352 G: <-> \Device\Harddisk2\DR2\Partition1
20:18:15.0942 4352 H: <-> \Device\Harddisk3\DR3\Partition1
20:18:15.0942 4352 ============================================================
20:18:15.0942 4352 Initialize success
20:18:15.0943 4352 ============================================================
20:18:36.0890 4428 ============================================================
20:18:36.0890 4428 Scan started
20:18:36.0890 4428 Mode: Manual; TDLFS;
20:18:36.0890 4428 ============================================================
20:18:37.0241 4428 ================ Scan system memory ========================
20:18:37.0241 4428 System memory - ok
20:18:37.0242 4428 ================ Scan services =============================
20:18:37.0409 4428 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys
20:18:37.0414 4428 1394ohci - ok
20:18:37.0431 4428 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
20:18:37.0438 4428 ACPI - ok
20:18:37.0456 4428 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
20:18:37.0457 4428 AcpiPmi - ok
20:18:37.0557 4428 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
20:18:37.0561 4428 AdobeFlashPlayerUpdateSvc - ok
20:18:37.0599 4428 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
20:18:37.0609 4428 adp94xx - ok
20:18:37.0636 4428 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
20:18:37.0643 4428 adpahci - ok
20:18:37.0655 4428 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
20:18:37.0659 4428 adpu320 - ok
20:18:37.0737 4428 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
20:18:37.0739 4428 AeLookupSvc - ok
20:18:37.0802 4428 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
20:18:37.0818 4428 AFD - ok
20:18:37.0842 4428 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
20:18:37.0843 4428 agp440 - ok
20:18:37.0863 4428 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
20:18:37.0865 4428 ALG - ok
20:18:37.0891 4428 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
20:18:37.0892 4428 aliide - ok
20:18:37.0940 4428 [ 4C1E3649C89C7D542CD18ECC5210099D ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
20:18:37.0945 4428 AMD External Events Utility - ok
20:18:38.0045 4428 AMD FUEL Service - ok
20:18:38.0053 4428 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
20:18:38.0054 4428 amdide - ok
20:18:38.0082 4428 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
20:18:38.0084 4428 AmdK8 - ok
20:18:38.0388 4428 [ A3C0A15B39F979E8F3EABA901D72ECD7 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
20:18:38.0654 4428 amdkmdag - ok
20:18:38.0674 4428 [ 20F3CD38B107C1BD747C0EA37D450165 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
20:18:38.0678 4428 amdkmdap - ok
20:18:38.0708 4428 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
20:18:38.0708 4428 AmdPPM - ok
20:18:38.0762 4428 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
20:18:38.0764 4428 amdsata - ok
20:18:38.0798 4428 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
20:18:38.0802 4428 amdsbs - ok
20:18:38.0823 4428 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
20:18:38.0824 4428 amdxata - ok
20:18:38.0894 4428 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
20:18:38.0896 4428 AntiVirSchedulerService - ok
20:18:38.0925 4428 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
20:18:38.0927 4428 AntiVirService - ok
20:18:38.0964 4428 [ 5A528A540B1AEE8B1C77ED65094E8CDF ] AODDriver4.2 C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys
20:18:38.0965 4428 AODDriver4.2 - ok
20:18:39.0023 4428 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
20:18:39.0025 4428 AppID - ok
20:18:39.0054 4428 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
20:18:39.0056 4428 AppIDSvc - ok
20:18:39.0135 4428 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
20:18:39.0137 4428 Appinfo - ok
20:18:39.0188 4428 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
20:18:39.0191 4428 AppMgmt - ok
20:18:39.0232 4428 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
20:18:39.0234 4428 arc - ok
20:18:39.0243 4428 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
20:18:39.0245 4428 arcsas - ok
20:18:39.0292 4428 aspnet_state - ok
20:18:39.0366 4428 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys
20:18:39.0368 4428 aswMonFlt - ok
20:18:39.0398 4428 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
20:18:39.0399 4428 AsyncMac - ok
20:18:39.0408 4428 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
20:18:39.0409 4428 atapi - ok
20:18:39.0454 4428 [ B0790FF0E25B7A2674296052F2162C1A ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW76.sys
20:18:39.0455 4428 AtiHDAudioService - ok
20:18:39.0490 4428 [ 7C5D273E29DCC5505469B299C6F29163 ] AtiPcie C:\Windows\system32\DRIVERS\AtiPcie.sys
20:18:39.0491 4428 AtiPcie - ok
20:18:39.0542 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
20:18:39.0615 4428 AudioEndpointBuilder - ok
20:18:39.0649 4428 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
20:18:39.0660 4428 AudioSrv - ok
20:18:39.0758 4428 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe
20:18:39.0759 4428 avast! Antivirus - ok
20:18:39.0777 4428 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
20:18:39.0779 4428 avgntflt - ok
20:18:39.0810 4428 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
20:18:39.0811 4428 avipbb - ok
20:18:39.0822 4428 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
20:18:39.0822 4428 avkmgr - ok
20:18:39.0849 4428 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
20:18:39.0850 4428 AxInstSV - ok
20:18:39.0894 4428 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
20:18:39.0903 4428 b06bdrv - ok
20:18:39.0936 4428 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
20:18:39.0944 4428 b57nd60a - ok
20:18:39.0972 4428 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
20:18:39.0973 4428 BDESVC - ok
20:18:39.0995 4428 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
20:18:39.0995 4428 Beep - ok
20:18:40.0031 4428 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
20:18:40.0047 4428 BFE - ok
20:18:40.0090 4428 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
20:18:40.0112 4428 BITS - ok
20:18:40.0134 4428 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
20:18:40.0135 4428 blbdrive - ok
20:18:40.0192 4428 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
20:18:40.0194 4428 bowser - ok
20:18:40.0219 4428 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
20:18:40.0220 4428 BrFiltLo - ok
20:18:40.0232 4428 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
20:18:40.0232 4428 BrFiltUp - ok
20:18:40.0253 4428 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
20:18:40.0254 4428 Browser - ok
20:18:40.0278 4428 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
20:18:40.0282 4428 Brserid - ok
20:18:40.0299 4428 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
20:18:40.0300 4428 BrSerWdm - ok
20:18:40.0320 4428 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
20:18:40.0321 4428 BrUsbMdm - ok
20:18:40.0330 4428 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
20:18:40.0330 4428 BrUsbSer - ok
20:18:40.0360 4428 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
20:18:40.0360 4428 BTHMODEM - ok
20:18:40.0399 4428 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
20:18:40.0402 4428 bthserv - ok
20:18:40.0434 4428 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
20:18:40.0437 4428 cdfs - ok
20:18:40.0457 4428 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
20:18:40.0459 4428 cdrom - ok
20:18:40.0497 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
20:18:40.0500 4428 CertPropSvc - ok
20:18:40.0549 4428 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
20:18:40.0550 4428 circlass - ok
20:18:40.0597 4428 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
20:18:40.0606 4428 CLFS - ok
20:18:40.0639 4428 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
20:18:40.0641 4428 clr_optimization_v2.0.50727_32 - ok
20:18:40.0701 4428 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
20:18:40.0703 4428 clr_optimization_v2.0.50727_64 - ok
20:18:40.0756 4428 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
20:18:40.0759 4428 clr_optimization_v4.0.30319_32 - ok
20:18:40.0788 4428 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
20:18:40.0791 4428 clr_optimization_v4.0.30319_64 - ok
20:18:40.0817 4428 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
20:18:40.0818 4428 CmBatt - ok
20:18:40.0843 4428 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
20:18:40.0844 4428 cmdide - ok
20:18:40.0906 4428 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
20:18:40.0922 4428 CNG - ok
20:18:40.0931 4428 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
20:18:40.0932 4428 Compbatt - ok
20:18:40.0948 4428 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
20:18:40.0950 4428 CompositeBus - ok
20:18:40.0967 4428 COMSysApp - ok
20:18:41.0050 4428 cpuz130 - ok
20:18:41.0070 4428 cpuz135 - ok
20:18:41.0092 4428 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
20:18:41.0093 4428 crcdisk - ok
20:18:41.0153 4428 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
20:18:41.0157 4428 CryptSvc - ok
20:18:41.0197 4428 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
20:18:41.0214 4428 CSC - ok
20:18:41.0236 4428 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
20:18:41.0258 4428 CscService - ok
20:18:41.0299 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
20:18:41.0316 4428 DcomLaunch - ok
20:18:41.0358 4428 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
20:18:41.0373 4428 defragsvc - ok
20:18:41.0407 4428 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
20:18:41.0409 4428 DfsC - ok
20:18:41.0450 4428 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
20:18:41.0467 4428 Dhcp - ok
20:18:41.0477 4428 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
20:18:41.0479 4428 discache - ok
20:18:41.0503 4428 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
20:18:41.0504 4428 Disk - ok
20:18:41.0538 4428 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
20:18:41.0538 4428 dmvsc - ok
20:18:41.0582 4428 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
20:18:41.0584 4428 Dnscache - ok
20:18:41.0603 4428 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
20:18:41.0606 4428 dot3svc - ok
20:18:41.0618 4428 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
20:18:41.0621 4428 DPS - ok
20:18:41.0654 4428 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
20:18:41.0655 4428 drmkaud - ok
20:18:41.0707 4428 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
20:18:41.0732 4428 DXGKrnl - ok
20:18:41.0758 4428 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
20:18:41.0758 4428 EapHost - ok
20:18:41.0829 4428 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
20:18:41.0888 4428 ebdrv - ok
20:18:41.0928 4428 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
20:18:41.0931 4428 EFS - ok
20:18:41.0995 4428 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
20:18:42.0006 4428 ehRecvr - ok
20:18:42.0024 4428 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
20:18:42.0025 4428 ehSched - ok
20:18:42.0066 4428 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
20:18:42.0072 4428 elxstor - ok
20:18:42.0084 4428 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
20:18:42.0084 4428 ErrDev - ok
20:18:42.0115 4428 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
20:18:42.0122 4428 EventSystem - ok
20:18:42.0128 4428 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
20:18:42.0129 4428 exfat - ok
20:18:42.0140 4428 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
20:18:42.0142 4428 fastfat - ok
20:18:42.0184 4428 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
20:18:42.0193 4428 Fax - ok
20:18:42.0205 4428 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
20:18:42.0205 4428 fdc - ok
20:18:42.0220 4428 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
20:18:42.0221 4428 fdPHost - ok
20:18:42.0231 4428 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
20:18:42.0232 4428 FDResPub - ok
20:18:42.0236 4428 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
20:18:42.0237 4428 FileInfo - ok
20:18:42.0250 4428 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
20:18:42.0251 4428 Filetrace - ok
20:18:42.0261 4428 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
20:18:42.0261 4428 flpydisk - ok
20:18:42.0289 4428 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
20:18:42.0293 4428 FltMgr - ok
20:18:42.0364 4428 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
20:18:42.0404 4428 FontCache - ok
20:18:42.0457 4428 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
20:18:42.0459 4428 FontCache3.0.0.0 - ok
20:18:42.0468 4428 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
20:18:42.0470 4428 FsDepends - ok
20:18:42.0495 4428 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
20:18:42.0495 4428 Fs_Rec - ok
20:18:42.0586 4428 [ C5A4A998EEA6297A235169CCD1F2D93F ] Futuremark SystemInfo Service C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe
20:18:42.0587 4428 Futuremark SystemInfo Service - ok
20:18:42.0603 4428 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
20:18:42.0605 4428 fvevol - ok
20:18:42.0623 4428 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
20:18:42.0624 4428 gagp30kx - ok
20:18:42.0660 4428 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
20:18:42.0717 4428 gpsvc - ok
20:18:42.0837 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:18:42.0839 4428 gupdate - ok
20:18:42.0848 4428 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
20:18:42.0850 4428 gupdatem - ok
20:18:42.0898 4428 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
20:18:42.0902 4428 gusvc - ok
20:18:42.0921 4428 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
20:18:42.0923 4428 hcw85cir - ok
20:18:42.0961 4428 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
20:18:42.0969 4428 HdAudAddService - ok
20:18:42.0999 4428 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
20:18:43.0001 4428 HDAudBus - ok
20:18:43.0015 4428 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
20:18:43.0016 4428 HidBatt - ok
20:18:43.0030 4428 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
20:18:43.0032 4428 HidBth - ok
20:18:43.0045 4428 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
20:18:43.0046 4428 HidIr - ok
20:18:43.0069 4428 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
20:18:43.0070 4428 hidserv - ok
20:18:43.0090 4428 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
20:18:43.0091 4428 HidUsb - ok
20:18:43.0114 4428 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
20:18:43.0115 4428 hkmsvc - ok
20:18:43.0161 4428 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
20:18:43.0167 4428 HomeGroupListener - ok
20:18:43.0203 4428 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
20:18:43.0210 4428 HomeGroupProvider - ok
20:18:43.0234 4428 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
20:18:43.0236 4428 HpSAMD - ok
20:18:43.0293 4428 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
20:18:43.0319 4428 HTTP - ok
20:18:43.0328 4428 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
20:18:43.0329 4428 hwpolicy - ok
20:18:43.0340 4428 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
20:18:43.0342 4428 i8042prt - ok
20:18:43.0405 4428 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
20:18:43.0422 4428 iaStorV - ok
20:18:43.0491 4428 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
20:18:43.0504 4428 idsvc - ok
20:18:43.0535 4428 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
20:18:43.0535 4428 iirsp - ok
20:18:43.0579 4428 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
20:18:43.0613 4428 IKEEXT - ok
20:18:43.0629 4428 IntcAzAudAddService - ok
20:18:43.0640 4428 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
20:18:43.0642 4428 intelide - ok
20:18:43.0665 4428 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
20:18:43.0666 4428 intelppm - ok
20:18:43.0670 4428 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
20:18:43.0672 4428 IPBusEnum - ok
20:18:43.0683 4428 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
20:18:43.0684 4428 IpFilterDriver - ok
20:18:43.0735 4428 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
20:18:43.0760 4428 iphlpsvc - ok
20:18:43.0786 4428 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
20:18:43.0787 4428 IPMIDRV - ok
20:18:43.0799 4428 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
20:18:43.0802 4428 IPNAT - ok
20:18:43.0835 4428 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
20:18:43.0836 4428 IRENUM - ok
20:18:43.0845 4428 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
20:18:43.0846 4428 isapnp - ok
20:18:43.0889 4428 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
20:18:43.0894 4428 iScsiPrt - ok
20:18:43.0904 4428 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
20:18:43.0905 4428 kbdclass - ok
20:18:43.0926 4428 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
20:18:43.0927 4428 kbdhid - ok
20:18:43.0943 4428 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
20:18:43.0945 4428 KeyIso - ok
20:18:43.0979 4428 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
20:18:43.0980 4428 KSecDD - ok
20:18:43.0992 4428 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
20:18:43.0995 4428 KSecPkg - ok
20:18:44.0013 4428 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
20:18:44.0015 4428 ksthunk - ok
20:18:44.0051 4428 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
20:18:44.0059 4428 KtmRm - ok
20:18:44.0106 4428 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
20:18:44.0114 4428 LanmanServer - ok
20:18:44.0146 4428 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
20:18:44.0152 4428 LanmanWorkstation - ok
20:18:44.0194 4428 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
20:18:44.0196 4428 lltdio - ok
20:18:44.0224 4428 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
20:18:44.0232 4428 lltdsvc - ok
20:18:44.0262 4428 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
20:18:44.0265 4428 lmhosts - ok
20:18:44.0289 4428 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
20:18:44.0291 4428 LSI_FC - ok
20:18:44.0311 4428 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
20:18:44.0314 4428 LSI_SAS - ok
20:18:44.0331 4428 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
20:18:44.0331 4428 LSI_SAS2 - ok
20:18:44.0336 4428 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
20:18:44.0337 4428 LSI_SCSI - ok
20:18:44.0381 4428 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
20:18:44.0382 4428 luafv - ok
20:18:44.0486 4428 [ A8FE8F2783B2929B56F5370A89356CE9 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
20:18:44.0487 4428 MBAMProtector - ok
20:18:44.0615 4428 [ 85B16A92B117A5A800032ECD904B86DB ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
20:18:44.0621 4428 MBAMScheduler - ok
20:18:44.0663 4428 [ 20E2469DB709FC675E655CEAA11BE312 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
20:18:44.0673 4428 MBAMService - ok
20:18:44.0699 4428 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
20:18:44.0701 4428 Mcx2Svc - ok
20:18:44.0705 4428 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
20:18:44.0705 4428 megasas - ok
20:18:44.0713 4428 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
20:18:44.0722 4428 MegaSR - ok
20:18:44.0758 4428 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
20:18:44.0762 4428 MMCSS - ok
20:18:44.0802 4428 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
20:18:44.0804 4428 Modem - ok
20:18:44.0820 4428 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
20:18:44.0821 4428 monitor - ok
20:18:44.0830 4428 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
20:18:44.0832 4428 mouclass - ok
20:18:44.0856 4428 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
20:18:44.0856 4428 mouhid - ok
20:18:44.0861 4428 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
20:18:44.0862 4428 mountmgr - ok
20:18:44.0867 4428 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
20:18:44.0869 4428 mpio - ok
20:18:44.0873 4428 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
20:18:44.0874 4428 mpsdrv - ok
20:18:44.0936 4428 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
20:18:44.0978 4428 MpsSvc - ok
20:18:44.0999 4428 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
20:18:45.0002 4428 MRxDAV - ok
20:18:45.0052 4428 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
20:18:45.0055 4428 mrxsmb - ok
20:18:45.0077 4428 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
20:18:45.0083 4428 mrxsmb10 - ok
20:18:45.0129 4428 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
20:18:45.0132 4428 mrxsmb20 - ok
20:18:45.0161 4428 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
20:18:45.0163 4428 msahci - ok
20:18:45.0174 4428 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
20:18:45.0177 4428 msdsm - ok
20:18:45.0204 4428 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
20:18:45.0206 4428 MSDTC - ok
20:18:45.0214 4428 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
20:18:45.0214 4428 Msfs - ok
20:18:45.0227 4428 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
20:18:45.0228 4428 mshidkmdf - ok
20:18:45.0231 4428 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
20:18:45.0232 4428 msisadrv - ok
20:18:45.0269 4428 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
20:18:45.0271 4428 MSiSCSI - ok
20:18:45.0274 4428 msiserver - ok
20:18:45.0294 4428 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
20:18:45.0295 4428 MSKSSRV - ok
20:18:45.0306 4428 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
20:18:45.0306 4428 MSPCLOCK - ok
20:18:45.0315 4428 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
20:18:45.0315 4428 MSPQM - ok
20:18:45.0324 4428 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
20:18:45.0328 4428 MsRPC - ok
20:18:45.0334 4428 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
20:18:45.0335 4428 mssmbios - ok
20:18:45.0346 4428 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
20:18:45.0346 4428 MSTEE - ok
20:18:45.0360 4428 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
20:18:45.0360 4428 MTConfig - ok
20:18:45.0364 4428 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
20:18:45.0365 4428 Mup - ok
20:18:45.0398 4428 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
20:18:45.0404 4428 napagent - ok
20:18:45.0446 4428 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
20:18:45.0452 4428 NativeWifiP - ok
20:18:45.0501 4428 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
20:18:45.0532 4428 NDIS - ok
20:18:45.0551 4428 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
20:18:45.0553 4428 NdisCap - ok
20:18:45.0582 4428 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
20:18:45.0584 4428 NdisTapi - ok
20:18:45.0604 4428 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
20:18:45.0606 4428 Ndisuio - ok
20:18:45.0616 4428 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
20:18:45.0617 4428 NdisWan - ok
20:18:45.0621 4428 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
20:18:45.0622 4428 NDProxy - ok
20:18:45.0627 4428 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
20:18:45.0628 4428 NetBIOS - ok
20:18:45.0635 4428 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
20:18:45.0637 4428 NetBT - ok
20:18:45.0651 4428 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
20:18:45.0652 4428 Netlogon - ok
20:18:45.0688 4428 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
20:18:45.0699 4428 Netman - ok
20:18:45.0718 4428 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
20:18:45.0735 4428 netprofm - ok
20:18:45.0767 4428 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
20:18:45.0793 4428 NetTcpPortSharing - ok
20:18:45.0820 4428 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
20:18:45.0820 4428 nfrd960 - ok
20:18:45.0837 4428 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
20:18:45.0841 4428 NlaSvc - ok
20:18:45.0846 4428 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
20:18:45.0846 4428 Npfs - ok
20:18:45.0873 4428 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
20:18:45.0874 4428 nsi - ok
20:18:45.0878 4428 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
20:18:45.0879 4428 nsiproxy - ok
20:18:45.0967 4428 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
20:18:46.0004 4428 Ntfs - ok
20:18:46.0021 4428 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
20:18:46.0022 4428 Null - ok
20:18:46.0057 4428 [ A7127E86F9FFE2A53E271B56B2C4CEDF ] nusb3hub C:\Windows\system32\DRIVERS\nusb3hub.sys
20:18:46.0058 4428 nusb3hub - ok
20:18:46.0069 4428 [ 49BBEC6F48D5F9284B03ABF3A959B19B ] nusb3xhc C:\Windows\system32\DRIVERS\nusb3xhc.sys
20:18:46.0070 4428 nusb3xhc - ok
20:18:46.0108 4428 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
20:18:46.0111 4428 nvraid - ok
20:18:46.0133 4428 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
20:18:46.0137 4428 nvstor - ok
20:18:46.0169 4428 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
20:18:46.0172 4428 nv_agp - ok
20:18:46.0186 4428 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
20:18:46.0188 4428 ohci1394 - ok
20:18:46.0228 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
20:18:46.0245 4428 p2pimsvc - ok
20:18:46.0283 4428 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
20:18:46.0300 4428 p2psvc - ok
20:18:46.0338 4428 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
20:18:46.0341 4428 Parport - ok
20:18:46.0383 4428 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
20:18:46.0385 4428 partmgr - ok
20:18:46.0409 4428 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
20:18:46.0416 4428 PcaSvc - ok
20:18:46.0432 4428 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
20:18:46.0437 4428 pci - ok
20:18:46.0448 4428 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
20:18:46.0449 4428 pciide - ok
20:18:46.0468 4428 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
20:18:46.0469 4428 pcmcia - ok
20:18:46.0473 4428 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
20:18:46.0474 4428 pcw - ok
20:18:46.0484 4428 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
20:18:46.0490 4428 PEAUTH - ok
20:18:46.0568 4428 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
20:18:46.0600 4428 PeerDistSvc - ok
20:18:46.0671 4428 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
20:18:46.0674 4428 PerfHost - ok
20:18:46.0754 4428 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
20:18:46.0795 4428 pla - ok
20:18:46.0858 4428 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
20:18:46.0869 4428 PlugPlay - ok
20:18:46.0887 4428 PnkBstrA - ok
20:18:46.0905 4428 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
20:18:46.0907 4428 PNRPAutoReg - ok
20:18:46.0925 4428 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
20:18:46.0928 4428 PNRPsvc - ok
20:18:46.0962 4428 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
20:18:46.0982 4428 PolicyAgent - ok
20:18:47.0019 4428 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
20:18:47.0026 4428 Power - ok
20:18:47.0060 4428 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
20:18:47.0062 4428 PptpMiniport - ok
20:18:47.0081 4428 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
20:18:47.0083 4428 Processor - ok
20:18:47.0162 4428 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
20:18:47.0199 4428 ProfSvc - ok
20:18:47.0225 4428 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
20:18:47.0229 4428 ProtectedStorage - ok
20:18:47.0262 4428 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
20:18:47.0265 4428 Psched - ok
20:18:47.0323 4428 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
20:18:47.0353 4428 ql2300 - ok
20:18:47.0383 4428 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
20:18:47.0385 4428 ql40xx - ok
20:18:47.0419 4428 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
20:18:47.0427 4428 QWAVE - ok
20:18:47.0435 4428 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
20:18:47.0437 4428 QWAVEdrv - ok
20:18:47.0451 4428 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
20:18:47.0452 4428 RasAcd - ok
20:18:47.0486 4428 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
20:18:47.0487 4428 RasAgileVpn - ok
20:18:47.0502 4428 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
20:18:47.0506 4428 RasAuto - ok
20:18:47.0524 4428 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
20:18:47.0527 4428 Rasl2tp - ok
20:18:47.0554 4428 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
20:18:47.0571 4428 RasMan - ok
20:18:47.0581 4428 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
20:18:47.0584 4428 RasPppoe - ok
20:18:47.0593 4428 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
20:18:47.0594 4428 RasSstp - ok
20:18:47.0604 4428 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
20:18:47.0607 4428 rdbss - ok
20:18:47.0621 4428 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
20:18:47.0621 4428 rdpbus - ok
20:18:47.0632 4428 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
20:18:47.0633 4428 RDPCDD - ok
20:18:47.0658 4428 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
20:18:47.0659 4428 RDPDR - ok
20:18:47.0680 4428 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
20:18:47.0680 4428 RDPENCDD - ok
20:18:47.0693 4428 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
20:18:47.0694 4428 RDPREFMP - ok
20:18:47.0736 4428 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
20:18:47.0738 4428 RDPWD - ok
20:18:47.0777 4428 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
20:18:47.0781 4428 rdyboost - ok
20:18:47.0815 4428 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
20:18:47.0819 4428 RemoteAccess - ok
20:18:47.0862 4428 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
20:18:47.0868 4428 RemoteRegistry - ok
20:18:47.0899 4428 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
20:18:47.0904 4428 RpcEptMapper - ok
20:18:47.0917 4428 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
20:18:47.0920 4428 RpcLocator - ok
20:18:47.0946 4428 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
20:18:47.0957 4428 RpcSs - ok
20:18:47.0985 4428 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
20:18:47.0987 4428 rspndr - ok
20:18:48.0034 4428 [ C435AC77704EB16E85C9D630F4D4B4F7 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
20:18:48.0039 4428 RTHDMIAzAudService - ok
20:18:48.0076 4428 [ BAEFEE35D27A5440D35092CE10267BEC ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys
20:18:48.0080 4428 RTL8167 - ok
20:18:48.0103 4428 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
20:18:48.0104 4428 s3cap - ok
20:18:48.0125 4428 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
20:18:48.0128 4428 SamSs - ok
20:18:48.0153 4428 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
20:18:48.0155 4428 sbp2port - ok
20:18:48.0191 4428 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
20:18:48.0196 4428 SCardSvr - ok
20:18:48.0204 4428 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
20:18:48.0206 4428 scfilter - ok
20:18:48.0241 4428 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
20:18:48.0262 4428 Schedule - ok
20:18:48.0285 4428 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
20:18:48.0286 4428 SCPolicySvc - ok
20:18:48.0303 4428 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
20:18:48.0305 4428 SDRSVC - ok
20:18:48.0328 4428 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
20:18:48.0329 4428 secdrv - ok
20:18:48.0341 4428 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
20:18:48.0343 4428 seclogon - ok
20:18:48.0373 4428 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
20:18:48.0379 4428 SENS - ok
20:18:48.0392 4428 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
20:18:48.0396 4428 SensrSvc - ok
20:18:48.0424 4428 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
20:18:48.0426 4428 Serenum - ok
20:18:48.0437 4428 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
20:18:48.0438 4428 Serial - ok
20:18:48.0452 4428 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
20:18:48.0452 4428 sermouse - ok
20:18:48.0476 4428 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
20:18:48.0478 4428 SessionEnv - ok
20:18:48.0525 4428 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
20:18:48.0526 4428 sffdisk - ok
20:18:48.0543 4428 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
20:18:48.0544 4428 sffp_mmc - ok
20:18:48.0554 4428 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
20:18:48.0555 4428 sffp_sd - ok
20:18:48.0563 4428 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
20:18:48.0564 4428 sfloppy - ok
20:18:48.0593 4428 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
20:18:48.0597 4428 SharedAccess - ok
20:18:48.0631 4428 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
20:18:48.0635 4428 ShellHWDetection - ok
20:18:48.0654 4428 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
20:18:48.0655 4428 SiSRaid2 - ok
20:18:48.0659 4428 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
20:18:48.0660 4428 SiSRaid4 - ok
20:18:48.0688 4428 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
20:18:48.0689 4428 Smb - ok
20:18:48.0713 4428 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
20:18:48.0715 4428 SNMPTRAP - ok
20:18:48.0718 4428 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
20:18:48.0719 4428 spldr - ok
20:18:48.0773 4428 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
20:18:48.0798 4428 Spooler - ok
20:18:48.0915 4428 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
20:18:49.0005 4428 sppsvc - ok
20:18:49.0013 4428 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
20:18:49.0015 4428 sppuinotify - ok
20:18:49.0072 4428 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
20:18:49.0083 4428 srv - ok
20:18:49.0108 4428 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
20:18:49.0112 4428 srv2 - ok
20:18:49.0124 4428 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
20:18:49.0125 4428 srvnet - ok
20:18:49.0157 4428 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
20:18:49.0164 4428 SSDPSRV - ok
20:18:49.0184 4428 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
20:18:49.0189 4428 SstpSvc - ok
20:18:49.0220 4428 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
20:18:49.0221 4428 stexstor - ok
20:18:49.0281 4428 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
20:18:49.0305 4428 stisvc - ok
20:18:49.0331 4428 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
20:18:49.0333 4428 storflt - ok
20:18:49.0368 4428 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
20:18:49.0372 4428 StorSvc - ok
20:18:49.0387 4428 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
20:18:49.0388 4428 storvsc - ok
20:18:49.0405 4428 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
20:18:49.0406 4428 swenum - ok
20:18:49.0448 4428 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
20:18:49.0469 4428 swprv - ok
20:18:49.0533 4428 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
20:18:49.0588 4428 SysMain - ok
20:18:49.0605 4428 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
20:18:49.0607 4428 TabletInputService - ok
20:18:49.0641 4428 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
20:18:49.0651 4428 TapiSrv - ok
20:18:49.0671 4428 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
20:18:49.0677 4428 TBS - ok
20:18:49.0779 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
20:18:49.0836 4428 Tcpip - ok
20:18:49.0913 4428 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
20:18:49.0937 4428 TCPIP6 - ok
20:18:49.0978 4428 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
20:18:49.0980 4428 tcpipreg - ok
20:18:50.0009 4428 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
20:18:50.0010 4428 TDPIPE - ok
20:18:50.0059 4428 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
20:18:50.0061 4428 TDTCP - ok
20:18:50.0088 4428 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
20:18:50.0091 4428 tdx - ok
20:18:50.0106 4428 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
20:18:50.0108 4428 TermDD - ok
20:18:50.0157 4428 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
20:18:50.0181 4428 TermService - ok
20:18:50.0195 4428 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
20:18:50.0200 4428 Themes - ok
20:18:50.0214 4428 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
20:18:50.0216 4428 THREADORDER - ok
20:18:50.0231 4428 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
20:18:50.0233 4428 TrkWks - ok
20:18:50.0286 4428 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
20:18:50.0289 4428 TrustedInstaller - ok
20:18:50.0307 4428 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
20:18:50.0308 4428 tssecsrv - ok
20:18:50.0338 4428 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
20:18:50.0339 4428 TsUsbFlt - ok
20:18:50.0359 4428 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
20:18:50.0360 4428 TsUsbGD - ok
20:18:50.0381 4428 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
20:18:50.0382 4428 tunnel - ok
20:18:50.0396 4428 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
20:18:50.0397 4428 uagp35 - ok
20:18:50.0413 4428 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
20:18:50.0417 4428 udfs - ok
20:18:50.0452 4428 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
20:18:50.0454 4428 UI0Detect - ok
20:18:50.0479 4428 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
20:18:50.0481 4428 uliagpkx - ok
20:18:50.0495 4428 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
20:18:50.0497 4428 umbus - ok
20:18:50.0518 4428 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
20:18:50.0518 4428 UmPass - ok
20:18:50.0544 4428 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
20:18:50.0546 4428 UmRdpService - ok
20:18:50.0581 4428 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
20:18:50.0586 4428 upnphost - ok
20:18:50.0628 4428 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
20:18:50.0630 4428 usbccgp - ok
20:18:50.0655 4428 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
20:18:50.0658 4428 usbcir - ok
20:18:50.0696 4428 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
20:18:50.0698 4428 usbehci - ok
20:18:50.0719 4428 [ 5AE9C87A1ED4B243942B3FDDD902134B ] usbfilter C:\Windows\system32\DRIVERS\usbfilter.sys
20:18:50.0720 4428 usbfilter - ok
20:18:50.0749 4428 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
20:18:50.0755 4428 usbhub - ok
20:18:50.0788 4428 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
20:18:50.0790 4428 usbohci - ok
20:18:50.0813 4428 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
20:18:50.0815 4428 usbprint - ok
20:18:50.0865 4428 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\drivers\USBSTOR.SYS
20:18:50.0868 4428 USBSTOR - ok
20:18:50.0884 4428 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
20:18:50.0886 4428 usbuhci - ok
20:18:50.0911 4428 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
20:18:50.0913 4428 UxSms - ok
20:18:50.0924 4428 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
20:18:50.0926 4428 VaultSvc - ok
20:18:50.0943 4428 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
20:18:50.0944 4428 vdrvroot - ok
20:18:50.0966 4428 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
20:18:50.0982 4428 vds - ok
20:18:51.0009 4428 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
20:18:51.0010 4428 vga - ok
20:18:51.0014 4428 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
20:18:51.0014 4428 VgaSave - ok
20:18:51.0027 4428 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
20:18:51.0029 4428 vhdmp - ok
20:18:51.0038 4428 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
20:18:51.0038 4428 viaide - ok
20:18:51.0066 4428 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
20:18:51.0068 4428 vmbus - ok
20:18:51.0082 4428 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
20:18:51.0084 4428 VMBusHID - ok
20:18:51.0093 4428 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
20:18:51.0095 4428 volmgr - ok
20:18:51.0114 4428 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
20:18:51.0119 4428 volmgrx - ok
20:18:51.0126 4428 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
20:18:51.0128 4428 volsnap - ok
20:18:51.0140 4428 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
20:18:51.0141 4428 vsmraid - ok
20:18:51.0191 4428 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
20:18:51.0216 4428 VSS - ok
20:18:51.0228 4428 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
20:18:51.0229 4428 vwifibus - ok
20:18:51.0249 4428 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
20:18:51.0256 4428 W32Time - ok
20:18:51.0272 4428 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
20:18:51.0273 4428 WacomPen - ok
20:18:51.0305 4428 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
20:18:51.0306 4428 WANARP - ok
20:18:51.0310 4428 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
20:18:51.0310 4428 Wanarpv6 - ok
20:18:51.0359 4428 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
20:18:51.0400 4428 wbengine - ok
20:18:51.0407 4428 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
20:18:51.0410 4428 WbioSrvc - ok
20:18:51.0418 4428 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
20:18:51.0424 4428 wcncsvc - ok
20:18:51.0438 4428 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
20:18:51.0440 4428 WcsPlugInService - ok
20:18:51.0450 4428 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
20:18:51.0451 4428 Wd - ok
20:18:51.0510 4428 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
20:18:51.0534 4428 Wdf01000 - ok
20:18:51.0554 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
20:18:51.0560 4428 WdiServiceHost - ok
20:18:51.0570 4428 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
20:18:51.0576 4428 WdiSystemHost - ok
20:18:51.0594 4428 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
20:18:51.0597 4428 WebClient - ok
20:18:51.0625 4428 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
20:18:51.0629 4428 Wecsvc - ok
20:18:51.0656 4428 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
20:18:51.0659 4428 wercplsupport - ok
20:18:51.0681 4428 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
20:18:51.0687 4428 WerSvc - ok
20:18:51.0712 4428 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
20:18:51.0714 4428 WfpLwf - ok
20:18:51.0748 4428 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
20:18:51.0749 4428 WIMMount - ok
20:18:51.0795 4428 WinDefend - ok
20:18:51.0806 4428 WinHttpAutoProxySvc - ok
20:18:51.0867 4428 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
20:18:51.0875 4428 Winmgmt - ok
20:18:51.0963 4428 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
20:18:52.0032 4428 WinRM - ok
20:18:52.0084 4428 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
20:18:52.0106 4428 Wlansvc - ok
20:18:52.0130 4428 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
20:18:52.0131 4428 WmiAcpi - ok
20:18:52.0163 4428 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
20:18:52.0165 4428 wmiApSrv - ok
20:18:52.0190 4428 WMPNetworkSvc - ok
20:18:52.0211 4428 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
20:18:52.0216 4428 WPCSvc - ok
20:18:52.0235 4428 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
20:18:52.0241 4428 WPDBusEnum - ok
20:18:52.0269 4428 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
20:18:52.0271 4428 ws2ifsl - ok
20:18:52.0289 4428 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
20:18:52.0296 4428 wscsvc - ok
20:18:52.0303 4428 WSearch - ok
20:18:52.0422 4428 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
20:18:52.0490 4428 wuauserv - ok
20:18:52.0521 4428 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
20:18:52.0522 4428 WudfPf - ok
20:18:52.0542 4428 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
20:18:52.0544 4428 WUDFRd - ok
20:18:52.0554 4428 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
20:18:52.0556 4428 wudfsvc - ok
20:18:52.0581 4428 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
20:18:52.0584 4428 WwanSvc - ok
20:18:52.0598 4428 ================ Scan global ===============================
20:18:52.0614 4428 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
20:18:52.0663 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:18:52.0688 4428 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
20:18:52.0709 4428 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
20:18:52.0725 4428 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
20:18:52.0729 4428 [Global] - ok
20:18:52.0729 4428 ================ Scan MBR ==================================
20:18:52.0744 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
20:18:53.0003 4428 \Device\Harddisk0\DR0 - ok
20:18:53.0017 4428 [ 72B8CE41AF0DE751C946802B3ED844B4 ] \Device\Harddisk1\DR1
20:18:53.0091 4428 \Device\Harddisk1\DR1 - ok
20:18:53.0112 4428 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk2\DR2
20:18:53.0248 4428 \Device\Harddisk2\DR2 - ok
20:18:53.0255 4428 [ 739B36F7A373FC81121D831231B6D311 ] \Device\Harddisk3\DR3
20:18:53.0719 4428 \Device\Harddisk3\DR3 - ok
20:18:53.0720 4428 ================ Scan VBR ==================================
20:18:53.0739 4428 [ 345EC09464EA669E73E52E64BD14C9A7 ] \Device\Harddisk0\DR0\Partition1
20:18:53.0743 4428 \Device\Harddisk0\DR0\Partition1 - ok
20:18:53.0756 4428 [ 92A47EF740DF0F66A53CBDEDCCDCC00E ] \Device\Harddisk0\DR0\Partition2
20:18:53.0758 4428 \Device\Harddisk0\DR0\Partition2 - ok
20:18:53.0788 4428 [ 9CDB1FB61E03A5F08A7ED73BF1BA0323 ] \Device\Harddisk1\DR1\Partition1
20:18:53.0790 4428 \Device\Harddisk1\DR1\Partition1 - ok
20:18:53.0792 4428 [ A62ED113A997C9CC1E05B16E8FECAC7B ] \Device\Harddisk2\DR2\Partition1
20:18:53.0793 4428 \Device\Harddisk2\DR2\Partition1 - ok
20:18:53.0796 4428 [ 39ABE43DCF760208F4501EEF6FA5029C ] \Device\Harddisk3\DR3\Partition1
20:18:53.0797 4428 \Device\Harddisk3\DR3\Partition1 - ok
20:18:53.0798 4428 ============================================================
20:18:53.0798 4428 Scan finished
20:18:53.0798 4428 ============================================================
20:18:53.0808 4280 Detected object count: 0
20:18:53.0808 4280 Actual detected object count: 0
DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 9.0.8112.16457 BrowserJavaVersion: 10.9.2
Run by OC at 20:35:38 on 2012-12-19
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6142.4260 [GMT 1:00]
.
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avshadow.exe
C:\Windows\system32\svchost.exe -k RPCSS
C:\Windows\system32\atiesrxx.exe
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Windows\System32\spoolsv.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
C:\Windows\SysWOW64\PnkBstrA.exe
C:\Windows\system32\atieclxx.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe
C:\Windows\system32\SearchIndexer.exe
C:\Program Files\AVAST Software\Avast\AvastUI.exe
C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
C:\Windows\System32\svchost.exe -k LocalServicePeerNet
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\system32\sppsvc.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\Windows\system32\svchost.exe -k SDRSVC
C:\Users\OC\Desktop\Defogger.exe
C:\Windows\system32\NOTEPAD.EXE
C:\Windows\system32\NOTEPAD.EXE
C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
C:\program files (x86)\avira\antivir desktop\ipmGui.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\Windows\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uURLSearchHooks: UrlSearchHook Class: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
mWinlogon: Userinit = userinit.exe
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files (x86)\Google\GoogleToolbarNotifier\5.7.8313.1002\swg.dll
BHO: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
TB: Google Toolbar: {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: avast! WebRep: {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll
TB: Ask Toolbar: {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll
uRun: [EADM] "C:\Program Files (x86)\Origin\Origin.exe" -AutoStart
mRun: [StartCCC] "C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" MSRun
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [avgnt] "C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe" /min
mRun: [avast] "C:\Program Files\AVAST Software\Avast\avastUI.exe" /nogui
mRun: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
mRun: [ApnUpdater] "C:\Program Files (x86)\Ask.com\Updater\Updater.exe"
mPolicies-Explorer: NoActiveDesktop = dword:1
mPolicies-Explorer: NoActiveDesktopChanges = dword:1
mPolicies-System: ConsentPromptBehaviorAdmin = dword:5
mPolicies-System: ConsentPromptBehaviorUser = dword:3
mPolicies-System: EnableUIADesktopToggle = dword:0
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxps://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab
TCP: NameServer = 192.168.2.1
TCP: Interfaces\{A319CD6A-09AC-4F2D-BB6F-25673AE02333} : DHCPNameServer = 192.168.2.1
SSODL: WebCheck - <orphaned>
x64-BHO: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-BHO: Google Toolbar Helper: {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-BHO: Google Toolbar Notifier BHO: {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.8313.1002\swg64.dll
x64-TB: avast! WebRep: {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll
x64-TB: Google Toolbar: {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll
x64-SSODL: WebCheck - <orphaned>
.
============= SERVICES / DRIVERS ===============
.
R1 avkmgr;avkmgr;C:\Windows\System32\drivers\avkmgr.sys [2012-12-16 27800]
R2 AMD External Events Utility;AMD External Events Utility;C:\Windows\System32\atiesrxx.exe [2012-9-28 239616]
R2 AMD FUEL Service;AMD FUEL Service;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-9-28 361984]
R2 AntiVirSchedulerService;Avira Planer;C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-16 85280]
R2 AntiVirService;Avira Echtzeit-Scanner;C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [2012-12-16 109344]
R2 AODDriver4.2;AODDriver4.2;C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\aoddriver2.sys [2012-4-9 57472]
R2 aswMonFlt;aswMonFlt;C:\Windows\System32\drivers\aswMonFlt.sys [2012-12-17 71600]
R2 avast! Antivirus;avast! Antivirus;C:\Program Files\AVAST Software\Avast\AvastSvc.exe [2012-12-17 44808]
R2 avgntflt;avgntflt;C:\Windows\System32\drivers\avgntflt.sys [2012-12-16 99912]
R2 MBAMScheduler;MBAMScheduler;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-16 399432]
R2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-16 676936]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\Windows\System32\drivers\AtihdW76.sys [2012-5-14 96896]
R3 MBAMProtector;MBAMProtector;C:\Windows\System32\drivers\mbam.sys [2012-12-16 25928]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;C:\Windows\System32\drivers\nusb3hub.sys [2010-11-19 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;C:\Windows\System32\drivers\nusb3xhc.sys [2010-11-19 181248]
R3 RTL8167;Realtek 8167 NT-Treiber;C:\Windows\System32\drivers\Rt64win7.sys [2009-6-10 187392]
R3 usbfilter;AMD USB Filter Driver;C:\Windows\System32\drivers\usbfilter.sys [2012-12-16 56448]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-3-18 138576]
S3 dmvsc;dmvsc;C:\Windows\System32\drivers\dmvsc.sys [2010-11-21 71168]
S3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;C:\Program Files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-12-17 136896]
S3 StorSvc;Speicherdienst;C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted [2009-7-14 27136]
S3 TsUsbFlt;TsUsbFlt;C:\Windows\System32\drivers\TsUsbFlt.sys [2010-11-21 59392]
S3 TsUsbGD;Remote Desktop Generic USB Device;C:\Windows\System32\drivers\TsUsbGD.sys [2010-11-21 31232]
.
=============== Created Last 30 ================
.
2012-12-19 15:05:28 46080 ----a-w- C:\Windows\System32\atmlib.dll
2012-12-19 15:05:28 367616 ----a-w- C:\Windows\System32\atmfd.dll
2012-12-19 15:05:28 34304 ----a-w- C:\Windows\SysWow64\atmlib.dll
2012-12-19 15:05:28 295424 ----a-w- C:\Windows\SysWow64\atmfd.dll
2012-12-19 15:05:26 902656 ----a-w- C:\Windows\System32\d2d1.dll
2012-12-19 15:05:26 739840 ----a-w- C:\Windows\SysWow64\d2d1.dll
2012-12-19 15:05:26 1139200 ----a-w- C:\Windows\System32\FntCache.dll
2012-12-17 15:55:06 -------- d-----w- C:\Users\OC\AppData\Local\APN
2012-12-17 15:55:06 -------- d-----w- C:\Program Files (x86)\Ask.com
2012-12-17 15:44:37 -------- d-----w- C:\ProgramData\Ask
2012-12-17 15:44:25 746984 ----a-w- C:\Windows\SysWow64\deployJava1.dll
2012-12-17 15:44:24 821736 ----a-w- C:\Windows\SysWow64\npDeployJava1.dll
2012-12-17 15:44:14 95208 ----a-w- C:\Windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-17 14:54:47 466456 ----a-w- C:\Windows\System32\wrap_oal.dll
2012-12-17 14:54:47 444952 ----a-w- C:\Windows\SysWow64\wrap_oal.dll
2012-12-17 14:54:47 122904 ----a-w- C:\Windows\System32\OpenAL32.dll
2012-12-17 14:54:47 109080 ----a-w- C:\Windows\SysWow64\OpenAL32.dll
2012-12-17 14:54:47 -------- d-----w- C:\Program Files (x86)\OpenAL
2012-12-17 14:52:27 -------- d-----w- C:\Program Files (x86)\Geeks3D
2012-12-17 14:26:32 -------- d-----w- C:\Program Files (x86)\Common Files\Futuremark Shared
2012-12-17 14:25:16 -------- d-----w- C:\Program Files (x86)\Futuremark
2012-12-17 12:22:27 -------- d-----w- C:\Windows\SysWow64\wbem\en-US
2012-12-17 12:22:26 -------- d-----w- C:\Windows\System32\wbem\en-US
2012-12-17 11:44:34 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.xtr
2012-12-17 11:42:58 -------- d-----w- C:\Users\OC\AppData\Local\ESN
2012-12-17 09:27:41 9728 ----a-w- C:\Windows\System32\Wdfres.dll
2012-12-17 09:27:41 785512 ----a-w- C:\Windows\System32\drivers\Wdf01000.sys
2012-12-17 09:27:41 54376 ----a-w- C:\Windows\System32\drivers\WdfLdr.sys
2012-12-17 09:27:41 2560 ----a-w- C:\Windows\System32\drivers\de-DE\wdf01000.sys.mui
2012-12-17 09:23:20 294912 ----a-w- C:\Windows\System32\browserchoice.exe
2012-12-17 09:12:05 87040 ----a-w- C:\Windows\System32\drivers\WUDFPf.sys
2012-12-17 09:12:05 84992 ----a-w- C:\Windows\System32\WUDFSvc.dll
2012-12-17 09:12:05 744448 ----a-w- C:\Windows\System32\WUDFx.dll
2012-12-17 09:12:05 45056 ----a-w- C:\Windows\System32\WUDFCoinstaller.dll
2012-12-17 09:12:05 229888 ----a-w- C:\Windows\System32\WUDFHost.exe
2012-12-17 09:12:05 198656 ----a-w- C:\Windows\System32\drivers\WUDFRd.sys
2012-12-17 09:12:05 194048 ----a-w- C:\Windows\System32\WUDFPlatform.dll
2012-12-17 09:06:49 81408 ----a-w- C:\Windows\System32\imagehlp.dll
2012-12-17 09:06:49 5120 ----a-w- C:\Windows\SysWow64\wmi.dll
2012-12-17 09:06:49 5120 ----a-w- C:\Windows\System32\wmi.dll
2012-12-17 09:06:49 23408 ----a-w- C:\Windows\System32\drivers\fs_rec.sys
2012-12-17 09:06:49 159232 ----a-w- C:\Windows\SysWow64\imagehlp.dll
2012-12-17 08:29:38 376688 ----a-w- C:\Windows\System32\drivers\netio.sys
2012-12-17 08:28:59 395776 ----a-w- C:\Windows\System32\webio.dll
2012-12-17 08:27:46 5559664 ----a-w- C:\Windows\System32\ntoskrnl.exe
2012-12-17 08:26:56 20352 ----a-w- C:\Windows\System32\kdusb.dll
2012-12-17 08:25:55 59392 ----a-w- C:\Windows\System32\browcli.dll
2012-12-17 08:25:55 41984 ----a-w- C:\Windows\SysWow64\browcli.dll
2012-12-17 08:25:55 136704 ----a-w- C:\Windows\System32\browser.dll
2012-12-17 08:25:53 90624 ----a-w- C:\Windows\System32\drivers\bowser.sys
2012-12-17 08:25:31 498688 ----a-w- C:\Windows\System32\drivers\afd.sys
2012-12-17 08:25:30 197120 ----a-w- C:\Windows\System32\d3d10_1.dll
2012-12-17 08:25:30 161792 ----a-w- C:\Windows\SysWow64\d3d10_1.dll
2012-12-17 08:25:29 956928 ----a-w- C:\Windows\System32\localspl.dll
2012-12-17 08:23:04 478208 ----a-w- C:\Windows\System32\dpnet.dll
2012-12-17 08:23:04 376832 ----a-w- C:\Windows\SysWow64\dpnet.dll
2012-12-17 08:18:17 515584 ----a-w- C:\Windows\System32\timedate.cpl
2012-12-17 08:18:17 478720 ----a-w- C:\Windows\SysWow64\timedate.cpl
2012-12-17 08:15:14 574464 ----a-w- C:\Windows\System32\d3d10level9.dll
2012-12-17 08:15:14 490496 ----a-w- C:\Windows\SysWow64\d3d10level9.dll
2012-12-17 08:12:37 1464320 ----a-w- C:\Windows\System32\crypt32.dll
2012-12-17 08:12:36 184320 ----a-w- C:\Windows\System32\cryptsvc.dll
2012-12-17 08:12:36 140288 ----a-w- C:\Windows\SysWow64\cryptsvc.dll
2012-12-17 08:12:36 140288 ----a-w- C:\Windows\System32\cryptnet.dll
2012-12-17 08:12:36 1159680 ----a-w- C:\Windows\SysWow64\crypt32.dll
2012-12-17 08:12:36 103936 ----a-w- C:\Windows\SysWow64\cryptnet.dll
2012-12-17 08:12:29 751104 ----a-w- C:\Windows\System32\win32spl.dll
2012-12-17 08:12:29 67072 ----a-w- C:\Windows\splwow64.exe
2012-12-17 08:12:29 559104 ----a-w- C:\Windows\System32\spoolsv.exe
2012-12-17 08:12:29 492032 ----a-w- C:\Windows\SysWow64\win32spl.dll
2012-12-17 08:12:27 77312 ----a-w- C:\Windows\System32\packager.dll
2012-12-17 08:12:27 67072 ----a-w- C:\Windows\SysWow64\packager.dll
2012-12-17 08:08:19 1731920 ----a-w- C:\Windows\System32\ntdll.dll
2012-12-17 08:08:19 1292080 ----a-w- C:\Windows\SysWow64\ntdll.dll
2012-12-17 07:40:34 826880 ----a-w- C:\Windows\SysWow64\rdpcore.dll
2012-12-17 07:40:34 1031680 ----a-w- C:\Windows\System32\rdpcore.dll
2012-12-17 07:40:33 23552 ----a-w- C:\Windows\System32\drivers\tdtcp.sys
2012-12-17 07:35:52 2622464 ----a-w- C:\Windows\System32\wucltux.dll
2012-12-17 07:35:45 99840 ----a-w- C:\Windows\System32\wudriver.dll
2012-12-17 07:35:35 36864 ----a-w- C:\Windows\System32\wuapp.exe
2012-12-17 07:35:35 186752 ----a-w- C:\Windows\System32\wuwebv.dll
2012-12-17 07:25:23 -------- d-----w- C:\Users\OC\AppData\Local\Google
2012-12-17 07:25:15 71600 ----a-w- C:\Windows\System32\drivers\aswMonFlt.sys
2012-12-17 07:24:37 41224 ----a-w- C:\Windows\avastSS.scr
2012-12-17 07:24:30 -------- d-----w- C:\ProgramData\AVAST Software
2012-12-17 07:24:30 -------- d-----w- C:\Program Files\AVAST Software
2012-12-17 02:10:58 73656 ----a-w- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 02:10:58 697272 ----a-w- C:\Windows\SysWow64\FlashPlayerApp.exe
2012-12-16 23:00:49 -------- d-----w- C:\Users\OC\AppData\Local\PunkBuster
2012-12-16 22:59:51 -------- d-----w- C:\Program Files (x86)\Battlelog Web Plugins
2012-12-16 19:17:19 -------- d--h--w- C:\Program Files (x86)\Common Files\EAInstaller
2012-12-16 19:16:46 281520 ----a-w- C:\Windows\SysWow64\PnkBstrB.exe
2012-12-16 19:16:46 280904 ----a-w- C:\Windows\SysWow64\PnkBstrB.ex0
2012-12-16 19:16:45 76888 ----a-w- C:\Windows\SysWow64\PnkBstrA.exe
2012-12-16 19:15:10 519000 ----a-w- C:\Windows\System32\d3dx10_40.dll
2012-12-16 19:15:10 452440 ----a-w- C:\Windows\SysWow64\d3dx10_40.dll
2012-12-16 19:15:10 2605920 ----a-w- C:\Windows\System32\D3DCompiler_40.dll
2012-12-16 19:15:10 2036576 ----a-w- C:\Windows\SysWow64\D3DCompiler_40.dll
2012-12-16 19:15:06 5631312 ----a-w- C:\Windows\System32\D3DX9_40.dll
2012-12-16 19:15:06 4379984 ----a-w- C:\Windows\SysWow64\D3DX9_40.dll
2012-12-16 19:14:15 -------- d-----w- C:\Users\OC\AppData\Local\Chromium
2012-12-16 19:13:23 -------- d-----w- C:\Users\OC\AppData\Local\The Lord of the Rings Online
2012-12-16 18:50:00 -------- d-----w- C:\Users\OC\AppData\Local\Turbine
2012-12-16 18:49:51 -------- d-----w- C:\Users\OC\AppData\Local\ApplicationHistory
2012-12-16 18:28:34 -------- d-----w- C:\Program Files (x86)\Origin Games
2012-12-16 18:26:57 -------- d-----w- C:\Users\OC\AppData\Local\Origin
2012-12-16 18:23:40 -------- d-----w- C:\Program Files (x86)\Origin
2012-12-16 18:20:58 -------- d-----w- C:\ProgramData\EA Core
2012-12-16 18:20:57 -------- d-----w- C:\ProgramData\Electronic Arts
2012-12-16 18:16:51 -------- d-----w- C:\ProgramData\EA Logs
2012-12-16 18:02:21 25928 ----a-w- C:\Windows\System32\drivers\mbam.sys
2012-12-16 18:02:21 -------- d-----w- C:\Program Files (x86)\Malwarebytes' Anti-Malware
2012-12-16 17:48:11 -------- d-----w- C:\Users\OC\AppData\Roaming\Malwarebytes
2012-12-16 17:48:09 -------- d-----w- C:\ProgramData\Malwarebytes
2012-12-16 17:47:01 -------- d-----w- C:\Program Files (x86)\Realtek
2012-12-16 17:25:00 -------- d-----w- C:\Users\OC\AppData\Roaming\Avira
2012-12-16 17:19:37 99912 ----a-w- C:\Windows\System32\drivers\avgntflt.sys
2012-12-16 17:19:37 27800 ----a-w- C:\Windows\System32\drivers\avkmgr.sys
2012-12-16 17:19:37 -------- d-----w- C:\ProgramData\Avira
2012-12-16 17:19:37 -------- d-----w- C:\Program Files (x86)\Avira
2012-12-16 16:40:45 -------- d-----w- C:\Users\OC\AppData\Roaming\Origin
2012-12-16 16:39:21 -------- d-----w- C:\Windows\SysWow64\URTTEMP
2012-12-16 15:28:04 -------- d-----w- C:\Windows\SysWow64\directx
2012-12-16 15:28:04 -------- d-----w- C:\Program Files (x86)\SAF
2012-12-16 15:28:03 914432 ----a-w- C:\Windows\SysWow64\7z.dll
2012-12-16 15:28:03 441344 ----a-w- C:\Windows\SysWow64\SetACLx64.exe
2012-12-16 15:28:03 348160 ----a-w- C:\Windows\SysWow64\msvcr71.dll
2012-12-16 15:28:03 303616 ----a-w- C:\Windows\SysWow64\SetACLx86.exe
2012-12-16 15:28:03 21504 ----a-w- C:\Windows\SysWow64\gsar.exe
2012-12-16 15:28:03 163840 ----a-w- C:\Windows\SysWow64\7z.exe
2012-12-16 15:28:02 664064 ----a-w- C:\Windows\SysWow64\RealMediaSplitter.ax
2012-12-16 15:28:02 237568 ----a-w- C:\Windows\SysWow64\vp7dec.ax
2012-12-16 15:26:56 162816 ----a-w- C:\Windows\SysWow64\WGET.exe
2012-12-16 15:17:40 -------- d-----w- C:\ProgramData\Origin
2012-12-16 15:07:46 56448 ----a-w- C:\Windows\System32\drivers\usbfilter.sys
2012-12-16 15:00:56 1706640 ----a-w- C:\Windows\RtlExUpd.dll
2012-12-16 15:00:56 -------- d--h--w- C:\Program Files (x86)\Temp
2012-12-16 14:59:58 -------- d-----w- C:\Program Files (x86)\Renesas Electronics
2012-12-16 14:59:15 -------- d-----w- C:\Users\OC\AppData\Local\AMD
2012-12-16 14:59:02 -------- d-----w- C:\Users\OC\AppData\Local\ATI
2012-12-16 14:58:06 0 ----a-w- C:\Windows\ativpsrm.bin
2012-12-16 14:57:07 -------- d-----w- C:\Program Files (x86)\AMD AVT
2012-12-16 14:57:06 -------- d-----w- C:\Program Files (x86)\AMD APP
2012-12-16 14:57:02 -------- d-----w- C:\Program Files\Common Files\ATI Technologies
2012-12-16 14:57:02 -------- d-----w- C:\Program Files (x86)\Common Files\ATI Technologies
2012-12-16 14:56:31 -------- d-----w- C:\ProgramData\AMD
2012-12-16 14:56:06 -------- d-----w- C:\Program Files (x86)\ATI Technologies
2012-12-16 14:54:12 -------- d-sh--w- C:\Windows\Installer
2012-12-16 14:53:27 -------- d-----w- C:\Program Files\ATI
2012-12-16 14:52:30 -------- d-----w- C:\Program Files\ATI Technologies
2012-12-16 14:52:02 -------- d-----w- C:\AMD
2012-12-16 14:41:41 -------- d-----w- C:\Windows\Panther
2012-12-04 00:14:12 16440 ----a-w- C:\Windows\System32\drivers\AtiPcie.sys
.
==================== Find3M ====================
.
2012-11-22 03:26:40 3149824 ----a-w- C:\Windows\System32\win32k.sys
2012-11-09 05:45:09 2048 ----a-w- C:\Windows\System32\tzres.dll
2012-11-09 04:42:49 2048 ----a-w- C:\Windows\SysWow64\tzres.dll
2012-10-16 08:38:37 135168 ----a-w- C:\Windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38:34 350208 ----a-w- C:\Windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39:52 561664 ----a-w- C:\Windows\apppatch\AcLayers.dll
2012-10-09 18:17:13 55296 ----a-w- C:\Windows\System32\dhcpcsvc6.dll
2012-10-09 18:17:13 226816 ----a-w- C:\Windows\System32\dhcpcore6.dll
2012-10-09 17:40:31 44032 ----a-w- C:\Windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40:31 193536 ----a-w- C:\Windows\SysWow64\dhcpcore6.dll
2012-10-04 17:46:16 362496 ----a-w- C:\Windows\System32\wow64win.dll
2012-10-04 17:46:15 243200 ----a-w- C:\Windows\System32\wow64.dll
2012-10-04 17:46:15 13312 ----a-w- C:\Windows\System32\wow64cpu.dll
2012-10-04 17:45:55 215040 ----a-w- C:\Windows\System32\winsrv.dll
2012-10-04 17:43:28 16384 ----a-w- C:\Windows\System32\ntvdm64.dll
2012-10-04 17:41:16 424960 ----a-w- C:\Windows\System32\KernelBase.dll
2012-10-04 16:47:41 5120 ----a-w- C:\Windows\SysWow64\wow32.dll
2012-10-04 16:47:41 274944 ----a-w- C:\Windows\SysWow64\KernelBase.dll
2012-10-04 15:21:55 338432 ----a-w- C:\Windows\System32\conhost.exe
2012-10-04 14:46:46 7680 ----a-w- C:\Windows\SysWow64\instnm.exe
2012-10-04 14:46:46 25600 ----a-w- C:\Windows\SysWow64\setup16.exe
2012-10-04 14:46:44 14336 ----a-w- C:\Windows\SysWow64\ntvdm64.dll
2012-10-04 14:46:43 2048 ----a-w- C:\Windows\SysWow64\user.exe
2012-10-04 14:41:50 6144 ---ha-w- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll
2012-10-04 14:41:50 4608 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll
2012-10-04 14:41:50 3584 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll
2012-10-04 14:41:50 3072 ---ha-w- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll
2012-10-03 17:56:54 1914248 ----a-w- C:\Windows\System32\drivers\tcpip.sys
2012-10-03 17:44:21 70656 ----a-w- C:\Windows\System32\nlaapi.dll
2012-10-03 17:44:21 303104 ----a-w- C:\Windows\System32\nlasvc.dll
2012-10-03 17:44:17 246272 ----a-w- C:\Windows\System32\netcorehc.dll
2012-10-03 17:44:17 18944 ----a-w- C:\Windows\System32\netevent.dll
2012-10-03 17:44:16 216576 ----a-w- C:\Windows\System32\ncsi.dll
2012-10-03 17:42:16 569344 ----a-w- C:\Windows\System32\iphlpsvc.dll
2012-10-03 16:42:24 18944 ----a-w- C:\Windows\SysWow64\netevent.dll
2012-10-03 16:42:24 175104 ----a-w- C:\Windows\SysWow64\netcorehc.dll
2012-10-03 16:42:23 156672 ----a-w- C:\Windows\SysWow64\ncsi.dll
2012-10-03 16:07:26 45568 ----a-w- C:\Windows\System32\drivers\tcpipreg.sys
2012-09-28 14:37:02 221696 ----a-w- C:\Windows\System32\clinfo.exe
2012-09-28 14:36:44 75776 ----a-w- C:\Windows\System32\OpenVideo64.dll
2012-09-28 14:36:40 65536 ----a-w- C:\Windows\SysWow64\OpenVideo.dll
2012-09-28 14:36:36 63488 ----a-w- C:\Windows\System32\OVDecode64.dll
2012-09-28 14:36:34 56320 ----a-w- C:\Windows\SysWow64\OVDecode.dll
2012-09-28 14:36:24 32635904 ----a-w- C:\Windows\System32\amdocl64.dll
2012-09-28 14:32:16 27341824 ----a-w- C:\Windows\SysWow64\amdocl.dll
2012-09-28 14:28:46 54784 ----a-w- C:\Windows\System32\OpenCL.dll
2012-09-28 14:28:42 50176 ----a-w- C:\Windows\SysWow64\OpenCL.dll
2012-09-28 02:23:00 5557928 ----a-w- C:\Windows\SysWow64\atiumdag.dll
2012-09-28 02:21:20 10697216 ----a-w- C:\Windows\System32\drivers\atikmdag.sys
2012-09-28 02:05:38 70144 ----a-w- C:\Windows\System32\coinst_9.002.dll
2012-09-28 02:03:52 163840 ----a-w- C:\Windows\System32\atiapfxx.exe
2012-09-28 02:02:30 51200 ----a-w- C:\Windows\System32\aticalrt64.dll
2012-09-28 02:02:28 46080 ----a-w- C:\Windows\SysWow64\aticalrt.dll
2012-09-28 02:02:22 44544 ----a-w- C:\Windows\System32\aticalcl64.dll
2012-09-28 02:02:20 44032 ----a-w- C:\Windows\SysWow64\aticalcl.dll
2012-09-28 02:02:08 16082432 ----a-w- C:\Windows\System32\aticaldd64.dll
2012-09-28 01:59:56 23825920 ----a-w- C:\Windows\System32\atio6axx.dll
2012-09-28 01:57:20 13703168 ----a-w- C:\Windows\SysWow64\aticaldd.dll
2012-09-28 01:43:28 935424 ----a-w- C:\Windows\SysWow64\aticfx32.dll
2012-09-28 01:41:40 1120768 ----a-w- C:\Windows\System32\aticfx64.dll
2012-09-28 01:41:14 19624960 ----a-w- C:\Windows\SysWow64\atioglxx.dll
2012-09-28 01:39:36 6536192 ----a-w- C:\Windows\SysWow64\atidxx32.dll
2012-09-28 01:39:14 442368 ----a-w- C:\Windows\System32\atidemgy.dll
2012-09-28 01:39:08 538112 ----a-w- C:\Windows\System32\atieclxx.exe
2012-09-28 01:38:16 239616 ----a-w- C:\Windows\System32\atiesrxx.exe
2012-09-28 01:36:50 120320 ----a-w- C:\Windows\System32\atitmm64.dll
2012-09-28 01:36:36 21504 ----a-w- C:\Windows\System32\atimuixx.dll
2012-09-28 01:36:30 59392 ----a-w- C:\Windows\System32\atiedu64.dll
2012-09-28 01:36:26 43520 ----a-w- C:\Windows\SysWow64\ati2edxx.dll
2012-09-28 01:31:26 3127296 ----a-w- C:\Windows\System32\atiumd6a.dll
2012-09-28 01:25:24 6704640 ----a-w- C:\Windows\System32\atiumd64.dll
2012-09-28 01:22:42 7167488 ----a-w- C:\Windows\System32\atidxx64.dll
2012-09-28 01:22:30 2691584 ----a-w- C:\Windows\SysWow64\atiumdva.dll
2012-09-28 01:13:40 595456 ----a-w- C:\Windows\System32\atiadlxx.dll
2012-09-28 01:13:30 405504 ----a-w- C:\Windows\SysWow64\atiadlxy.dll
2012-09-28 01:13:16 17920 ----a-w- C:\Windows\System32\atig6pxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\SysWow64\atiglpxx.dll
2012-09-28 01:13:12 14848 ----a-w- C:\Windows\System32\atiglpxx.dll
2012-09-28 01:13:08 41984 ----a-w- C:\Windows\System32\atig6txx.dll
2012-09-28 01:13:00 33280 ----a-w- C:\Windows\SysWow64\atigktxx.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\atimpc64.dll
2012-09-28 01:12:58 56320 ----a-w- C:\Windows\System32\amdpcom64.dll
2012-09-28 01:12:52 460288 ----a-w- C:\Windows\System32\drivers\atikmpag.sys
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\atimpc32.dll
2012-09-28 01:12:48 56832 ----a-w- C:\Windows\SysWow64\amdpcom32.dll
2012-09-28 01:11:22 129536 ----a-w- C:\Windows\System32\atiuxp64.dll
2012-09-28 01:11:16 109568 ----a-w- C:\Windows\SysWow64\atiuxpag.dll
2012-09-28 01:11:08 103424 ----a-w- C:\Windows\System32\atiu9p64.dll
2012-09-28 01:10:58 82944 ----a-w- C:\Windows\SysWow64\atiu9pag.dll
2012-09-28 01:09:48 53248 ----a-w- C:\Windows\System32\drivers\ati2erec.dll
2012-09-25 22:47:43 78336 ----a-w- C:\Windows\SysWow64\synceng.dll
2012-09-25 22:46:17 95744 ----a-w- C:\Windows\System32\synceng.dll
.
============= FINISH: 20:35:51,57 ===============
--- --- --- --- --- --- attach.txt Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Professional Boot Device: \Device\HarddiskVolume1 Install Date: 16.12.2012 15:49:17 System Uptime: 19.12.2012 16:27:38 (4 hours ago) . Motherboard: Gigabyte Technology Co., Ltd. | | GA-870A-UD3 Processor: AMD Phenom(tm) II X4 955 Processor | Socket M2 | 3900/200mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 149 GiB total, 77,741 GiB free. D: is CDROM (CDFS) E: is CDROM () F: is FIXED (NTFS) - 149 GiB total, 24,753 GiB free. G: is FIXED (NTFS) - 149 GiB total, 148,948 GiB free. H: is FIXED (exFAT) - 931 GiB total, 865,684 GiB free. . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP14: 17.12.2012 08:24:18 - avast! Free Antivirus Setup RP15: 17.12.2012 08:35:26 - Windows Update RP16: 17.12.2012 08:40:35 - Windows Update RP17: 17.12.2012 10:00:27 - Windows Update RP18: 17.12.2012 13:11:09 - Windows Update RP19: 17.12.2012 15:25:01 - Installed 3DMark06 RP20: 17.12.2012 16:43:49 - Installed Java 7 Update 9 RP21: 18.12.2012 14:53:25 - Windows Update RP22: 19.12.2012 16:05:32 - Windows Update . ==== Installed Programs ====================== . 3DMark06 Adobe Flash Player 11 ActiveX AMD Accelerated Video Transcoding AMD APP SDK Runtime AMD Catalyst Install Manager AMD Drag and Drop Transcoding AMD Fuel AMD Media Foundation Decoders AMD VISION Engine Control Center Ask Toolbar Ask Toolbar Updater avast! Free Antivirus Avira Free Antivirus Battlefield 3™ Battlelog Web Plugins Catalyst Control Center - Branding Catalyst Control Center Graphics Previews Common Catalyst Control Center InstallProxy Catalyst Control Center Localization All ccc-utility64 CCC Help Chinese Standard CCC Help Chinese Traditional CCC Help Czech CCC Help Danish CCC Help Dutch CCC Help English CCC Help Finnish CCC Help French CCC Help German CCC Help Greek CCC Help Hungarian CCC Help Italian CCC Help Japanese CCC Help Korean CCC Help Norwegian CCC Help Polish CCC Help Portuguese CCC Help Russian CCC Help Spanish CCC Help Swedish CCC Help Thai CCC Help Turkish ESN Sonar Futuremark SystemInfo Geeks3D.com FurMark 1.10.3 Google Chrome Google Toolbar for Internet Explorer Google Update Helper Java 7 Update 9 Java Auto Updater Malwarebytes Anti-Malware Version 1.65.1.1000 Microsoft .NET Framework 1.1 Microsoft .NET Framework 4 Client Profile Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 OpenAL Origin PunkBuster Services Realtek HDMI Audio Driver for ATI Renesas Electronics USB 3.0 Host Controller Driver Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) . ==== End Of File =========================== |
|
19.12.2012, 23:45
| #4 | ||
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Okay Schritt 1: Deinstalliere Google Toolbar, wenn du sie nicht brauchst Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen
Schritt 3: Temporäre Dateien löschen mit TFC
Schritt 4: Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 00:42
| #5 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden AdwCleaner Code:
ATTFilter # AdwCleaner v2.101 - Datei am 20/12/2012 um 00:35:05 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (64 bits)
# Benutzer : OC - OC-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\OC\Downloads\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelöscht : C:\Program Files (x86)\Ask.com
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\Users\OC\AppData\LOCal\APN
Ordner Gelöscht : C:\Users\OC\AppData\LOCalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\GenericAskToolbar.ToolbarWnd.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Features\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [ApnUpdater]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\OC\AppData\LOCal\Google\Chrome\User Data\Default\Preferences
Gelöscht [l.44] : icon_url = "hxxp://www.ask.com/favicon.ico",
Gelöscht [l.47] : keyword = "ask.com",
Gelöscht [l.50] : search_url = "hxxp://websearch.ask.com/redirect?client=cr&src=kw&tb=ORJ&o=&locale=&apn_uid=F5[...]
Gelöscht [l.51] : suggest_url = "hxxp://ss.websearch.ask.com/query?qsrc=2922&li=ff&sstype=prefix&q={searchTerms[...]
*************************
AdwCleaner[S1].txt - [4153 octets] - [20/12/2012 00:35:05]
########## EOF - C:\AdwCleaner[S1].txt - [4213 octets] ##########
da hat avira kurz was gesagt vo der registry , des war dannn gleich wieder weg.... ich habe des Internet ausgeschaltet bevor ich gescannt habe. Code:
ATTFilter ComboFix 12-12-19.02 - OC 20.12.2012 0:51.1.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6142.4364 [GMT 1:00]
ausgeführt von:: c:\users\OC\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: avast! Antivirus *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\URTTemp
c:\windows\SysWow64\URTTemp\regtlib.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-19 bis 2012-12-19 ))))))))))))))))))))))))))))))
.
.
2012-12-19 23:55 . 2012-12-19 23:55 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-19 15:05 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-19 15:05 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-19 15:05 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 15:05 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 15:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-19 15:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-19 15:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-17 15:46 . 2012-12-17 15:46 -------- d-----w- c:\windows\Sun
2012-12-17 15:44 . 2012-12-17 15:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-17 15:44 . 2012-12-17 15:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-17 15:44 . 2012-12-17 15:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-17 15:44 . 2012-12-17 15:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-17 15:44 . 2012-12-17 15:44 -------- d-----w- c:\program files (x86)\Java
2012-12-17 14:54 . 2012-12-17 14:54 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-17 14:54 . 2012-12-17 14:54 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-17 14:54 . 2012-12-17 14:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-17 14:54 . 2012-12-17 14:54 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-17 14:54 . 2012-12-17 14:54 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-17 14:52 . 2012-12-17 14:52 -------- d-----w- c:\program files (x86)\Geeks3D
2012-12-17 14:26 . 2012-12-17 14:26 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-12-17 14:25 . 2012-12-17 14:25 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-17 12:22 . 2012-12-17 12:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-12-17 12:22 . 2012-12-17 12:22 -------- d-----w- c:\windows\system32\wbem\en-US
2012-12-17 12:18 . 2012-11-28 14:58 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-17 11:44 . 2012-12-18 00:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-17 09:27 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-17 09:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-17 09:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-17 09:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-17 09:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-17 09:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-17 09:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-17 09:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-17 09:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-17 09:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-17 09:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-17 09:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-17 09:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-17 09:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-17 09:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-17 09:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-17 09:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-17 08:29 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-17 08:28 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-12-17 08:27 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-12-17 08:26 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-12-17 08:25 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-12-17 08:25 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-12-17 08:25 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-12-17 08:25 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-12-17 08:25 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-17 08:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-12-17 08:25 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-12-17 08:25 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-12-17 08:25 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-12-17 08:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-17 08:23 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-17 08:18 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-12-17 08:18 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-12-17 08:15 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-12-17 08:15 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-12-17 08:12 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-12-17 08:12 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-12-17 08:12 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-12-17 08:12 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-12-17 08:12 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-12-17 08:12 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-12-17 08:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-12-17 08:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-12-17 08:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-12-17 08:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-12-17 08:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-12-17 08:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-12-17 08:08 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-12-17 08:08 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-12-17 07:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-12-17 07:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-12-17 07:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-12-17 07:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-12-17 07:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-12-17 07:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-12-17 07:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-12-17 07:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-12-17 07:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-12-17 07:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-12-17 07:35 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-17 07:35 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-12-17 07:29 . 2012-12-17 07:29 -------- d-----w- c:\program files\Google
2012-12-17 07:25 . 2012-12-17 07:29 -------- d-----w- c:\program files (x86)\Google
2012-12-17 07:25 . 2012-10-30 22:51 71600 ----a-w- c:\windows\system32\drivers\aswMonFlt.sys
2012-12-17 07:25 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-17 07:24 . 2012-10-30 22:51 41224 ----a-w- c:\windows\avastSS.scr
2012-12-17 07:24 . 2012-10-30 22:50 227648 ----a-w- c:\windows\SysWow64\aswBoot.exe
2012-12-17 07:24 . 2012-12-17 07:24 -------- d-----w- c:\programdata\AVAST Software
2012-12-17 07:24 . 2012-12-17 07:24 -------- d-----w- c:\program files\AVAST Software
2012-12-17 02:10 . 2012-12-17 02:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 02:10 . 2012-12-17 02:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-17 02:10 . 2012-12-17 02:10 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-17 02:10 . 2012-12-17 02:10 -------- d-----w- c:\windows\system32\Macromed
2012-12-16 22:59 . 2012-12-17 11:43 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-12-16 19:17 . 2012-12-16 19:17 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-12-16 19:16 . 2012-12-18 00:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-16 19:16 . 2012-12-18 00:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 19:16 . 2012-12-17 11:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-16 19:15 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-12-16 18:28 . 2012-12-16 18:32 -------- d-----w- c:\program files (x86)\Origin Games
2012-12-16 18:23 . 2012-12-16 18:26 -------- d-----w- c:\program files (x86)\Origin
2012-12-16 18:20 . 2012-12-16 18:20 -------- d-----w- c:\programdata\EA Core
2012-12-16 18:20 . 2012-12-16 22:57 -------- d-----w- c:\programdata\Electronic Arts
2012-12-16 18:16 . 2012-12-17 01:51 -------- d-----w- c:\programdata\EA Logs
2012-12-16 18:02 . 2012-12-16 18:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:02 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-16 17:48 . 2012-12-16 17:48 -------- d-----w- c:\programdata\Malwarebytes
2012-12-16 17:47 . 2012-12-16 17:47 -------- d-----w- c:\program files (x86)\Realtek
2012-12-16 17:19 . 2012-12-16 17:44 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-16 17:19 . 2012-12-16 17:44 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-16 17:19 . 2012-12-16 17:19 -------- d-----w- c:\programdata\Avira
2012-12-16 17:19 . 2012-12-16 17:19 -------- d-----w- c:\program files (x86)\Avira
2012-12-16 17:19 . 2012-09-24 08:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-12-17 08:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-17 08:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-17 08:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-17 08:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-09-28 01:41 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-09-28 01:22 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-16 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-16 384800]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 cpuz130;cpuz130;c:\users\OC\AppData\Local\Temp\cpuz130\cpuz_x64.sys [x]
R3 cpuz135;cpuz135;c:\windows\TEMP\cpuz135\cpuz135_x64.sys [x]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-16 85280]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT-Treiber;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-06-10 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-03-30 56448]
.
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-19 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 02:10]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 07:25]
.
2012-12-19 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 07:25]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2012-12-20 00:56:49
ComboFix-quarantined-files.txt 2012-12-19 23:56
.
Vor Suchlauf: 7 Verzeichnis(se), 83.060.776.960 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 82.680.401.920 Bytes frei
.
- - End Of File - - 7F93A4199DEBAB23849A8C47D755548F
Geändert von DR OC (20.12.2012 um 01:12 Uhr) |
|
20.12.2012, 09:37
| #6 | ||
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Nein, immer schön langsam. Schritt 1: Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Deinstalliere Avira Schritt 3: Überreste von Avira entfernen
Schritt 4: Combofix-Skript
__________________ --> Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden |
|
20.12.2012, 10:10
| #7 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Beim löschen der AVIRA keys kam jetzt dass ich net alle löschen konnte habe es als Administrator ausgeführt... Auf meiner C: Festplatte habe ich jetzt keinen zugriff mehr auf Programme Documente und Einstellungen und Documents und Settings da mir jetzt der Pfad fehlt.... Wenn ich Combofix runterlade dann wird des bei mir in Downloads gespeichert, ich habe es dann mit ausschneiden und einfügen auf den desktop geholt combofix.txt Code:
ATTFilter ComboFix 12-12-20.01 - OC 20.12.2012 10:18:49.2.4 - x64
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.6142.4507 [GMT 1:00]
ausgeführt von:: c:\users\OC\Desktop\ComboFix.exe
Benutzte Befehlsschalter :: c:\users\OC\Desktop\CFScript.txt
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
.
((((((((((((((((((((((((((((((((((((((( Treiber/Dienste )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_CPUZ130
-------\Legacy_CPUZ135
-------\Service_cpuz130
-------\Service_cpuz135
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-20 bis 2012-12-20 ))))))))))))))))))))))))))))))
.
.
2012-12-20 09:22 . 2012-12-20 09:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-20 08:44 . 2012-11-19 00:01 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C6792AD8-C051-4FCC-8F8E-DFD57A7CAF29}\mpengine.dll
2012-12-20 08:41 . 2012-12-20 08:41 -------- d-----w- c:\windows\LastGood.Tmp
2012-12-19 15:05 . 2012-11-05 21:35 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-19 15:05 . 2012-11-05 20:41 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-19 15:05 . 2012-11-05 20:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-19 15:05 . 2012-11-05 20:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 15:05 . 2011-02-19 12:05 1139200 ----a-w- c:\windows\system32\FntCache.dll
2012-12-19 15:05 . 2011-02-19 12:04 902656 ----a-w- c:\windows\system32\d2d1.dll
2012-12-19 15:05 . 2011-02-19 06:30 739840 ----a-w- c:\windows\SysWow64\d2d1.dll
2012-12-17 15:46 . 2012-12-17 15:46 -------- d-----w- c:\windows\Sun
2012-12-17 15:44 . 2012-12-17 15:44 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-12-17 15:44 . 2012-12-17 15:44 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-12-17 15:44 . 2012-12-17 15:44 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-17 15:44 . 2012-12-17 15:44 95208 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2012-12-17 15:44 . 2012-12-17 15:44 -------- d-----w- c:\program files (x86)\Java
2012-12-17 14:54 . 2012-12-17 14:54 466456 ----a-w- c:\windows\system32\wrap_oal.dll
2012-12-17 14:54 . 2012-12-17 14:54 444952 ----a-w- c:\windows\SysWow64\wrap_oal.dll
2012-12-17 14:54 . 2012-12-17 14:54 122904 ----a-w- c:\windows\system32\OpenAL32.dll
2012-12-17 14:54 . 2012-12-17 14:54 109080 ----a-w- c:\windows\SysWow64\OpenAL32.dll
2012-12-17 14:54 . 2012-12-17 14:54 -------- d-----w- c:\program files (x86)\OpenAL
2012-12-17 14:52 . 2012-12-17 14:52 -------- d-----w- c:\program files (x86)\Geeks3D
2012-12-17 14:26 . 2012-12-17 14:26 -------- d-----w- c:\program files (x86)\Common Files\Futuremark Shared
2012-12-17 14:25 . 2012-12-17 14:25 -------- d-----w- c:\program files (x86)\Futuremark
2012-12-17 12:22 . 2012-12-17 12:22 -------- d-----w- c:\windows\SysWow64\wbem\en-US
2012-12-17 12:22 . 2012-12-17 12:22 -------- d-----w- c:\windows\system32\wbem\en-US
2012-12-17 12:18 . 2012-11-28 14:58 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-12-17 11:44 . 2012-12-18 00:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-17 09:27 . 2012-07-26 07:46 2560 ----a-w- c:\windows\system32\drivers\de-DE\wdf01000.sys.mui
2012-12-17 09:27 . 2012-07-26 04:55 785512 ----a-w- c:\windows\system32\drivers\Wdf01000.sys
2012-12-17 09:27 . 2012-07-26 04:55 54376 ----a-w- c:\windows\system32\drivers\WdfLdr.sys
2012-12-17 09:27 . 2012-07-26 02:36 9728 ----a-w- c:\windows\system32\Wdfres.dll
2012-12-17 09:23 . 2010-02-23 08:16 294912 ----a-w- c:\windows\system32\browserchoice.exe
2012-12-17 09:12 . 2012-07-26 03:08 229888 ----a-w- c:\windows\system32\WUDFHost.exe
2012-12-17 09:12 . 2012-07-26 03:08 84992 ----a-w- c:\windows\system32\WUDFSvc.dll
2012-12-17 09:12 . 2012-07-26 03:08 744448 ----a-w- c:\windows\system32\WUDFx.dll
2012-12-17 09:12 . 2012-07-26 03:08 45056 ----a-w- c:\windows\system32\WUDFCoinstaller.dll
2012-12-17 09:12 . 2012-07-26 03:08 194048 ----a-w- c:\windows\system32\WUDFPlatform.dll
2012-12-17 09:12 . 2012-07-26 02:26 87040 ----a-w- c:\windows\system32\drivers\WUDFPf.sys
2012-12-17 09:12 . 2012-07-26 02:26 198656 ----a-w- c:\windows\system32\drivers\WUDFRd.sys
2012-12-17 09:06 . 2012-03-01 06:46 23408 ----a-w- c:\windows\system32\drivers\fs_rec.sys
2012-12-17 09:06 . 2012-03-01 06:33 81408 ----a-w- c:\windows\system32\imagehlp.dll
2012-12-17 09:06 . 2012-03-01 06:28 5120 ----a-w- c:\windows\system32\wmi.dll
2012-12-17 09:06 . 2012-03-01 05:33 159232 ----a-w- c:\windows\SysWow64\imagehlp.dll
2012-12-17 09:06 . 2012-03-01 05:29 5120 ----a-w- c:\windows\SysWow64\wmi.dll
2012-12-17 08:29 . 2012-10-03 17:56 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-12-17 08:28 . 2011-11-17 06:35 395776 ----a-w- c:\windows\system32\webio.dll
2012-12-17 08:27 . 2012-08-30 18:03 5559664 ----a-w- c:\windows\system32\ntoskrnl.exe
2012-12-17 08:26 . 2011-02-05 17:10 20352 ----a-w- c:\windows\system32\kdusb.dll
2012-12-17 08:25 . 2012-07-04 22:16 73216 ----a-w- c:\windows\system32\netapi32.dll
2012-12-17 08:25 . 2012-07-04 22:13 59392 ----a-w- c:\windows\system32\browcli.dll
2012-12-17 08:25 . 2012-07-04 22:13 136704 ----a-w- c:\windows\system32\browser.dll
2012-12-17 08:25 . 2012-07-04 21:14 41984 ----a-w- c:\windows\SysWow64\browcli.dll
2012-12-17 08:25 . 2011-02-23 04:55 90624 ----a-w- c:\windows\system32\drivers\bowser.sys
2012-12-17 08:25 . 2011-12-28 03:59 498688 ----a-w- c:\windows\system32\drivers\afd.sys
2012-12-17 08:25 . 2011-01-17 11:09 197120 ----a-w- c:\windows\system32\d3d10_1.dll
2012-12-17 08:25 . 2011-01-17 05:47 161792 ----a-w- c:\windows\SysWow64\d3d10_1.dll
2012-12-17 08:25 . 2012-05-14 05:26 956928 ----a-w- c:\windows\system32\localspl.dll
2012-12-17 08:23 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-17 08:23 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-12-17 08:18 . 2011-12-30 06:26 515584 ----a-w- c:\windows\system32\timedate.cpl
2012-12-17 08:18 . 2011-12-30 05:27 478720 ----a-w- c:\windows\SysWow64\timedate.cpl
2012-12-17 08:15 . 2012-08-02 17:58 574464 ----a-w- c:\windows\system32\d3d10level9.dll
2012-12-17 08:15 . 2012-08-02 16:57 490496 ----a-w- c:\windows\SysWow64\d3d10level9.dll
2012-12-17 08:12 . 2012-06-02 05:41 1464320 ----a-w- c:\windows\system32\crypt32.dll
2012-12-17 08:12 . 2012-06-02 05:41 184320 ----a-w- c:\windows\system32\cryptsvc.dll
2012-12-17 08:12 . 2012-06-02 05:41 140288 ----a-w- c:\windows\system32\cryptnet.dll
2012-12-17 08:12 . 2012-06-02 04:36 140288 ----a-w- c:\windows\SysWow64\cryptsvc.dll
2012-12-17 08:12 . 2012-06-02 04:36 1159680 ----a-w- c:\windows\SysWow64\crypt32.dll
2012-12-17 08:12 . 2012-06-02 04:36 103936 ----a-w- c:\windows\SysWow64\cryptnet.dll
2012-12-17 08:12 . 2012-02-11 06:43 751104 ----a-w- c:\windows\system32\win32spl.dll
2012-12-17 08:12 . 2012-02-11 06:36 559104 ----a-w- c:\windows\system32\spoolsv.exe
2012-12-17 08:12 . 2012-02-11 06:36 67072 ----a-w- c:\windows\splwow64.exe
2012-12-17 08:12 . 2012-02-11 05:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2012-12-17 08:12 . 2011-11-19 14:58 77312 ----a-w- c:\windows\system32\packager.dll
2012-12-17 08:12 . 2011-11-19 14:01 67072 ----a-w- c:\windows\SysWow64\packager.dll
2012-12-17 08:08 . 2011-11-17 06:41 1731920 ----a-w- c:\windows\system32\ntdll.dll
2012-12-17 08:08 . 2011-11-17 05:38 1292080 ----a-w- c:\windows\SysWow64\ntdll.dll
2012-12-17 07:40 . 2012-02-17 06:38 1031680 ----a-w- c:\windows\system32\rdpcore.dll
2012-12-17 07:40 . 2012-02-17 05:34 826880 ----a-w- c:\windows\SysWow64\rdpcore.dll
2012-12-17 07:40 . 2012-02-17 04:57 23552 ----a-w- c:\windows\system32\drivers\tdtcp.sys
2012-12-17 07:35 . 2012-06-02 22:19 2428952 ----a-w- c:\windows\system32\wuaueng.dll
2012-12-17 07:35 . 2012-06-02 22:19 57880 ----a-w- c:\windows\system32\wuauclt.exe
2012-12-17 07:35 . 2012-06-02 22:19 44056 ----a-w- c:\windows\system32\wups2.dll
2012-12-17 07:35 . 2012-06-02 22:15 2622464 ----a-w- c:\windows\system32\wucltux.dll
2012-12-17 07:35 . 2012-06-02 22:19 38424 ----a-w- c:\windows\system32\wups.dll
2012-12-17 07:35 . 2012-06-02 22:19 701976 ----a-w- c:\windows\system32\wuapi.dll
2012-12-17 07:35 . 2012-06-02 22:15 99840 ----a-w- c:\windows\system32\wudriver.dll
2012-12-17 07:35 . 2012-06-02 14:19 186752 ----a-w- c:\windows\system32\wuwebv.dll
2012-12-17 07:35 . 2012-06-02 14:15 36864 ----a-w- c:\windows\system32\wuapp.exe
2012-12-17 07:29 . 2012-12-17 07:29 -------- d-----w- c:\program files\Google
2012-12-17 07:25 . 2012-12-17 07:29 -------- d-----w- c:\program files (x86)\Google
2012-12-17 07:25 . 2012-10-30 22:50 285328 ----a-w- c:\windows\system32\aswBoot.exe
2012-12-17 07:24 . 2012-12-20 09:23 -------- d-----w- c:\programdata\AVAST Software
2012-12-17 07:24 . 2012-12-17 07:24 -------- d-----w- c:\program files\AVAST Software
2012-12-17 02:10 . 2012-12-17 02:10 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-17 02:10 . 2012-12-17 02:10 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-17 02:10 . 2012-12-17 02:10 -------- d-----w- c:\windows\SysWow64\Macromed
2012-12-17 02:10 . 2012-12-17 02:10 -------- d-----w- c:\windows\system32\Macromed
2012-12-16 22:59 . 2012-12-17 11:43 -------- d-----w- c:\program files (x86)\Battlelog Web Plugins
2012-12-16 19:17 . 2012-12-16 19:17 -------- d--h--w- c:\program files (x86)\Common Files\EAInstaller
2012-12-16 19:16 . 2012-12-18 00:58 281520 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-12-16 19:16 . 2012-12-18 00:58 280904 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-12-16 19:16 . 2012-12-17 11:49 76888 ----a-w- c:\windows\SysWow64\PnkBstrA.exe
2012-12-16 19:15 . 2008-10-15 05:22 519000 ----a-w- c:\windows\system32\d3dx10_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 452440 ----a-w- c:\windows\SysWow64\d3dx10_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 2605920 ----a-w- c:\windows\system32\D3DCompiler_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 2036576 ----a-w- c:\windows\SysWow64\D3DCompiler_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 5631312 ----a-w- c:\windows\system32\D3DX9_40.dll
2012-12-16 19:15 . 2008-10-15 05:22 4379984 ----a-w- c:\windows\SysWow64\D3DX9_40.dll
2012-12-16 18:28 . 2012-12-16 18:32 -------- d-----w- c:\program files (x86)\Origin Games
2012-12-16 18:23 . 2012-12-16 18:26 -------- d-----w- c:\program files (x86)\Origin
2012-12-16 18:20 . 2012-12-16 18:20 -------- d-----w- c:\programdata\EA Core
2012-12-16 18:20 . 2012-12-16 22:57 -------- d-----w- c:\programdata\Electronic Arts
2012-12-16 18:16 . 2012-12-17 01:51 -------- d-----w- c:\programdata\EA Logs
2012-12-16 18:02 . 2012-12-16 18:03 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2012-12-16 18:02 . 2012-09-29 18:54 25928 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-16 17:48 . 2012-12-16 17:48 -------- d-----w- c:\programdata\Malwarebytes
2012-12-16 17:47 . 2012-12-16 17:47 -------- d-----w- c:\program files (x86)\Realtek
2012-12-16 17:19 . 2012-12-16 17:44 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-16 17:19 . 2012-12-16 17:44 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-16 17:19 . 2012-12-16 17:19 -------- d-----w- c:\programdata\Avira
2012-12-16 17:19 . 2012-12-16 17:19 -------- d-----w- c:\program files (x86)\Avira
2012-12-16 17:19 . 2012-09-24 08:58 27800 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-16 15:28 . 2010-11-18 15:27 914432 ----a-w- c:\windows\SysWow64\7z.dll
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-10-16 08:38 . 2012-12-17 08:29 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-12-17 08:29 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-12-17 08:29 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-04 16:40 . 2012-12-17 08:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-09-28 14:37 . 2012-09-28 14:37 221696 ----a-w- c:\windows\system32\clinfo.exe
2012-09-28 14:36 . 2012-09-28 14:36 75776 ----a-w- c:\windows\system32\OpenVideo64.dll
2012-09-28 14:36 . 2012-09-28 14:36 65536 ----a-w- c:\windows\SysWow64\OpenVideo.dll
2012-09-28 14:36 . 2012-09-28 14:36 63488 ----a-w- c:\windows\system32\OVDecode64.dll
2012-09-28 14:36 . 2012-09-28 14:36 56320 ----a-w- c:\windows\SysWow64\OVDecode.dll
2012-09-28 14:36 . 2012-09-28 14:36 32635904 ----a-w- c:\windows\system32\amdocl64.dll
2012-09-28 14:32 . 2012-09-28 14:32 27341824 ----a-w- c:\windows\SysWow64\amdocl.dll
2012-09-28 14:28 . 2012-09-28 14:28 54784 ----a-w- c:\windows\system32\OpenCL.dll
2012-09-28 14:28 . 2012-09-28 14:28 50176 ----a-w- c:\windows\SysWow64\OpenCL.dll
2012-09-28 02:23 . 2012-09-28 02:23 5557928 ----a-w- c:\windows\SysWow64\atiumdag.dll
2012-09-28 02:21 . 2012-09-28 02:21 10697216 ----a-w- c:\windows\system32\drivers\atikmdag.sys
2012-09-28 02:05 . 2012-09-28 02:05 70144 ----a-w- c:\windows\system32\coinst_9.002.dll
2012-09-28 02:03 . 2012-09-28 02:03 163840 ----a-w- c:\windows\system32\atiapfxx.exe
2012-09-28 02:02 . 2012-09-28 02:02 51200 ----a-w- c:\windows\system32\aticalrt64.dll
2012-09-28 02:02 . 2012-09-28 02:02 46080 ----a-w- c:\windows\SysWow64\aticalrt.dll
2012-09-28 02:02 . 2012-09-28 02:02 44544 ----a-w- c:\windows\system32\aticalcl64.dll
2012-09-28 02:02 . 2012-09-28 02:02 44032 ----a-w- c:\windows\SysWow64\aticalcl.dll
2012-09-28 02:02 . 2012-09-28 02:02 16082432 ----a-w- c:\windows\system32\aticaldd64.dll
2012-09-28 01:59 . 2012-09-28 01:59 23825920 ----a-w- c:\windows\system32\atio6axx.dll
2012-09-28 01:57 . 2012-09-28 01:57 13703168 ----a-w- c:\windows\SysWow64\aticaldd.dll
2012-09-28 01:43 . 2012-09-28 01:43 935424 ----a-w- c:\windows\SysWow64\aticfx32.dll
2012-09-28 01:41 . 2012-09-28 01:41 1120768 ----a-w- c:\windows\system32\aticfx64.dll
2012-09-28 01:41 . 2012-09-28 01:41 19624960 ----a-w- c:\windows\SysWow64\atioglxx.dll
2012-09-28 01:39 . 2012-09-28 01:39 6536192 ----a-w- c:\windows\SysWow64\atidxx32.dll
2012-09-28 01:39 . 2012-09-28 01:39 442368 ----a-w- c:\windows\system32\atidemgy.dll
2012-09-28 01:39 . 2012-09-28 01:39 538112 ----a-w- c:\windows\system32\atieclxx.exe
2012-09-28 01:38 . 2012-09-28 01:38 239616 ----a-w- c:\windows\system32\atiesrxx.exe
2012-09-28 01:36 . 2012-09-28 01:36 120320 ----a-w- c:\windows\system32\atitmm64.dll
2012-09-28 01:36 . 2012-09-28 01:36 21504 ----a-w- c:\windows\system32\atimuixx.dll
2012-09-28 01:36 . 2012-09-28 01:36 59392 ----a-w- c:\windows\system32\atiedu64.dll
2012-09-28 01:36 . 2012-09-28 01:36 43520 ----a-w- c:\windows\SysWow64\ati2edxx.dll
2012-09-28 01:31 . 2012-09-28 01:31 3127296 ----a-w- c:\windows\system32\atiumd6a.dll
2012-09-28 01:25 . 2012-09-28 01:25 6704640 ----a-w- c:\windows\system32\atiumd64.dll
2012-09-28 01:22 . 2012-09-28 01:22 7167488 ----a-w- c:\windows\system32\atidxx64.dll
2012-09-28 01:22 . 2012-09-28 01:22 2691584 ----a-w- c:\windows\SysWow64\atiumdva.dll
2012-09-28 01:13 . 2012-09-28 01:13 595456 ----a-w- c:\windows\system32\atiadlxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 405504 ----a-w- c:\windows\SysWow64\atiadlxy.dll
2012-09-28 01:13 . 2012-09-28 01:13 17920 ----a-w- c:\windows\system32\atig6pxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\SysWow64\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 14848 ----a-w- c:\windows\system32\atiglpxx.dll
2012-09-28 01:13 . 2012-09-28 01:13 41984 ----a-w- c:\windows\system32\atig6txx.dll
2012-09-28 01:13 . 2012-09-28 01:13 33280 ----a-w- c:\windows\SysWow64\atigktxx.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\atimpc64.dll
2012-09-28 01:12 . 2012-09-28 01:12 56320 ----a-w- c:\windows\system32\amdpcom64.dll
2012-09-28 01:12 . 2012-09-28 01:12 460288 ----a-w- c:\windows\system32\drivers\atikmpag.sys
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\atimpc32.dll
2012-09-28 01:12 . 2012-09-28 01:12 56832 ----a-w- c:\windows\SysWow64\amdpcom32.dll
2012-09-28 01:11 . 2012-09-28 01:11 129536 ----a-w- c:\windows\system32\atiuxp64.dll
2012-09-28 01:11 . 2012-09-28 01:11 109568 ----a-w- c:\windows\SysWow64\atiuxpag.dll
2012-09-28 01:11 . 2012-09-28 01:11 103424 ----a-w- c:\windows\system32\atiu9p64.dll
2012-09-28 01:10 . 2012-09-28 01:10 82944 ----a-w- c:\windows\SysWow64\atiu9pag.dll
2012-09-28 01:09 . 2012-09-28 01:09 53248 ----a-w- c:\windows\system32\drivers\ati2erec.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EADM"="c:\program files (x86)\Origin\Origin.exe" [2012-12-16 3492504]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2012-09-28 642728]
"NUSB3MON"="c:\program files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe" [2010-11-17 113288]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-12-16 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 Futuremark SystemInfo Service;Futuremark SystemInfo Service;c:\program files (x86)\Common Files\Futuremark Shared\Futuremark SystemInfo\FMSISvc.exe [2012-09-20 136896]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2012-09-28 239616]
S2 AMD FUEL Service;AMD FUEL Service;c:\program files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [2012-09-28 361984]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-12-16 85280]
S2 AODDriver4.2;AODDriver4.2;c:\program files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [2012-04-09 57472]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-09-29 399432]
S2 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-09-29 676936]
S3 AtiHDAudioService;AMD Function Driver for HD Audio Service;c:\windows\system32\drivers\AtihdW76.sys [2012-05-14 96896]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-09-29 25928]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys [2010-11-19 80384]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys [2010-11-19 181248]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 usbfilter;AMD USB Filter Driver;c:\windows\system32\DRIVERS\usbfilter.sys [2012-03-30 56448]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-20 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-12-17 02:10]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 07:25]
.
2012-12-20 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-12-17 07:25]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.2.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\windows\SysWOW64\PnkBstrA.exe
c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-20 10:26:55 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-20 09:26
.
Vor Suchlauf: 9 Verzeichnis(se), 85.426.126.848 Bytes frei
Nach Suchlauf: 10 Verzeichnis(se), 84.891.734.016 Bytes frei
.
- - End Of File - - 061F69C78DF9A4E7EA0B03EF4A5F08CA
Ich denke mal dass ich da alle Passwörter ändern darf wenn wir fertig sind :-) Geändert von DR OC (20.12.2012 um 10:53 Uhr) |
|
20.12.2012, 11:34
| #8 | |
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Das solltest du ohnehin in regelmässigen Abständen! Gut!  Soweit ich das sehe haben wir damit alles Schädliche entfernt. Um sicher sein zu können müssen jetzt noch ein paar Kontrollen machen. Da diese sehr lange dauern können bitte ich dich mir erst wieder zu schreiben, wenn du auch wirklich alles erledigt hast oder Probleme auftreten sollten. Schritt 1: Quick-Scan mit Malwarebytes Schritt 2: ESET Online Scanner Zitat:
Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck: LINK1 LINK2
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 18:34
| #9 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden hi, also Malwarebytes hat nix gefunden, ebenso ESET da konnte ich nur Finished drücken Security Scan: Code:
ATTFilter Results of screen317's Security Check version 0.99.56 Windows 7 Service Pack 1 x64 (UAC is enabled) Internet Explorer 9 ``````````````Antivirus/Firewall Check:`````````````` Avira Desktop Antivirus up to date! (On Access scanning disabled!) `````````Anti-malware/Other Utilities Check:````````` Malwarebytes Anti-Malware Version 1.65.1.1000 Java 7 Update 9 Google Chrome 23.0.1271.97 ````````Process Check: objlist.exe by Laurent```````` Malwarebytes Anti-Malware mbamservice.exe Malwarebytes Anti-Malware mbamgui.exe Avira Antivir avgnt.exe Avira Antivir avguard.exe Malwarebytes' Anti-Malware mbamscheduler.exe `````````````````System Health check````````````````` Total Fragmentation on Drive C: ````````````````````End of Log`````````````````````` Bei Pc Problemen kam jetzt die Meldung dass Avira und Win Defender AUS sind! |
|
20.12.2012, 21:02
| #10 | ||||
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Kannst du jetzt wieder aktivieren. Prima! Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren
Schritt 2: ESET deinstallieren (Optional)
Abschließend noch Tipps zu folgenden Themen:
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 22:18
| #11 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Ich danke dir , ich hoffe dass ich in zukunft keine solchen probleme mehr haben werde. Bei Adobe Reader- kam ein Installationsfehler: An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x80070BC9. Ich achte ja schon immer drauf dass alles upgedatet ist und ich benutze ja schon seit ein paar jahren den Malwareantibyte und Avira bisher gabs keine Probleme. |
|
20.12.2012, 22:21
| #12 |
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden hm keine Ahnung was der Fehler vom Reader soll.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
20.12.2012, 22:57
| #13 |
| | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden des dürfte an meiner internetverbindung liegen... nur DSL 3000  Ich werde dann die kombi aus Malwarebytes und avast benutzen  Was ist mit comodo könntest du den auch empfehlen? Beim Acrobat Reader kommt imer noch die Fehlermeldung An error occurred during the installation of assembly component {B708EB72-AA82-3EB7-8BB0-D845BA35C93D}. HRESULT: 0x80070BC9. obwohl ich ihn jetzt extra heruntergeladen habe. ich starte mal neu.... [QUOTE=DR OC;975824] des dürfte an meiner internetverbindung liegen... nur DSL 3000 Ich werde dann die kombi aus Malwarebytes und avast benutzen Was ist mit comodo könntest du den auch empfehlen? Adobe Reader funtioniert jetzt nach dem neustart Geändert von DR OC (20.12.2012 um 23:16 Uhr) |
|
21.12.2012, 12:46
| #14 |
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Comodo brauchst du nicht. Die Windowsfirewall reicht vollkommen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
23.12.2012, 14:48
| #15 |
| /// TB-Ausbilder | Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Malwarebytes hat ausgehenden port 8 blockiert - avast hat im win temp Ordner Win32:Downloader-MIU gefunden |
| ausgehende, avast, blockiert, einfach, festplatte, geräusch, gestern, installiert, interne, internet, ip-block, lautsprecher, leute, log, malwarebyte, malwarebytes, meldung, neu, nichts, ordner, platte, port, port:8, spiele, spielen, temp, win, win32, windows |
Button.
und dann 
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
