| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99%Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.12.2012, 16:08
| #1 |
| |  Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hallo zusammen, wie der Titel schon sagt, ist im Taskmanager mehrfach (ca. 10mal) eine Update.exe vorhanden, die sich immer wieder selbst beendet und neu startet. Habe also keine Möglichkeit die Programme selbst zu beenden. Die CPU Leistung liegt dementsprechend bei durchgehend 99%. Neben dem Mauszeiger "dreht" sich auch andauernd das "Laderädchen". Außerdem kann ich avira nicht mehr updaten, es kommt die Fehlermeldung "Zugriff verweigert". Wenn ich den Virenscanner komplett neu installieren möchte, wirft er folgende Fehlermeldung aus "Die Installation des Microsoft Runtime Redistributable Kit ist fehlgeschlagen" Beim Windows Update gibt es das selbe Problem, er versucht zu installieren, bricht dann aber mit Fehlermeldung ab. "Unbekannter Fehler; Code 80070490, 80004005 und 641" Der Online Scan von Bitdefender fand keinen Virus! Habe das Problem auch schon gegoogelt und in einem anderen Forum (hxxp://www.windows-seven-forum.de/pc-laedt-ohne-pause-update-exe-windows-task-manager-um-15mal-hilfe-5441.html) das gleiche Problem gefunden. Nachdem dort aber damals nach kurzem hin und her eine Formatierung empfohlen wurde, wollte ich mein Problem lieber hier schildern. Im voraus schonmal Besten Dank! Mfg Anbei das OTL und Extras Ergebnis OTL.exe: OTL Logfile: Code:
ATTFilter OTL logfile created on: 12/26/2012 3:28:57 PM - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop 64bit- Home Premium Edition (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7600.16385) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.79 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.00% Memory free 7.59 Gb Paging File | 5.37 Gb Available in Paging File | 70.78% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 172.79 Gb Total Space | 124.41 Gb Free Space | 72.00% Space Free | Partition Type: NTFS Drive D: | 113.20 Gb Total Space | 113.11 Gb Free Space | 99.92% Space Free | Partition Type: NTFS Computer Name: ***-MSI | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012/12/26 15:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe PRC - [2012/12/26 14:35:32 | 001,807,800 | ---- | M] (Adobe Systems, Inc.) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_135.exe PRC - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2012/11/15 07:16:48 | 000,612,640 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\update.exe PRC - [2012/08/08 18:43:54 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe PRC - [2012/05/10 16:14:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2012/05/10 16:14:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe PRC - [2012/03/09 20:20:33 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe PRC - [2010/10/27 18:17:52 | 000,207,424 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe PRC - [2010/08/25 10:27:44 | 000,309,824 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac PRC - [2010/06/05 01:00:28 | 002,486,272 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe PRC - [2010/05/16 22:40:00 | 001,349,632 | ---- | M] (Creative Technology Ltd) -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe PRC - [2010/05/05 15:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe PRC - [2010/04/13 17:57:56 | 000,284,696 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe PRC - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe PRC - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) -- C:\Program Files (x86)\System Control Manager\MSIService.exe ========== Modules (No Company Name) ========== MOD - [2012/12/26 14:35:32 | 014,586,296 | ---- | M] () -- C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll MOD - [2012/11/30 03:07:48 | 000,100,248 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2012/11/30 03:06:58 | 001,263,512 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe MOD - [2012/08/31 11:59:23 | 003,198,976 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll MOD - [2012/08/31 11:59:19 | 004,550,656 | ---- | M] () -- C:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll MOD - [2012/04/23 23:35:09 | 000,630,784 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll MOD - [2012/03/21 23:32:36 | 005,025,792 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll MOD - [2012/03/09 20:20:31 | 001,911,768 | ---- | M] () -- C:\Program Files (x86)\Mozilla Firefox\mozjs.dll MOD - [2012/02/11 00:31:42 | 001,253,376 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\WindowsBase\3.0.0.0__31bf3856ad364e35\WindowsBase.dll MOD - [2012/02/11 00:31:41 | 005,283,840 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework\3.0.0.0__31bf3856ad364e35\PresentationFramework.dll MOD - [2012/02/11 00:31:40 | 004,218,880 | ---- | M] () -- C:\windows\assembly\GAC_32\PresentationCore\3.0.0.0__31bf3856ad364e35\PresentationCore.dll MOD - [2011/12/25 21:42:15 | 005,255,168 | ---- | M] () -- C:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll MOD - [2010/11/13 01:08:41 | 000,315,392 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\mscorlib.resources\2.0.0.0_de_b77a5c561934e089\mscorlib.resources.dll MOD - [2010/11/05 02:58:14 | 002,048,000 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.Xml.dll MOD - [2010/11/05 02:58:10 | 000,303,104 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll MOD - [2010/11/05 02:58:04 | 000,425,984 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.dll MOD - [2010/11/05 02:57:46 | 000,610,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll MOD - [2010/06/12 02:25:21 | 000,249,856 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.resources\3.0.0.0_de_31bf3856ad364e35\PresentationFramework.resources.dll MOD - [2010/06/12 02:25:21 | 000,110,592 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationCore.resources\3.0.0.0_de_31bf3856ad364e35\PresentationCore.resources.dll MOD - [2010/06/12 02:24:52 | 000,032,768 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\System.Runtime.Remoting.resources\2.0.0.0_de_b77a5c561934e089\System.Runtime.Remoting.resources.dll MOD - [2010/05/17 20:56:42 | 000,155,648 | ---- | M] () -- C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\de-DE\THXAudio.resources.dll MOD - [2010/05/04 18:59:00 | 000,182,272 | ---- | M] () -- C:\Windows\SysWOW64\APOMngr.DLL MOD - [2009/06/10 22:22:40 | 000,010,752 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll MOD - [2009/06/10 22:14:46 | 000,098,304 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationTypes\3.0.0.0__31bf3856ad364e35\UIAutomationTypes.dll MOD - [2009/06/10 22:14:46 | 000,040,960 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\UIAutomationProvider\3.0.0.0__31bf3856ad364e35\UIAutomationProvider.dll MOD - [2009/06/10 22:14:43 | 000,196,608 | ---- | M] () -- C:\windows\assembly\GAC_MSIL\PresentationFramework.Aero\3.0.0.0__31bf3856ad364e35\PresentationFramework.Aero.dll ========== Services (SafeList) ========== SRV:64bit: - [2010/01/19 16:26:58 | 001,420,560 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV:64bit: - [2010/01/19 16:05:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV:64bit: - [2009/07/14 02:41:27 | 001,011,712 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Defender\mpsvc.dll -- (WinDefend) SRV - [2012/12/26 14:35:32 | 000,250,808 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2012/05/10 16:14:58 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2012/05/10 16:14:57 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2010/05/05 15:20:00 | 001,604,200 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe -- (nvUpdatusService) SRV - [2010/04/13 17:57:58 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Stopped] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010/03/18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010/03/18 10:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009/09/30 14:01:32 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009/09/30 14:01:30 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009/07/09 23:54:42 | 000,160,768 | ---- | M] (Micro-Star International Co., Ltd.) [Auto | Running] -- C:\Program Files (x86)\System Control Manager\MSIService.exe -- (Micro Star SCM) SRV - [2009/06/10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\msi\msi Software Install\MGHwCtrl.sys -- (MGHwCtrl) DRV:64bit: - [2012/05/10 16:14:58 | 000,132,832 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012/05/10 16:14:58 | 000,098,848 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\avgntflt.sys -- (avgntflt) DRV:64bit: - [2012/03/01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011/03/11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011/03/11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010/11/20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010/11/20 10:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010/08/25 18:36:04 | 010,611,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\igdkmd64.sys -- (igfx) DRV:64bit: - [2010/04/13 17:44:22 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010/03/04 15:43:00 | 000,346,144 | ---- | M] (Realtek ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Rt64win7.sys -- (RTL8167) DRV:64bit: - [2010/02/26 10:32:12 | 000,158,976 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010/02/03 00:38:30 | 000,271,872 | ---- | M] (Intel(R) Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\IntcDAud.sys -- (IntcDAud) DRV:64bit: - [2010/01/18 13:37:56 | 000,128,512 | ---- | M] (ELAN Microelectronic Corp.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ETD.sys -- (ETD) DRV:64bit: - [2010/01/13 01:37:18 | 007,675,392 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2009/12/05 02:50:22 | 000,087,888 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\EUCR6SK.sys -- (EUCR) DRV:64bit: - [2009/11/18 15:12:00 | 000,032,344 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\MBfilt64.sys -- (MBfilt) DRV:64bit: - [2009/09/17 06:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009/07/14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009/07/14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009/07/14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009/06/10 22:01:14 | 001,227,776 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\SmSerl64.sys -- (smserial) DRV:64bit: - [2009/06/10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009/06/10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009/06/10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009/06/10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009/05/26 22:32:04 | 000,019,968 | ---- | M] (ArcSoft, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\ArcSoftKsUFilter.sys -- (ArcSoftKsUFilter) DRV - [2009/07/14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [1999/10/13 07:19:20 | 000,012,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\USBSCAN.SYS -- (usbscan) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {380034B8-F238-4333-838A-E5EB888D7533} IE:64bit: - HKLM\..\SearchScopes\{380034B8-F238-4333-838A-E5EB888D7533}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {afdbddaa-5d3f-42ee-b79c-185a7020515b} IE - HKLM\..\SearchScopes\{A5E7E3BF-B635-4287-B993-8A2C67E952C1}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MSITDF&pc=MAMI&src=IE-SearchBox IE - HKLM\..\SearchScopes\{afdbddaa-5d3f-42ee-b79c-185a7020515b}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2475029 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B5 EF 73 49 03 43 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {006ee092-9658-4fd6-bd8e-a21a348e59f5} IE - HKCU\..\SearchScopes\{006ee092-9658-4fd6-bd8e-a21a348e59f5}: "URL" = hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q={searchTerms} IE - HKCU\..\SearchScopes\{AC129BF9-68BF-4bc4-A1DC-ECB62712FF99}: "URL" = hxxp://search.kikin.com/search/?q={searchTerms} IE - HKCU\..\SearchScopes\{CC831CAF-00EE-4109-BEEA-2593CC49DCD8}: "URL" = hxxp://search.conduit.com/ResultsExt.aspx?q={searchTerms}&SearchSource=4&ctid=CT2625848 IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb165/?search={searchTerms}&loc=IB_DS&a=6R8w92edoG&i=26 IE - HKCU\..\SearchScopes\{D88FF337-8AF0-47F3-BD11-B36AFE66BC1C}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=ORJ&o=&src=kw&q={searchTerms}&locale=&apn_ptnrs=U3&apn_dtid=OSJ000YYDE&apn_uid=017A45B1-70F8-426D-B6A5-CDA740A8E25D&apn_sauid=396BD4B1-C133-4303-A974-27C8FA1D8EC9 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.defaultenginename: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Ask.com" FF - prefs.js..browser.startup.homepage: "about:home" FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA}:6.0.35 FF - prefs.js..extensions.enabledAddons: {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}:6.0.37 FF - prefs.js..extensions.enabledAddons: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:4.2.1.9 FF - prefs.js..extensions.enabledItems: helperbar@helperbar.com:1.0 FF - prefs.js..extensions.enabledItems: {23fcfd51-4958-4f00-80a3-ae97e717ed8b}:2.1.1.94 FF - prefs.js..extensions.enabledItems: {6904342A-8307-11DF-A508-4AE2DFD72085}:2.1.1.94 FF - prefs.js..keyword.URL: "hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\system32\Macromed\Flash\NPSWF64_11_5_502_135.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_135.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@logitech.com/HarmonyRemote,version=1.0.0: C:\Program Files (x86)\Logitech\Harmony Remote Driver\NprtHarmonyPlugin.dll File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.0.60531.0\npctrl.dll File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012/12/26 15:23:18 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012/06/16 06:51:19 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 5.0\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012/12/26 15:23:16 | 000,000,000 | ---D | M] [2011/04/07 19:57:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2012/12/26 14:38:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkqkoh5v.default\extensions [2012/12/26 14:38:50 | 000,000,000 | ---D | M] (Bitdefender QuickScan) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\fkqkoh5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2012/01/14 09:04:32 | 002,203,212 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\extensions\glowyblue-ff3-30@glowplug.bitasylum.net.xpi [2012/12/12 08:05:14 | 000,036,098 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\extensions\{ACAA314B-EEBA-48e4-AD47-84E31C44796C}.xpi [2012/12/15 09:21:16 | 000,002,403 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\askcom.xml [2012/06/16 06:52:23 | 000,002,203 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\MyStart Search.xml [2012/10/03 16:56:21 | 000,002,385 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\fkqkoh5v.default\searchplugins\Web Search.xml [2012/11/29 16:15:06 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2012/09/01 04:39:16 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2012/11/29 16:15:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA} [2012/03/09 20:20:33 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/03/05 19:39:23 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/03/05 19:39:22 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/03/05 19:39:22 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/03/05 19:39:22 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml ========== Chrome ========== O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (no name) - {1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - No CLSID value found. O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Search Helper\SearchHelper.dll File not found O2 - BHO: (Windows Live Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found O3:64bit: - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files (x86)\Windows Live\Toolbar\wltcore.dll File not found O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - No CLSID value found. O4:64bit: - HKLM..\Run: [ETDWare] C:\Program Files\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4:64bit: - HKLM..\Run: [THXCfg64] C:\windows\SysNative\THXCfg64.DLL (Creative Technology Ltd.) O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [DivXMediaServer] C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe () O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [MGSysCtrl] C:\Program Files (x86)\System Control Manager\MGSysCtrl.exe (Micro-Star International Co., Ltd.) O4 - HKLM..\Run: [THX Audio Control Panel] C:\Program Files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe (Creative Technology Ltd) O4 - HKLM..\Run: [UpdReg] C:\Windows\Updreg.EXE (Creative Technology Ltd.) O4 - HKCU..\Run: [EPSON SX130 Series] C:\windows\system32\spool\DRIVERS\x64\3\E_IATIHJE.EXE /FU "C:\windows\TEMP\E_S9D67.tmp" /EF "HKCU" File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\windows\system32\GPhotos.scr/200 File not found O8:64bit: - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8:64bit: - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\windows\SysWow64\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Free YouTube Download - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm () O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm () O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{2D15FE74-8863-40C7-813D-A2571063F8F2}: DhcpNameServer = 192.168.0.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B772ABA1-532A-45F9-8F2E-7CC27989F827}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL File not found O20:64bit: - AppInit_DLLs: (C:\windows\system32\nvinitx.dll) - C:\Windows\SysNative\nvinitx.dll (NVIDIA Corporation) O20 - AppInit_DLLs: (C:\windows\SysWOW64\nvinit.dll) - C:\Windows\SysWOW64\nvinit.dll (NVIDIA Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\windows\SysNative\igfxdev.dll (Intel Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2012/12/26 15:26:14 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/12/26 15:10:23 | 000,016,200 | ---- | C] (McAfee, Inc.) -- C:\windows\stinger.sys [2012/12/26 15:09:15 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\stinger [2012/12/26 15:08:51 | 010,560,184 | ---- | C] (McAfee Inc.) -- C:\Users\***\Desktop\stinger.exe [2012/12/26 14:56:40 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\backups [2012/12/26 14:52:15 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2012/12/26 14:38:56 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\QuickScan [2012/12/26 14:32:16 | 000,000,000 | ---D | C] -- C:\783e0b3541d7555f36 [2012/12/26 14:07:00 | 000,000,000 | ---D | C] -- C:\b8468f5195f3d8a1b1 [2012/12/26 08:33:54 | 029,304,496 | ---- | C] (Skype Technologies S.A.) -- C:\Users\***\Documents\Skype126SetupFull.exe [2012/12/15 20:30:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2012/12/15 20:30:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2012/11/29 16:15:48 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Java [2012/11/29 16:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Ask [2012/11/29 09:09:06 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\DATEN [2012/11/29 09:08:54 | 000,225,280 | ---- | C] (SC-Soft Stuttgart) -- C:\Users\***\Desktop\Systole.exe ========== Files - Modified Within 30 Days ========== [2012/12/26 15:27:43 | 000,000,000 | ---- | M] () -- C:\Users\***\defogger_reenable [2012/12/26 15:26:14 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2012/12/26 15:26:08 | 000,050,477 | ---- | M] () -- C:\Users\***\Desktop\Defogger.exe [2012/12/26 15:19:58 | 000,000,038 | RH-- | M] () -- C:\Users\***\Desktop\stinger.opt [2012/12/26 15:15:05 | 000,000,884 | ---- | M] () -- C:\windows\tasks\Adobe Flash Player Updater.job [2012/12/26 15:10:23 | 000,016,200 | ---- | M] (McAfee, Inc.) -- C:\windows\stinger.sys [2012/12/26 15:08:55 | 010,560,184 | ---- | M] (McAfee Inc.) -- C:\Users\***\Desktop\stinger.exe [2012/12/26 15:02:19 | 000,009,812 | ---- | M] () -- C:\Users\***\Desktop\hijackthis2 [2012/12/26 14:56:54 | 000,009,787 | ---- | M] () -- C:\Users\***\Desktop\hijackthis1 [2012/12/26 14:52:17 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Users\***\Desktop\HiJackThis204.exe [2012/12/26 14:27:07 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2012/12/26 14:27:05 | 000,017,376 | -H-- | M] () -- C:\windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2012/12/26 14:18:43 | 000,067,584 | --S- | M] () -- C:\windows\bootstat.dat [2012/12/26 14:18:37 | 3055,681,536 | -HS- | M] () -- C:\hiberfil.sys [2012/12/26 13:19:07 | 105,661,272 | ---- | M] () -- C:\Users\***\Desktop\avira_free_antivirus_2890de.exe [2012/12/26 08:34:00 | 029,304,496 | ---- | M] (Skype Technologies S.A.) -- C:\Users\***\Documents\Skype126SetupFull.exe [2012/12/24 10:36:20 | 004,026,316 | ---- | M] () -- C:\windows\SysNative\PerfStringBackup.INI [2012/12/24 10:36:20 | 000,699,570 | ---- | M] () -- C:\windows\SysNative\perfh00C.dat [2012/12/24 10:36:20 | 000,698,594 | ---- | M] () -- C:\windows\SysNative\perfh00A.dat [2012/12/24 10:36:20 | 000,694,248 | ---- | M] () -- C:\windows\SysNative\perfh010.dat [2012/12/24 10:36:20 | 000,669,636 | ---- | M] () -- C:\windows\SysNative\perfh007.dat [2012/12/24 10:36:20 | 000,621,148 | ---- | M] () -- C:\windows\SysNative\perfh009.dat [2012/12/24 10:36:20 | 000,141,752 | ---- | M] () -- C:\windows\SysNative\perfc00A.dat [2012/12/24 10:36:20 | 000,135,162 | ---- | M] () -- C:\windows\SysNative\perfc007.dat [2012/12/24 10:36:20 | 000,134,830 | ---- | M] () -- C:\windows\SysNative\perfc00C.dat [2012/12/24 10:36:20 | 000,131,834 | ---- | M] () -- C:\windows\SysNative\perfc010.dat [2012/12/24 10:36:20 | 000,111,078 | ---- | M] () -- C:\windows\SysNative\perfc009.dat [2012/12/23 08:01:20 | 000,272,576 | ---- | M] () -- C:\windows\SysNative\FNTCACHE.DAT [2012/12/15 20:30:14 | 000,002,507 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2012/12/09 19:44:46 | 000,000,017 | ---- | M] () -- C:\windows\SysWow64\shortcut_ex.dat [2012/11/28 16:37:59 | 000,252,459 | ---- | M] () -- C:\Users\***\Documents\telekomrechnung Nov 12.eml [2012/11/28 16:37:57 | 000,001,942 | ---- | M] () -- C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml ========== Files Created - No Company Name ========== [2012/12/26 15:27:43 | 000,000,000 | ---- | C] () -- C:\Users\***\defogger_reenable [2012/12/26 15:26:07 | 000,050,477 | ---- | C] () -- C:\Users\***\Desktop\Defogger.exe [2012/12/26 15:19:58 | 000,000,038 | RH-- | C] () -- C:\Users\***\Desktop\stinger.opt [2012/12/26 15:02:19 | 000,009,812 | ---- | C] () -- C:\Users\***\Desktop\hijackthis2 [2012/12/26 14:56:54 | 000,009,787 | ---- | C] () -- C:\Users\***\Desktop\hijackthis1 [2012/12/26 12:08:10 | 105,661,272 | ---- | C] () -- C:\Users\***\Desktop\avira_free_antivirus_2890de.exe [2012/12/15 20:30:14 | 000,002,507 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2012/12/09 19:44:46 | 000,000,017 | ---- | C] () -- C:\windows\SysWow64\shortcut_ex.dat [2012/11/28 16:37:56 | 000,252,459 | ---- | C] () -- C:\Users\***\Documents\telekomrechnung Nov 12.eml [2012/11/28 16:37:56 | 000,001,942 | ---- | C] () -- C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml [2012/06/14 14:31:19 | 000,007,441 | ---- | C] () -- C:\Users\***\AppData\Local\recently-used.xbel [2012/03/31 11:33:20 | 000,003,584 | ---- | C] () -- C:\Users\***\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012/01/28 15:54:58 | 000,155,648 | ---- | C] () -- C:\windows\SysWow64\daspi32u.dll [2012/01/28 15:54:58 | 000,143,360 | ---- | C] () -- C:\windows\SysWow64\PF1800LC.Dll [2012/01/28 15:54:58 | 000,106,496 | ---- | C] () -- C:\windows\SysWow64\IO_PORT.DLL [2012/01/28 15:54:58 | 000,102,400 | ---- | C] () -- C:\windows\SysWow64\FVC.DLL [2012/01/28 15:54:58 | 000,049,152 | ---- | C] () -- C:\windows\SysWow64\PWiaExt.dll [2012/01/28 15:54:58 | 000,032,768 | ---- | C] () -- C:\windows\SysWow64\SQ1394.DLL [2012/01/28 15:54:58 | 000,010,624 | ---- | C] () -- C:\windows\SysWow64\GENEUSB.SYS [2012/01/28 15:54:58 | 000,010,624 | ---- | C] () -- C:\windows\SysWow64\drivers\GENEUSB.SYS [2012/01/28 15:54:57 | 000,000,234 | ---- | C] () -- C:\windows\Scanner.ini [2011/10/23 17:43:54 | 004,020,924 | ---- | C] () -- C:\windows\SysWow64\PerfStringBackup.INI [2011/10/14 19:41:28 | 000,000,288 | ---- | C] () -- C:\Users\***\AppData\Roaming\.backup.dm [2011/07/30 13:55:27 | 000,002,828 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011/07/30 13:55:27 | 000,000,088 | RHS- | C] () -- C:\ProgramData\5515461936.sys [2011/07/19 19:57:28 | 000,001,480 | ---- | C] () -- C:\Users\***\AppData\Local\RecConfig.xml [2011/05/14 15:51:31 | 000,000,235 | ---- | C] () -- C:\Users\***\AppData\Roaming\devices.xml [2011/05/14 15:51:31 | 000,000,012 | ---- | C] () -- C:\Users\***\AppData\Roaming\settings.xml ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2011/05/04 18:45:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ashampoo [2012/03/24 10:45:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Audacity [2011/11/28 20:17:29 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\de.myphotobook.creator.001F9DF2D0BAABEB11F42CCEE43224607B61109C.1 [2011/12/22 15:19:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\dp3d [2012/09/16 17:17:15 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoft [2012/09/16 16:29:47 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\DVDVideoSoftIEHelpers [2011/07/29 21:02:14 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Engelmann Media [2011/10/29 20:06:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Epson [2012/03/25 16:34:34 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\OpenOffice.org [2011/05/14 15:47:19 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Ordner HP Share-to-Web [2012/01/28 16:01:43 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PIE [2012/03/17 20:28:28 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\PrintCreations [2012/12/26 14:38:59 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\QuickScan [2011/04/26 15:07:42 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\Simfy [2012/08/05 14:41:39 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\SoftGrid Client [2011/10/29 08:29:44 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TeamViewer [2011/10/23 17:44:50 | 000,000,000 | ---D | M] -- C:\Users\***\AppData\Roaming\TP ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 857 bytes -> C:\Users\***\Documents\tw7KRCjnEr4U DHL.eml:OECustomProperty @Alternate Data Stream - 1141 bytes -> C:\Users\***\Documents\telekomrechnung Nov 12.eml:OECustomProperty < End of report > Extras.exe: OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 12/26/2012 3:28:57 PM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop
64bit- Home Premium Edition (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 8.0.7600.16385)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3.79 Gb Total Physical Memory | 1.67 Gb Available Physical Memory | 44.00% Memory free
7.59 Gb Paging File | 5.37 Gb Available in Paging File | 70.78% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 172.79 Gb Total Space | 124.41 Gb Free Space | 72.00% Space Free | Partition Type: NTFS
Drive D: | 113.20 Gb Total Space | 113.11 Gb Free Space | 99.92% Space Free | Partition Type: NTFS
Computer Name: ***-MSI | User Name: *** | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files (x86)\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0064CD3E-B2B4-43A3-B74B-39A7FD2CFF73}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{0B6AA3D3-AE79-4DBF-9486-CB30A503D9CB}" = lport=137 | protocol=17 | dir=in | app=system |
"{0D4D6273-48BA-4D88-AEF4-FCBEE1D32E0F}" = lport=10243 | protocol=6 | dir=in | app=system |
"{10BD7699-003E-4DB4-902A-4DF30380A2F5}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{11D430CA-F8FE-4CD1-B258-E16D75AAF975}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{24FAC532-B9F4-49BB-975C-E548A0B302C5}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{24FBD992-1B91-4A7B-80CA-EA3209A1D54D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{47E659A9-7888-43B4-A7A4-E6BF484BA0B9}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{483D378B-203B-4F72-8A8B-45930E08F2A8}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{59AD3907-36C9-481C-BE23-312F35116ABC}" = lport=445 | protocol=6 | dir=in | app=system |
"{5D0F7A77-1B74-4F21-99F1-17E3F4DEEE37}" = rport=139 | protocol=6 | dir=out | app=system |
"{62D7EE38-EA9E-4968-B427-3CB3987B0E6F}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{63FCFB03-B951-4FC3-BC91-2C7D26B98867}" = lport=2869 | protocol=6 | dir=in | app=system |
"{6E59E708-7391-4EE4-BF06-CEBDA9569E62}" = rport=445 | protocol=6 | dir=out | app=system |
"{7991D8DC-B3D3-4967-8047-48B90F5BA100}" = rport=10243 | protocol=6 | dir=out | app=system |
"{8C43CE20-774C-497D-AD02-6FE0160C5A7A}" = lport=2869 | protocol=6 | dir=in | app=system |
"{924733FE-4A91-4F54-BB71-1E62057BB747}" = rport=138 | protocol=17 | dir=out | app=system |
"{A1135D0A-62CE-4307-95D9-8212D95F797C}" = lport=139 | protocol=6 | dir=in | app=system |
"{A9A2127E-73AD-4A34-ADEA-D375613854C3}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{DE4FF665-62B9-4EFB-84CE-82492DFD1A71}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{E2A14242-D391-4422-AB7C-06232E492D8A}" = rport=137 | protocol=17 | dir=out | app=system |
"{EFF2D896-0C67-47C9-86DA-617F1774136B}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{F7B631D6-8BD7-42C9-B32B-65939D37D933}" = lport=138 | protocol=17 | dir=in | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{12F239C9-921F-463D-BDCE-8789067F5EC8}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{277BB23E-ACC7-44D6-8A1A-707951EF885F}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{2FB9CA31-3652-4BD6-AFBC-862DBD84A701}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{3D74E3A7-E561-4D21-A707-D134B2605F21}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{4212B709-FAB2-4D0B-AB7C-27A7B8658A72}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{589E34E2-42F4-403A-9306-FF27CBA51DD8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{5C71BBE2-50B9-4D8A-9E64-13410C30019D}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{6D91941B-3B0B-49CD-A99A-5A1E33D8229F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{74BB3EEE-A32A-45EC-B03E-04D85521FA55}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{752FA36D-8D7A-4FDB-B07D-2C823282FFF4}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{99602368-BA70-4909-A170-CD5F1855A2F6}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{9DC296F2-DB15-4AD6-9074-14AC361A679F}" = protocol=6 | dir=out | app=system |
"{AA508B36-8F65-4C8D-84B1-04FB60C9C8E9}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B3C4D85D-C8E6-4863-A250-AA382664A20F}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{C4DA8010-CE01-4A57-B7EF-7828A0AF7C11}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{CD70671A-07D3-4ED6-A696-C85C276846B3}" = protocol=6 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{D4795359-97A3-439A-9FE7-98AE70307C04}" = protocol=17 | dir=in | app=c:\users\***\downloads\phone\skype.exe |
"{DB9C5BA7-821E-4818-B69D-A9FA26816970}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{DC66107E-65A6-4C2E-BFF8-15B76CA641D0}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{DD23D6E7-8C4B-4C66-BEB9-75E27033A29E}" = protocol=17 | dir=in | app=c:\program files (x86)\nvidia corporation\nvidia updatus\daemonu.exe |
"{E16B00AD-0A95-4B9E-94E5-2EE1533CEB03}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{EE70D7CD-9357-4679-B1F1-98AE8298CF3C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{EEC3BCED-7033-443D-80DD-69C33CA78AD9}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{F083592C-5897-4C14-89F6-CD58E66BA16A}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{F5A96CC5-7EE7-4A8F-8171-BBB933AA1320}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{F8AEF11F-1C94-423F-8032-658BBB965C8D}" = protocol=6 | dir=in | app=c:\users\***\downloads\phone\skype.exe |
"TCP Query User{BA3B41E2-BFEA-4D69-9342-612B886CB718}C:\users\***\downloads\phone\skype.exe" = protocol=6 | dir=in | app=c:\users\***\downloads\phone\skype.exe |
"UDP Query User{E1068DEC-003B-46C0-87A9-F1F394979C56}C:\users\***\downloads\phone\skype.exe" = protocol=17 | dir=in | app=c:\users\***\downloads\phone\skype.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{B90E5EBE-DF18-44D5-9D18-689ADEE9DA6C}" = Intel(R) PROSet/Wireless WiFi-Software
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"7F973C87231D745EBF31E772CC38BB9B185D3819" = Windows Driver Package - ENE (EUCR) USB (12/04/2009 5.89.0.64)
"Elantech" = ETDWare PS/2-x64 7.0.5.10_WHQL
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"NVIDIA Drivers" = NVIDIA Drivers
"ProInst" = Intel PROSet Wireless
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007B37D9-0C45-4202-834B-DD5FAAE99D63}" = ArcSoft Print Creations - Slimline Card
"{01A1A019-E1D8-482A-BE17-5E118D17C0A0}" = ArcSoft Print Creations - Brochures & Flyers
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B0E143-2B0B-435B-9F56-136A3D16065F}" = No23 Recorder
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{24762012-C6C8-4AAD-A02D-71A009FA1683}" = Adobe Flash Player 10 ActiveX
"{25478065-4CB1-448C-80E4-8C4529017EE3}" = ArcSoft WebCam Companion 3
"{2892E1B7-E24D-4CCB-B8A7-B63D4B66F89F}" = BurnRecovery
"{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{3CE47E6B-AE27-4E40-AC54-329EED96B933}" = ArcSoft Print Creations - Funhouse II
"{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology
"{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker
"{41E654A9-26D0-4EAC-854B-0FA824FFFABB}" = Windows Live Messenger
"{4FA6CB9A-2972-4AAF-A36E-3C40FCC22395}" = THX TruStudio Pro
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{56589DFE-0C29-4DFE-8E42-887B771ECD23}" = ArcSoft Print Creations - Photo Book
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{5D1C82E7-7EC0-4404-A8AD-36C3B444BC34}" = ArcSoft Print Creations - Poster Creator
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{5FC68772-6D56-41C6-9DF1-24E868198AE6}" = Windows Live Call
"{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}" = Logitech Harmony Remote Software
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{70B7A167-0B88-445D-A3EA-97C73AA88CAC}" = Windows Live Toolbar
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8833FFB6-5B0C-4764-81AA-06DFEED9A476}" = Realtek Ethernet Controller Driver For Windows 7
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E90189A-A5D4-4C0E-A908-06C4236F98EE}" = ArcSoft Magic-i Visual Effects 2
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{9591C049-5CAE-4E89-A8D9-191F1899628B}" = ArcSoft Print Creations - Funhouse
"{95F875CC-1B85-43E6-B3E0-13EA04F3D995}" = ArcSoft Print Creations - Photo Prints
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9C9CEB9D-53FD-49A7-85D2-FE674F72F24E}" = Microsoft Search Enhancement Pack
"{A3324BBB-3A83-40CE-AA8C-759D849B7EA1}" = ArcSoft Print Creations
"{A840FFFB-3A80-4C24-AB34-BE9F56BEB4CE}" = msi Software Install
"{AC76BA86-7AD7-1031-7B44-A91000000001}" = Adobe Reader 9.1 - Deutsch
"{AFF7E080-1974-45BF-9310-10DE1A1F5ED0}" = Adobe AIR
"{B0D83FCD-9D42-43ED-8315-250326AADA02}" = ArcSoft Print Creations - Scrapbook
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C9F0B814-4CBE-4DE2-83B2-C0D770CF9CA6}" = ArcSoft MediaImpression
"{CA9ED5E4-1548-485B-A293-417840060158}" = ArcSoft Print Creations - Photo Calendar
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E6B4117F-AC59-4B13-9274-EB136E8897EE}" = ArcSoft Print Creations - Album Page
"{ED9C5D25-55DF-48D8-9328-2AC0D75DE5D8}" = System Control Manager
"{F04F9557-81A9-4293-BC49-2C216FA325A7}" = ArcSoft Print Creations - Greeting Card
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F68427C2-8322-8ACC-99B8-55615C2FB450}" = simfy
"{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Ashampoo Burning Studio 6 FREE_is1" = Ashampoo Burning Studio 6 FREE v.6.80
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"DivX Setup" = DivX-Setup
"Mozilla Firefox 5.0 (x86 de)" = Mozilla Firefox 5.0 (x86 de)
"NVIDIA.Updatus" = NVIDIA Updatus
"Picasa 3" = Picasa 3
"Simfy" = simfy
"VLC media player" = VLC media player 1.1.8
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR Archivierer
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 12/23/2012 3:06:12 AM | Computer Name = ***-msi | Source = Microsoft-Windows-LoadPerf | ID = 3001
Description = Die Namenszeichenfolgenwert für den Leistungsindikator in der Registrierung
ist falsch formatiert. Die falsch formatierte Zeichenfolge ist "8210". Das erste
DWORD im Datenbereich enthält den Indexwert für die falsch formatierte Zeichenfolge,
während das zweite und dritte DWORD im Datenbereich die letzten gültigen Indexwerte
enthalten.
Error - 12/24/2012 2:54:36 AM | Computer Name = ***-msi | Source = Customer Experience Improvement Program | ID = 1006
Description =
Error - 12/24/2012 3:51:56 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
Error - 12/24/2012 3:52:13 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
Error - 12/24/2012 3:52:15 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
Error - 12/24/2012 3:52:22 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
Error - 12/24/2012 3:52:31 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
Error - 12/24/2012 3:52:39 AM | Computer Name = ***-msi | Source = MsiInstaller | ID = 1014
Description =
[ System Events ]
Error - 12/26/2012 9:27:51 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80004005 fehlgeschlagen: Update für Windows 7 für x64-Systeme (KB2761217)
Error - 12/26/2012 9:28:21 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656351)
Error - 12/26/2012 9:28:37 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2604121)
Error - 12/26/2012 9:28:48 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Windows Internet Explorer 9 für Windows 7 für
x64-basierte Systeme
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2686827)
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80004005 fehlgeschlagen: Sicherheitsupdate für Windows 7 für x64-basierte
Systeme (KB2667402)
Error - 12/26/2012 9:29:13 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80004005 fehlgeschlagen: Update für Windows 7 für x64-basierte Systeme
(KB2603229)
Error - 12/26/2012 9:29:39 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Update für Microsoft .NET Framework 4 unter Windows
XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server 2008, Windows
Server 2008 R2 für x64-basierte Systeme (KB2468871)
Error - 12/26/2012 9:31:33 AM | Computer Name = ***-msi | Source = Microsoft-Windows-WindowsUpdateClient | ID = 20
Description = Installationsfehler: Die Installation des folgenden Updates ist mit
Fehler 0x80070643 fehlgeschlagen: Sicherheitsupdate für Microsoft .NET Framework
4 unter Windows XP, Windows Server 2003, Windows Vista, Windows 7, Windows Server
2008, Windows Server 2008 R2 für x64-basierte Systeme (KB2656368)
Error - 12/26/2012 10:10:26 AM | Computer Name = ***-msi | Source = Service Control Manager | ID = 7034
Description = Dienst "Intel(R) Rapid Storage Technology" wurde unerwartet beendet.
Dies ist bereits 1 Mal passiert.
< End of report >
Geändert von maxzZ (26.12.2012 um 16:17 Uhr) |
|
27.12.2012, 13:33
| #2 |
| /// Malware-holic   | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi,
__________________hatt der stinger, oder eines der anderen Programme was gefunden? bitte unter Win7 bzw Vista kein HijackThis nutzen. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ |
|
27.12.2012, 15:48
| #3 |
| | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi,
__________________der stinger hatte nichts gefunden. Beim posten hat gerade der Akku versagt, obwohl er noch 60% Ladung hatte. Habe das Notebook jetzt nur am Strom --> Keine Update.exe, keine 99% CPU Auslastung. Gibts sowas? tdss killer hat anscheinend was gefunden. Code:
ATTFilter 15:43:36.0655 5772 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
15:43:36.0951 5772 ============================================================
15:43:36.0951 5772 Current date / time: 2012/12/27 15:43:36.0951
15:43:36.0951 5772 SystemInfo:
15:43:36.0951 5772
15:43:36.0951 5772 OS Version: 6.1.7601 ServicePack: 0.0
15:43:36.0951 5772 Product type: Workstation
15:43:36.0951 5772 ComputerName: DAUM-MSI
15:43:36.0951 5772 UserName: daum
15:43:36.0951 5772 Windows directory: C:\windows
15:43:36.0951 5772 System windows directory: C:\windows
15:43:36.0951 5772 Running under WOW64
15:43:36.0951 5772 Processor architecture: Intel x64
15:43:36.0951 5772 Number of processors: 4
15:43:36.0951 5772 Page size: 0x1000
15:43:36.0951 5772 Boot type: Normal boot
15:43:36.0951 5772 ============================================================
15:43:37.0762 5772 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
15:43:37.0778 5772 ============================================================
15:43:37.0778 5772 \Device\Harddisk0\DR0:
15:43:37.0794 5772 MBR partitions:
15:43:37.0794 5772 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1832800, BlocksNum 0x15997000
15:43:37.0794 5772 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x171C9800, BlocksNum 0xE264800
15:43:37.0794 5772 ============================================================
15:43:37.0981 5772 C: <-> \Device\Harddisk0\DR0\Partition1
15:43:38.0106 5772 D: <-> \Device\Harddisk0\DR0\Partition2
15:43:38.0106 5772 ============================================================
15:43:38.0106 5772 Initialize success
15:43:38.0106 5772 ============================================================
15:44:07.0434 4444 ============================================================
15:44:07.0434 4444 Scan started
15:44:07.0434 4444 Mode: Manual; SigCheck; TDLFS;
15:44:07.0434 4444 ============================================================
15:44:15.0858 4444 ================ Scan system memory ========================
15:44:15.0858 4444 System memory - ok
15:44:15.0858 4444 ================ Scan services =============================
15:44:16.0170 4444 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\windows\system32\DRIVERS\1394ohci.sys
15:44:16.0326 4444 1394ohci - ok
15:44:16.0887 4444 [ ADC420616C501B45D26C0FD3EF1E54E4 ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
15:44:17.0106 4444 ACDaemon - ok
15:44:17.0168 4444 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\windows\system32\DRIVERS\ACPI.sys
15:44:17.0199 4444 ACPI - ok
15:44:17.0293 4444 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\windows\system32\DRIVERS\acpipmi.sys
15:44:17.0558 4444 AcpiPmi - ok
15:44:17.0854 4444 [ 95CE557D16A75606CCC2D7F3B0B0BCCB ] AdobeFlashPlayerUpdateSvc C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
15:44:17.0901 4444 AdobeFlashPlayerUpdateSvc - ok
15:44:18.0026 4444 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\windows\system32\DRIVERS\adp94xx.sys
15:44:18.0276 4444 adp94xx - ok
15:44:18.0666 4444 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\windows\system32\DRIVERS\adpahci.sys
15:44:18.0697 4444 adpahci - ok
15:44:18.0697 4444 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\windows\system32\DRIVERS\adpu320.sys
15:44:18.0759 4444 adpu320 - ok
15:44:18.0837 4444 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\windows\System32\aelupsvc.dll
15:44:18.0978 4444 AeLookupSvc - ok
15:44:19.0087 4444 [ 6CCD1135320109D6B219F1A6E04AD9F6 ] Afc C:\windows\syswow64\drivers\Afc.sys
15:44:19.0102 4444 Afc - ok
15:44:19.0227 4444 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\windows\system32\drivers\afd.sys
15:44:19.0336 4444 AFD - ok
15:44:19.0368 4444 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\windows\system32\DRIVERS\agp440.sys
15:44:19.0399 4444 agp440 - ok
15:44:19.0430 4444 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\windows\System32\alg.exe
15:44:19.0508 4444 ALG - ok
15:44:19.0586 4444 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\windows\system32\DRIVERS\aliide.sys
15:44:19.0617 4444 aliide - ok
15:44:19.0648 4444 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\windows\system32\DRIVERS\amdide.sys
15:44:19.0648 4444 amdide - ok
15:44:19.0711 4444 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\windows\system32\DRIVERS\amdk8.sys
15:44:19.0758 4444 AmdK8 - ok
15:44:19.0758 4444 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\windows\system32\DRIVERS\amdppm.sys
15:44:19.0804 4444 AmdPPM - ok
15:44:19.0867 4444 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\windows\system32\drivers\amdsata.sys
15:44:19.0882 4444 amdsata - ok
15:44:19.0898 4444 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\windows\system32\DRIVERS\amdsbs.sys
15:44:19.0914 4444 amdsbs - ok
15:44:19.0945 4444 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\windows\system32\drivers\amdxata.sys
15:44:19.0960 4444 amdxata - ok
15:44:21.0786 4444 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
15:44:21.0832 4444 AntiVirSchedulerService - ok
15:44:21.0879 4444 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
15:44:21.0895 4444 AntiVirService - ok
15:44:22.0347 4444 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\windows\system32\drivers\appid.sys
15:44:23.0923 4444 AppID - ok
15:44:23.0954 4444 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\windows\System32\appidsvc.dll
15:44:24.0126 4444 AppIDSvc - ok
15:44:24.0344 4444 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\windows\System32\appinfo.dll
15:44:24.0640 4444 Appinfo - ok
15:44:24.0687 4444 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\windows\system32\DRIVERS\arc.sys
15:44:24.0718 4444 arc - ok
15:44:24.0750 4444 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\windows\system32\DRIVERS\arcsas.sys
15:44:24.0796 4444 arcsas - ok
15:44:24.0874 4444 [ C130BC4A51B1382B2BE8E44579EC4C0A ] ArcSoftKsUFilter C:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys
15:44:24.0906 4444 ArcSoftKsUFilter - ok
15:44:24.0921 4444 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\windows\system32\DRIVERS\asyncmac.sys
15:44:25.0030 4444 AsyncMac - ok
15:44:25.0077 4444 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\windows\system32\DRIVERS\atapi.sys
15:44:25.0093 4444 atapi - ok
15:44:25.0155 4444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\windows\System32\Audiosrv.dll
15:44:25.0280 4444 AudioEndpointBuilder - ok
15:44:25.0296 4444 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\windows\System32\Audiosrv.dll
15:44:25.0452 4444 AudioSrv - ok
15:44:25.0483 4444 [ 26E38B5A58C6C55FAFBC563EEDDB0867 ] avgntflt C:\windows\system32\DRIVERS\avgntflt.sys
15:44:25.0514 4444 avgntflt - ok
15:44:25.0561 4444 [ 9D1F00BEFF84CBBF46D7F052BC7E0565 ] avipbb C:\windows\system32\DRIVERS\avipbb.sys
15:44:25.0608 4444 avipbb - ok
15:44:25.0654 4444 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\windows\System32\AxInstSV.dll
15:44:25.0764 4444 AxInstSV - ok
15:44:25.0842 4444 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\windows\system32\DRIVERS\bxvbda.sys
15:44:25.0920 4444 b06bdrv - ok
15:44:26.0200 4444 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\windows\system32\DRIVERS\b57nd60a.sys
15:44:26.0356 4444 b57nd60a - ok
15:44:26.0403 4444 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\windows\System32\bdesvc.dll
15:44:26.0512 4444 BDESVC - ok
15:44:26.0544 4444 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\windows\system32\drivers\Beep.sys
15:44:26.0637 4444 Beep - ok
15:44:26.0715 4444 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\windows\System32\bfe.dll
15:44:26.0809 4444 BFE - ok
15:44:26.0871 4444 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\windows\System32\qmgr.dll
15:44:27.0012 4444 BITS - ok
15:44:27.0043 4444 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\windows\system32\DRIVERS\blbdrive.sys
15:44:27.0121 4444 blbdrive - ok
15:44:27.0230 4444 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\windows\system32\DRIVERS\bowser.sys
15:44:27.0355 4444 bowser - ok
15:44:27.0402 4444 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\windows\system32\DRIVERS\BrFiltLo.sys
15:44:27.0667 4444 BrFiltLo - ok
15:44:27.0714 4444 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\windows\system32\DRIVERS\BrFiltUp.sys
15:44:27.0792 4444 BrFiltUp - ok
15:44:27.0870 4444 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\windows\System32\browser.dll
15:44:28.0228 4444 Browser - ok
15:44:28.0431 4444 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\windows\System32\Drivers\Brserid.sys
15:44:28.0946 4444 Brserid - ok
15:44:28.0977 4444 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\windows\System32\Drivers\BrSerWdm.sys
15:44:29.0055 4444 BrSerWdm - ok
15:44:29.0086 4444 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\windows\System32\Drivers\BrUsbMdm.sys
15:44:29.0180 4444 BrUsbMdm - ok
15:44:29.0196 4444 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\windows\System32\Drivers\BrUsbSer.sys
15:44:29.0445 4444 BrUsbSer - ok
15:44:29.0539 4444 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\windows\system32\DRIVERS\bthmodem.sys
15:44:29.0617 4444 BTHMODEM - ok
15:44:29.0679 4444 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\windows\system32\bthserv.dll
15:44:29.0882 4444 bthserv - ok
15:44:29.0913 4444 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\windows\system32\DRIVERS\cdfs.sys
15:44:30.0085 4444 cdfs - ok
15:44:30.0506 4444 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\windows\system32\DRIVERS\cdrom.sys
15:44:30.0584 4444 cdrom - ok
15:44:30.0662 4444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\windows\System32\certprop.dll
15:44:30.0818 4444 CertPropSvc - ok
15:44:31.0114 4444 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\windows\system32\DRIVERS\circlass.sys
15:44:31.0270 4444 circlass - ok
15:44:31.0458 4444 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\windows\system32\CLFS.sys
15:44:31.0489 4444 CLFS - ok
15:44:31.0567 4444 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
15:44:31.0582 4444 clr_optimization_v2.0.50727_32 - ok
15:44:31.0629 4444 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
15:44:31.0645 4444 clr_optimization_v2.0.50727_64 - ok
15:44:31.0832 4444 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
15:44:31.0848 4444 clr_optimization_v4.0.30319_32 - ok
15:44:31.0894 4444 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
15:44:31.0910 4444 clr_optimization_v4.0.30319_64 - ok
15:44:31.0941 4444 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\windows\system32\DRIVERS\CmBatt.sys
15:44:32.0035 4444 CmBatt - ok
15:44:32.0097 4444 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\windows\system32\DRIVERS\cmdide.sys
15:44:32.0113 4444 cmdide - ok
15:44:32.0316 4444 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\windows\system32\Drivers\cng.sys
15:44:32.0394 4444 CNG - ok
15:44:32.0456 4444 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\windows\system32\DRIVERS\compbatt.sys
15:44:32.0472 4444 Compbatt - ok
15:44:32.0518 4444 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\windows\system32\DRIVERS\CompositeBus.sys
15:44:32.0581 4444 CompositeBus - ok
15:44:32.0612 4444 COMSysApp - ok
15:44:32.0612 4444 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\windows\system32\DRIVERS\crcdisk.sys
15:44:32.0628 4444 crcdisk - ok
15:44:32.0674 4444 [ BAF19B633933A9FB4883D27D66C39E9A ] CryptSvc C:\windows\system32\cryptsvc.dll
15:44:32.0830 4444 CryptSvc - ok
15:44:32.0893 4444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\windows\system32\rpcss.dll
15:44:33.0049 4444 DcomLaunch - ok
15:44:33.0080 4444 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\windows\System32\defragsvc.dll
15:44:33.0205 4444 defragsvc - ok
15:44:33.0236 4444 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\windows\system32\Drivers\dfsc.sys
15:44:33.0454 4444 DfsC - ok
15:44:33.0532 4444 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\windows\system32\dhcpcore.dll
15:44:33.0876 4444 Dhcp - ok
15:44:33.0922 4444 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\windows\system32\drivers\discache.sys
15:44:34.0219 4444 discache - ok
15:44:34.0234 4444 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\windows\system32\DRIVERS\disk.sys
15:44:34.0250 4444 Disk - ok
15:44:34.0312 4444 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\windows\System32\dnsrslvr.dll
15:44:34.0406 4444 Dnscache - ok
15:44:34.0453 4444 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\windows\System32\dot3svc.dll
15:44:34.0562 4444 dot3svc - ok
15:44:34.0640 4444 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\windows\system32\dps.dll
15:44:34.0765 4444 DPS - ok
15:44:34.0827 4444 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\windows\system32\drivers\drmkaud.sys
15:44:34.0874 4444 drmkaud - ok
15:44:34.0999 4444 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\windows\System32\drivers\dxgkrnl.sys
15:44:35.0030 4444 DXGKrnl - ok
15:44:35.0077 4444 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\windows\System32\eapsvc.dll
15:44:35.0170 4444 EapHost - ok
15:44:35.0311 4444 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\windows\system32\DRIVERS\evbda.sys
15:44:35.0545 4444 ebdrv - ok
15:44:35.0576 4444 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\windows\System32\lsass.exe
15:44:35.0654 4444 EFS - ok
15:44:35.0810 4444 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\windows\ehome\ehRecvr.exe
15:44:35.0904 4444 ehRecvr - ok
15:44:35.0950 4444 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\windows\ehome\ehsched.exe
15:44:36.0153 4444 ehSched - ok
15:44:36.0216 4444 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\windows\system32\DRIVERS\elxstor.sys
15:44:36.0262 4444 elxstor - ok
15:44:36.0356 4444 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\windows\system32\DRIVERS\errdev.sys
15:44:36.0668 4444 ErrDev - ok
15:44:36.0715 4444 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\windows\system32\DRIVERS\ETD.sys
15:44:36.0824 4444 ETD - ok
15:44:36.0902 4444 [ 89D11159B361DD1EAC5DD4E9895C04A4 ] EUCR C:\windows\system32\DRIVERS\EUCR6SK.SYS
15:44:36.0918 4444 EUCR - ok
15:44:37.0011 4444 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\windows\system32\es.dll
15:44:37.0448 4444 EventSystem - ok
15:44:37.0900 4444 [ 7C1042CDA4E7151E91F1E66A4D9118B0 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
15:44:37.0994 4444 EvtEng - ok
15:44:38.0056 4444 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\windows\system32\drivers\exfat.sys
15:44:38.0212 4444 exfat - ok
15:44:38.0290 4444 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\windows\system32\drivers\fastfat.sys
15:44:38.0353 4444 fastfat - ok
15:44:38.0415 4444 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\windows\system32\fxssvc.exe
15:44:38.0509 4444 Fax - ok
15:44:38.0540 4444 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\windows\system32\DRIVERS\fdc.sys
15:44:38.0571 4444 fdc - ok
15:44:38.0634 4444 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\windows\system32\fdPHost.dll
15:44:38.0774 4444 fdPHost - ok
15:44:38.0790 4444 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\windows\system32\fdrespub.dll
15:44:38.0899 4444 FDResPub - ok
15:44:38.0930 4444 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\windows\system32\drivers\fileinfo.sys
15:44:38.0946 4444 FileInfo - ok
15:44:38.0961 4444 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\windows\system32\drivers\filetrace.sys
15:44:39.0055 4444 Filetrace - ok
15:44:39.0102 4444 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\windows\system32\DRIVERS\flpydisk.sys
15:44:39.0148 4444 flpydisk - ok
15:44:39.0195 4444 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\windows\system32\drivers\fltmgr.sys
15:44:39.0242 4444 FltMgr - ok
15:44:39.0336 4444 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\windows\system32\FntCache.dll
15:44:39.0414 4444 FontCache - ok
15:44:39.0523 4444 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
15:44:39.0538 4444 FontCache3.0.0.0 - ok
15:44:39.0570 4444 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\windows\system32\drivers\FsDepends.sys
15:44:39.0585 4444 FsDepends - ok
15:44:39.0616 4444 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\windows\system32\drivers\Fs_Rec.sys
15:44:39.0648 4444 Fs_Rec - ok
15:44:39.0694 4444 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\windows\system32\DRIVERS\fvevol.sys
15:44:39.0726 4444 fvevol - ok
15:44:39.0741 4444 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\windows\system32\DRIVERS\gagp30kx.sys
15:44:39.0757 4444 gagp30kx - ok
15:44:39.0835 4444 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\windows\System32\gpsvc.dll
15:44:39.0975 4444 gpsvc - ok
15:44:40.0069 4444 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
15:44:40.0116 4444 gusvc - ok
15:44:40.0131 4444 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\windows\system32\drivers\hcw85cir.sys
15:44:40.0272 4444 hcw85cir - ok
15:44:40.0350 4444 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\windows\system32\drivers\HdAudio.sys
15:44:40.0428 4444 HdAudAddService - ok
15:44:40.0459 4444 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\windows\system32\DRIVERS\HDAudBus.sys
15:44:40.0615 4444 HDAudBus - ok
15:44:40.0677 4444 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\windows\system32\DRIVERS\HECIx64.sys
15:44:40.0708 4444 HECIx64 - ok
15:44:40.0724 4444 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\windows\system32\DRIVERS\HidBatt.sys
15:44:40.0974 4444 HidBatt - ok
15:44:40.0989 4444 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\windows\system32\DRIVERS\hidbth.sys
15:44:41.0052 4444 HidBth - ok
15:44:41.0083 4444 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\windows\system32\DRIVERS\hidir.sys
15:44:41.0114 4444 HidIr - ok
15:44:41.0145 4444 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\windows\system32\hidserv.dll
15:44:41.0254 4444 hidserv - ok
15:44:41.0332 4444 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\windows\system32\DRIVERS\hidusb.sys
15:44:41.0457 4444 HidUsb - ok
15:44:41.0473 4444 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\windows\system32\kmsvc.dll
15:44:41.0582 4444 hkmsvc - ok
15:44:41.0660 4444 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\windows\system32\ListSvc.dll
15:44:41.0769 4444 HomeGroupListener - ok
15:44:41.0816 4444 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\windows\system32\provsvc.dll
15:44:41.0988 4444 HomeGroupProvider - ok
15:44:42.0034 4444 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\windows\system32\DRIVERS\HpSAMD.sys
15:44:42.0066 4444 HpSAMD - ok
15:44:42.0144 4444 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\windows\system32\drivers\HTTP.sys
15:44:42.0424 4444 HTTP - ok
15:44:42.0518 4444 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\windows\system32\drivers\hwpolicy.sys
15:44:42.0534 4444 hwpolicy - ok
15:44:42.0596 4444 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\windows\system32\DRIVERS\i8042prt.sys
15:44:42.0658 4444 i8042prt - ok
15:44:42.0705 4444 [ 1384872112E8E7FD5786ECEB8BDDF4C9 ] iaStor C:\windows\system32\DRIVERS\iaStor.sys
15:44:42.0736 4444 iaStor - ok
15:44:42.0861 4444 [ 6B24D1C3096DE796D15571079EA5E98C ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
15:44:42.0877 4444 IAStorDataMgrSvc - ok
15:44:42.0939 4444 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\windows\system32\drivers\iaStorV.sys
15:44:42.0970 4444 iaStorV - ok
15:44:43.0064 4444 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
15:44:43.0126 4444 idsvc - ok
15:44:43.0610 4444 [ 677AA5991026A65ADA128C4B59CF2BAD ] igfx C:\windows\system32\DRIVERS\igdkmd64.sys
15:44:44.0203 4444 igfx - ok
15:44:44.0250 4444 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\windows\system32\DRIVERS\iirsp.sys
15:44:44.0281 4444 iirsp - ok
15:44:44.0374 4444 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\windows\System32\ikeext.dll
15:44:44.0499 4444 IKEEXT - ok
15:44:44.0530 4444 [ DD587A55390ED2295BCE6D36AD567DA9 ] Impcd C:\windows\system32\DRIVERS\Impcd.sys
15:44:44.0764 4444 Impcd - ok
15:44:44.0905 4444 [ B88E24BD77A0CE2CFFEE2FACF1151BE0 ] IntcAzAudAddService C:\windows\system32\drivers\RTKVHD64.sys
15:44:44.0983 4444 IntcAzAudAddService - ok
15:44:45.0076 4444 [ 58CF58DEE26C909BD6F977B61D246295 ] IntcDAud C:\windows\system32\DRIVERS\IntcDAud.sys
15:44:45.0154 4444 IntcDAud - ok
15:44:45.0170 4444 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\windows\system32\DRIVERS\intelide.sys
15:44:45.0186 4444 intelide - ok
15:44:45.0232 4444 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\windows\system32\DRIVERS\intelppm.sys
15:44:45.0326 4444 intelppm - ok
15:44:45.0373 4444 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\windows\system32\ipbusenum.dll
15:44:45.0482 4444 IPBusEnum - ok
15:44:45.0560 4444 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\windows\system32\DRIVERS\ipfltdrv.sys
15:44:45.0622 4444 IpFilterDriver - ok
15:44:45.0685 4444 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\windows\System32\iphlpsvc.dll
15:44:46.0090 4444 iphlpsvc - ok
15:44:46.0137 4444 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\windows\system32\DRIVERS\IPMIDrv.sys
15:44:46.0340 4444 IPMIDRV - ok
15:44:46.0371 4444 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\windows\system32\drivers\ipnat.sys
15:44:46.0527 4444 IPNAT - ok
15:44:46.0574 4444 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\windows\system32\drivers\irenum.sys
15:44:46.0683 4444 IRENUM - ok
15:44:46.0730 4444 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\windows\system32\DRIVERS\isapnp.sys
15:44:46.0746 4444 isapnp - ok
15:44:46.0777 4444 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\windows\system32\DRIVERS\msiscsi.sys
15:44:46.0808 4444 iScsiPrt - ok
15:44:46.0824 4444 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\windows\system32\DRIVERS\kbdclass.sys
15:44:46.0839 4444 kbdclass - ok
15:44:46.0902 4444 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\windows\system32\DRIVERS\kbdhid.sys
15:44:46.0948 4444 kbdhid - ok
15:44:46.0964 4444 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\windows\system32\lsass.exe
15:44:46.0980 4444 KeyIso - ok
15:44:47.0026 4444 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\windows\system32\Drivers\ksecdd.sys
15:44:47.0042 4444 KSecDD - ok
15:44:47.0089 4444 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\windows\system32\Drivers\ksecpkg.sys
15:44:47.0104 4444 KSecPkg - ok
15:44:47.0136 4444 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\windows\system32\drivers\ksthunk.sys
15:44:47.0245 4444 ksthunk - ok
15:44:47.0323 4444 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\windows\system32\msdtckrm.dll
15:44:47.0510 4444 KtmRm - ok
15:44:47.0557 4444 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\windows\system32\srvsvc.dll
15:44:47.0666 4444 LanmanServer - ok
15:44:47.0728 4444 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\windows\System32\wkssvc.dll
15:44:47.0869 4444 LanmanWorkstation - ok
15:44:47.0916 4444 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\windows\system32\DRIVERS\lltdio.sys
15:44:47.0994 4444 lltdio - ok
15:44:48.0056 4444 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\windows\System32\lltdsvc.dll
15:44:48.0118 4444 lltdsvc - ok
15:44:48.0150 4444 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\windows\System32\lmhsvc.dll
15:44:48.0212 4444 lmhosts - ok
15:44:48.0306 4444 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
15:44:48.0352 4444 LMS - ok
15:44:48.0430 4444 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\windows\system32\DRIVERS\lsi_fc.sys
15:44:48.0446 4444 LSI_FC - ok
15:44:48.0446 4444 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\windows\system32\DRIVERS\lsi_sas.sys
15:44:48.0477 4444 LSI_SAS - ok
15:44:48.0508 4444 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\windows\system32\DRIVERS\lsi_sas2.sys
15:44:48.0524 4444 LSI_SAS2 - ok
15:44:48.0524 4444 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\windows\system32\DRIVERS\lsi_scsi.sys
15:44:48.0540 4444 LSI_SCSI - ok
15:44:48.0571 4444 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\windows\system32\drivers\luafv.sys
15:44:48.0727 4444 luafv - ok
15:44:48.0758 4444 [ 8FF2D95CBA49B405C5DE27039FF0BF35 ] MBfilt C:\windows\system32\drivers\MBfilt64.sys
15:44:48.0774 4444 MBfilt - ok
15:44:48.0805 4444 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\windows\system32\Mcx2Svc.dll
15:44:48.0852 4444 Mcx2Svc - ok
15:44:48.0883 4444 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\windows\system32\DRIVERS\megasas.sys
15:44:48.0898 4444 megasas - ok
15:44:48.0945 4444 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\windows\system32\DRIVERS\MegaSR.sys
15:44:48.0976 4444 MegaSR - ok
15:44:49.0039 4444 MGHwCtrl - ok
15:44:49.0148 4444 [ 71C6748EE8DE938532057EF10B4B7E44 ] Micro Star SCM C:\Program Files (x86)\System Control Manager\MSIService.exe
15:44:49.0273 4444 Micro Star SCM ( UnsignedFile.Multi.Generic ) - warning
15:44:49.0273 4444 Micro Star SCM - detected UnsignedFile.Multi.Generic (1)
15:44:49.0335 4444 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\windows\system32\mmcss.dll
15:44:49.0554 4444 MMCSS - ok
15:44:49.0585 4444 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\windows\system32\drivers\modem.sys
15:44:49.0725 4444 Modem - ok
15:44:49.0756 4444 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\windows\system32\DRIVERS\monitor.sys
15:44:49.0834 4444 monitor - ok
15:44:49.0881 4444 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\windows\system32\DRIVERS\mouclass.sys
15:44:49.0897 4444 mouclass - ok
15:44:49.0912 4444 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\windows\system32\DRIVERS\mouhid.sys
15:44:50.0037 4444 mouhid - ok
15:44:50.0084 4444 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\windows\system32\drivers\mountmgr.sys
15:44:50.0100 4444 mountmgr - ok
15:44:50.0146 4444 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\windows\system32\DRIVERS\mpio.sys
15:44:50.0162 4444 mpio - ok
15:44:50.0209 4444 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\windows\system32\drivers\mpsdrv.sys
15:44:50.0287 4444 mpsdrv - ok
15:44:50.0536 4444 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\windows\system32\mpssvc.dll
15:44:50.0677 4444 MpsSvc - ok
15:44:50.0724 4444 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\windows\system32\drivers\mrxdav.sys
15:44:50.0833 4444 MRxDAV - ok
15:44:50.0880 4444 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\windows\system32\DRIVERS\mrxsmb.sys
15:44:50.0958 4444 mrxsmb - ok
15:44:51.0004 4444 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\windows\system32\DRIVERS\mrxsmb10.sys
15:44:51.0098 4444 mrxsmb10 - ok
15:44:51.0114 4444 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\windows\system32\DRIVERS\mrxsmb20.sys
15:44:51.0176 4444 mrxsmb20 - ok
15:44:51.0223 4444 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\windows\system32\DRIVERS\msahci.sys
15:44:51.0254 4444 msahci - ok
15:44:51.0301 4444 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\windows\system32\DRIVERS\msdsm.sys
15:44:51.0332 4444 msdsm - ok
15:44:51.0379 4444 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\windows\System32\msdtc.exe
15:44:51.0441 4444 MSDTC - ok
15:44:51.0519 4444 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\windows\system32\drivers\Msfs.sys
15:44:51.0597 4444 Msfs - ok
15:44:51.0628 4444 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\windows\System32\drivers\mshidkmdf.sys
15:44:51.0722 4444 mshidkmdf - ok
15:44:51.0800 4444 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\windows\system32\DRIVERS\msisadrv.sys
15:44:51.0816 4444 msisadrv - ok
15:44:51.0862 4444 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\windows\system32\iscsiexe.dll
15:44:51.0956 4444 MSiSCSI - ok
15:44:51.0956 4444 msiserver - ok
15:44:52.0034 4444 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\windows\system32\drivers\MSKSSRV.sys
15:44:52.0143 4444 MSKSSRV - ok
15:44:52.0143 4444 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\windows\system32\drivers\MSPCLOCK.sys
15:44:52.0315 4444 MSPCLOCK - ok
15:44:52.0362 4444 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\windows\system32\drivers\MSPQM.sys
15:44:52.0486 4444 MSPQM - ok
15:44:52.0518 4444 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\windows\system32\drivers\MsRPC.sys
15:44:52.0533 4444 MsRPC - ok
15:44:52.0580 4444 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\windows\system32\DRIVERS\mssmbios.sys
15:44:52.0596 4444 mssmbios - ok
15:44:52.0611 4444 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\windows\system32\drivers\MSTEE.sys
15:44:52.0767 4444 MSTEE - ok
15:44:52.0814 4444 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\windows\system32\DRIVERS\MTConfig.sys
15:44:52.0861 4444 MTConfig - ok
15:44:52.0908 4444 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\windows\system32\Drivers\mup.sys
15:44:52.0923 4444 Mup - ok
15:44:53.0032 4444 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\windows\system32\qagentRT.dll
15:44:53.0126 4444 napagent - ok
15:44:53.0220 4444 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\windows\system32\DRIVERS\nwifi.sys
15:44:53.0266 4444 NativeWifiP - ok
15:44:53.0329 4444 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\windows\system32\drivers\ndis.sys
15:44:53.0376 4444 NDIS - ok
15:44:53.0454 4444 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\windows\system32\DRIVERS\ndiscap.sys
15:44:53.0672 4444 NdisCap - ok
15:44:53.0719 4444 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\windows\system32\DRIVERS\ndistapi.sys
15:44:53.0953 4444 NdisTapi - ok
15:44:54.0327 4444 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\windows\system32\DRIVERS\ndisuio.sys
15:44:54.0702 4444 Ndisuio - ok
15:44:55.0154 4444 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\windows\system32\DRIVERS\ndiswan.sys
15:44:55.0513 4444 NdisWan - ok
15:44:55.0794 4444 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\windows\system32\drivers\NDProxy.sys
15:44:56.0152 4444 NDProxy - ok
15:44:58.0867 4444 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\windows\system32\DRIVERS\netbios.sys
15:44:59.0881 4444 NetBIOS - ok
15:45:00.0364 4444 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\windows\system32\DRIVERS\netbt.sys
15:45:00.0676 4444 NetBT - ok
15:45:00.0801 4444 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\windows\system32\lsass.exe
15:45:00.0832 4444 Netlogon - ok
15:45:01.0550 4444 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\windows\System32\netman.dll
15:45:01.0706 4444 Netman - ok
15:45:01.0737 4444 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\windows\System32\netprofm.dll
15:45:01.0831 4444 netprofm - ok
15:45:01.0862 4444 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
15:45:01.0878 4444 NetTcpPortSharing - ok
15:45:02.0907 4444 [ 39EDE676D17F37AF4573C2B33EC28ACA ] NETw5s64 C:\windows\system32\DRIVERS\NETw5s64.sys
15:45:03.0219 4444 NETw5s64 - ok
15:45:03.0250 4444 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\windows\system32\DRIVERS\nfrd960.sys
15:45:03.0282 4444 nfrd960 - ok
15:45:03.0328 4444 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\windows\System32\nlasvc.dll
15:45:03.0375 4444 NlaSvc - ok
15:45:03.0391 4444 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\windows\system32\drivers\Npfs.sys
15:45:03.0453 4444 Npfs - ok
15:45:03.0500 4444 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\windows\system32\nsisvc.dll
15:45:03.0547 4444 nsi - ok
15:45:03.0578 4444 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\windows\system32\drivers\nsiproxy.sys
15:45:03.0812 4444 nsiproxy - ok
15:45:04.0264 4444 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\windows\system32\drivers\Ntfs.sys
15:45:04.0327 4444 Ntfs - ok
15:45:04.0420 4444 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\windows\system32\drivers\Null.sys
15:45:04.0530 4444 Null - ok
15:45:05.0715 4444 [ 56743D7B668A19BD83BCDFB1F2136738 ] nvlddmkm C:\windows\system32\DRIVERS\nvlddmkm.sys
15:45:06.0199 4444 nvlddmkm - ok
15:45:06.0261 4444 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\windows\system32\drivers\nvraid.sys
15:45:06.0277 4444 nvraid - ok
15:45:06.0324 4444 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\windows\system32\drivers\nvstor.sys
15:45:06.0339 4444 nvstor - ok
15:45:06.0402 4444 [ 1D462154C746161683EBB7D95D0C0AF1 ] nvsvc C:\windows\system32\nvvsvc.exe
15:45:06.0417 4444 nvsvc - ok
15:45:06.0511 4444 [ 18F1906BFE993EAD51200E3195B3D6E2 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
15:45:06.0620 4444 nvUpdatusService - ok
15:45:06.0636 4444 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\windows\system32\DRIVERS\nv_agp.sys
15:45:06.0667 4444 nv_agp - ok
15:45:06.0729 4444 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\windows\system32\DRIVERS\ohci1394.sys
15:45:06.0807 4444 ohci1394 - ok
15:45:06.0963 4444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\windows\system32\pnrpsvc.dll
15:45:07.0072 4444 p2pimsvc - ok
15:45:07.0104 4444 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\windows\system32\p2psvc.dll
15:45:07.0166 4444 p2psvc - ok
15:45:07.0244 4444 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\windows\system32\DRIVERS\parport.sys
15:45:07.0322 4444 Parport - ok
15:45:07.0369 4444 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\windows\system32\drivers\partmgr.sys
15:45:07.0400 4444 partmgr - ok
15:45:07.0431 4444 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\windows\System32\pcasvc.dll
15:45:07.0525 4444 PcaSvc - ok
15:45:07.0587 4444 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\windows\system32\DRIVERS\pci.sys
15:45:07.0634 4444 pci - ok
15:45:07.0650 4444 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\windows\system32\DRIVERS\pciide.sys
15:45:07.0681 4444 pciide - ok
15:45:07.0696 4444 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\windows\system32\DRIVERS\pcmcia.sys
15:45:07.0728 4444 pcmcia - ok
15:45:07.0728 4444 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\windows\system32\drivers\pcw.sys
15:45:07.0743 4444 pcw - ok
15:45:07.0774 4444 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\windows\system32\drivers\peauth.sys
15:45:07.0915 4444 PEAUTH - ok
15:45:08.0180 4444 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\windows\SysWow64\perfhost.exe
15:45:08.0383 4444 PerfHost - ok
15:45:08.0757 4444 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\windows\system32\pla.dll
15:45:08.0929 4444 pla - ok
15:45:09.0007 4444 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\windows\system32\umpnpmgr.dll
15:45:09.0085 4444 PlugPlay - ok
15:45:09.0116 4444 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\windows\system32\pnrpauto.dll
15:45:09.0210 4444 PNRPAutoReg - ok
15:45:09.0303 4444 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\windows\system32\pnrpsvc.dll
15:45:09.0366 4444 PNRPsvc - ok
15:45:09.0475 4444 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\windows\System32\ipsecsvc.dll
15:45:09.0646 4444 PolicyAgent - ok
15:45:09.0756 4444 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\windows\system32\umpo.dll
15:45:09.0896 4444 Power - ok
15:45:09.0958 4444 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\windows\system32\DRIVERS\raspptp.sys
15:45:10.0146 4444 PptpMiniport - ok
15:45:10.0224 4444 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\windows\system32\DRIVERS\processr.sys
15:45:10.0286 4444 Processor - ok
15:45:10.0348 4444 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\windows\system32\profsvc.dll
15:45:10.0442 4444 ProfSvc - ok
15:45:10.0489 4444 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\windows\system32\lsass.exe
15:45:10.0504 4444 ProtectedStorage - ok
15:45:10.0582 4444 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\windows\system32\DRIVERS\pacer.sys
15:45:10.0692 4444 Psched - ok
15:45:10.0926 4444 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\windows\system32\DRIVERS\ql2300.sys
15:45:11.0035 4444 ql2300 - ok
15:45:11.0144 4444 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\windows\system32\DRIVERS\ql40xx.sys
15:45:11.0160 4444 ql40xx - ok
15:45:11.0191 4444 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\windows\system32\qwave.dll
15:45:11.0269 4444 QWAVE - ok
15:45:11.0300 4444 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\windows\system32\drivers\qwavedrv.sys
15:45:11.0425 4444 QWAVEdrv - ok
15:45:11.0487 4444 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\windows\system32\DRIVERS\rasacd.sys
15:45:11.0596 4444 RasAcd - ok
15:45:11.0659 4444 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\windows\system32\DRIVERS\AgileVpn.sys
15:45:11.0830 4444 RasAgileVpn - ok
15:45:11.0862 4444 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\windows\System32\rasauto.dll
15:45:12.0158 4444 RasAuto - ok
15:45:12.0205 4444 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\windows\system32\DRIVERS\rasl2tp.sys
15:45:12.0423 4444 Rasl2tp - ok
15:45:12.0454 4444 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\windows\System32\rasmans.dll
15:45:12.0532 4444 RasMan - ok
15:45:12.0673 4444 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\windows\system32\DRIVERS\raspppoe.sys
15:45:12.0798 4444 RasPppoe - ok
15:45:12.0829 4444 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\windows\system32\DRIVERS\rassstp.sys
15:45:12.0938 4444 RasSstp - ok
15:45:12.0985 4444 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\windows\system32\DRIVERS\rdbss.sys
15:45:13.0110 4444 rdbss - ok
15:45:13.0141 4444 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\windows\system32\DRIVERS\rdpbus.sys
15:45:13.0219 4444 rdpbus - ok
15:45:13.0234 4444 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\windows\system32\DRIVERS\RDPCDD.sys
15:45:13.0344 4444 RDPCDD - ok
15:45:13.0359 4444 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\windows\system32\drivers\rdpencdd.sys
15:45:13.0531 4444 RDPENCDD - ok
15:45:13.0546 4444 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\windows\system32\drivers\rdprefmp.sys
15:45:13.0687 4444 RDPREFMP - ok
15:45:13.0780 4444 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\windows\system32\drivers\RDPWD.sys
15:45:14.0061 4444 RDPWD - ok
15:45:14.0108 4444 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\windows\system32\drivers\rdyboost.sys
15:45:14.0139 4444 rdyboost - ok
15:45:14.0342 4444 [ 6108654C5EBEA28A606D6890B4DE6DE3 ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
15:45:14.0373 4444 RegSrvc - ok
15:45:14.0451 4444 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\windows\System32\mprdim.dll
15:45:14.0560 4444 RemoteAccess - ok
15:45:14.0592 4444 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\windows\system32\regsvc.dll
15:45:14.0732 4444 RemoteRegistry - ok
15:45:14.0763 4444 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\windows\System32\RpcEpMap.dll
15:45:14.0966 4444 RpcEptMapper - ok
15:45:15.0028 4444 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\windows\system32\locator.exe
15:45:15.0138 4444 RpcLocator - ok
15:45:15.0278 4444 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\windows\system32\rpcss.dll
15:45:15.0403 4444 RpcSs - ok
15:45:15.0481 4444 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\windows\system32\DRIVERS\rspndr.sys
15:45:15.0637 4444 rspndr - ok
15:45:15.0699 4444 [ 7EA8D2EB9BBFD2AB8A3117A1E96D3B3A ] RTL8167 C:\windows\system32\DRIVERS\Rt64win7.sys
15:45:15.0730 4444 RTL8167 - ok
15:45:15.0746 4444 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\windows\system32\lsass.exe
15:45:15.0855 4444 SamSs - ok
15:45:15.0933 4444 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\windows\system32\DRIVERS\sbp2port.sys
15:45:15.0964 4444 sbp2port - ok
15:45:16.0058 4444 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\windows\System32\SCardSvr.dll
15:45:16.0230 4444 SCardSvr - ok
15:45:16.0261 4444 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\windows\system32\DRIVERS\scfilter.sys
15:45:16.0401 4444 scfilter - ok
15:45:16.0464 4444 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\windows\system32\schedsvc.dll
15:45:16.0604 4444 Schedule - ok
15:45:16.0666 4444 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\windows\System32\certprop.dll
15:45:16.0729 4444 SCPolicySvc - ok
15:45:16.0760 4444 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\windows\system32\DRIVERS\sdbus.sys
15:45:16.0854 4444 sdbus - ok
15:45:16.0900 4444 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\windows\System32\SDRSVC.dll
15:45:16.0994 4444 SDRSVC - ok
15:45:17.0072 4444 SeaPort - ok
15:45:17.0103 4444 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\windows\system32\drivers\secdrv.sys
15:45:17.0212 4444 secdrv - ok
15:45:17.0306 4444 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\windows\system32\seclogon.dll
15:45:17.0400 4444 seclogon - ok
15:45:17.0462 4444 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\windows\System32\sens.dll
15:45:17.0571 4444 SENS - ok
15:45:17.0602 4444 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\windows\system32\sensrsvc.dll
15:45:17.0696 4444 SensrSvc - ok
15:45:17.0774 4444 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\windows\system32\DRIVERS\serenum.sys
15:45:17.0852 4444 Serenum - ok
15:45:17.0914 4444 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\windows\system32\DRIVERS\serial.sys
15:45:18.0008 4444 Serial - ok
15:45:18.0148 4444 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\windows\system32\DRIVERS\sermouse.sys
15:45:18.0258 4444 sermouse - ok
15:45:18.0320 4444 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\windows\system32\sessenv.dll
15:45:18.0429 4444 SessionEnv - ok
15:45:18.0476 4444 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\windows\system32\DRIVERS\sffdisk.sys
15:45:18.0538 4444 sffdisk - ok
15:45:18.0570 4444 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\windows\system32\DRIVERS\sffp_mmc.sys
15:45:18.0679 4444 sffp_mmc - ok
15:45:18.0694 4444 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\windows\system32\DRIVERS\sffp_sd.sys
15:45:18.0835 4444 sffp_sd - ok
15:45:18.0866 4444 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\windows\system32\DRIVERS\sfloppy.sys
15:45:18.0944 4444 sfloppy - ok
15:45:19.0084 4444 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\windows\System32\ipnathlp.dll
15:45:19.0178 4444 SharedAccess - ok
15:45:19.0334 4444 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\windows\System32\shsvcs.dll
15:45:19.0490 4444 ShellHWDetection - ok
15:45:19.0521 4444 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\windows\system32\DRIVERS\SiSRaid2.sys
15:45:19.0552 4444 SiSRaid2 - ok
15:45:19.0677 4444 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\windows\system32\DRIVERS\sisraid4.sys
15:45:19.0708 4444 SiSRaid4 - ok
15:45:19.0724 4444 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\windows\system32\DRIVERS\smb.sys
15:45:19.0818 4444 Smb - ok
15:45:19.0911 4444 [ 7AE8BCA90539ECBDE87AC45BA1436BE3 ] smserial C:\windows\system32\DRIVERS\SmSerl64.sys
15:45:20.0020 4444 smserial - ok
15:45:20.0067 4444 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\windows\System32\snmptrap.exe
15:45:20.0145 4444 SNMPTRAP - ok
15:45:20.0161 4444 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\windows\system32\drivers\spldr.sys
15:45:20.0192 4444 spldr - ok
15:45:20.0348 4444 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\windows\System32\spoolsv.exe
15:45:20.0442 4444 Spooler - ok
15:45:21.0066 4444 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\windows\system32\sppsvc.exe
15:45:21.0268 4444 sppsvc - ok
15:45:21.0300 4444 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\windows\system32\sppuinotify.dll
15:45:21.0378 4444 sppuinotify - ok
15:45:21.0440 4444 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\windows\system32\DRIVERS\srv.sys
15:45:21.0487 4444 srv - ok
15:45:21.0596 4444 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\windows\system32\DRIVERS\srv2.sys
15:45:21.0721 4444 srv2 - ok
15:45:21.0752 4444 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\windows\system32\DRIVERS\srvnet.sys
15:45:21.0814 4444 srvnet - ok
15:45:22.0017 4444 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\windows\System32\ssdpsrv.dll
15:45:22.0204 4444 SSDPSRV - ok
15:45:22.0407 4444 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\windows\system32\sstpsvc.dll
15:45:22.0485 4444 SstpSvc - ok
15:45:22.0548 4444 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\windows\system32\DRIVERS\stexstor.sys
15:45:22.0579 4444 stexstor - ok
15:45:22.0875 4444 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\windows\System32\wiaservc.dll
15:45:22.0969 4444 stisvc - ok
15:45:23.0031 4444 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\windows\system32\DRIVERS\swenum.sys
15:45:23.0078 4444 swenum - ok
15:45:23.0265 4444 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\windows\System32\swprv.dll
15:45:23.0452 4444 swprv - ok
15:45:23.0952 4444 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\windows\system32\sysmain.dll
15:45:24.0092 4444 SysMain - ok
15:45:24.0451 4444 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\windows\System32\TabSvc.dll
15:45:24.0513 4444 TabletInputService - ok
15:45:24.0966 4444 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\windows\System32\tapisrv.dll
15:45:25.0449 4444 TapiSrv - ok
15:45:25.0730 4444 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\windows\System32\tbssvc.dll
15:45:25.0839 4444 TBS - ok
15:45:28.0913 4444 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\windows\system32\drivers\tcpip.sys
15:45:31.0284 4444 Tcpip - ok
15:45:32.0828 4444 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\windows\system32\DRIVERS\tcpip.sys
15:45:32.0891 4444 TCPIP6 - ok
15:45:33.0156 4444 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\windows\system32\drivers\tcpipreg.sys
15:45:33.0655 4444 tcpipreg - ok
15:45:34.0107 4444 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\windows\system32\drivers\tdpipe.sys
15:45:34.0341 4444 TDPIPE - ok
15:45:34.0763 4444 [ 7518F7BCFD4B308ABC9192BACAF6C970 ] TDTCP C:\windows\system32\drivers\tdtcp.sys
15:45:34.0841 4444 TDTCP - ok
15:45:34.0934 4444 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\windows\system32\DRIVERS\tdx.sys
15:45:35.0059 4444 tdx - ok
15:45:35.0433 4444 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\windows\system32\DRIVERS\termdd.sys
15:45:35.0480 4444 TermDD - ok
15:45:35.0761 4444 [ 2E648163254233755035B46DD7B89123 ] TermService C:\windows\System32\termsrv.dll
15:45:35.0917 4444 TermService - ok
15:45:36.0042 4444 [ F0344071948D1A1FA732231785A0664C ] Themes C:\windows\system32\themeservice.dll
15:45:36.0135 4444 Themes - ok
15:45:36.0151 4444 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\windows\system32\mmcss.dll
15:45:36.0229 4444 THREADORDER - ok
15:45:36.0291 4444 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\windows\System32\trkwks.dll
15:45:36.0557 4444 TrkWks - ok
15:45:36.0744 4444 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\windows\servicing\TrustedInstaller.exe
15:45:36.0978 4444 TrustedInstaller - ok
15:45:37.0040 4444 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\windows\system32\DRIVERS\tssecsrv.sys
15:45:37.0196 4444 tssecsrv - ok
15:45:37.0305 4444 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\windows\system32\DRIVERS\tunnel.sys
15:45:37.0493 4444 tunnel - ok
15:45:37.0555 4444 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\windows\system32\DRIVERS\uagp35.sys
15:45:37.0633 4444 uagp35 - ok
15:45:37.0773 4444 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\windows\system32\DRIVERS\udfs.sys
15:45:37.0867 4444 udfs - ok
15:45:37.0945 4444 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\windows\system32\UI0Detect.exe
15:45:38.0054 4444 UI0Detect - ok
15:45:38.0085 4444 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\windows\system32\DRIVERS\uliagpkx.sys
15:45:38.0132 4444 uliagpkx - ok
15:45:38.0179 4444 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\windows\system32\DRIVERS\umbus.sys
15:45:38.0288 4444 umbus - ok
15:45:38.0351 4444 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\windows\system32\DRIVERS\umpass.sys
15:45:38.0538 4444 UmPass - ok
15:45:39.0489 4444 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
15:45:39.0661 4444 UNS - ok
15:45:39.0786 4444 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\windows\System32\upnphost.dll
15:45:39.0973 4444 upnphost - ok
15:45:40.0035 4444 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\windows\system32\DRIVERS\usbccgp.sys
15:45:40.0191 4444 usbccgp - ok
15:45:40.0223 4444 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\windows\system32\DRIVERS\usbcir.sys
15:45:40.0394 4444 usbcir - ok
15:45:40.0441 4444 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\windows\system32\drivers\usbehci.sys
15:45:40.0597 4444 usbehci - ok
15:45:40.0644 4444 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\windows\system32\DRIVERS\usbhub.sys
15:45:40.0769 4444 usbhub - ok
15:45:40.0847 4444 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\windows\system32\drivers\usbohci.sys
15:45:40.0987 4444 usbohci - ok
15:45:41.0034 4444 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\windows\system32\DRIVERS\usbprint.sys
15:45:41.0065 4444 usbprint - ok
15:45:41.0159 4444 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\windows\system32\DRIVERS\usbscan.sys
15:45:41.0283 4444 usbscan - ok
15:45:41.0299 4444 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\windows\system32\DRIVERS\USBSTOR.SYS
15:45:41.0393 4444 USBSTOR - ok
15:45:41.0439 4444 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\windows\system32\drivers\usbuhci.sys
15:45:41.0455 4444 usbuhci - ok
15:45:41.0533 4444 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\windows\System32\Drivers\usbvideo.sys
15:45:41.0611 4444 usbvideo - ok
15:45:41.0658 4444 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\windows\System32\uxsms.dll
15:45:41.0798 4444 UxSms - ok
15:45:41.0845 4444 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\windows\system32\lsass.exe
15:45:41.0907 4444 VaultSvc - ok
15:45:41.0954 4444 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\windows\system32\DRIVERS\vdrvroot.sys
15:45:41.0970 4444 vdrvroot - ok
15:45:42.0001 4444 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\windows\System32\vds.exe
15:45:42.0157 4444 vds - ok
15:45:42.0204 4444 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\windows\system32\DRIVERS\vgapnp.sys
15:45:42.0235 4444 vga - ok
15:45:42.0251 4444 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\windows\System32\drivers\vga.sys
15:45:42.0344 4444 VgaSave - ok
15:45:42.0407 4444 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\windows\system32\DRIVERS\vhdmp.sys
15:45:42.0422 4444 vhdmp - ok
15:45:42.0453 4444 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\windows\system32\DRIVERS\viaide.sys
15:45:42.0469 4444 viaide - ok
15:45:42.0500 4444 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\windows\system32\DRIVERS\volmgr.sys
15:45:42.0516 4444 volmgr - ok
15:45:42.0609 4444 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\windows\system32\drivers\volmgrx.sys
15:45:42.0656 4444 volmgrx - ok
15:45:42.0672 4444 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\windows\system32\DRIVERS\volsnap.sys
15:45:42.0719 4444 volsnap - ok
15:45:42.0750 4444 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\windows\system32\DRIVERS\vsmraid.sys
15:45:42.0828 4444 vsmraid - ok
15:45:42.0921 4444 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\windows\system32\vssvc.exe
15:45:43.0077 4444 VSS - ok
15:45:43.0155 4444 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\windows\system32\DRIVERS\vwifibus.sys
15:45:43.0265 4444 vwifibus - ok
15:45:43.0327 4444 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\windows\system32\DRIVERS\vwififlt.sys
15:45:43.0639 4444 vwififlt - ok
15:45:43.0686 4444 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\windows\system32\DRIVERS\vwifimp.sys
15:45:43.0748 4444 vwifimp - ok
15:45:43.0826 4444 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\windows\system32\w32time.dll
15:45:43.0920 4444 W32Time - ok
15:45:43.0982 4444 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\windows\system32\DRIVERS\wacompen.sys
15:45:44.0045 4444 WacomPen - ok
15:45:44.0076 4444 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\windows\system32\DRIVERS\wanarp.sys
15:45:44.0185 4444 WANARP - ok
15:45:44.0216 4444 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\windows\system32\DRIVERS\wanarp.sys
15:45:44.0325 4444 Wanarpv6 - ok
15:45:44.0388 4444 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\windows\system32\wbengine.exe
15:45:44.0481 4444 wbengine - ok
15:45:44.0528 4444 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\windows\System32\wbiosrvc.dll
15:45:44.0669 4444 WbioSrvc - ok
15:45:44.0747 4444 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\windows\System32\wcncsvc.dll
15:45:44.0903 4444 wcncsvc - ok
15:45:44.0934 4444 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\windows\System32\WcsPlugInService.dll
15:45:45.0199 4444 WcsPlugInService - ok
15:45:45.0277 4444 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\windows\system32\DRIVERS\wd.sys
15:45:45.0293 4444 Wd - ok
15:45:45.0355 4444 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\windows\system32\drivers\Wdf01000.sys
15:45:45.0386 4444 Wdf01000 - ok
15:45:45.0464 4444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\windows\system32\wdi.dll
15:45:45.0620 4444 WdiServiceHost - ok
15:45:45.0620 4444 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\windows\system32\wdi.dll
15:45:45.0651 4444 WdiSystemHost - ok
15:45:45.0683 4444 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\windows\System32\webclnt.dll
15:45:45.0792 4444 WebClient - ok
15:45:45.0839 4444 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\windows\system32\wecsvc.dll
15:45:45.0948 4444 Wecsvc - ok
15:45:45.0995 4444 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\windows\System32\wercplsupport.dll
15:45:46.0104 4444 wercplsupport - ok
15:45:46.0104 4444 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\windows\System32\WerSvc.dll
15:45:46.0229 4444 WerSvc - ok
15:45:46.0275 4444 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\windows\system32\DRIVERS\wfplwf.sys
15:45:46.0338 4444 WfpLwf - ok
15:45:46.0369 4444 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\windows\system32\drivers\wimmount.sys
15:45:46.0385 4444 WIMMount - ok
15:45:46.0416 4444 WinDefend - ok
15:45:46.0478 4444 WinHttpAutoProxySvc - ok
15:45:46.0619 4444 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\windows\system32\wbem\WMIsvc.dll
15:45:46.0712 4444 Winmgmt - ok
15:45:46.0853 4444 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\windows\system32\WsmSvc.dll
15:45:47.0055 4444 WinRM - ok
15:45:47.0445 4444 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\windows\System32\wlansvc.dll
15:45:47.0679 4444 Wlansvc - ok
15:45:47.0726 4444 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\windows\system32\DRIVERS\wmiacpi.sys
15:45:47.0960 4444 WmiAcpi - ok
15:45:48.0085 4444 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\windows\system32\wbem\WmiApSrv.exe
15:45:48.0366 4444 wmiApSrv - ok
15:45:48.0413 4444 WMPNetworkSvc - ok
15:45:48.0662 4444 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\windows\System32\wpcsvc.dll
15:45:48.0709 4444 WPCSvc - ok
15:45:48.0756 4444 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\windows\system32\wpdbusenum.dll
15:45:48.0818 4444 WPDBusEnum - ok
15:45:48.0881 4444 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\windows\system32\drivers\ws2ifsl.sys
15:45:49.0083 4444 ws2ifsl - ok
15:45:49.0208 4444 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\windows\System32\wscsvc.dll
15:45:49.0567 4444 wscsvc - ok
15:45:49.0583 4444 WSearch - ok
15:45:50.0394 4444 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\windows\system32\wuaueng.dll
15:45:50.0690 4444 wuauserv - ok
15:45:50.0846 4444 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\windows\system32\drivers\WudfPf.sys
15:45:51.0158 4444 WudfPf - ok
15:45:51.0517 4444 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\windows\system32\DRIVERS\WUDFRd.sys
15:45:51.0642 4444 WUDFRd - ok
15:45:51.0704 4444 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\windows\System32\WUDFSvc.dll
15:45:51.0954 4444 wudfsvc - ok
15:45:52.0406 4444 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\windows\System32\wwansvc.dll
15:45:52.0547 4444 WwanSvc - ok
15:45:52.0578 4444 ================ Scan global ===============================
15:45:52.0625 4444 [ BA0CD8C393E8C9F83354106093832C7B ] C:\windows\system32\basesrv.dll
15:45:52.0656 4444 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:45:52.0656 4444 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\windows\system32\winsrv.dll
15:45:52.0687 4444 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\windows\system32\sxssrv.dll
15:45:52.0734 4444 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\windows\system32\services.exe
15:45:52.0749 4444 [Global] - ok
15:45:52.0749 4444 ================ Scan MBR ==================================
15:45:52.0765 4444 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
15:45:54.0387 4444 \Device\Harddisk0\DR0 - ok
15:45:54.0387 4444 ================ Scan VBR ==================================
15:45:54.0403 4444 [ A13DE69D4AFCC593E4EB91CD3E2EE5FF ] \Device\Harddisk0\DR0\Partition1
15:45:54.0403 4444 \Device\Harddisk0\DR0\Partition1 - ok
15:45:54.0434 4444 [ 48BBB580535D6A5C76544E6AA218D4CE ] \Device\Harddisk0\DR0\Partition2
15:45:54.0450 4444 \Device\Harddisk0\DR0\Partition2 - ok
15:45:54.0450 4444 ============================================================
15:45:54.0450 4444 Scan finished
15:45:54.0450 4444 ============================================================
15:45:54.0465 3696 Detected object count: 1
15:45:54.0465 3696 Actual detected object count: 1
15:46:39.0253 3696 Micro Star SCM ( UnsignedFile.Multi.Generic ) - skipped by user
15:46:39.0253 3696 Micro Star SCM ( UnsignedFile.Multi.Generic ) - User select action: Skip
Geändert von maxzZ (27.12.2012 um 15:56 Uhr) |
|
27.12.2012, 16:19
| #4 | |
| /// Malware-holic | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi man sollte sowieso, wenn man mit dem Laptop arbeitet, und den Akku nicht braucht, diesen draußen lassen, dann hält er länger. wir schaun mal weiter: combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
27.12.2012, 18:17
| #5 |
| | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi, anbei die Log file [CODE] Combofix Logfile: Code:
ATTFilter ComboFix 12-12-27.03 - *** 27.12.2012 16:48:03.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.0.1252.49.1031.18.3886.2040 [GMT 1:00]
ausgeführt von:: c:\users\***\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Outdated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Outdated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\install.exe
c:\programdata\5515461936.sys
c:\users\***\AppData\Local\Temp\nsvF7D.tmp\System.dll
c:\windows\IsUn0407.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-11-27 bis 2012-12-27 ))))))))))))))))))))))))))))))
.
.
2012-12-27 16:58 . 2012-12-27 16:58 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2012-12-27 16:58 . 2012-12-27 16:58 -------- d-----w- c:\users\Default\AppData\Local\temp
2012-12-26 14:10 . 2012-12-26 14:10 16200 ----a-w- c:\windows\stinger.sys
2012-12-26 14:09 . 2012-12-26 14:19 -------- d-----w- c:\program files (x86)\stinger
2012-12-26 13:38 . 2012-12-26 15:16 -------- d-----w- c:\users\***\AppData\Roaming\QuickScan
2012-12-26 13:07 . 2012-12-26 13:07 -------- d-----w- C:\b8468f5195f3d8a1b1
2012-12-21 09:17 . 2012-12-21 09:17 76232 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A0F597-2220-4BC0-91EF-EAF07AAF81AF}\offreg.dll
2012-12-21 07:12 . 2012-11-08 17:24 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{B9A0F597-2220-4BC0-91EF-EAF07AAF81AF}\mpengine.dll
2012-12-15 19:30 . 2012-12-15 19:30 -------- d-----w- c:\program files (x86)\Common Files\Skype
2012-12-12 07:14 . 2012-11-22 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
2012-12-12 07:12 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 07:12 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2012-11-29 15:15 . 2012-11-29 15:15 -------- d-----w- c:\program files (x86)\Common Files\Java
2012-11-29 15:15 . 2012-11-29 15:15 -------- d-----w- c:\programdata\Ask
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-26 13:35 . 2012-04-01 13:17 697272 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-26 13:35 . 2011-06-10 16:29 73656 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2012-12-12 14:29 . 2011-05-02 08:05 67413224 ----a-w- c:\windows\system32\MRT.exe
2012-11-13 20:29 . 2012-11-13 20:29 354216 ----a-w- c:\windows\SysWow64\DivXControlPanelApplet.cpl
2012-10-30 18:39 . 2012-10-30 18:39 163056 ----a-w- c:\programdata\Microsoft\Windows\Sqm\Manifest\Sqm10142.bin
2012-10-16 08:38 . 2012-11-28 11:03 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 11:03 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 11:03 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
2012-10-09 18:17 . 2012-11-20 12:38 55296 ----a-w- c:\windows\system32\dhcpcsvc6.dll
2012-10-09 18:17 . 2012-11-20 12:38 226816 ----a-w- c:\windows\system32\dhcpcore6.dll
2012-10-09 17:40 . 2012-11-20 12:38 44032 ----a-w- c:\windows\SysWow64\dhcpcsvc6.dll
2012-10-09 17:40 . 2012-11-20 12:38 193536 ----a-w- c:\windows\SysWow64\dhcpcore6.dll
2012-10-04 16:45 . 2012-12-12 07:14 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-10-03 17:56 . 2012-11-20 12:38 1914248 ----a-w- c:\windows\system32\drivers\tcpip.sys
2012-10-03 17:44 . 2012-11-20 12:38 303104 ----a-w- c:\windows\system32\nlasvc.dll
2012-10-03 17:44 . 2012-11-20 12:38 70656 ----a-w- c:\windows\system32\nlaapi.dll
2012-10-03 17:44 . 2012-11-20 12:38 246272 ----a-w- c:\windows\system32\netcorehc.dll
2012-10-03 17:44 . 2012-11-20 12:38 18944 ----a-w- c:\windows\system32\netevent.dll
2012-10-03 17:44 . 2012-11-20 12:38 216576 ----a-w- c:\windows\system32\ncsi.dll
2012-10-03 17:42 . 2012-11-20 12:38 569344 ----a-w- c:\windows\system32\iphlpsvc.dll
2012-10-03 16:42 . 2012-11-20 12:38 175104 ----a-w- c:\windows\SysWow64\netcorehc.dll
2012-10-03 16:42 . 2012-11-20 12:38 18944 ----a-w- c:\windows\SysWow64\netevent.dll
2012-10-03 16:42 . 2012-11-20 12:38 156672 ----a-w- c:\windows\SysWow64\ncsi.dll
2012-10-03 16:07 . 2012-11-20 12:38 45568 ----a-w- c:\windows\system32\drivers\tcpipreg.sys
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"IAStorIcon"="c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" [2010-04-13 284696]
"MGSysCtrl"="c:\program files (x86)\System Control Manager\MGSysCtrl.exe" [2010-06-05 2486272]
"THX Audio Control Panel"="c:\program files (x86)\Creative\THX TruStudio Pro\THXAudioCP\THXAudio.exe" [2010-05-16 1349632]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"ArcSoft Connection Service"="c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-27 207424]
"Adobe Reader Speed Launcher"="c:\program files (x86)\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2012-08-08 348664]
"DivXMediaServer"="c:\program files (x86)\DivX\DivX Media Server\DivXMediaServer.exe" [2012-11-13 450560]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2012-11-30 1263512]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
"AppInit_DLLs"=c:\windows\SysWOW64\nvinit.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux"=wdmaud.drv
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 ArcSoftKsUFilter;ArcSoft Magic-I Visual Effect;c:\windows\system32\DRIVERS\ArcSoftKsUFilter.sys [2009-05-26 19968]
R3 EUCR;EUCR;c:\windows\system32\DRIVERS\EUCR6SK.SYS [2009-12-05 87888]
R3 MGHwCtrl;MGHwCtrl;c:\program files\msi\msi Software Install\MGHwCtrl.sys [x]
S2 AntiVirSchedulerService;Avira AntiVir Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2012-05-10 86224]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;c:\program files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2010-04-13 13336]
S2 Micro Star SCM;Micro Star SCM;c:\program files (x86)\System Control Manager\MSIService.exe [2009-07-09 160768]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 ETD;ELAN PS/2 Port Input Device;c:\windows\system32\DRIVERS\ETD.sys [2010-01-18 128512]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-26 158976]
S3 IntcDAud;Intel(R) Display Audio;c:\windows\system32\DRIVERS\IntcDAud.sys [2010-02-02 271872]
S3 MBfilt;MBfilt;c:\windows\system32\drivers\MBfilt64.sys [2009-11-18 32344]
S3 NETw5s64;Intel(R) Wireless WiFi Link Adaptertreiber für Windows 7 64-Bit;c:\windows\system32\DRIVERS\NETw5s64.sys [2010-01-13 7675392]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2010-03-04 346144]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - WS2IFSL
.
Inhalt des "geplante Tasks" Ordners
.
2012-12-27 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-01 13:35]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-05-05 17412200]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-05-26 10816544]
"THXCfg64"="c:\windows\system32\THXCfg64.dll" [2009-10-15 17920]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2010-08-25 161304]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2010-08-25 386584]
"Persistence"="c:\windows\system32\igfxpers.exe" [2010-08-25 415256]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows]
"AppInit_DLLs"=c:\windows\System32\nvinitx.dll
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uDefault_Search_URL =
mLocal Page = c:\windows\SysWOW64\blank.htm
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Free YouTube Download - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\***\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkqkoh5v.default\
FF - prefs.js: browser.search.selectedEngine - Ask.com
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://feed.snap.do/?publisher=Download&dpid=Download&co=DE&userid=142077ae-1a7d-495b-83dc-01d130edcf8d&searchtype=ds&q=
FF - ExtSQL: 2012-11-29 16:15; {CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}; c:\program files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0037-ABCDEFFEDCBA}
FF - ExtSQL: 2012-12-26 14:38; {e001c731-5e37-4538-a5cb-8168736a2360}; c:\users\***\AppData\Roaming\Mozilla\Firefox\Profiles\fkqkoh5v.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
FF - user.js: extensions.incredibar_i.newTab - false
FF - user.js: extensions.incredibar_i.tlbrSrchUrl - hxxp://mystart.Incredibar.com/?a=6R8w92edoG&loc=IB_TB&i=26&search=
FF - user.js: extensions.incredibar_i.id - 34abe40b000000000000001e6461afff
FF - user.js: extensions.incredibar_i.instlDay - 15507
FF - user.js: extensions.incredibar_i.vrsn - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsni - 1.5.11.14
FF - user.js: extensions.incredibar_i.vrsnTs - 1.5.11.147:52
FF - user.js: extensions.incredibar_i.prtnrId - Incredibar
FF - user.js: extensions.incredibar_i.prdct - incredibar
FF - user.js: extensions.incredibar_i.aflt - orgnl
FF - user.js: extensions.incredibar_i.smplGrp - none
FF - user.js: extensions.incredibar_i.tlbrId - base
FF - user.js: extensions.incredibar_i.instlRef -
FF - user.js: extensions.incredibar_i.dfltLng -
FF - user.js: extensions.incredibar_i.excTlbr - false
FF - user.js: extensions.incredibar_i.ms_url_id -
FF - user.js: extensions.incredibar_i.upn2 - 6R8w92edoG
FF - user.js: extensions.incredibar_i.upn2n - 92824543676105406
FF - user.js: extensions.incredibar_i.productid - 26
FF - user.js: extensions.incredibar_i.installerproductid - 26
FF - user.js: extensions.incredibar_i.did - 10665
FF - user.js: extensions.incredibar_i.ppd -
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{1ED16E0A-E8C4-40A0-8BC2-79485D21F796} - (no file)
Toolbar-Locked - (no file)
Toolbar-Locked - (no file)
WebBrowser-{0027DA2D-C9F2-4B0B-AE05-E2CD1BDB6CFF} - (no file)
HKLM-Run-ETDWare - c:\program files (x86)\Elantech\ETDCtrl.exe
AddRemove-{634F79E1-2A41-4C40-9E8D-89EC740AC9D6} - c:\program files (x86)\InstallShield Installation Information\{634F79E1-2A41-4C40-9E8D-89EC740AC9D6}\setup.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\windows\\system32\\Macromed\\Flash\\FlashUtil10d.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\FlashUtil10d.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.10"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\windows\\SysWow64\\Macromed\\Flash\\Flash10d.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\program files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
c:\program files (x86)\Avira\AntiVir Desktop\avguard.exe
c:\program files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
c:\program files (x86)\NVIDIA Corporation\NVIDIA Updatus\daemonu.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2012-12-27 18:07:10 - PC wurde neu gestartet
ComboFix-quarantined-files.txt 2012-12-27 17:07
.
Vor Suchlauf: 13 Verzeichnis(se), 132.827.443.200 Bytes frei
Nach Suchlauf: 17 Verzeichnis(se), 133.614.186.496 Bytes frei
.
- - End Of File - - E528FB14684640B116E14249E7EA4F7C
|
|
27.12.2012, 19:44
| #6 |
| /// Malware-holic | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi, malwarebytes: Downloade Dir bitte Malwarebytes
__________________ --> Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% |
|
28.12.2012, 12:55
| #7 |
| | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi, Malewarebytes hat nichts gefunden. Code:
ATTFilter Malwarebytes Anti-Malware 1.65.1.1000 www.malwarebytes.org Datenbank Version: v2012.12.27.09 Windows 7 x64 NTFS Internet Explorer 8.0.7600.16385 daum :: DAUM-MSI [Administrator] 27.12.2012 23:01:14 mbam-log-2012-12-27 (23-01-14).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 435807 Laufzeit: 2 Stunde(n), 1 Minute(n), 19 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
|
28.12.2012, 14:32
| #8 |
| /// Malware-holic | Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% Hi, sieht alles soweit ok aus. lade den CCleaner standard: CCleaner Download - CCleaner 3.26.1888 falls der CCleaner bereits instaliert, überspringen. öffnen, Tools,uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
| Themen zu Mehrfach Update.exe im Taskmanager; CPU Leistung bei 99% |
| 0x80004005, antivir, antivirus, avira, bho, converter, error, fehler 0x80004005, firefox, flash player, hijack, hijackthis, home, install.exe, logfile, mozilla, mp3, msiinstaller, problem, realtek, registry, scan, security, software, svchost.exe, taskmanager, unter windows xp, windows, windows internet, windows xp, zugriff verweigert |
Linear-Darstellung
