| |
| |||||||
Log-Analyse und Auswertung: Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google SuchenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
22.12.2012, 18:22
| #1 | |||
 |  Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Hallo, meine Freundin hat sich auf ihrem Laptop scheinbar etwas eingefangen. Bisher sind mir folgende Symptome aufgefallen: 1. Der Windows Sicherheitscenter Dienst deaktiviert sich scheinbar von selbst. Wenn ich versuche ihn von Hand zu starten, deaktiviert er sich nach ca. 30 Sekunden wieder. 2. Beim Klick auf Google Suchergebnisse wird man auf dubiose Seiten umgeleitet und nicht auf das eigentliche Suchergebnis. Das selbe Problem scheinen gerade einige zu haben. Ich habe hier bereits diverse Threads dazu gelesen. Da ihr empfehlt, dass jeder individuelle Hilfe benötigt, wende ich mich nun an euch. Bevor ich auf das Trojaner-Board gestoßen bin, habe ich folgende Versuche gemacht um dem Problem Herr zu werden: 1. Virenscan mit AVIRA => ergebnislos 2. Virenscan mit einer aktuellen AVIRA Rescue CD (Boot CD)=> ergebnislos 3. Incredibar deinstalliert 4. Firefox deinstalliert und stattdessen Chrome installiert 5. Spybot Search & Destroy installiert, gescannt und "autofixen" lassen => ergebnislos Hier kommen meine Logfiles OTL.txt Zitat:
Zitat:
Zitat:
Vielen Dank schonmal im Voraus!  |
|
22.12.2012, 20:48
| #2 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Hallo und
__________________ Schon irgendwelche Scans mit Malwarebytes oder anderen Tools gemacht? Log mit Funden da? Siehe => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon etwaig vorhandene Logs posten!
__________________ |
|
22.12.2012, 21:23
| #3 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Hallo cosinus,
__________________also Avira hat nichts gefunden. Hier die Logs von Spybot (ich nehme die Code Tags, damit der Post übersichtlich bleibt): Checks.121217-0853.txt Code:
ATTFilter Search results from Spybot - Search & Destroy
17.12.2012 08:53:03
Scan took 00:28:54.
83 items found.
IncrediBar: [SBI $430C5658] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\DisplayName
IncrediBar: [SBI $6FA574B7] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\URL
IncrediBar: [SBI $91B383C6] User settings (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\DefaultScope
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.vimeocdn.com\com.conviva.livePass.sol
Properties.size=224
Properties.md5=9342F735E4AD7CCEBF9641CDF85114E9
Properties.filedate=1341661920
Properties.filedatetext=2012-07-07 12:51:59
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cache.spreadshirt.net\sprd_c7_629654.sol
Properties.size=353
Properties.md5=052A2EB3791BE49198BBE07CC843CC16
Properties.filedate=1326563081
Properties.filedatetext=2012-01-14 18:44:40
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cdn.widgetserver.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1328025425
Properties.filedatetext=2012-01-31 16:57:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\YEPBWPrefs.sol
Properties.size=71
Properties.md5=44E4AD8751E3572B0DABE75E83AFBE60
Properties.filedate=1346351009
Properties.filedatetext=2012-08-30 19:23:28
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\YEPVitalitySharedObject.sol
Properties.size=59
Properties.md5=97C752938B867713459D52B72F2AEDF5
Properties.filedate=1342180084
Properties.filedatetext=2012-07-13 12:48:04
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\demandware.edgesuite.net\com.jeroenwijering.players.sol
Properties.size=66
Properties.md5=C7747661FF69BB0E9AADF5B8DD7D6CAC
Properties.filedate=1333189994
Properties.filedatetext=2012-03-31 11:33:13
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\g-ecx.images-amazon.com\AlbumSampler.sol
Properties.size=52
Properties.md5=2BDD87C44F54C3BB84B60B16E0903D32
Properties.filedate=1322403241
Properties.filedatetext=2011-11-27 15:14:01
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images-na.ssl-images-amazon.com\mercury.sol
Properties.size=69
Properties.md5=9B780A330908FA6943A1129D6116BFFB
Properties.filedate=1322403113
Properties.filedatetext=2011-11-27 15:11:53
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images.buttinette.com\s7_storage_tracker.sol
Properties.size=179
Properties.md5=346A27005A2E8BCB79138C4B2B7F61E2
Properties.filedate=1329321220
Properties.filedatetext=2012-02-15 16:53:39
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\l.yimg.com\com.conviva.livePass.sol
Properties.size=234
Properties.md5=845AAE6F0BA82F1503332ABB2B9A6913
Properties.filedate=1355670266
Properties.filedatetext=2012-12-16 16:04:26
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\login.yahoo.com\loginCache.sol
Properties.size=178
Properties.md5=6DFD92250D055F9D49E16B4005DBC248
Properties.filedate=1325427989
Properties.filedatetext=2012-01-01 15:26:29
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mail.google.com\wakeup.sol
Properties.size=37
Properties.md5=9A8B669D78B18C8C422C68AADF21639B
Properties.filedate=1324043536
Properties.filedatetext=2011-12-16 14:52:16
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mpsnare.iesnare.com\stm.sol
Properties.size=79
Properties.md5=D7A2A38F1E4B2FB9ED02646030FC843E
Properties.filedate=1326128513
Properties.filedatetext=2012-01-09 18:01:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\pub.widgetbox.com\wbx_cookie.sol
Properties.size=42
Properties.md5=FA4F785C85DE06B7A58A9DAFE4FBC134
Properties.filedate=1328025426
Properties.filedatetext=2012-01-31 16:57:06
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\s7_storage_init.sol
Properties.size=332
Properties.md5=F61AF0EDEF0E85978C0B84F02AB85598
Properties.filedate=1353349627
Properties.filedatetext=2012-11-19 19:27:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\s7_storage_tracker.sol
Properties.size=151
Properties.md5=10D75CFDBDA6E90ED915D8BD4A51F98A
Properties.filedate=1353349628
Properties.filedatetext=2012-11-19 19:27:07
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s-static.ak.fbcdn.net\www.simfy.de.sol
Properties.size=79
Properties.md5=C5AB0C230DBF5A49739B066478D80BFE
Properties.filedate=1326566191
Properties.filedatetext=2012-01-14 19:36:30
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\soundData.sol
Properties.size=80
Properties.md5=7B8E0F4131264E68ACE3ABA160FBD6E0
Properties.filedate=1354897784
Properties.filedatetext=2012-12-07 17:29:43
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\videostats.sol
Properties.size=275
Properties.md5=6CB7BB3C44FB9C2ABEA8C6F7EBD5B679
Properties.filedate=1355324530
Properties.filedatetext=2012-12-12 16:02:10
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ebayLSO.sol
Properties.size=131
Properties.md5=E01720047B1AFAC1985F1E67CD92575E
Properties.filedate=1355667152
Properties.filedatetext=2012-12-16 15:12:32
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ebayT.sol
Properties.size=39
Properties.md5=B43F43445AA3414DDC22EC80FBB22871
Properties.filedate=1355667152
Properties.filedatetext=2012-12-16 15:12:32
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\ssl.hurra.com\restore.hurra.com.sol
Properties.size=178
Properties.md5=B57176E8B906FF329A0F7B674A9E65C9
Properties.filedate=1346449326
Properties.filedatetext=2012-08-31 22:42:05
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static-dhd24.dhd.de\com.jeroenwijering.sol
Properties.size=64
Properties.md5=BFCF048AB77E7E8D4D04079AE416ADC7
Properties.filedate=1351263369
Properties.filedatetext=2012-10-26 15:56:09
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static.sevenload.net\analytics.sol
Properties.size=419
Properties.md5=DD5A2F84FD00E7AFA5B718F47C8F54D5
Properties.filedate=1332870697
Properties.filedatetext=2012-03-27 18:51:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\video.holidaycheck.de\com.jeroenwijering.sol
Properties.size=53
Properties.md5=7426C3B83D09F67D83E61F7FAC026BC3
Properties.filedate=1341762768
Properties.filedatetext=2012-07-08 16:52:47
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\web.de\PF_LSOConnector.sol
Properties.size=56
Properties.md5=E6504E0F08496F2133B7BBF56797CB32
Properties.filedate=1334826457
Properties.filedatetext=2012-04-19 10:07:37
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\REGISTRY.sol
Properties.size=42
Properties.md5=F10611AA2C3676CBFB75469623E46626
Properties.filedate=1346448064
Properties.filedatetext=2012-08-31 22:21:04
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\sol.sol
Properties.size=374
Properties.md5=F7BDE360C35478102599870968B1D207
Properties.filedate=1346448064
Properties.filedatetext=2012-08-31 22:21:04
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.cashback4you.de\pap20.sol
Properties.size=98
Properties.md5=F895615A504E7B8593870E0EEE1A6902
Properties.filedate=1354179199
Properties.filedatetext=2012-11-29 09:53:18
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoContent.sol
Properties.size=143
Properties.md5=D8BF3C3BB749DB244E55273E59FB4622
Properties.filedate=1333190501
Properties.filedatetext=2012-03-31 11:41:41
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoSearch.sol
Properties.size=674
Properties.md5=6690281A76C574BB13442C9F8AD16F72
Properties.filedate=1333190310
Properties.filedatetext=2012-03-31 11:38:29
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\lsoTrack.sol
Properties.size=138
Properties.md5=E48AF8E4BD172B272B1C476E1D4D0DCF
Properties.filedate=1334171782
Properties.filedatetext=2012-04-11 20:16:22
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.lindt.com\analytics.sol
Properties.size=419
Properties.md5=1367C2A23338A8063308DF9BBCCBCADD
Properties.filedate=1329926726
Properties.filedatetext=2012-02-22 17:05:26
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.player.previewnetworks.com\analytics.sol
Properties.size=419
Properties.md5=949C3E86EE58399D458A57924FF04A5B
Properties.filedate=1350641429
Properties.filedatetext=2012-10-19 11:10:29
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.tripadvisor.de\TA.sol
Properties.size=62
Properties.md5=79376BCB45AFBB298862D9999CBF24CD
Properties.filedate=1325865110
Properties.filedatetext=2012-01-06 16:51:49
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.vistaprint.de\dataStorage.sol
Properties.size=101
Properties.md5=7060A5135565BFA4B1D636E0156BA65B
Properties.filedate=1331980295
Properties.filedatetext=2012-03-17 11:31:34
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\farm.sol
Properties.size=60
Properties.md5=C49910D8C02E5EA8C9DB0C0389F03472
Properties.filedate=1325429452
Properties.filedatetext=2012-01-01 15:50:52
Macromedia.FlashPlayer.Cookies: [SBI $6AA61750] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\hidden_chronicles.sol
Properties.size=73
Properties.md5=9FA5A37CF1288961478C3CD39103B7AC
Properties.filedate=1325429452
Properties.filedatetext=2012-01-01 15:50:52
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#ui\preferences.sol
Properties.size=234
Properties.md5=389778655E8D3621C297BCF721A74ADA
Properties.filedate=1353690504
Properties.filedatetext=2012-11-23 18:08:24
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\segment.sol
Properties.size=49
Properties.md5=AA33A3E3B5A7F4BE69ADC2DD11072002
Properties.filedate=1326128853
Properties.filedatetext=2012-01-09 18:07:32
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\session.sol
Properties.size=85
Properties.md5=79CE168BB32E95B948CCE112358C99DD
Properties.filedate=1326128852
Properties.filedatetext=2012-01-09 18:07:32
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skypeassets.com\#ui\source.sol
Properties.size=62
Properties.md5=404B4CF103F7FA161BB4EF6E25B8940C
Properties.filedate=1326128449
Properties.filedatetext=2012-01-09 18:00:48
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.mercedes-amg.com\main.swf\mercedes-amg.sol
Properties.size=49
Properties.md5=595932207662CE252EB321791682CA0B
Properties.filedate=1325512021
Properties.filedatetext=2012-01-02 14:47:00
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rtlregional.de\videoplayer.swf\rtl.sol
Properties.size=35
Properties.md5=F240BC8ED3BD00819E900DB730F278F4
Properties.filedate=1326817961
Properties.filedatetext=2012-01-17 17:32:40
Macromedia.FlashPlayer.Cookies: [SBI $1EF45977] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.shirtalarm.de\procon.swf\procon.sol
Properties.size=43
Properties.md5=6D1767973771F6DB22960C55BB0B6B40
Properties.filedate=1349006623
Properties.filedatetext=2012-09-30 13:03:42
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\afstorage.sol
Properties.size=52
Properties.md5=FA7AF9F917C2728475F8DA694A793A57
Properties.filedate=1339746780
Properties.filedatetext=2012-06-15 08:52:59
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\flickr.com\slideShow\slideShow.swf\slideShowMS.sol
Properties.size=47
Properties.md5=B5EB1A9D23DCE0DCB62DE457339E1606
Properties.filedate=1323009946
Properties.filedatetext=2011-12-04 15:45:46
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\heias.com\x\heias_sc.swf\heias.sol
Properties.size=63
Properties.md5=071E7C0453DDF97DA6FC56CED0620431
Properties.filedate=1346312939
Properties.filedatetext=2012-08-30 08:48:58
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\microsites.pearl.de\bk\elkat.swf\elkat104526.sol
Properties.size=46
Properties.md5=66ECA971A35F9BC45917653DB0269F1C
Properties.filedate=1333566815
Properties.filedatetext=2012-04-04 20:13:34
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\ConnectionInfo.sol
Properties.size=140
Properties.md5=57849C772F6FDFB9B723B0D6F3C904A7
Properties.filedate=1346264182
Properties.filedatetext=2012-08-29 19:16:22
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\rtl.sol
Properties.size=35
Properties.md5=5B212BF5D6C0C96D5C55BEBFC6E624FA
Properties.filedate=1346264154
Properties.filedatetext=2012-08-29 19:15:53
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\userinfo6.sol
Properties.size=51
Properties.md5=AC758E7DBD3EC839B33214227554B3CB
Properties.filedate=1346264352
Properties.filedatetext=2012-08-29 19:19:11
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rahmenversand.com\movies\flowplayer-3.2.7.swf\org.flowplayer.sol
Properties.size=67
Properties.md5=4461D292C4BCB0D2A78A05C4C6CDFDA5
Properties.filedate=1353849532
Properties.filedatetext=2012-11-25 14:18:51
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www2l.incredimail.com\fc\fc.swf\im.sol
Properties.size=149
Properties.md5=4DCE0F629C1F33B274219324CFF5A90B
Properties.filedate=1339430521
Properties.filedatetext=2012-06-11 17:02:01
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=167615
Properties.md5=3BA750E28F36913CF05EF694D8AA8535
Properties.filedate=1355729645
Properties.filedatetext=2012-12-17 08:34:05
Log: [SBI $8E73A7FB] Install: DtcInstall.log (File, nothing done)
C:\Windows\DtcInstall.log
Properties.size=1774
Properties.md5=0722A1C4A71696D35C0B2BFCC0BC0A46
Properties.filedate=1322078144
Properties.filedatetext=2011-11-23 20:55:44
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Media Player: [SBI $5C51E349] Client ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\MediaPlayer\Player\Settings\Client ID
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Paint: [SBI $07867C39] Recent file list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
Windows.OpenWith: [SBI $F7204896] Open with list - .AVI extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
Windows.OpenWith: [SBI $A1C94E79] Open with list - .BMP extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
Windows.OpenWith: [SBI $F34FE1D0] Open with list - .CUE extension (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList
Windows Explorer: [SBI $7308A845] Run history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
Windows Explorer: [SBI $AA0766B5] Stream history (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
Windows Media SDK: [SBI $37AAEDE6] Computer name (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\ComputerName
Windows Media SDK: [SBI $CAA58B6E] Unique ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\UniqueID
Windows Media SDK: [SBI $BACCD0DA] Volume serial number (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\VolumeSerialNumber
Cookie: [SBI $49804B54] Browser: Cookie (2) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (1) (Browser: Cache, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-11-14 Includes\Adware.sbi (*)
2012-11-14 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-11-14 Includes\KeyloggersC.sbi (*)
2012-11-14 Includes\Malware.sbi (*)
2012-11-14 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-11-14 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2005-02-17 Includes\Tracks.uti (*)
2012-11-14 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-11-14 Includes\TrojansC-03.sbi (*)
2012-11-14 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-11-14 Includes\TrojansC.sbi (*)
Code:
ATTFilter Search results from Spybot - Search & Destroy
22.12.2012 14:54:06
Scan took 00:22:32.
23 items found.
Microsoft.WindowsSecurityCenter_disabled: [SBI $2E20C9A9] Settings (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\Start
Macromedia.FlashPlayer.Cookies: [SBI $5555F3D7] Text file (File, nothing done)
C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\afstorage.sol
Properties.size=52
Properties.md5=6B24E811E02383454CEDF151946E1EC8
Properties.filedate=1355836535
Properties.filedatetext=2012-12-18 14:15:35
FastClick: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
MediaPlex: [SBI $8E73A7FB] Tracking cookie (Internet Explorer (Benutzer): Marie) (Browser: Cookie, nothing done)
Log: [SBI $8E73A7FB] Install: setupact.log (File, nothing done)
C:\Windows\setupact.log
Properties.size=1120
Properties.md5=1624FAC8DD8EC5DB0A7F49DE35B09C12
Properties.filedate=1356183300
Properties.filedatetext=2012-12-22 14:34:59
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
Internet Explorer: [SBI $0BC7B918] User agent (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\User Agent
MS Management Console: [SBI $ECD50EAD] Recent command list (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List
MS Direct3D: [SBI $7FB7B83F] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS Direct3D: [SBI $C2A44980] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\Name
MS DirectDraw: [SBI $EB49D5AF] Most recent application (Registry Change, nothing done)
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\Name
MS DirectInput: [SBI $9A063C91] Most recent application (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Name
MS DirectInput: [SBI $7B184199] Most recent application ID (Registry Change, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\Id
MS Office 12.0: [SBI $31A61065] Internet history (Registry Value, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Common\Internet\UseRWHlinkNavigation
MS Office 12.0 (Excel): [SBI $546355D5] Recent Cartel List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Excel\File MRU
MS Office 12.0 (PowerPoint): [SBI $242E8728] Recent Slideshow List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU
MS Office 12.0 (Word): [SBI $E357B233] Recent Document List (Registry Key, nothing done)
HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Word\File MRU
Cookie: [SBI $49804B54] Browser: Cookie (21) (Browser: Cookie, nothing done)
Cache: [SBI $49804B54] Browser: Cache (79) (Browser: Cache, nothing done)
Verlauf: [SBI $49804B54] Browser: History (35) (Browser: History, nothing done)
--- Spybot - Search & Destroy version: 2.0.12.131 DLL (build: 20121113) ---
2012-11-13 blindman.exe (2.0.12.151)
2012-11-13 explorer.exe (2.0.12.173)
2012-11-13 SDBootCD.exe (2.0.12.109)
2012-11-13 SDCleaner.exe (2.0.12.110)
2012-11-13 SDDelFile.exe (2.0.12.94)
2012-11-13 SDFiles.exe (2.0.12.135)
2012-11-13 SDFileScanHelper.exe (2.0.12.1)
2012-11-13 SDFSSvc.exe (2.0.12.205)
2012-11-13 SDImmunize.exe (2.0.12.130)
2012-11-13 SDLogReport.exe (2.0.12.107)
2012-11-13 SDPESetup.exe (2.0.12.3)
2012-11-13 SDPEStart.exe (2.0.12.86)
2012-11-13 SDPhoneScan.exe (2.0.12.27)
2012-11-13 SDPRE.exe (2.0.12.13)
2012-11-13 SDPrepPos.exe (2.0.12.10)
2012-11-13 SDQuarantine.exe (2.0.12.103)
2012-11-13 SDRootAlyzer.exe (2.0.12.116)
2012-11-13 SDSBIEdit.exe (2.0.12.39)
2012-11-13 SDScan.exe (2.0.12.173)
2012-11-13 SDScript.exe (2.0.12.53)
2012-11-13 SDSettings.exe (2.0.12.130)
2012-11-13 SDShred.exe (2.0.12.105)
2012-11-13 SDSysRepair.exe (2.0.12.101)
2012-11-13 SDTools.exe (2.0.12.150)
2012-11-13 SDTray.exe (2.0.12.127)
2012-11-13 SDUpdate.exe (2.0.12.89)
2012-11-13 SDUpdSvc.exe (2.0.12.76)
2012-11-13 SDWelcome.exe (2.0.12.126)
2012-11-13 SDWSCSvc.exe (2.0.12.2)
2012-12-17 unins000.exe (51.1052.0.0)
1999-12-02 xcacls.exe
2012-08-23 borlndmm.dll (10.0.2288.42451)
2012-09-05 DelZip190.dll (1.9.0.107)
2012-09-10 libeay32.dll (1.0.0.4)
2012-09-10 libssl32.dll (1.0.0.4)
2012-11-13 SDAdvancedCheckLibrary.dll (2.0.12.98)
2012-11-13 SDECon32.dll (2.0.12.113)
2012-11-13 SDEvents.dll (2.0.12.2)
2012-11-13 SDFileScanLibrary.dll (2.0.12.9)
2012-11-13 SDHelper.dll (2.0.12.88)
2012-11-13 SDImmunizeLibrary.dll (2.0.12.2)
2012-11-13 SDLists.dll (2.0.12.4)
2012-11-13 SDResources.dll (2.0.12.7)
2012-11-13 SDScanLibrary.dll (2.0.12.131)
2012-11-13 SDTasks.dll (2.0.12.15)
2012-11-13 SDWinLogon.dll (2.0.12.0)
2012-08-23 sqlite3.dll
2012-09-10 ssleay32.dll (1.0.0.4)
2012-11-13 Tools.dll (2.0.12.36)
2012-11-13 UninsSrv.dll (2.0.12.52)
2012-12-18 Includes\Adware.sbi (*)
2012-12-18 Includes\AdwareC.sbi (*)
2010-08-13 Includes\Cookies.sbi (*)
2012-11-14 Includes\Dialer.sbi (*)
2012-11-14 Includes\DialerC.sbi (*)
2012-11-14 Includes\HeavyDuty.sbi (*)
2012-11-14 Includes\Hijackers.sbi (*)
2012-11-14 Includes\HijackersC.sbi (*)
2012-11-14 Includes\iPhone.sbi (*)
2012-11-14 Includes\Keyloggers.sbi (*)
2012-12-18 Includes\KeyloggersC.sbi (*)
2012-11-21 Includes\Malware.sbi (*)
2012-12-18 Includes\MalwareC.sbi (*)
2012-11-14 Includes\PUPS.sbi (*)
2012-12-19 Includes\PUPSC.sbi (*)
2012-11-14 Includes\Security.sbi (*)
2012-11-14 Includes\SecurityC.sbi (*)
2008-06-03 Includes\Spybots.sbi (*)
2008-06-03 Includes\SpybotsC.sbi (*)
2012-11-14 Includes\Spyware.sbi (*)
2012-11-14 Includes\SpywareC.sbi (*)
2011-06-07 Includes\Tracks.sbi (*)
2012-11-19 Includes\Tracks.uti (*)
2012-12-11 Includes\Trojans.sbi (*)
2012-11-14 Includes\TrojansC-02.sbi (*)
2012-12-18 Includes\TrojansC-03.sbi (*)
2012-11-29 Includes\TrojansC-04.sbi (*)
2012-11-14 Includes\TrojansC-05.sbi (*)
2012-12-03 Includes\TrojansC.sbi (*)
Code:
ATTFilter SDFSSvc.exe [2012-12-17 08:23:29] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 15:18:48] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 15:44:55] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 19:03:57] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-17 21:18:41] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-19 16:39:06] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-20 14:48:57] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 14:02:20] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 16:35:26] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 18:01:05] 0.0.0.0 Successfully started listening on port 21322.
SDFSSvc.exe [2012-12-22 21:04:23] 0.0.0.0 Successfully started listening on port 21322.
Code:
ATTFilter [ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.016 seconds.
[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.000 seconds.
[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.015 seconds.
[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Mozilla Firefox & compatibles ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Final AppData found: C:\Users\Marie\AppData\Roaming\
. Final AppData found: C:\Users\Marie\AppData\Roaming\
i Browser detection took 00.000 seconds.
[ Mozilla Firefox Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.000 seconds.
[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.016 seconds.
[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.
[ Opera ]
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1001 is not on a different drive
. A: Found Shell Folder AppData registry information: C:\Users\Marie\AppData\Roaming\
. A: Found Shell Folder Local AppData registry information: C:\Users\Marie\AppData\Local\
. G: No path updating needed.
. G: No path updating needed.
. a: User S-1-5-21-33246612-3796881123-789927732-1004 is not on a different drive
. A: Found Shell Folder AppData registry information: \
. A: Found Shell Folder Local AppData registry information: \
. C: Found AppData environment information: \
. F: Guessed (PE incompatible): C:\Users\Marie\AppData\Roaming\
. G: No path updating needed.
. G: No path updating needed.
. G: No path updating needed.
. Probing possible profile in C:\Program Files\Opera\Opera\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera7\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera75\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera80\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera90\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera95\profile\...
. Probing possible profile in C:\Program Files\Opera\Opera96\profile\...
i Browser detection took 00.000 seconds.
[ Opera Portable & compatibles ]
i Browser detection took 00.000 seconds.
Code:
ATTFilter // info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
File:"No admin in ACL","C:\Windows\System32\3DAudiou.dll"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\OPA12.BAK"
File:"No admin in ACL","C:\Users\All Users\Microsoft\OFFICE\DATA\opa12.dat"
File:"No admin in ACL","C:\ProgramData\Microsoft\OFFICE\DATA"
RegyValue:"No admin in ACL","HKEY_LOCAL_MACHINE","\SOFTWARE\Microsoft\Windows\CurrentVersion\Authentication\LogonUI\","LogonSoundPlayed"
Code:
ATTFilter // info: Rootkit removal help file
// copyright: (c) 2008-2012 Safer-Networking Ltd. All rights reserved.
:: RootAlyzer Results
Code:
ATTFilter RootAlyzer Quick Scan Results
Dateien im Windows-Verzeichnis
----------------------------------------
92 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================
Dateien im Systemverzeichnis
----------------------------------------
2950 Dateien wurden überprüft.
Keine versteckten Dateien gefunden.
========================================
Systemweite Starteinträge
----------------------------------------
Keine versteckten Einträge gefunden.
========================================
Winlogon-Einträge
----------------------------------------
Keine versteckten Einträge gefunden.
========================================
Versteckte Prozesse (mittels Handles)
----------------------------------------
0 Handle-Prozess-IDs für 67 Prozesse.
Keine versteckten Prozesse entdeckt.
========================================
Versteckte Prozesse (mittels Threads)
----------------------------------------
67 Prozesse überprüft.
Keine versteckten Prozesse entdeckt.
========================================
Master Boot Records
----------------------------------------
2 MBRs überprüft.
Unbekannte MBRs: PhysicalDrive1
PhysicalDrive1
========================================
Code:
ATTFilter SDFSSvc.exe [2012-12-17 08:23:29] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 08:24:09] Loaded databases.
SDFSSvc.exe [2012-12-17 15:18:48] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 15:19:22] Loaded databases.
SDFSSvc.exe [2012-12-17 15:44:55] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 15:45:29] Loaded databases.
SDFSSvc.exe [2012-12-17 19:03:57] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 19:04:32] Loaded databases.
SDFSSvc.exe [2012-12-17 21:18:41] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-17 21:19:12] Loaded databases.
SDFSSvc.exe [2012-12-19 16:39:06] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-19 16:39:38] Loaded databases.
SDFSSvc.exe [2012-12-20 14:48:57] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-20 14:49:30] Loaded databases.
SDFSSvc.exe [2012-12-22 14:02:20] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 14:02:52] Loaded databases.
SDFSSvc.exe [2012-12-22 16:35:26] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 16:36:11] Loaded databases.
SDFSSvc.exe [2012-12-22 18:01:05] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 18:01:39] Loaded databases.
SDFSSvc.exe [2012-12-22 21:04:23] 0.0.0.0 Successfully started listening on port 21323.
SDFileScanLibrary.dll [2012-12-22 21:04:56] Loaded databases.
Code:
ATTFilter [i] 2012-12-17 08:54:20 :
[i] 2012-12-17 08:54:20 Processing: 121217-082408.xml
[i] 2012-12-17 08:54:20 :
[i] 2012-12-17 08:54:20 Product: IncrediBar
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ DisplayName
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}\ URL
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Internet Explorer\SearchScopes\ DefaultScope
[i] 2012-12-17 08:54:20 :
[i] 2012-12-17 08:54:20 Product: Microsoft.WindowsSecurityCenter_disabled
[i] 2012-12-17 08:54:20 Already cleaned: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ Start
[i] 2012-12-17 08:54:20 :
[i] 2012-12-17 08:54:20 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.vimeocdn.com\ com.conviva.livePass.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cache.spreadshirt.net\ sprd_c7_629654.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\cdn.widgetserver.com\ wbx_cookie.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\ YEPBWPrefs.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\d.yimg.com\ YEPVitalitySharedObject.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\demandware.edgesuite.net\ com.jeroenwijering.players.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\g-ecx.images-amazon.com\ AlbumSampler.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images-na.ssl-images-amazon.com\ mercury.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\images.buttinette.com\ s7_storage_tracker.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\l.yimg.com\ com.conviva.livePass.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\login.yahoo.com\ loginCache.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mail.google.com\ wakeup.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\mpsnare.iesnare.com\ stm.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\pub.widgetbox.com\ wbx_cookie.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\ s7_storage_init.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\redblue.scene7.com\ s7_storage_tracker.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s-static.ak.fbcdn.net\ www.simfy.de.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\ soundData.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\s.ytimg.com\ videostats.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ ebayLSO.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\secureinclude.ebaystatic.com\ ebayT.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\ssl.hurra.com\ restore.hurra.com.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static-dhd24.dhd.de\ com.jeroenwijering.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\static.sevenload.net\ analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\video.holidaycheck.de\ com.jeroenwijering.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\web.de\ PF_LSOConnector.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\ REGISTRY.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.baur.de\ sol.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.cashback4you.de\ pap20.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\ lsoContent.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\ lsoSearch.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.jochen-schweizer.de\ lsoTrack.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.lindt.com\ analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.player.previewnetworks.com\ analytics.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.tripadvisor.de\ TA.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.vistaprint.de\ dataStorage.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\ farm.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\zcache.zgncdn.com\ hidden_chronicles.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#ui\ preferences.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\ segment.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skype.com\#user\ session.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\skypeassets.com\#ui\ source.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.mercedes-amg.com\main.swf\ mercedes-amg.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rtlregional.de\videoplayer.swf\ rtl.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.shirtalarm.de\procon.swf\ procon.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\ afstorage.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\flickr.com\slideShow\slideShow.swf\ slideShowMS.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\heias.com\x\heias_sc.swf\ heias.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\microsites.pearl.de\bk\elkat.swf\ elkat104526.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\ ConnectionInfo.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\ rtl.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\rtl-now.rtl.de\includes\vodplayer.liveab.swf\ userinfo6.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www.rahmenversand.com\movies\flowplayer-3.2.7.swf\ org.flowplayer.sol
[i] 2012-12-17 08:54:20 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\www2l.incredimail.com\fc\fc.swf\ im.sol
[i] 2012-12-17 08:54:20 :
[i] 2012-12-17 08:54:20 Product: Log
[+] 2012-12-17 08:54:20 Moving into quarantine: C:\Windows\ setupact.log
[+] 2012-12-17 08:54:20 Moving into quarantine: C:\Windows\ DtcInstall.log
[+] 2012-12-17 08:54:21 Successfully cleaned: C:\Windows\ setupact.log
[+] 2012-12-17 08:54:21 Successfully cleaned: C:\Windows\ DtcInstall.log
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Internet Explorer
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS Management Console
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS Media Player
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\MediaPlayer\Player\Settings\ Client ID
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS Direct3D
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS DirectDraw
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS DirectInput
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\ Name
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\ Id
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: MS Paint
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Applets\Paint\Recent File List
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Windows.OpenWith
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AVI\OpenWithList
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.BMP\OpenWithList
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.CUE\OpenWithList
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Windows Explorer
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\RunMRU
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StreamMRU
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Windows Media SDK
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\ ComputerName
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\ UniqueID
[i] 2012-12-17 08:54:21 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Windows Media\WMSDK\General\ VolumeSerialNumber
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Cookie
[i] 2012-12-17 08:54:21 Already cleaned: Internet Explorer (Benutzer) (Marie) Cookies
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Product: Cache
[i] 2012-12-17 08:54:21 Already cleaned: Internet Explorer (Benutzer) (Marie) Cache
[i] 2012-12-17 08:54:21 :
[i] 2012-12-17 08:54:21 Summary:
[i] 2012-12-17 08:54:21 Errors while cleaning: 0
[i] 2012-12-17 08:54:21 Files moved into quarantine: 2
[i] 2012-12-17 08:54:21 Files successfully cleaned: 83
[+] 2012-12-17 08:54:21 : Gratulation, alles (aus Datei 121217-082408.xml) wurde gelˆscht.
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Processing: 121222-143133.xml
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Microsoft.WindowsSecurityCenter_disabled
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\wscsvc\ Start
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Macromedia.FlashPlayer.Cookies
[i] 2012-12-22 14:58:29 Already cleaned: C:\Users\Marie\AppData\Roaming\Macromedia\Flash Player\#SharedObjects\MR9C7KN5\a.affil.io\s\af.swf\ afstorage.sol
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: FastClick
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie) Cookie:marie@fastclick.net/ ()
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MediaPlex
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie) Cookie:marie@mediaplex.com/ ()
[i] 2012-12-22 14:58:29 Already cleaned: Cookie (Internet Explorer (Benutzer): Marie) Cookie:marie@apmebf.com/ ()
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Log
[+] 2012-12-22 14:58:29 Moving into quarantine: C:\Windows\ setupact.log
[+] 2012-12-22 14:58:29 Successfully cleaned: C:\Windows\ setupact.log
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Internet Explorer
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ User Agent
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Management Console
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Microsoft Management Console\Recent File List
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Direct3D
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\.DEFAULT\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-18\Software\Microsoft\Direct3D\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS DirectDraw
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DirectDraw\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS DirectInput
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\ Name
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\DirectInput\MostRecentApplication\ Id
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Office 12.0
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Common\Internet\ UseRWHlinkNavigation
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (Excel)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Excel\File MRU
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (PowerPoint)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\PowerPoint\File MRU
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: MS Office 12.0 (Word)
[i] 2012-12-22 14:58:29 Already cleaned: HKEY_USERS\S-1-5-21-33246612-3796881123-789927732-1001\Software\Microsoft\Office\12.0\Word\File MRU
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Cookie
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie) Cookies
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Cache
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie) Cache
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Product: Verlauf
[i] 2012-12-22 14:58:29 Already cleaned: Internet Explorer (Benutzer) (Marie) History
[i] 2012-12-22 14:58:29 :
[i] 2012-12-22 14:58:29 Summary:
[i] 2012-12-22 14:58:29 Errors while cleaning: 0
[i] 2012-12-22 14:58:29 Files moved into quarantine: 1
[i] 2012-12-22 14:58:29 Files successfully cleaned: 23
[+] 2012-12-22 14:58:29 : Gratulation, alles (aus Datei 121222-143133.xml) wurde gelˆscht.
Code:
ATTFilter SDUpdSvc.exe [2012-12-17 08:23:32] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 08:23:32] 0.0.0.0 Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 08:23:36] [+] Updating Service is active.
SDUpdate.exe [2012-12-17 08:23:36] [.] Trying to retrieve update info file from hxxp://updates1.safer-networking.org/spybotsd2.uid...
SDUpdate.exe [2012-12-17 08:23:36] [+] Retrieved update info file.
SDUpdate.exe [2012-12-17 08:23:38] [.] Info file part done.
SDUpdate.exe [2012-12-17 08:24:04] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:04] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:05] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:05] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 08:24:06] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-17 15:18:50] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 15:18:50] 0.0.0.0 Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-17 15:44:57] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 15:44:57] 0.0.0.0 Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-17 19:03:59] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 19:03:59] 0.0.0.0 Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 19:33:55] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:55] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:56] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:56] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 19:33:57] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-17 21:18:56] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-17 21:18:56] 0.0.0.0 Successfully started listening on port 21321.
SDUpdate.exe [2012-12-17 21:48:39] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:39] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:42] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:42] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:43] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-17 21:48:44] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-19 16:39:09] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-19 16:39:09] 0.0.0.0 Successfully started listening on port 21321.
SDUpdate.exe [2012-12-19 17:08:45] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:45] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:46] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:46] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:47] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-19 17:08:48] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-20 14:48:58] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-20 14:48:58] 0.0.0.0 Successfully started listening on port 21321.
SDUpdate.exe [2012-12-20 15:18:58] Includes\Adware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:58] Includes\AdwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\Malware.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\MalwareC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:18:59] Includes\PUPSC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\Tracks.uti (version 20050217) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\Trojans.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC-03.sbi (version 20121114) needs to be updated.
SDUpdate.exe [2012-12-20 15:19:00] Includes\TrojansC-04.sbi (version 20121114) needs to be updated.
SDUpdSvc.exe [2012-12-22 14:02:21] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 14:02:21] 0.0.0.0 Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 14:27:21] Trying to retrieving news...
SDUpdSvc.exe [2012-12-22 14:27:25] 10 news articles found.
SDUpdSvc.exe [2012-12-22 14:27:25] Started looking for updates...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Updating Service is active.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Trying to retrieve update info file from hxxp://updates3.safer-networking.org/spybotsd2.uid...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Retrieved update info file.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Info file part done.
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Testing which updates apply to this version...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC-04.sbi (version 20121114) needs to be updated (to version 20121129).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC-03.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] TrojansC.sbi (version 20121114) needs to be updated (to version 20121203).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Trojans.sbi (version 20121114) needs to be updated (to version 20121211).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Tracks.uti (version 20050217) needs to be updated (to version 20121119).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] PUPSC.sbi (version 20121114) needs to be updated (to version 20121219).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] MalwareC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Malware.sbi (version 20121114) needs to be updated (to version 20121121).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] KeyloggersC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] GoodBankScripts.sbs (version 20061102) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] AdwareC.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Adware.sbi (version 20121114) needs to be updated (to version 20121218).
SDUpdSvc.exe [2012-12-22 14:27:25] [.] Downloading updates...
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "Adware.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "Adware.sbi-20121218.cab" from hxxp://www.antispyware-downloadserver.com/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "Adware.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "Adware.sbi".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "AdwareC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "AdwareC.sbi-20121218.cab" from hxxp://87.106.139.74/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "AdwareC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "AdwareC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "GoodBankScripts.sbs" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Downloaded archive "GoodBankScripts.sbs-20121218.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Extracted "GoodBankScripts.sbs-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:25] [+] Installed "GoodBankScripts.sbs".
SDUpdSvc.exe [2012-12-22 14:27:25] [+] File "KeyloggersC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Downloaded archive "KeyloggersC.sbi-20121218.cab" from hxxp://87.106.139.74/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Extracted "KeyloggersC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:26] [+] Installed "KeyloggersC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:26] [+] File "Malware.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Downloaded archive "Malware.sbi-20121121.cab" from hxxp://updates4.safer-networking.org/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Extracted "Malware.sbi-20121121.cab"!
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Installed "Malware.sbi".
SDUpdSvc.exe [2012-12-22 14:27:27] [+] File "MalwareC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Downloaded archive "MalwareC.sbi-20121218.cab" from hxxp://www.spybotupdates.biz/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Extracted "MalwareC.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:27] [+] Installed "MalwareC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:27] [+] File "PUPSC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Downloaded archive "PUPSC.sbi-20121219.cab" from hxxp://nervion.us.es/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Extracted "PUPSC.sbi-20121219.cab"!
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Installed "PUPSC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:28] [+] File "Tracks.uti" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Downloaded archive "Tracks.uti-20121119.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Extracted "Tracks.uti-20121119.cab"!
SDUpdSvc.exe [2012-12-22 14:27:28] [+] Installed "Tracks.uti".
SDUpdSvc.exe [2012-12-22 14:27:28] [+] File "Trojans.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Downloaded archive "Trojans.sbi-20121211.cab" from hxxp://spybot.gehirnbrand.de/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Extracted "Trojans.sbi-20121211.cab"!
SDUpdSvc.exe [2012-12-22 14:27:32] [+] Installed "Trojans.sbi".
SDUpdSvc.exe [2012-12-22 14:27:32] [+] File "TrojansC.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Downloaded archive "TrojansC.sbi-20121203.cab" from hxxp://ns364576.ovh.net/spybot2/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Extracted "TrojansC.sbi-20121203.cab"!
SDUpdSvc.exe [2012-12-22 14:27:33] [+] Installed "TrojansC.sbi".
SDUpdSvc.exe [2012-12-22 14:27:33] [+] File "TrojansC-03.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Downloaded archive "TrojansC-03.sbi-20121218.cab" from hxxp://spybot.securitywonks.org/updates/spybot2files/.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Extracted "TrojansC-03.sbi-20121218.cab"!
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Installed "TrojansC-03.sbi".
SDUpdSvc.exe [2012-12-22 14:27:34] [+] File "TrojansC-04.sbi" needs to be downloaded.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Downloaded archive "TrojansC-04.sbi-20121129.cab" from hxxp://ns364576.ovh.net/spybot2/updates/spybot2/.
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Extracted "TrojansC-04.sbi-20121129.cab"!
SDUpdSvc.exe [2012-12-22 14:27:34] [+] Installed "TrojansC-04.sbi".
SDUpdSvc.exe [2012-12-22 14:27:34] [+] All files have been processed.
SDUpdSvc.exe [2012-12-22 14:27:34] +++
SDUpdSvc.exe [2012-12-22 14:27:34] Processed 12 updates
SDUpdSvc.exe [2012-12-22 16:35:29] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 16:35:29] 0.0.0.0 Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 18:01:06] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 18:01:06] 0.0.0.0 Successfully started listening on port 21321.
SDUpdSvc.exe [2012-12-22 21:04:26] [+] Background Updating Service got started...
SDUpdSvc.exe [2012-12-22 21:04:26] 0.0.0.0 Successfully started listening on port 21321.
|
|
22.12.2012, 21:38
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Spybot kannst du ruhigen Gewissens deinstallieren, denn es ist weitgehend wirkungslos. Hast du keine weiteren Logs? Wie siehts aus mit AntiVir oder Malwarebytes (falls installiert) - gab es da nie Funde?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
22.12.2012, 21:59
| #5 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Nein, keine weiteren Logs. Malwarebytes habe ich nicht installiert. Avira AntiVir hat nichts gefunden, daher auch keine Logs. :-/ |
|
22.12.2012, 22:11
| #6 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Ok, dann mal weiter Zitat:
Ist das rein zufällig ein Büro-/Firmen-PC? Oder ein Uni-Rechner?
__________________ --> Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen |
|
22.12.2012, 22:22
| #7 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Weder noch. Es ist ein privater Laptop. Das Windows habe ich aufgespielt. Die Lizenz kommt aus meinem MSDNAA Account. Da ich Mac-User bin und die Lizenz daher eh frei war, habe ich die genommen. |
|
22.12.2012, 22:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Ok, danke für die Erläuerung Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. 1. aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehlalarm!
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button. 2. TDSS-Killer Download TDSS-Killer auf Desktop siehe => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehalalrm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
22.12.2012, 23:33
| #9 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Hallo, habe alles nach deiner Anleitung ausgeführt. Hat alles ohne Probleme funktioniert! Hier die Logs: aswMBR.txt Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2012-12-22 23:07:20
-----------------------------
23:07:20.100 OS Version: Windows 6.1.7601 Service Pack 1
23:07:20.100 Number of processors: 2 586 0xF0D
23:07:20.100 ComputerName: MARIES-NOTEBOOK UserName: Marie
23:07:49.852 Initialize success
23:12:58.451 AVAST engine defs: 12122200
23:13:32.991 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
23:13:33.006 Disk 0 Vendor: TOSHIBA_MK3252GSX LV011C Size: 305245MB BusType: 11
23:13:33.022 Disk 0 MBR read successfully
23:13:33.022 Disk 0 MBR scan
23:13:33.038 Disk 0 Windows 7 default MBR code
23:13:33.038 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 296042 MB offset 63
23:13:33.069 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 9199 MB offset 606296064
23:13:33.084 Disk 0 scanning sectors +625135616
23:13:33.131 Disk 0 scanning C:\Windows\system32\drivers
23:13:44.316 Service scanning
23:14:14.924 Modules scanning
23:14:22.256 Disk 0 trace - called modules:
23:14:22.287 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
23:14:22.303 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x861b3720]
23:14:22.318 3 CLASSPNP.SYS[8b1c759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x860e5908]
23:14:23.239 AVAST engine scan C:\Windows
23:14:25.048 AVAST engine scan C:\Windows\system32
23:17:27.771 AVAST engine scan C:\Windows\system32\drivers
23:17:41.390 AVAST engine scan C:\Users\Marie
23:21:25.503 AVAST engine scan C:\ProgramData
23:22:11.710 Scan finished successfully
23:23:09.961 Disk 0 MBR has been saved successfully to "C:\Users\Marie\Desktop\MBR.dat"
23:23:09.961 The log file has been saved successfully to "C:\Users\Marie\Desktop\aswMBR.txt"
Code:
ATTFilter 23:24:09.0326 3252 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
23:24:09.0357 3252 ============================================================
23:24:09.0357 3252 Current date / time: 2012/12/22 23:24:09.0357
23:24:09.0357 3252 SystemInfo:
23:24:09.0357 3252
23:24:09.0357 3252 OS Version: 6.1.7601 ServicePack: 1.0
23:24:09.0357 3252 Product type: Workstation
23:24:09.0357 3252 ComputerName: MARIES-NOTEBOOK
23:24:09.0357 3252 UserName: Marie
23:24:09.0357 3252 Windows directory: C:\Windows
23:24:09.0357 3252 System windows directory: C:\Windows
23:24:09.0357 3252 Processor architecture: Intel x86
23:24:09.0357 3252 Number of processors: 2
23:24:09.0357 3252 Page size: 0x1000
23:24:09.0357 3252 Boot type: Normal boot
23:24:09.0357 3252 ============================================================
23:24:10.0527 3252 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
23:24:10.0543 3252 ============================================================
23:24:10.0543 3252 \Device\Harddisk0\DR0:
23:24:10.0543 3252 MBR partitions:
23:24:10.0543 3252 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x242357C1
23:24:10.0543 3252 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x24235800, BlocksNum 0x11F7800
23:24:10.0543 3252 ============================================================
23:24:10.0558 3252 C: <-> \Device\Harddisk0\DR0\Partition1
23:24:10.0605 3252 D: <-> \Device\Harddisk0\DR0\Partition2
23:24:10.0605 3252 ============================================================
23:24:10.0605 3252 Initialize success
23:24:10.0605 3252 ============================================================
23:25:05.0502 2788 ============================================================
23:25:05.0502 2788 Scan started
23:25:05.0502 2788 Mode: Manual; SigCheck; TDLFS;
23:25:05.0502 2788 ============================================================
23:25:06.0609 2788 ================ Scan system memory ========================
23:25:06.0609 2788 System memory - ok
23:25:06.0609 2788 ================ Scan services =============================
23:25:06.0765 2788 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
23:25:06.0890 2788 1394ohci - ok
23:25:06.0921 2788 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
23:25:06.0937 2788 ACPI - ok
23:25:06.0968 2788 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
23:25:06.0999 2788 AcpiPmi - ok
23:25:07.0077 2788 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
23:25:07.0108 2788 AdobeARMservice - ok
23:25:07.0202 2788 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
23:25:07.0233 2788 AdobeFlashPlayerUpdateSvc - ok
23:25:07.0280 2788 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
23:25:07.0327 2788 adp94xx - ok
23:25:07.0342 2788 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
23:25:07.0358 2788 adpahci - ok
23:25:07.0374 2788 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
23:25:07.0389 2788 adpu320 - ok
23:25:07.0420 2788 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
23:25:07.0452 2788 AeLookupSvc - ok
23:25:07.0483 2788 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
23:25:07.0530 2788 AFD - ok
23:25:07.0561 2788 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
23:25:07.0576 2788 agp440 - ok
23:25:07.0623 2788 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
23:25:07.0639 2788 aic78xx - ok
23:25:07.0686 2788 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
23:25:07.0717 2788 ALG - ok
23:25:07.0748 2788 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
23:25:07.0764 2788 aliide - ok
23:25:07.0779 2788 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
23:25:07.0795 2788 amdagp - ok
23:25:07.0810 2788 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
23:25:07.0826 2788 amdide - ok
23:25:07.0873 2788 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
23:25:07.0904 2788 AmdK8 - ok
23:25:07.0935 2788 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
23:25:07.0966 2788 AmdPPM - ok
23:25:07.0998 2788 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
23:25:08.0013 2788 amdsata - ok
23:25:08.0044 2788 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
23:25:08.0060 2788 amdsbs - ok
23:25:08.0076 2788 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
23:25:08.0091 2788 amdxata - ok
23:25:08.0154 2788 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
23:25:08.0169 2788 AntiVirSchedulerService - ok
23:25:08.0232 2788 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
23:25:08.0247 2788 AntiVirService - ok
23:25:08.0278 2788 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
23:25:08.0310 2788 AppID - ok
23:25:08.0341 2788 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
23:25:08.0403 2788 AppIDSvc - ok
23:25:08.0434 2788 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
23:25:08.0481 2788 Appinfo - ok
23:25:08.0559 2788 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
23:25:08.0575 2788 Apple Mobile Device - ok
23:25:08.0622 2788 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
23:25:08.0668 2788 AppMgmt - ok
23:25:08.0715 2788 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
23:25:08.0731 2788 arc - ok
23:25:08.0746 2788 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
23:25:08.0746 2788 arcsas - ok
23:25:08.0778 2788 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
23:25:08.0824 2788 AsyncMac - ok
23:25:08.0840 2788 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
23:25:08.0856 2788 atapi - ok
23:25:08.0934 2788 [ 614A60AEE03A6151FDCBAC295854A9CB ] athr C:\Windows\system32\DRIVERS\athr.sys
23:25:08.0965 2788 athr - ok
23:25:09.0012 2788 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
23:25:09.0058 2788 AudioEndpointBuilder - ok
23:25:09.0058 2788 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
23:25:09.0090 2788 Audiosrv - ok
23:25:09.0152 2788 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
23:25:09.0183 2788 avgntflt - ok
23:25:09.0246 2788 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
23:25:09.0277 2788 avipbb - ok
23:25:09.0292 2788 [ CC4EBA25D80DE42BBC2BF3E553219388 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
23:25:09.0308 2788 avkmgr - ok
23:25:09.0339 2788 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
23:25:09.0370 2788 AxInstSV - ok
23:25:09.0417 2788 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
23:25:09.0464 2788 b06bdrv - ok
23:25:09.0480 2788 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
23:25:09.0511 2788 b57nd60x - ok
23:25:09.0558 2788 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
23:25:09.0589 2788 BDESVC - ok
23:25:09.0620 2788 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
23:25:09.0651 2788 Beep - ok
23:25:09.0698 2788 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
23:25:09.0745 2788 BFE - ok
23:25:09.0792 2788 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
23:25:09.0838 2788 BITS - ok
23:25:09.0854 2788 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
23:25:09.0870 2788 blbdrive - ok
23:25:09.0963 2788 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
23:25:09.0979 2788 Bonjour Service - ok
23:25:10.0010 2788 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
23:25:10.0026 2788 bowser - ok
23:25:10.0057 2788 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
23:25:10.0104 2788 BrFiltLo - ok
23:25:10.0104 2788 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
23:25:10.0182 2788 BrFiltUp - ok
23:25:10.0213 2788 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
23:25:10.0244 2788 Browser - ok
23:25:10.0275 2788 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
23:25:10.0338 2788 Brserid - ok
23:25:10.0384 2788 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
23:25:10.0416 2788 BrSerWdm - ok
23:25:10.0431 2788 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
23:25:10.0462 2788 BrUsbMdm - ok
23:25:10.0478 2788 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
23:25:10.0509 2788 BrUsbSer - ok
23:25:10.0540 2788 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
23:25:10.0556 2788 BTHMODEM - ok
23:25:10.0603 2788 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
23:25:10.0618 2788 bthserv - ok
23:25:10.0650 2788 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
23:25:10.0696 2788 cdfs - ok
23:25:10.0743 2788 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys
23:25:10.0790 2788 cdrom - ok
23:25:10.0837 2788 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
23:25:10.0899 2788 CertPropSvc - ok
23:25:10.0946 2788 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
23:25:10.0962 2788 circlass - ok
23:25:10.0993 2788 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
23:25:11.0008 2788 CLFS - ok
23:25:11.0086 2788 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
23:25:11.0118 2788 clr_optimization_v2.0.50727_32 - ok
23:25:11.0180 2788 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
23:25:11.0180 2788 clr_optimization_v4.0.30319_32 - ok
23:25:11.0211 2788 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
23:25:11.0227 2788 CmBatt - ok
23:25:11.0242 2788 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
23:25:11.0258 2788 cmdide - ok
23:25:11.0289 2788 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
23:25:11.0320 2788 CNG - ok
23:25:11.0383 2788 [ DDA0CB141150FEF87419926790CD26C8 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT32.sys
23:25:11.0476 2788 CnxtHdAudService - ok
23:25:11.0601 2788 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
23:25:11.0695 2788 Compbatt - ok
23:25:11.0773 2788 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
23:25:11.0804 2788 CompositeBus - ok
23:25:11.0820 2788 COMSysApp - ok
23:25:11.0851 2788 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
23:25:11.0866 2788 crcdisk - ok
23:25:11.0913 2788 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
23:25:11.0960 2788 CryptSvc - ok
23:25:11.0991 2788 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
23:25:12.0022 2788 CSC - ok
23:25:12.0054 2788 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
23:25:12.0085 2788 CscService - ok
23:25:12.0116 2788 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
23:25:12.0163 2788 DcomLaunch - ok
23:25:12.0194 2788 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
23:25:12.0241 2788 defragsvc - ok
23:25:12.0272 2788 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
23:25:12.0319 2788 DfsC - ok
23:25:12.0366 2788 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
23:25:12.0412 2788 Dhcp - ok
23:25:12.0444 2788 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
23:25:12.0475 2788 discache - ok
23:25:12.0506 2788 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
23:25:12.0522 2788 Disk - ok
23:25:12.0553 2788 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
23:25:12.0584 2788 Dnscache - ok
23:25:12.0615 2788 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
23:25:12.0678 2788 dot3svc - ok
23:25:12.0709 2788 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
23:25:12.0756 2788 DPS - ok
23:25:12.0802 2788 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
23:25:12.0849 2788 drmkaud - ok
23:25:12.0896 2788 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
23:25:12.0943 2788 DXGKrnl - ok
23:25:12.0990 2788 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
23:25:13.0036 2788 EapHost - ok
23:25:13.0161 2788 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
23:25:13.0239 2788 ebdrv - ok
23:25:13.0270 2788 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
23:25:13.0302 2788 EFS - ok
23:25:13.0364 2788 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
23:25:13.0395 2788 ehRecvr - ok
23:25:13.0426 2788 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
23:25:13.0442 2788 ehSched - ok
23:25:13.0489 2788 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
23:25:13.0504 2788 elxstor - ok
23:25:13.0520 2788 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
23:25:13.0551 2788 ErrDev - ok
23:25:13.0614 2788 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
23:25:13.0645 2788 EventSystem - ok
23:25:13.0660 2788 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
23:25:13.0707 2788 exfat - ok
23:25:13.0723 2788 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
23:25:13.0754 2788 fastfat - ok
23:25:13.0801 2788 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
23:25:13.0832 2788 Fax - ok
23:25:13.0879 2788 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
23:25:13.0910 2788 fdc - ok
23:25:13.0926 2788 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
23:25:13.0972 2788 fdPHost - ok
23:25:13.0988 2788 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
23:25:14.0035 2788 FDResPub - ok
23:25:14.0066 2788 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
23:25:14.0082 2788 FileInfo - ok
23:25:14.0097 2788 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
23:25:14.0128 2788 Filetrace - ok
23:25:14.0144 2788 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
23:25:14.0175 2788 flpydisk - ok
23:25:14.0206 2788 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
23:25:14.0222 2788 FltMgr - ok
23:25:14.0269 2788 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
23:25:14.0300 2788 FontCache - ok
23:25:14.0362 2788 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
23:25:14.0378 2788 FontCache3.0.0.0 - ok
23:25:14.0394 2788 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
23:25:14.0409 2788 FsDepends - ok
23:25:14.0440 2788 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
23:25:14.0440 2788 Fs_Rec - ok
23:25:14.0487 2788 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
23:25:14.0503 2788 fvevol - ok
23:25:14.0534 2788 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
23:25:14.0550 2788 gagp30kx - ok
23:25:14.0612 2788 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
23:25:14.0628 2788 GEARAspiWDM - ok
23:25:14.0643 2788 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
23:25:14.0706 2788 gpsvc - ok
23:25:14.0768 2788 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:14.0784 2788 gupdate - ok
23:25:14.0815 2788 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
23:25:14.0830 2788 gupdatem - ok
23:25:14.0862 2788 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
23:25:14.0893 2788 hcw85cir - ok
23:25:14.0940 2788 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
23:25:15.0002 2788 HdAudAddService - ok
23:25:15.0033 2788 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
23:25:15.0080 2788 HDAudBus - ok
23:25:15.0111 2788 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
23:25:15.0158 2788 HidBatt - ok
23:25:15.0189 2788 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
23:25:15.0220 2788 HidBth - ok
23:25:15.0252 2788 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
23:25:15.0267 2788 HidIr - ok
23:25:15.0298 2788 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
23:25:15.0345 2788 hidserv - ok
23:25:15.0408 2788 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
23:25:15.0423 2788 HidUsb - ok
23:25:15.0454 2788 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
23:25:15.0486 2788 hkmsvc - ok
23:25:15.0532 2788 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
23:25:15.0579 2788 HomeGroupListener - ok
23:25:15.0626 2788 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
23:25:15.0688 2788 HomeGroupProvider - ok
23:25:15.0720 2788 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
23:25:15.0751 2788 HpSAMD - ok
23:25:15.0844 2788 [ 210388FD8225B02BD83D77628AAE64A9 ] HsfXAudioService C:\Windows\system32\XAudio32.dll
23:25:15.0922 2788 HsfXAudioService - ok
23:25:15.0969 2788 [ 227C3BA25012752BB7450235392C719F ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys
23:25:16.0016 2788 HSF_DPV - ok
23:25:16.0063 2788 [ 4DF5C76302DC2F8F3465966C8426A292 ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys
23:25:16.0078 2788 HSXHWAZL - ok
23:25:16.0125 2788 [ 950CC1E6AE3A6CD23E0945CDE089B02C ] HTCAND32 C:\Windows\system32\Drivers\ANDROIDUSB.sys
23:25:16.0156 2788 HTCAND32 - ok
23:25:16.0203 2788 [ 339ADEFAD60353F960E3CA67CE468C24 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
23:25:16.0250 2788 htcnprot - ok
23:25:16.0297 2788 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
23:25:16.0344 2788 HTTP - ok
23:25:16.0390 2788 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
23:25:16.0390 2788 hwpolicy - ok
23:25:16.0437 2788 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
23:25:16.0453 2788 i8042prt - ok
23:25:16.0484 2788 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
23:25:16.0515 2788 iaStorV - ok
23:25:16.0593 2788 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
23:25:16.0624 2788 idsvc - ok
23:25:16.0656 2788 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
23:25:16.0671 2788 iirsp - ok
23:25:16.0968 2788 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
23:25:17.0077 2788 IKEEXT - ok
23:25:17.0108 2788 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
23:25:17.0124 2788 intelide - ok
23:25:17.0155 2788 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
23:25:17.0170 2788 intelppm - ok
23:25:17.0202 2788 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
23:25:17.0248 2788 IPBusEnum - ok
23:25:17.0264 2788 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
23:25:17.0295 2788 IpFilterDriver - ok
23:25:17.0358 2788 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
23:25:17.0404 2788 iphlpsvc - ok
23:25:17.0436 2788 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
23:25:17.0467 2788 IPMIDRV - ok
23:25:17.0498 2788 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
23:25:17.0545 2788 IPNAT - ok
23:25:17.0607 2788 [ EF1C51222117B37AFBFF8F4642EA8C62 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
23:25:17.0638 2788 iPod Service - ok
23:25:17.0670 2788 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
23:25:17.0685 2788 IRENUM - ok
23:25:17.0701 2788 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
23:25:17.0716 2788 isapnp - ok
23:25:17.0748 2788 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
23:25:17.0763 2788 iScsiPrt - ok
23:25:17.0810 2788 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
23:25:17.0810 2788 kbdclass - ok
23:25:17.0841 2788 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
23:25:17.0872 2788 kbdhid - ok
23:25:17.0888 2788 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
23:25:17.0904 2788 KeyIso - ok
23:25:17.0935 2788 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
23:25:17.0950 2788 KSecDD - ok
23:25:17.0982 2788 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
23:25:17.0997 2788 KSecPkg - ok
23:25:18.0028 2788 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
23:25:18.0075 2788 KtmRm - ok
23:25:18.0106 2788 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
23:25:18.0169 2788 LanmanServer - ok
23:25:18.0200 2788 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
23:25:18.0247 2788 LanmanWorkstation - ok
23:25:18.0278 2788 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
23:25:18.0356 2788 lltdio - ok
23:25:18.0387 2788 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
23:25:18.0418 2788 lltdsvc - ok
23:25:18.0434 2788 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
23:25:18.0465 2788 lmhosts - ok
23:25:18.0512 2788 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
23:25:18.0528 2788 LSI_FC - ok
23:25:18.0543 2788 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
23:25:18.0559 2788 LSI_SAS - ok
23:25:18.0590 2788 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
23:25:18.0590 2788 LSI_SAS2 - ok
23:25:18.0606 2788 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
23:25:18.0621 2788 LSI_SCSI - ok
23:25:18.0652 2788 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
23:25:18.0684 2788 luafv - ok
23:25:18.0715 2788 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
23:25:18.0730 2788 Mcx2Svc - ok
23:25:18.0824 2788 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
23:25:18.0855 2788 MDM ( UnsignedFile.Multi.Generic ) - warning
23:25:18.0855 2788 MDM - detected UnsignedFile.Multi.Generic (1)
23:25:18.0886 2788 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys
23:25:18.0902 2788 mdmxsdk - ok
23:25:18.0949 2788 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
23:25:18.0980 2788 megasas - ok
23:25:19.0011 2788 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
23:25:19.0027 2788 MegaSR - ok
23:25:19.0058 2788 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
23:25:19.0089 2788 MMCSS - ok
23:25:19.0120 2788 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
23:25:19.0152 2788 Modem - ok
23:25:19.0198 2788 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
23:25:19.0245 2788 monitor - ok
23:25:19.0276 2788 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys
23:25:19.0292 2788 mouclass - ok
23:25:19.0308 2788 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
23:25:19.0339 2788 mouhid - ok
23:25:19.0370 2788 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
23:25:19.0386 2788 mountmgr - ok
23:25:19.0432 2788 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
23:25:19.0464 2788 mpio - ok
23:25:19.0495 2788 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
23:25:19.0526 2788 mpsdrv - ok
23:25:19.0557 2788 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
23:25:19.0620 2788 MpsSvc - ok
23:25:19.0651 2788 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
23:25:19.0682 2788 MRxDAV - ok
23:25:19.0729 2788 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
23:25:19.0760 2788 mrxsmb - ok
23:25:19.0776 2788 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
23:25:19.0807 2788 mrxsmb10 - ok
23:25:19.0838 2788 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
23:25:19.0838 2788 mrxsmb20 - ok
23:25:19.0869 2788 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
23:25:19.0885 2788 msahci - ok
23:25:19.0916 2788 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
23:25:19.0932 2788 msdsm - ok
23:25:19.0947 2788 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
23:25:19.0978 2788 MSDTC - ok
23:25:20.0025 2788 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
23:25:20.0056 2788 Msfs - ok
23:25:20.0072 2788 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
23:25:20.0103 2788 mshidkmdf - ok
23:25:20.0134 2788 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
23:25:20.0150 2788 msisadrv - ok
23:25:20.0181 2788 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
23:25:20.0228 2788 MSiSCSI - ok
23:25:20.0228 2788 msiserver - ok
23:25:20.0275 2788 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
23:25:20.0322 2788 MSKSSRV - ok
23:25:20.0322 2788 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
23:25:20.0368 2788 MSPCLOCK - ok
23:25:20.0384 2788 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
23:25:20.0431 2788 MSPQM - ok
23:25:20.0446 2788 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
23:25:20.0462 2788 MsRPC - ok
23:25:20.0493 2788 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
23:25:20.0493 2788 mssmbios - ok
23:25:20.0524 2788 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
23:25:20.0556 2788 MSTEE - ok
23:25:20.0571 2788 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
23:25:20.0602 2788 MTConfig - ok
23:25:20.0618 2788 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
23:25:20.0634 2788 Mup - ok
23:25:20.0665 2788 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
23:25:20.0712 2788 napagent - ok
23:25:20.0774 2788 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
23:25:20.0790 2788 NativeWifiP - ok
23:25:20.0852 2788 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
23:25:20.0868 2788 NDIS - ok
23:25:20.0883 2788 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
23:25:20.0930 2788 NdisCap - ok
23:25:20.0977 2788 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
23:25:21.0024 2788 NdisTapi - ok
23:25:21.0055 2788 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
23:25:21.0086 2788 Ndisuio - ok
23:25:21.0117 2788 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
23:25:21.0148 2788 NdisWan - ok
23:25:21.0164 2788 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
23:25:21.0211 2788 NDProxy - ok
23:25:21.0242 2788 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
23:25:21.0273 2788 NetBIOS - ok
23:25:21.0304 2788 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
23:25:21.0336 2788 NetBT - ok
23:25:21.0351 2788 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
23:25:21.0367 2788 Netlogon - ok
23:25:21.0414 2788 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
23:25:21.0445 2788 Netman - ok
23:25:21.0476 2788 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
23:25:21.0507 2788 netprofm - ok
23:25:21.0538 2788 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
23:25:21.0554 2788 NetTcpPortSharing - ok
23:25:21.0585 2788 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
23:25:21.0601 2788 nfrd960 - ok
23:25:21.0632 2788 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
23:25:21.0663 2788 NlaSvc - ok
23:25:21.0679 2788 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
23:25:21.0694 2788 Npfs - ok
23:25:21.0726 2788 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
23:25:21.0757 2788 nsi - ok
23:25:21.0772 2788 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
23:25:21.0804 2788 nsiproxy - ok
23:25:21.0866 2788 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
23:25:21.0913 2788 Ntfs - ok
23:25:21.0944 2788 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
23:25:21.0991 2788 Null - ok
23:25:22.0162 2788 [ 3D7FB57354703809B5F0C23287FAC1D6 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
23:25:22.0225 2788 NVHDA - ok
23:25:22.0537 2788 [ E891B3979F0CF2740C1B073F834221FE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
23:25:22.0942 2788 nvlddmkm - ok
23:25:22.0989 2788 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
23:25:23.0005 2788 nvraid - ok
23:25:23.0036 2788 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
23:25:23.0052 2788 nvstor - ok
23:25:23.0114 2788 [ AE2DE8E165DCB93A66B21748E6F913DF ] nvsvc C:\Windows\system32\nvvsvc.exe
23:25:23.0130 2788 nvsvc - ok
23:25:23.0254 2788 [ C78581C14699C46FE0F0817416383134 ] nvUpdatusService C:\Program Files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
23:25:23.0317 2788 nvUpdatusService - ok
23:25:23.0332 2788 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
23:25:23.0348 2788 nv_agp - ok
23:25:23.0426 2788 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
23:25:23.0473 2788 odserv - ok
23:25:23.0520 2788 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
23:25:23.0566 2788 ohci1394 - ok
23:25:23.0598 2788 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
23:25:23.0613 2788 ose - ok
23:25:23.0644 2788 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
23:25:23.0691 2788 p2pimsvc - ok
23:25:23.0722 2788 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
23:25:23.0754 2788 p2psvc - ok
23:25:23.0769 2788 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
23:25:23.0785 2788 Parport - ok
23:25:23.0816 2788 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
23:25:23.0832 2788 partmgr - ok
23:25:23.0863 2788 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
23:25:23.0894 2788 Parvdm - ok
23:25:23.0972 2788 [ 39B9DCD7040654C2E57D7396736C718E ] PassThru Service C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
23:25:24.0003 2788 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
23:25:24.0003 2788 PassThru Service - detected UnsignedFile.Multi.Generic (1)
23:25:24.0050 2788 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
23:25:24.0097 2788 PcaSvc - ok
23:25:24.0112 2788 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
23:25:24.0128 2788 pci - ok
23:25:24.0159 2788 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
23:25:24.0159 2788 pciide - ok
23:25:24.0206 2788 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
23:25:24.0222 2788 pcmcia - ok
23:25:24.0237 2788 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
23:25:24.0253 2788 pcw - ok
23:25:24.0284 2788 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
23:25:24.0331 2788 PEAUTH - ok
23:25:24.0393 2788 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
23:25:24.0409 2788 PeerDistSvc - ok
23:25:24.0502 2788 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
23:25:24.0565 2788 pla - ok
23:25:24.0596 2788 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
23:25:24.0643 2788 PlugPlay - ok
23:25:24.0674 2788 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
23:25:24.0721 2788 PNRPAutoReg - ok
23:25:24.0752 2788 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
23:25:24.0768 2788 PNRPsvc - ok
23:25:24.0799 2788 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
23:25:24.0846 2788 PolicyAgent - ok
23:25:24.0877 2788 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
23:25:24.0908 2788 Power - ok
23:25:24.0939 2788 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
23:25:24.0986 2788 PptpMiniport - ok
23:25:25.0002 2788 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
23:25:25.0017 2788 Processor - ok
23:25:25.0064 2788 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
23:25:25.0095 2788 ProfSvc - ok
23:25:25.0111 2788 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
23:25:25.0126 2788 ProtectedStorage - ok
23:25:25.0142 2788 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
23:25:25.0173 2788 Psched - ok
23:25:25.0220 2788 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
23:25:25.0267 2788 ql2300 - ok
23:25:25.0298 2788 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
23:25:25.0314 2788 ql40xx - ok
23:25:25.0360 2788 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
23:25:25.0392 2788 QWAVE - ok
23:25:25.0423 2788 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
23:25:25.0438 2788 QWAVEdrv - ok
23:25:25.0470 2788 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
23:25:25.0501 2788 RasAcd - ok
23:25:25.0548 2788 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
23:25:25.0594 2788 RasAgileVpn - ok
23:25:25.0626 2788 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
23:25:25.0657 2788 RasAuto - ok
23:25:25.0688 2788 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
23:25:25.0704 2788 Rasl2tp - ok
23:25:25.0750 2788 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
23:25:25.0782 2788 RasMan - ok
23:25:25.0813 2788 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
23:25:25.0844 2788 RasPppoe - ok
23:25:25.0860 2788 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
23:25:25.0906 2788 RasSstp - ok
23:25:25.0938 2788 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
23:25:25.0984 2788 rdbss - ok
23:25:26.0016 2788 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
23:25:26.0031 2788 rdpbus - ok
23:25:26.0062 2788 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
23:25:26.0125 2788 RDPCDD - ok
23:25:26.0172 2788 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
23:25:26.0187 2788 RDPDR - ok
23:25:26.0218 2788 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
23:25:26.0250 2788 RDPENCDD - ok
23:25:26.0281 2788 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
23:25:26.0296 2788 RDPREFMP - ok
23:25:26.0343 2788 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
23:25:26.0390 2788 RDPWD - ok
23:25:26.0437 2788 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
23:25:26.0452 2788 rdyboost - ok
23:25:26.0484 2788 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
23:25:26.0530 2788 RemoteAccess - ok
23:25:26.0577 2788 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
23:25:26.0640 2788 RemoteRegistry - ok
23:25:26.0655 2788 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
23:25:26.0718 2788 RpcEptMapper - ok
23:25:26.0733 2788 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
23:25:26.0780 2788 RpcLocator - ok
23:25:26.0796 2788 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
23:25:26.0827 2788 RpcSs - ok
23:25:26.0874 2788 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
23:25:26.0936 2788 rspndr - ok
23:25:26.0967 2788 [ 3983CEA05BB855351D75F5482B6C42CE ] RTL8167 C:\Windows\system32\DRIVERS\Rt86win7.sys
23:25:26.0998 2788 RTL8167 - ok
23:25:27.0030 2788 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
23:25:27.0061 2788 s3cap - ok
23:25:27.0076 2788 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
23:25:27.0092 2788 SamSs - ok
23:25:27.0108 2788 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
23:25:27.0123 2788 sbp2port - ok
23:25:27.0170 2788 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
23:25:27.0217 2788 SCardSvr - ok
23:25:27.0248 2788 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
23:25:27.0279 2788 scfilter - ok
23:25:27.0513 2788 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
23:25:27.0591 2788 Schedule - ok
23:25:27.0622 2788 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
23:25:27.0654 2788 SCPolicySvc - ok
23:25:27.0685 2788 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
23:25:27.0716 2788 SDRSVC - ok
23:25:27.0747 2788 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
23:25:27.0778 2788 secdrv - ok
23:25:27.0825 2788 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
23:25:27.0872 2788 seclogon - ok
23:25:27.0888 2788 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
23:25:27.0934 2788 SENS - ok
23:25:27.0966 2788 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
23:25:27.0997 2788 SensrSvc - ok
23:25:28.0028 2788 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
23:25:28.0059 2788 Serenum - ok
23:25:28.0090 2788 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
23:25:28.0122 2788 Serial - ok
23:25:28.0168 2788 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
23:25:28.0200 2788 sermouse - ok
23:25:28.0231 2788 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
23:25:28.0278 2788 SessionEnv - ok
23:25:28.0309 2788 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
23:25:28.0324 2788 sffdisk - ok
23:25:28.0340 2788 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
23:25:28.0356 2788 sffp_mmc - ok
23:25:28.0371 2788 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
23:25:28.0402 2788 sffp_sd - ok
23:25:28.0418 2788 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
23:25:28.0449 2788 sfloppy - ok
23:25:28.0496 2788 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
23:25:28.0527 2788 SharedAccess - ok
23:25:28.0558 2788 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
23:25:28.0590 2788 ShellHWDetection - ok
23:25:28.0636 2788 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
23:25:28.0636 2788 sisagp - ok
23:25:28.0683 2788 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
23:25:28.0699 2788 SiSRaid2 - ok
23:25:28.0714 2788 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
23:25:28.0730 2788 SiSRaid4 - ok
23:25:28.0777 2788 [ F07AF60B152221472FBDB2FECEC4896D ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
23:25:28.0792 2788 SkypeUpdate - ok
23:25:28.0824 2788 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
23:25:28.0855 2788 Smb - ok
23:25:28.0902 2788 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
23:25:28.0917 2788 SNMPTRAP - ok
23:25:28.0933 2788 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
23:25:28.0948 2788 spldr - ok
23:25:28.0995 2788 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
23:25:29.0026 2788 Spooler - ok
23:25:29.0151 2788 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
23:25:29.0229 2788 sppsvc - ok
23:25:29.0260 2788 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
23:25:29.0307 2788 sppuinotify - ok
23:25:29.0354 2788 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
23:25:29.0385 2788 srv - ok
23:25:29.0416 2788 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
23:25:29.0448 2788 srv2 - ok
23:25:29.0479 2788 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
23:25:29.0510 2788 SrvHsfHDA - ok
23:25:29.0557 2788 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
23:25:29.0588 2788 SrvHsfV92 - ok
23:25:29.0635 2788 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
23:25:29.0666 2788 SrvHsfWinac - ok
23:25:29.0682 2788 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
23:25:29.0697 2788 srvnet - ok
23:25:29.0744 2788 [ 64E44ACD8C238FCBBB78F0BA4BDC4B05 ] ssadbus C:\Windows\system32\DRIVERS\ssadbus.sys
23:25:29.0775 2788 ssadbus - ok
23:25:29.0791 2788 [ BB2C84A15C765DA89FD832B0E73F26CE ] ssadmdfl C:\Windows\system32\DRIVERS\ssadmdfl.sys
23:25:29.0806 2788 ssadmdfl - ok
23:25:29.0838 2788 [ 6D0D132DDC6F43EDA00DCED6D8B1CA31 ] ssadmdm C:\Windows\system32\DRIVERS\ssadmdm.sys
23:25:29.0853 2788 ssadmdm - ok
23:25:29.0900 2788 [ 069351A1D7D291013177A90AE6EDCCBC ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
23:25:29.0916 2788 sscdbus - ok
23:25:29.0947 2788 [ 1C925BE223A5C0F9F469252292A48DF6 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
23:25:29.0962 2788 sscdmdfl - ok
23:25:29.0978 2788 [ AE3E77AE0FBDB07EB1AC3FED74A0695E ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
23:25:29.0994 2788 sscdmdm - ok
23:25:30.0025 2788 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
23:25:30.0072 2788 SSDPSRV - ok
23:25:30.0118 2788 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
23:25:30.0134 2788 ssmdrv - ok
23:25:30.0150 2788 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
23:25:30.0212 2788 SstpSvc - ok
23:25:30.0259 2788 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
23:25:30.0274 2788 stexstor - ok
23:25:30.0306 2788 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
23:25:30.0337 2788 StiSvc - ok
23:25:30.0368 2788 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
23:25:30.0384 2788 storflt - ok
23:25:30.0415 2788 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
23:25:30.0430 2788 StorSvc - ok
23:25:30.0462 2788 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
23:25:30.0477 2788 storvsc - ok
23:25:30.0493 2788 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
23:25:30.0508 2788 swenum - ok
23:25:30.0540 2788 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
23:25:30.0571 2788 swprv - ok
23:25:30.0618 2788 [ F5D926807BD9BC0AF68F9376144DE425 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
23:25:30.0633 2788 SynTP - ok
23:25:30.0680 2788 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
23:25:30.0711 2788 SysMain - ok
23:25:30.0758 2788 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
23:25:30.0774 2788 TabletInputService - ok
23:25:30.0805 2788 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
23:25:30.0836 2788 TapiSrv - ok
23:25:30.0867 2788 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
23:25:30.0914 2788 TBS - ok
23:25:30.0976 2788 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
23:25:31.0008 2788 Tcpip - ok
23:25:31.0054 2788 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
23:25:31.0086 2788 TCPIP6 - ok
23:25:31.0101 2788 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
23:25:31.0148 2788 tcpipreg - ok
23:25:31.0179 2788 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
23:25:31.0195 2788 TDPIPE - ok
23:25:31.0210 2788 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
23:25:31.0242 2788 TDTCP - ok
23:25:31.0288 2788 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
23:25:31.0320 2788 tdx - ok
23:25:31.0351 2788 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
23:25:31.0366 2788 TermDD - ok
23:25:31.0398 2788 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
23:25:31.0429 2788 TermService - ok
23:25:31.0460 2788 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
23:25:31.0507 2788 Themes - ok
23:25:31.0538 2788 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
23:25:31.0569 2788 THREADORDER - ok
23:25:31.0585 2788 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
23:25:31.0632 2788 TrkWks - ok
23:25:31.0678 2788 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
23:25:31.0710 2788 TrustedInstaller - ok
23:25:31.0741 2788 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
23:25:31.0772 2788 tssecsrv - ok
23:25:31.0819 2788 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
23:25:31.0834 2788 TsUsbFlt - ok
23:25:31.0881 2788 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
23:25:31.0944 2788 tunnel - ok
23:25:31.0975 2788 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
23:25:31.0990 2788 uagp35 - ok
23:25:32.0006 2788 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
23:25:32.0053 2788 udfs - ok
23:25:32.0100 2788 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
23:25:32.0146 2788 UI0Detect - ok
23:25:32.0178 2788 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
23:25:32.0193 2788 uliagpkx - ok
23:25:32.0240 2788 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
23:25:32.0271 2788 umbus - ok
23:25:32.0287 2788 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
23:25:32.0334 2788 UmPass - ok
23:25:32.0365 2788 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
23:25:32.0412 2788 UmRdpService - ok
23:25:32.0443 2788 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
23:25:32.0505 2788 upnphost - ok
23:25:32.0552 2788 [ 73B41F4EAD65F355962168D766AF0F2E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys
23:25:32.0568 2788 USBAAPL ( UnsignedFile.Multi.Generic ) - warning
23:25:32.0568 2788 USBAAPL - detected UnsignedFile.Multi.Generic (1)
23:25:32.0599 2788 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
23:25:32.0630 2788 usbccgp - ok
23:25:32.0661 2788 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
23:25:32.0708 2788 usbcir - ok
23:25:32.0739 2788 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
23:25:32.0755 2788 usbehci - ok
23:25:32.0786 2788 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
23:25:32.0817 2788 usbhub - ok
23:25:32.0833 2788 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
23:25:32.0864 2788 usbohci - ok
23:25:32.0880 2788 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
23:25:32.0895 2788 usbprint - ok
23:25:32.0911 2788 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
23:25:32.0942 2788 USBSTOR - ok
23:25:32.0973 2788 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
23:25:32.0989 2788 usbuhci - ok
23:25:33.0020 2788 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
23:25:33.0036 2788 usbvideo - ok
23:25:33.0067 2788 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
23:25:33.0114 2788 UxSms - ok
23:25:33.0114 2788 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
23:25:33.0129 2788 VaultSvc - ok
23:25:33.0176 2788 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
23:25:33.0207 2788 vdrvroot - ok
23:25:33.0238 2788 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
23:25:33.0285 2788 vds - ok
23:25:33.0316 2788 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
23:25:33.0348 2788 vga - ok
23:25:33.0379 2788 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
23:25:33.0394 2788 VgaSave - ok
23:25:33.0441 2788 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
23:25:33.0457 2788 vhdmp - ok
23:25:33.0488 2788 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
23:25:33.0504 2788 viaagp - ok
23:25:33.0519 2788 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
23:25:33.0550 2788 ViaC7 - ok
23:25:33.0566 2788 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
23:25:33.0582 2788 viaide - ok
23:25:33.0613 2788 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
23:25:33.0628 2788 vmbus - ok
23:25:33.0644 2788 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
23:25:33.0660 2788 VMBusHID - ok
23:25:33.0675 2788 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
23:25:33.0691 2788 volmgr - ok
23:25:33.0722 2788 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
23:25:33.0738 2788 volmgrx - ok
23:25:33.0753 2788 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
23:25:33.0769 2788 volsnap - ok
23:25:33.0784 2788 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
23:25:33.0800 2788 vsmraid - ok
23:25:33.0862 2788 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
23:25:33.0925 2788 VSS - ok
23:25:33.0940 2788 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
23:25:33.0972 2788 vwifibus - ok
23:25:34.0003 2788 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
23:25:34.0034 2788 vwififlt - ok
23:25:34.0081 2788 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
23:25:34.0096 2788 vwifimp - ok
23:25:34.0128 2788 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
23:25:34.0190 2788 W32Time - ok
23:25:34.0206 2788 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
23:25:34.0237 2788 WacomPen - ok
23:25:34.0268 2788 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
23:25:34.0299 2788 WANARP - ok
23:25:34.0299 2788 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
23:25:34.0330 2788 Wanarpv6 - ok
23:25:34.0377 2788 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
23:25:34.0424 2788 wbengine - ok
23:25:34.0471 2788 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
23:25:34.0502 2788 WbioSrvc - ok
23:25:34.0533 2788 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
23:25:34.0564 2788 wcncsvc - ok
23:25:34.0580 2788 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
23:25:34.0596 2788 WcsPlugInService - ok
23:25:34.0627 2788 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
23:25:34.0642 2788 Wd - ok
23:25:34.0674 2788 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
23:25:34.0705 2788 Wdf01000 - ok
23:25:34.0720 2788 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
23:25:34.0752 2788 WdiServiceHost - ok
23:25:34.0767 2788 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
23:25:34.0783 2788 WdiSystemHost - ok
23:25:34.0814 2788 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
23:25:34.0876 2788 WebClient - ok
23:25:34.0908 2788 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
23:25:34.0939 2788 Wecsvc - ok
23:25:34.0954 2788 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
23:25:34.0986 2788 wercplsupport - ok
23:25:35.0017 2788 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
23:25:35.0064 2788 WerSvc - ok
23:25:35.0095 2788 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
23:25:35.0126 2788 WfpLwf - ok
23:25:35.0142 2788 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
23:25:35.0157 2788 WIMMount - ok
23:25:35.0188 2788 [ 8B976D4CA270110111DF4F313DA0E6E8 ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys
23:25:35.0220 2788 winachsf - ok
23:25:35.0282 2788 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
23:25:35.0329 2788 WinDefend - ok
23:25:35.0344 2788 WinHttpAutoProxySvc - ok
23:25:35.0391 2788 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
23:25:35.0438 2788 Winmgmt - ok
23:25:35.0500 2788 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
23:25:35.0547 2788 WinRM - ok
23:25:35.0610 2788 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
23:25:35.0672 2788 WinUsb - ok
23:25:35.0703 2788 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
23:25:35.0750 2788 Wlansvc - ok
23:25:35.0797 2788 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
23:25:35.0812 2788 WmiAcpi - ok
23:25:35.0844 2788 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
23:25:35.0875 2788 wmiApSrv - ok
23:25:35.0953 2788 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
23:25:36.0015 2788 WMPNetworkSvc - ok
23:25:36.0062 2788 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
23:25:36.0093 2788 WPCSvc - ok
23:25:36.0140 2788 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
23:25:36.0156 2788 WPDBusEnum - ok
23:25:36.0187 2788 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
23:25:36.0218 2788 ws2ifsl - ok
23:25:36.0249 2788 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
23:25:36.0280 2788 wscsvc - ok
23:25:36.0280 2788 WSearch - ok
23:25:36.0358 2788 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
23:25:36.0421 2788 wuauserv - ok
23:25:36.0452 2788 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
23:25:36.0468 2788 WudfPf - ok
23:25:36.0499 2788 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
23:25:36.0530 2788 WUDFRd - ok
23:25:36.0561 2788 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
23:25:36.0577 2788 wudfsvc - ok
23:25:36.0608 2788 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
23:25:36.0655 2788 WwanSvc - ok
23:25:36.0670 2788 [ 894F963BE999BA9DB5AAC3AED55B115D ] XAudio C:\Windows\system32\DRIVERS\XAudio32.sys
23:25:36.0686 2788 XAudio - ok
23:25:36.0717 2788 ================ Scan global ===============================
23:25:36.0733 2788 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
23:25:36.0764 2788 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
23:25:36.0780 2788 [ 93F86C5CCC37D70EA09CE5E76F3E4338 ] C:\Windows\system32\winsrv.dll
23:25:36.0811 2788 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
23:25:36.0842 2788 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
23:25:36.0842 2788 [Global] - ok
23:25:36.0842 2788 ================ Scan MBR ==================================
23:25:36.0858 2788 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
23:25:37.0903 2788 \Device\Harddisk0\DR0 - ok
23:25:37.0903 2788 ================ Scan VBR ==================================
23:25:37.0918 2788 [ 9914542F9AF12EE87106AA99FF817A7D ] \Device\Harddisk0\DR0\Partition1
23:25:37.0918 2788 \Device\Harddisk0\DR0\Partition1 - ok
23:25:37.0934 2788 [ 672039BC4A98A06A32426EFC671141E5 ] \Device\Harddisk0\DR0\Partition2
23:25:37.0934 2788 \Device\Harddisk0\DR0\Partition2 - ok
23:25:37.0934 2788 ============================================================
23:25:37.0934 2788 Scan finished
23:25:37.0934 2788 ============================================================
23:25:37.0965 1416 Detected object count: 3
23:25:37.0965 1416 Actual detected object count: 3
23:26:07.0496 1416 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:07.0496 1416 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:07.0496 1416 USBAAPL ( UnsignedFile.Multi.Generic ) - skipped by user
23:26:07.0496 1416 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Skip
23:26:59.0860 2028 Deinitialize success
|
|
23.12.2012, 00:05
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Ist recht unuaffällig, aber ich denke da ist noch was. Bitte ein Log mit CF machen ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 00:23
| #11 | |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Jetzt muss ich nachfragen: CF meldet: Zitat:
|
|
23.12.2012, 00:25
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Wenn der Echtzeitschutz deaktiviert ist (Regenschirm geschlossen) dann ist das ok und du kannst die Warnung ignorieren. Das ist mW ein Bug von AntVir, denn es meldet anscheinend nicht immer sauber seinen Status weiter ans Sicherheitscenter von Windows, und daran orientieren sich viele Tools, nicht nur CF
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 00:47
| #13 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Alles klar. Scheint gut gegangen zu sein. Hier das ComboFix Log: ComboFix.txt Combofix Logfile: Code:
ATTFilter ComboFix 12-12-22.02 - Marie 23.12.2012 0:28.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3069.2180 [GMT 1:00]
ausgef¸hrt von:: c:\users\Marie\Desktop\ComboFix.exe
AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Spybot - Search and Destroy *Disabled/Outdated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Lˆschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Marie\AppData\Local\Temp\26b4a1dd-e07b-48af-be4e-9642b273284b\CliSecureRT.dll
c:\windows\system32\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-22 bis 2012-12-22 ))))))))))))))))))))))))))))))
.
.
2012-12-22 23:32 . 2012-12-22 23:34 -------- d-----w- c:\users\Marie\AppData\Local\temp
2012-12-22 14:07 . 2012-12-16 14:13 295424 ----a-w- c:\windows\system32\atmfd.dll
2012-12-22 14:07 . 2012-12-16 14:13 34304 ----a-w- c:\windows\system32\atmlib.dll
2012-12-22 13:24 . 2012-12-22 22:11 -------- d-----r- c:\users\Marie\Dropbox
2012-12-22 13:22 . 2012-12-22 23:34 -------- d-----w- c:\users\Marie\AppData\Roaming\Dropbox
2012-12-17 07:23 . 2012-12-22 13:26 -------- d-----w- c:\programdata\Spybot - Search & Destroy
2012-12-17 07:23 . 2012-12-22 20:57 -------- d-----w- c:\program files\Spybot - Search & Destroy 2
2012-12-17 07:22 . 2012-12-17 07:22 -------- d-----w- c:\users\Marie\AppData\Local\Programs
2012-12-17 07:15 . 2012-12-17 07:15 -------- d-----w- c:\users\Marie\AppData\Roaming\Avira
2012-12-17 07:09 . 2012-11-27 09:01 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2012-12-17 07:09 . 2012-11-22 14:51 36552 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2012-12-17 07:09 . 2012-11-22 14:50 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-17 07:09 . 2012-12-17 07:09 -------- d-----w- c:\programdata\Avira
2012-12-17 07:09 . 2012-12-17 07:09 -------- d-----w- c:\program files\Avira
2012-12-06 16:14 . 2012-12-06 16:14 114688 --sha-r- c:\windows\system32\3DAudiou.dll
2012-12-04 15:27 . 2012-11-08 18:00 6812136 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{0EEE0EDE-C311-4AC1-8531-67D2C518D59B}\mpengine.dll
2012-12-02 14:18 . 2012-12-02 14:18 -------- d-----w- c:\program files\iPod
2012-12-02 14:18 . 2012-12-02 14:18 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1
2012-12-02 14:18 . 2012-12-02 14:18 -------- d-----w- c:\program files\iTunes
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 15:31 . 2012-05-07 13:19 697272 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2012-12-12 15:31 . 2011-11-24 20:44 73656 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2012-10-16 07:39 . 2012-11-28 09:21 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 17:40 . 2012-11-17 13:03 193536 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-17 13:03 44032 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-03 16:58 . 2012-11-17 13:03 1293680 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 16:42 . 2012-11-17 13:03 242176 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 16:42 . 2012-11-17 13:03 52224 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 16:42 . 2012-11-17 13:03 175104 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 16:42 . 2012-11-17 13:03 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 16:42 . 2012-11-17 13:03 156672 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 16:40 . 2012-11-17 13:03 499712 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 15:21 . 2012-11-17 13:03 35328 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
2012-09-25 22:47 . 2012-11-17 13:03 78336 ----a-w- c:\windows\system32\synceng.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"KiesHelper"="c:\program files\Samsung\Kies\KiesHelper.exe" [2012-06-08 958392]
"KiesPDLR"="c:\program files\Samsung\Kies\External\FirmwareUpdate\KiesPDLR.exe" [2012-06-08 21432]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-03-28 1045800]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-07-27 919008]
"APSDaemon"="c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-11-28 59280]
"KiesTrayAgent"="c:\program files\Samsung\Kies\KiesTrayAgent.exe" [2012-06-08 3521464]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2012-11-28 151952]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-12-04 384800]
.
c:\users\Marie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Marie\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk *\0\0sdnclean.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM]
2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EADM]
2012-03-02 14:18 3402376 ----a-w- c:\program files\Origin\Origin.exe
.
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 HTCAND32;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [x]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [x]
R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
R3 ssadbus;SAMSUNG Android USB Composite Device driver (WDM);c:\windows\system32\DRIVERS\ssadbus.sys [x]
R3 ssadmdfl;SAMSUNG Android USB Modem (Filter);c:\windows\system32\DRIVERS\ssadmdfl.sys [x]
R3 ssadmdm;SAMSUNG Android USB Modem Drivers;c:\windows\system32\DRIVERS\ssadmdm.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 HsfXAudioService;HsfXAudioService;c:\windows\system32\svchost.exe [x]
S2 PassThru Service;Internet Pass-Through Service;c:\program files\HTC\Internet Pass-Through\PassThruSvr.exe [x]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt86win7.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HsfXAudioService REG_MULTI_SZ HsfXAudioService
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-22 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-05-07 15:31]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 13:04]
.
2012-12-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-06-30 13:04]
.
2012-12-22 c:\windows\Tasks\Rmdhlbjksp.job
- c:\windows\system32\3DAudiou.dll [2012-12-06 16:14]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uInternet Settings,ProxyOverride = *.local
TCP: DhcpNameServer = 192.168.178.1
.
- - - - Entfernte verwaiste Registrierungseintr‰ge - - - -
.
HKCU-Run-KiesAirMessage - c:\program files\Samsung\Kies\KiesAirMessage.exe
MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe
MSConfigStartUp-HTC Sync Loader - c:\program files\HTC\HTC Sync 3.0\htcUPCTLoader.exe
AddRemove-EADM - c:\program files\Electronic Arts\EADM\Uninstall.exe
AddRemove-OnlineFotoservice - c:\users\Marie\Downloads\OnlineFotoservice\uninstall.exe
AddRemove-01_Simmental - c:\program files\Samsung\USB Drivers\01_Simmental\Uninstall.exe
AddRemove-02_Siberian - c:\program files\Samsung\USB Drivers\02_Siberian\Uninstall.exe
AddRemove-03_Swallowtail - c:\program files\Samsung\USB Drivers\03_Swallowtail\Uninstall.exe
AddRemove-04_semseyite - c:\program files\Samsung\USB Drivers\04_semseyite\Uninstall.exe
AddRemove-05_Sloan - c:\program files\Samsung\USB Drivers\05_Sloan\Uninstall.exe
AddRemove-06_Spencer - c:\program files\Samsung\USB Drivers\06_Spencer\Uninstall.exe
AddRemove-07_Schorl - c:\program files\Samsung\USB Drivers\07_Schorl\Uninstall.exe
AddRemove-08_EMPChipset - c:\program files\Samsung\USB Drivers\08_EMPChipset\Uninstall.exe
AddRemove-09_Hsp - c:\program files\Samsung\USB Drivers\09_Hsp\Uninstall.exe
AddRemove-11_HSP_Plus_Default - c:\program files\Samsung\USB Drivers\11_HSP_Plus_Default\Uninstall.exe
AddRemove-16_Shrewsbury - c:\program files\Samsung\USB Drivers\16_Shrewsbury\Uninstall.exe
AddRemove-17_EMP_Chipset2 - c:\program files\Samsung\USB Drivers\17_EMP_Chipset2\Uninstall.exe
AddRemove-18_Zinia_Serial_Driver - c:\program files\Samsung\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe
AddRemove-19_VIA_driver - c:\program files\Samsung\USB Drivers\19_VIA_driver\Uninstall.exe
AddRemove-20_NXP_Driver - c:\program files\Samsung\USB Drivers\20_NXP_Driver\Uninstall.exe
AddRemove-21_Searsburg - c:\program files\Samsung\USB Drivers\21_Searsburg\Uninstall.exe
AddRemove-22_WiBro_WiMAX - c:\program files\Samsung\USB Drivers\22_WiBro_WiMAX\Uninstall.exe
AddRemove-24_flashusbdriver - c:\program files\Samsung\USB Drivers\24_flashusbdriver\Uninstall.exe
AddRemove-25_escape - c:\program files\Samsung\USB Drivers\25_escape\Uninstall.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(1992)
c:\users\Marie\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\NVIDIA Corporation\Display\nvxdsync.exe
c:\windows\system32\nvvsvc.exe
c:\windows\system32\rundll32.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\taskhost.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\System32\WUDFHost.exe
c:\program files\NVIDIA Corporation\Display\nvtray.exe
c:\windows\system32\conhost.exe
c:\program files\Synaptics\SynTP\SynTPHelper.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
c:\windows\system32\sppsvc.exe
c:\program files\Windows Media Player\wmpnetwk.exe
c:\\?\c:\windows\system32\wbem\WMIADAP.EXE
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-23 00:38:39 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-22 23:38
.
Vor Suchlauf: 8 Verzeichnis(se), 255.894.163.456 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 256.153.292.800 Bytes frei
.
- - End Of File - - 96A6C629215388DC2AFE29ACE1B34184
|
|
23.12.2012, 00:59
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Mittlerweile eine Besserung beim Sicherheitscenter zu verzeichnen? 1. Infos mit FSS Downloade dir bitte Farbar's Service Scanner
2. adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
23.12.2012, 01:10
| #15 |
| | Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen Also das Sicherheitscenter ist immer noch deaktiviert. Habe aber noch nicht versucht es von Hand wieder anzuschalten. Soll ich das versuchen? Gerade war noch ein seltsames Verhalten des Rechners. Plötzliche hat sich Aero deaktiviert. Sprich, diese Transparenz Effekte in der Taskleiste und in den Fenstern waren weg. Der Rechner stand nur neben mir. Ich habe nichts daran gemacht. Nachdem ich das offene Explorer Fenster geschlossen habe, waren die Transparenzen wieder da?! Sehr komisch. Hier das Log von AdwCleaner: AdwCleaner[R1].txt Code:
ATTFilter # AdwCleaner v2.101 - Datei am 23/12/2012 um 01:03:14 erstellt
# Aktualisiert am 16/12/2012 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Marie - MARIES-NOTEBOOK
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Marie\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\user.js
***** [Registrierungsdatenbank] *****
Schl¸ssel Gefunden : HKCU\Software\IM
Schl¸ssel Gefunden : HKCU\Software\ImInstaller
Schl¸ssel Gefunden : HKCU\Software\Softonic
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}
Schl¸ssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASAPI32
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\IncredibarToolbar_RASMANCS
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASAPI32
Schl¸ssel Gefunden : HKLM\SOFTWARE\Microsoft\Tracing\NEW_CORRECT_incredibar_install_RASMANCS
Schl¸ssel Gefunden : HKLM\Software\Web Assistant
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Google Chrome v23.0.1271.97
Datei : C:\Users\Marie\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [1656 octets] - [23/12/2012 01:03:14]
########## EOF - C:\AdwCleaner[R1].txt - [1716 octets] ##########
|
|
| Themen zu Windows Sicherheitscenter deaktiviert sich von selbst und URL-Redirect bei Google Suchen |
| antivir, autorun, avira, bho, bonjour, browser, error, excel, fehler, firefox, flash player, format, google, hilfe benötigt, homepage, install.exe, ntdll.dll, nvidia update, office 2007, plug-in, problem, registry, rundll, safer networking, scan, security, sekunden, sicherheitscenter, software, starten, svchost.exe, trojaner-board, url redirect, url umleitung, windows |
riginalQueryForSuggestion}{google:assistedQueryStats}{google:se archFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
Linear-Darstellung
