Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung

Plagegeister aller Art und deren Bekämpfung: Von meinem e-mail-account werden unautorisiert links versendet

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Alt 03.01.2013, 19:44   #1
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hallo,
Von meinem e-mail-account werden seit ca. zwei monaten e-mails an alle meine kontakte verschickt. die e-mails tauchen nicht im ordner gesendet auf und enthalten diverse links
(z.B.: hxxp://treecare4u.com/updates/concrete5.4.2.1/NewYear.html ).
Als ich das zum ersten mal bemerkte habe ich mein virenprogramm (Avira Free Antivirus) laufen lassen, welches ein paar infizierte Objekte fand, die ich dann gelöscht habe
(Typ: Datei
Quelle: C:\System Volume Information\_restore{D584035D-379C-4A3D-8D3E-0753FAB58DAF}\RP156\A0129219.exe
Status: Infiziert
Quarantäne-Objekt: 4c0ca695.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.214
Virendefinitionsdatei: 7.11.52.62
Meldung: BDS/Cycbot.B.8542
Datum/Uhrzeit: 03.12.2012, 23:39


Typ: Datei
Quelle: C:\System Volume Information\_restore{D584035D-379C-4A3D-8D3E-0753FAB58DAF}\RP156\A0129220.exe
Status: Infiziert
Quarantäne-Objekt: 549b8932.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.10.214
Virendefinitionsdatei: 7.11.52.62
Meldung: TR/Hiloti.D.5141
Datum/Uhrzeit: 03.12.2012, 23:39 ).

In den letzten Tagen sind allerdings wieder e-mails an meine gesamten Kontakte rausgegangen. Ich habe daraufhin das Programm Malwarebytes Anti-Malware laufen lassen.
( Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alle user :: ALLEUSER-PC [Administrator]

Schutz: Aktiviert

03.01.2013 02:17:50
MBAM-log-2013-01-03 (02-42-41).txt

Art des Suchlaufs: Quick-Scan
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 194764
Laufzeit: 24 Minute(n), 21 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 3624 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 24
HKCR\CLSID\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\Interface\{55555555-5555-5555-5555-550055225558} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{11111111-1111-1111-1111-110011221158} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{22222222-2222-2222-2222-220022222258} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.Sandbox (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{33333333-3333-3333-3333-330033223358} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi.1 (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.FBApi (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{65bcd620-07dd-012f-819f-073cf1b8f7c6} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CrossriderApp0002258.BHO (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 3
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: îÍïßÏÈOˆ*˜rƒr -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This|Publisher (Adware.GamePlayLab) -> Daten: 215 Apps -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 7
C:\Program Files\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Recycle.Bin (Trojan.Spyeyes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\I Want This (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\I Want This\Chrome (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

Infizierte Dateien: 33
C:\Users\alle user\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\tb.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\is1373634743\IWantThis_ROW.exe (Adware.GamePlayLabs) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ini (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\appAPIinternalWrapper.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\fb.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want This.ico (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisGui.exe (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\I Want ThisInstaller.log (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\jquery.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\json.js (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Program Files\I Want This\Uninstall.exe (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\I Want This\Chrome\I Want This.crx (Adware.GamePlayLab) -> Keine Aktion durchgeführt.

(Ende) )

Aus Versehen habe ich danach alle Funde gelöscht.

Daraufhin habe ich heute das Malwarebytes Anti-Malware programm nocheinmal laufen lassen. Dabei fand es wieder infizierte objekte, die ich nicht gelöscht habe.
( Malwarebytes Anti-Malware (Test) 1.70.0.1100
www.malwarebytes.org

Datenbank Version: v2013.01.02.10

Windows Vista Service Pack 2 x86 NTFS
Internet Explorer 9.0.8112.16421
alle user :: ALLEUSER-PC [Administrator]

Schutz: Aktiviert

03.01.2013 11:51:49
MBAM-log-2013-01-03 (19-23-04).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 533114
Laufzeit: 6 Stunde(n), 58 Minute(n), 41 Sekunde(n)

Infizierte Speicherprozesse: 1
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> 3904 -> Keine Aktion durchgeführt.

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 9
HKCR\Interface\{66666666-6666-6666-6666-660066226658} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\TypeLib\{44444444-4444-4444-4444-440044224458} (Adware.GamePlayLab) -> Keine Aktion durchgeführt.
HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-3.0 (PUP.LoadTubes) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk (PUP.GamesPlayLab) -> Keine Aktion durchgeführt.
HKLM\SYSTEM\CurrentControlSet\Services\IBUpdaterService (PUP.InstallBrain) -> Keine Aktion durchgeführt.

Infizierte Registrierungswerte: 2
HKCU\SOFTWARE\Microsoft\Internet Explorer\Toolbar\WebBrowser|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: îÍïßÏÈOˆ*˜rƒr -> Keine Aktion durchgeführt.
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Keine Aktion durchgeführt.

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 3
C:\Users\alle user\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html (PUP.LoadTubes) -> Keine Aktion durchgeführt.

Infizierte Dateien: 23
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\npm.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\tb.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Local\Temp\1a3d9b37655eeb2f9bea641ce230178f\data\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\Desktop\Charlotte\Downloads\SoftonicDownloader_fuer_ncleaner.exe (PUP.OfferBundler.ST) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\dimensions.ini (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\install.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\uninstall.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Users\alle user\AppData\Roaming\loadtbs\html\uninstallComplete.html (PUP.LoadTubes) -> Keine Aktion durchgeführt.
C:\Windows\System32\dmwu.exe (PUP.InstallBrain) -> Keine Aktion durchgeführt.

(Ende))

Wie kann ich weiter vorgehen?
Vielen Dank für die Hilfe
Charles

Alt 03.01.2013, 20:08   #2
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
         
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________

Alt 03.01.2013, 21:39   #3
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 03.01.2013 20:26:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\alle user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,14% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,14 Gb Total Space | 12,19 Gb Free Space | 5,41% Space Free | Partition Type: NTFS
Drive D: | 224,99 Gb Total Space | 102,74 Gb Free Space | 45,66% Space Free | Partition Type: NTFS
 
Computer Name: ALLEUSER-PC | User Name: alle user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - [2013.01.03 20:20:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alle user\Desktop\OTL.exe
PRC - [2012.12.22 04:01:00 | 028,538,560 | ---- | M] (Dropbox, Inc.) -- C:\Users\alle user\AppData\Roaming\Dropbox\bin\Dropbox.exe
PRC - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2012.12.14 16:49:28 | 000,512,360 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe
PRC - [2012.12.12 12:17:22 | 000,295,072 | ---- | M] (RealNetworks, Inc.) -- C:\Programme\Real\RealPlayer\Update\realsched.exe
PRC - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe
PRC - [2012.10.13 01:54:40 | 001,088,424 | ---- | M] (Nokia) -- C:\Programme\Nokia\Nokia Suite\NokiaSuite.exe
PRC - [2012.10.04 14:06:46 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe
PRC - [2012.10.03 15:50:54 | 000,174,488 | ---- | M] (Nokia) -- C:\Programme\PC Connectivity Solution\Transports\NclUSBSrv.exe
PRC - [2012.10.02 16:20:26 | 001,008,496 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2012.08.10 09:21:19 | 000,348,664 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avgnt.exe
PRC - [2012.05.08 16:46:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\sched.exe
PRC - [2012.05.08 16:46:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe
PRC - [2012.05.08 16:46:42 | 000,080,336 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Programme\Avira\AntiVir Desktop\avshadow.exe
PRC - [2012.03.07 12:49:50 | 002,096,504 | ---- | M] (ManyCam LLC) -- C:\Programme\ManyCam\Bin\ManyCam.exe
PRC - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
PRC - [2011.01.17 18:50:34 | 011,322,880 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.exe
PRC - [2011.01.17 18:50:34 | 011,314,688 | ---- | M] (OpenOffice.org) -- C:\Programme\OpenOffice.org 3\program\soffice.bin
PRC - [2010.01.15 13:49:20 | 000,255,536 | ---- | M] (McAfee, Inc.) -- C:\Programme\McAfee Security Scan\2.0.181\SSScheduler.exe
PRC - [2009.04.11 14:18:30 | 002,926,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2009.04.11 14:18:04 | 001,233,920 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Sidebar\sidebar.exe
PRC - [2008.10.08 09:19:12 | 000,565,248 | ---- | M] (Samsung Electronics Co., Ltd.) -- C:\Programme\Samsung\EasySpeedUpManager\EasySpeedUpManager.exe
PRC - [2008.10.06 18:07:26 | 000,679,936 | ---- | M] (SAMSUNG Electronics) -- C:\Programme\Samsung\Easy Display Manager\dmhkcore.exe
PRC - [2008.08.07 11:55:38 | 000,352,256 | ---- | M] (SAMSUNG Electronics co., LTD.) -- C:\Programme\Samsung\EBM\EasyBatteryMgr3.exe
PRC - [2008.04.17 11:50:00 | 006,111,232 | ---- | M] (Realtek Semiconductor) -- C:\Windows\RtHDVCpl.exe
PRC - [2008.01.21 03:23:32 | 001,008,184 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Defender\MSASCui.exe
 
 
========== Modules (No Company Name) ==========
 
MOD - [2013.01.03 11:50:33 | 000,032,768 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\YTMP7MC8AA\TAA806D.tmp
MOD - [2013.01.03 11:49:52 | 000,091,136 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMDF62.tmp
MOD - [2013.01.03 11:49:52 | 000,091,136 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMDE37.tmp
MOD - [2013.01.03 11:49:52 | 000,091,136 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMDDA9.tmp
MOD - [2013.01.03 11:49:51 | 000,091,136 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMDD59.tmp
MOD - [2013.01.03 11:49:50 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD9AE.tmp
MOD - [2013.01.03 11:49:50 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD8B2.tmp
MOD - [2013.01.03 11:49:50 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD74A.tmp
MOD - [2013.01.03 11:49:50 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD66D.tmp
MOD - [2013.01.03 11:49:50 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD60E.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD5DD.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD4E1.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD482.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD3D4.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD355.tmp
MOD - [2013.01.03 11:49:49 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD279.tmp
MOD - [2013.01.03 11:49:48 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD1FA.tmp
MOD - [2013.01.03 11:49:48 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD13D.tmp
MOD - [2013.01.03 11:49:48 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMD09F.tmp
MOD - [2013.01.03 11:49:48 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCF55.tmp
MOD - [2013.01.03 11:49:48 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCE98.tmp
MOD - [2013.01.03 11:49:47 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCDCB.tmp
MOD - [2013.01.03 11:49:47 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCCFE.tmp
MOD - [2013.01.03 11:49:47 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCC70.tmp
MOD - [2013.01.03 11:49:46 | 000,125,440 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMCA1C.tmp
MOD - [2013.01.03 11:49:46 | 000,072,192 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC940.tmp
MOD - [2013.01.03 11:49:46 | 000,072,192 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC8D1.tmp
MOD - [2013.01.03 11:49:46 | 000,072,192 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC7F4.tmp
MOD - [2013.01.03 11:49:46 | 000,058,880 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC69B.tmp
MOD - [2013.01.03 11:49:45 | 000,065,536 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC54F.tmp
MOD - [2013.01.03 11:49:45 | 000,055,296 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC67A.tmp
MOD - [2013.01.03 11:49:45 | 000,055,296 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC3A8.tmp
MOD - [2013.01.03 11:49:44 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC23F.tmp
MOD - [2013.01.03 11:49:44 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC0B7.tmp
MOD - [2013.01.03 11:49:44 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBEEF.tmp
MOD - [2013.01.03 11:49:44 | 000,056,832 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBFEB.tmp
MOD - [2013.01.03 11:49:43 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBDF3.tmp
MOD - [2013.01.03 11:49:43 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBD36.tmp
MOD - [2013.01.03 11:49:43 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBC19.tmp
MOD - [2013.01.03 11:49:43 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBB2D.tmp
MOD - [2013.01.03 11:49:43 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBA32.tmp
MOD - [2013.01.03 11:49:43 | 000,057,344 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBC79.tmp
MOD - [2013.01.03 11:49:42 | 000,069,632 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB9E2.tmp
MOD - [2013.01.03 11:49:42 | 000,056,832 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB925.tmp
MOD - [2013.01.03 11:49:42 | 000,056,832 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB8D5.tmp
MOD - [2013.01.03 11:49:41 | 000,076,288 | ---- | M] () -- C:\Users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB347.tmp
MOD - [2012.10.13 01:55:38 | 000,276,392 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\phonon4.dll
MOD - [2012.10.13 01:55:38 | 000,092,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\qjson.dll
MOD - [2012.10.13 01:55:22 | 002,652,584 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXmlPatterns4.dll
MOD - [2012.10.13 01:55:22 | 000,363,944 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtXml4.dll
MOD - [2012.10.13 01:55:20 | 011,166,120 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtWebKit4.dll
MOD - [2012.10.13 01:55:18 | 001,346,472 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtScript4.dll
MOD - [2012.10.13 01:55:18 | 000,205,736 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtSql4.dll
MOD - [2012.10.13 01:55:16 | 001,013,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtNetwork4.dll
MOD - [2012.10.13 01:55:16 | 000,720,296 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtOpenGL4.dll
MOD - [2012.10.13 01:55:14 | 008,506,792 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtGui4.dll
MOD - [2012.10.13 01:55:14 | 000,520,104 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtMultimediaKit1.dll
MOD - [2012.10.13 01:55:12 | 002,480,552 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtDeclarative4.dll
MOD - [2012.10.13 01:55:12 | 002,353,576 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\QtCore4.dll
MOD - [2012.10.13 01:55:08 | 000,445,864 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll
MOD - [2012.10.13 01:55:04 | 000,206,760 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qjpeg4.dll
MOD - [2012.10.13 01:55:04 | 000,035,240 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qico4.dll
MOD - [2012.10.13 01:55:02 | 000,032,680 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\Imageformats\qgif4.dll
MOD - [2012.10.13 01:54:34 | 000,437,672 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\NService.dll
MOD - [2012.10.13 01:53:56 | 000,605,608 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\CommonUpdateChecker.dll
MOD - [2012.10.13 01:31:20 | 000,391,600 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\ssoengine.dll
MOD - [2012.10.13 01:31:20 | 000,059,280 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\securestorage.dll
MOD - [2012.10.13 01:30:34 | 000,110,080 | ---- | M] () -- C:\Programme\Nokia\Nokia Suite\mediaservice\dsengine.dll
MOD - [2012.03.07 12:49:50 | 000,469,880 | ---- | M] () -- C:\Programme\ManyCam\Bin\cximagecrt.dll
MOD - [2012.03.07 12:49:50 | 000,122,232 | ---- | M] () -- C:\Programme\ManyCam\Bin\CrashRpt.dll
MOD - [2012.01.28 14:17:45 | 000,985,088 | ---- | M] () -- C:\Programme\OpenOffice.org 3\program\libxml2.dll
MOD - [2011.09.14 12:16:54 | 000,238,592 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_video220.dll
MOD - [2011.09.14 12:15:34 | 000,326,144 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_objdetect220.dll
MOD - [2011.09.14 12:15:02 | 000,671,744 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_highgui220.dll
MOD - [2011.09.14 12:13:48 | 001,437,184 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_imgproc220.dll
MOD - [2011.09.14 12:13:04 | 002,128,384 | ---- | M] () -- C:\Programme\ManyCam\Bin\opencv_core220.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\EasySpeedUpManager\HookDllPS2.dll
MOD - [2006.08.12 12:48:40 | 000,049,152 | ---- | M] () -- C:\Programme\Samsung\Easy Display Manager\HookDllPS2.dll
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.14 16:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012.12.14 16:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012.11.29 20:31:04 | 000,038,608 | ---- | M] () [Auto | Running] -- C:\Programme\RealNetworks\RealDownloader\rndlresolversvc.exe -- (RealNetworks Downloader Resolver Service)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.04 14:06:46 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.10.03 15:51:04 | 000,725,400 | ---- | M] (Nokia) [On_Demand | Running] -- C:\Programme\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2012.10.02 16:20:26 | 001,008,496 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2012.05.08 16:46:47 | 000,086,224 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2012.05.08 16:46:42 | 000,110,032 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Programme\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012.01.03 14:10:42 | 000,063,928 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2011.08.29 13:35:40 | 000,645,048 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Programme\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent)
SRV - [2010.01.15 13:49:20 | 000,227,232 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Programme\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2008.01.21 03:25:33 | 000,896,512 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2008.01.21 03:23:32 | 000,272,952 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkfwd.sys -- (NwlnkFwd)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\nwlnkflt.sys -- (NwlnkFlt)
DRV - File not found [Kernel | On_Demand | Stopped] -- system32\DRIVERS\ipinip.sys -- (IpInIp)
DRV - File not found [Kernel | On_Demand | Stopped] -- F:\Everest 530\kerneld.wnt -- (EverestDriver)
DRV - [2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\Windows\System32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012.06.27 15:18:52 | 000,019,072 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2012.05.08 16:46:48 | 000,137,928 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avipbb.sys -- (avipbb)
DRV - [2012.05.08 16:46:48 | 000,083,392 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\Windows\System32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012.02.22 11:34:36 | 000,022,400 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcaudrv.sys -- (mcaudrv_simple)
DRV - [2012.01.11 07:11:20 | 000,032,000 | ---- | M] (ManyCam LLC) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\mcvidrv.sys -- (ManyCam)
DRV - [2011.10.19 16:56:15 | 000,036,000 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2011.08.29 13:35:40 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\vpnva.sys -- (vpnva)
DRV - [2010.07.09 23:37:00 | 011,008,040 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2010.06.21 23:07:37 | 000,105,576 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvhda32v.sys -- (NVHDA)
DRV - [2010.06.17 15:14:27 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009.12.17 16:02:20 | 001,203,712 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2008.06.05 16:30:28 | 000,242,048 | ---- | M] (Vimicro Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\vmc302.sys -- (VMC302)
DRV - [2007.05.23 17:13:10 | 000,013,312 | ---- | M] (SAMSUNG ELECTRONICS CO., LTD.) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\KMDFMEMIO.sys -- (KMDFMEMIO)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = B0 6F 60 7E 9F ED CC 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0ECDF796-C2DC-4d79-A620-CCE0C0A66CC9}: "URL" = hxxp://search.babylon.com/?q={searchTerms}&AF=110004&babsrc=SP_ss&mntrId=70969029000000000000002163454513
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb208/?search={searchTerms}&loc=IB_DS&a=6PQRYYQcT4&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@nokia.com/EnablerPlugin: C:\Program Files\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll ( )
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlchromebrowserrecordext;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlchromebrowserrecordext.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlhtml5videoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlhtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprndlpepperflashvideoshim;version=1.3.0: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\MozillaPlugins\nprndlpepperflashvideoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=16.0.0.282: c:\program files\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer)
FF - HKLM\Software\MozillaPlugins\@realnetworks.com/npdlplugin;version=1: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\npdlplugin.dll (RealDownloader)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Users\alle user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Users\alle user\AppData\Local\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2012.12.07 11:58:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{34712C68-7391-4c47-94F3-8F88D49AD632}: C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext\ [2012.12.12 12:38:54 | 000,000,000 | ---D | M]
 
[2012.12.07 11:58:23 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=70969029000000000000002163454513
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter}
CHR - homepage: hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=70969029000000000000002163454513
CHR - plugin: Remoting Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Users\alle user\AppData\Local\Google\Chrome\Application\23.0.1271.97\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Users\alle user\AppData\Local\Google\Chrome\Application\23.0.1271.97\pdf.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Users\alle user\AppData\Local\Google\Chrome\Application\23.0.1271.97\gcswf32.dll
CHR - plugin: Shockwave Flash (Disabled) = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\PepperFlash\11.2.31.144\pepflashplayer.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll
CHR - plugin: Java Deployment Toolkit 6.0.220.4 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npdeployJava1.dll
CHR - plugin: Java(TM) Platform SE 6 U22 (Enabled) = C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll
CHR - plugin: Google Earth Plugin (Enabled) = C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: RealPlayer(tm) G2 LiveConnect-Enabled Plug-In (32-bit)  (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll
CHR - plugin: RealPlayer Version Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll
CHR - plugin: RealPlayer(tm) HTML5VideoShim Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll
CHR - plugin: RealJukebox NS Plugin (Enabled) = C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll
CHR - plugin: RealNetworks(tm) Chrome Background Extension Plug-In (32-bit)  (Enabled) = C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll
CHR - plugin: Windows Presentation Foundation (Enabled) = C:\Windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll
CHR - Extension: YouTube = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_1\
CHR - Extension: Google-Suche = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_1\
CHR - Extension: IB Updater = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.530_0\
CHR - Extension: DealPly = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gaiilaahiahdejapggenmdmafpmbipje\3.0.7.2_0\
CHR - Extension: RealDownloader = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji\1.3.0_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Skype Click to Call = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\5.9.0.9216_0\
CHR - Extension: Gutscheinaffe = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nfoleljfffgljekfndmmfbcmhkgeellb\1.4_0\
CHR - Extension: Google Mail = C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_1\
 
O1 HOSTS File: ([2006.09.18 22:41:30 | 000,000,761 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1       localhost
O1 - Hosts: ::1             localhost
O2 - BHO: (Babylon toolbar helper) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (RealNetworks Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll (RealDownloader)
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Programme\BabylonToolbar\BabylonToolbar\1.5.3.17\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\alle user\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O3 - HKCU\..\Toolbar\WebBrowser: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\alle user\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [INPROCOMMWireless] C:\Program Files\Atheros\Wireless\Utility\WlanUtil.exe File not found
O4 - HKLM..\Run: [RtHDVCpl] C:\Windows\RtHDVCpl.exe (Realtek Semiconductor)
O4 - HKLM..\Run: [TkBellExe] c:\program files\real\realplayer\Update\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: []  File not found
O4 - HKCU..\Run: [ManyCam] C:\Program Files\ManyCam\Bin\ManyCam.exe (ManyCam LLC)
O4 - HKCU..\Run: [NokiaSuite.exe] C:\Program Files\Nokia\Nokia Suite\NokiaSuite.exe (Nokia)
O4 - Startup: C:\Users\alle user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\alle user\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
O4 - Startup: C:\Users\alle user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.3.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe ()
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O13 - gopher Prefix: missing
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 vpnweb.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{1332E68F-F0BB-46BD-89A8-D6458F777D04}: DhcpNameServer = 192.168.2.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{B6192BDF-786B-4AED-8ED2-65D6F5D8266F}: DhcpNameServer = 134.100.33.240
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Users\alle user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O24 - Desktop BackupWallPaper: C:\Users\alle user\AppData\Roaming\Microsoft\Windows Photo Gallery\Hintergrundbild der Windows-Fotogalerie.jpg
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006.09.18 22:43:36 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O33 - MountPoints2\{3981522b-ff0c-11e1-b52f-001377a9e408}\Shell - "" = AutoRun
O33 - MountPoints2\{3981522b-ff0c-11e1-b52f-001377a9e408}\Shell\AutoRun\command - "" = G:\setup.exe
O33 - MountPoints2\{9c0bb970-e782-11e1-8311-001377a9e408}\Shell - "" = AutoRun
O33 - MountPoints2\{9c0bb970-e782-11e1-8311-001377a9e408}\Shell\AutoRun\command - "" = G:\PMCsetup.exe
O33 - MountPoints2\{ebaf0815-d3f8-11e1-ab64-001377a9e408}\Shell - "" = AutoRun
O33 - MountPoints2\{ebaf0815-d3f8-11e1-ab64-001377a9e408}\Shell\AutoRun\command - "" = F:\PMCsetup.exe
O33 - MountPoints2\G\Shell - "" = AutoRun
O33 - MountPoints2\G\Shell\AutoRun\command - "" = G:\setup.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.03 20:20:24 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\alle user\Desktop\OTL.exe
[2013.01.03 02:16:28 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\Malwarebytes
[2013.01.03 02:15:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware
[2013.01.03 02:15:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes
[2013.01.03 02:15:26 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2013.01.03 02:15:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012.12.26 23:47:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Apple Computer
[2012.12.22 11:53:51 | 000,000,000 | ---D | C] -- C:\Program Files\Dropbox
[2012.12.12 12:39:26 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\RealNetworks
[2012.12.12 12:38:53 | 000,000,000 | ---D | C] -- C:\Program Files\RealNetworks
[2012.12.12 12:38:50 | 000,000,000 | ---D | C] -- C:\ProgramData\RealNetworks
[2012.12.12 12:38:37 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\xing shared
[2012.12.12 12:17:24 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
[2012.12.12 12:17:13 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2012.12.07 12:05:29 | 000,000,000 | ---D | C] -- C:\ProgramData\dvdfab
[2012.12.07 12:04:44 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\NVIDIA
[2012.12.07 12:04:43 | 000,000,000 | ---D | C] -- C:\Users\alle user\Documents\DVDFab
[2012.12.07 12:04:37 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
[2012.12.07 12:04:30 | 000,000,000 | ---D | C] -- C:\Program Files\DVDFab 8 Qt
[2012.12.07 11:58:30 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2012.12.07 11:58:24 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2012.12.07 11:58:23 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2012.12.07 11:58:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2012.12.07 11:58:15 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2012.12.07 11:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2012.12.07 11:57:27 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digiarty
[2012.12.07 11:57:23 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\Digiarty
[2012.12.07 11:57:23 | 000,000,000 | ---D | C] -- C:\Program Files\Digiarty
[2012.12.07 11:56:52 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\convert
[2012.12.07 11:56:41 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\loadtbs
[2012.12.07 11:56:25 | 000,000,000 | ---D | C] -- C:\Users\alle user\Gutscheinaffe
[2012.12.07 11:47:47 | 000,000,000 | ---D | C] -- C:\ProgramData\DVD Shrink
[2012.12.07 11:47:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink deutsch
[2012.12.07 11:47:45 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink DE
[2012.12.06 21:34:35 | 000,000,000 | ---D | C] -- C:\Users\alle user\Desktop\geschenk
[2012.12.06 19:08:10 | 000,000,000 | ---D | C] -- C:\Users\alle user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Xilisoft
[2012.12.06 19:08:02 | 000,000,000 | ---D | C] -- C:\Program Files\Xilisoft
[2012.12.06 19:08:00 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.03 20:30:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.03 20:20:30 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\alle user\Desktop\OTL.exe
[2013.01.03 20:06:00 | 000,001,136 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009650958-1073252964-1774183698-1000UA.job
[2013.01.03 19:59:12 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 19:59:12 | 000,003,760 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-2P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.03 17:59:40 | 000,168,738 | ---- | M] () -- C:\ProgramData\nvModes.001
[2013.01.03 17:59:29 | 000,168,738 | ---- | M] () -- C:\ProgramData\nvModes.dat
[2013.01.03 17:59:23 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.03 15:06:23 | 000,001,084 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskUserS-1-5-21-1009650958-1073252964-1774183698-1000Core.job
[2013.01.03 11:56:45 | 000,628,668 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.03 11:56:45 | 000,595,996 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.03 11:56:45 | 000,126,442 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.03 11:56:45 | 000,104,070 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.03 11:49:21 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.03 11:49:10 | 3215,572,992 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.03 02:15:28 | 000,000,906 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.26 23:24:56 | 000,045,568 | ---- | M] () -- C:\Users\alle user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.12.26 17:24:44 | 000,022,416 | ---- | M] () -- C:\Users\alle user\.recently-used.xbel
[2012.12.26 17:00:27 | 000,000,444 | -H-- | M] () -- C:\Windows\tasks\Norton Security Scan for alle user.job
[2012.12.23 12:18:20 | 000,000,680 | ---- | M] () -- C:\Users\alle user\AppData\Local\d3d9caps.dat
[2012.12.22 11:46:05 | 000,261,176 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[2012.12.22 11:26:46 | 000,000,955 | ---- | M] () -- C:\Users\alle user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk
[2012.12.22 11:26:35 | 000,000,931 | ---- | M] () -- C:\Users\alle user\Desktop\Dropbox.lnk
[2012.12.14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys
[2012.12.12 12:39:05 | 000,000,847 | ---- | M] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.12.12 12:17:24 | 000,272,896 | ---- | M] (Progressive Networks) -- C:\Windows\System32\pncrt.dll
[2012.12.10 21:04:22 | 000,030,320 | ---- | M] () -- C:\Users\alle user\Desktop\Projektbericht.odt
[2012.12.07 12:04:37 | 000,000,850 | ---- | M] () -- C:\Users\alle user\Desktop\DVDFab Profile Editor.lnk
[2012.12.07 12:04:37 | 000,000,813 | ---- | M] () -- C:\Users\alle user\Desktop\DVDFab 8 Qt.lnk
[2012.12.07 11:58:26 | 000,001,938 | ---- | M] () -- C:\user.js
[2012.12.05 18:15:39 | 000,011,958 | ---- | M] () -- C:\Users\alle user\Desktop\spanisch HA.odt
[2012.12.04 21:18:41 | 000,506,646 | ---- | M] () -- C:\Users\alle user\Desktop\Bericht_Kultur_und_Diversität.pdf
 
========== Files Created - No Company Name ==========
 
[2013.01.03 02:15:28 | 000,000,906 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk
[2012.12.26 17:24:44 | 000,022,416 | ---- | C] () -- C:\Users\alle user\.recently-used.xbel
[2012.12.13 10:02:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_User_01_11_00_Inbox_Critical.Wdf
[2012.12.13 10:02:57 | 000,000,003 | ---- | C] () -- C:\Windows\System32\drivers\MsftWdf_Kernel_01011_Inbox_Critical.Wdf
[2012.12.12 12:39:05 | 000,000,847 | ---- | C] () -- C:\Users\Public\Desktop\RealPlayer.lnk
[2012.12.07 12:04:37 | 000,000,850 | ---- | C] () -- C:\Users\alle user\Desktop\DVDFab Profile Editor.lnk
[2012.12.07 12:04:37 | 000,000,813 | ---- | C] () -- C:\Users\alle user\Desktop\DVDFab 8 Qt.lnk
[2012.12.07 11:58:15 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2012.12.07 11:58:15 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2012.12.05 18:15:37 | 000,011,958 | ---- | C] () -- C:\Users\alle user\Desktop\spanisch HA.odt
[2012.12.04 21:18:40 | 000,506,646 | ---- | C] () -- C:\Users\alle user\Desktop\Bericht_Kultur_und_Diversität.pdf
[2012.12.04 10:43:30 | 000,000,073 | ---- | C] () -- C:\Windows\cdplayer.ini
[2012.12.04 10:40:14 | 000,001,534 | ---- | C] () -- C:\ProgramData\ss.ini
[2012.11.21 22:42:43 | 000,000,465 | ---- | C] () -- C:\Users\alle user\AppData\Roaming\Poladroid prefs.plist
[2012.05.22 09:23:33 | 000,001,025 | ---- | C] () -- C:\Windows\System32\sysprs7.dll
[2012.05.22 09:23:33 | 000,000,205 | ---- | C] () -- C:\Windows\System32\lsprst7.dll
[2012.04.18 10:17:07 | 000,000,071 | ---- | C] () -- C:\Users\alle user\Documents.dat
[2012.01.25 11:31:57 | 000,045,568 | ---- | C] () -- C:\Users\alle user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012.01.23 18:39:26 | 000,000,135 | R--- | C] () -- C:\Windows\System32\lngEng.ini
[2012.01.23 18:39:26 | 000,000,117 | ---- | C] () -- C:\Windows\System32\lngKor.ini
[2012.01.23 13:28:12 | 000,168,738 | ---- | C] () -- C:\ProgramData\nvModes.001
[2012.01.23 10:57:24 | 000,168,738 | ---- | C] () -- C:\ProgramData\nvModes.dat
[2012.01.20 17:14:07 | 000,000,680 | ---- | C] () -- C:\Users\alle user\AppData\Local\d3d9caps.dat
 
========== ZeroAccess Check ==========
 
[2012.09.15 13:47:04 | 000,000,000 | ---D | M] -- C:\$Recycle.bin\S-1-5-21-1009650958-1073252964-1774183698-1000\$RZJPHPL\l
[2006.11.02 13:54:22 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 18:47:00 | 011,586,048 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2009.04.11 14:18:30 | 000,614,912 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2009.04.11 14:18:20 | 000,347,648 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.03.12 16:17:35 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\Babylon
[2012.12.07 11:56:52 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\convert
[2012.12.07 11:57:39 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\Digiarty
[2013.01.03 11:50:19 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\Dropbox
[2012.12.26 17:24:44 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\gtk-2.0
[2012.12.07 11:57:02 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\loadtbs
[2012.04.20 14:57:40 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\ManyCam
[2012.01.28 14:20:17 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\OpenOffice.org
[2012.12.01 20:46:56 | 000,000,000 | ---D | M] -- C:\Users\alle user\AppData\Roaming\PC Suite
 
========== Purity Check ==========
 
 

< End of report >
         
--- --- ---


Extras.Txt:OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 03.01.2013 20:26:58 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\alle user\Desktop
Windows Vista Home Premium Edition Service Pack 2 (Version = 6.0.6002) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,99 Gb Total Physical Memory | 1,83 Gb Available Physical Memory | 61,14% Memory free
6,21 Gb Paging File | 4,58 Gb Available in Paging File | 73,83% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 225,14 Gb Total Space | 12,19 Gb Free Space | 5,41% Space Free | Partition Type: NTFS
Drive D: | 224,99 Gb Total Space | 102,74 Gb Free Space | 45,66% Space Free | Partition Type: NTFS
 
Computer Name: ALLEUSER-PC | User Name: alle user | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [print] -- rundll32.exe %windir%\system32\mshtml.dll,PrintHTML "%1"
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /separate,/idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /separate,/e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"VistaSp2" = Reg Error: Unknown registry data type -- File not found
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{02FE9550-EB01-4B05-ADCA-609659EBCAA1}" = protocol=6 | dir=in | app=c:\users\alle user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{5B44E085-3FD3-42B0-B78D-AAE19B186C84}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{60F221ED-E79F-4B31-B53E-9A9DE0AE5D4C}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{65E7F0E0-8FE5-49BD-8358-F3EE3C5E1C82}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{8CA7D84E-332A-4535-8401-3791B84545D1}" = protocol=17 | dir=in | app=c:\users\alle user\appdata\roaming\dropbox\bin\dropbox.exe | 
"{9DF3A157-BD94-431D-ACD8-15FDF9E396AD}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{F3F73BF6-46DB-48F2-8398-435C91786CBE}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{052FDD78-A6EA-3187-8386-C82F4CA3A929}" = Microsoft .NET Framework 3.5 Language Pack SP1 - deu
"{0906982B-A432-4C06-8F01-C01BE1143779}" = Nokia Connectivity Cable Driver
"{17283B95-21A8-4996-97DA-547A48DB266F}" = Easy Display Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java(TM) 6 Update 22
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{28E82311-8616-11E1-BEB0-B8AC6F97B88E}" = Google Earth
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.530
"{33EBF075-8593-4698-BDAF-CF8DED80BB5B}" = Nokia Suite
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E9CA789-3AAC-4F5E-B42D-EA4232DAC60F}" = Atheros Wireless LAN
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{44257960-C5CC-45BA-8E83-524E4A0F3FD5}" = Cisco AnyConnect VPN Client
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP 3.92
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6F730513-8688-4C3C-90A3-6B9792CE2EF3}" = Easy Battery Manager
"{71A51B09-E7D3-11DB-A386-005056C00008}" = Vimicro UVC Camera
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{9068B2BE-D93A-4C0A-861C-5E35E2C0E09E}" = Intel® Matrix Storage Manager
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AAECF7BA-E83B-4A10-87EA-DE0B333F8734}" = RealNetworks - Microsoft Visual C++ 2010 Runtime
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.3) - Deutsch
"{AF111648-99A1-453E-81DD-80DBBF6DAD0D}" = MSVC90_x86
"{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}" = RealDownloader
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{BA77F9D2-CD35-41EB-9BC9-769879DFF8A6}" = PC Connectivity Solution
"{C25215FC-5900-48B0-B93C-8D3379027312}" = PASW Statistics 18
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D615D099-5C0F-41E0-B69E-B7D1CDC51B61}" = Philips Media Converter
"{E3B64CC5-C011-40C0-92BC-7316CD5E5688}" = Microsoft_VC100_CRT_SP1_x86
"{E8FF78D0-4D1C-4B2D-AC80-670F135F5461}" = Poladroid
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{EF367AA4-070B-493C-9575-85BE59D789C9}" = Easy SpeedUp Manager
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{FE48654B-F9AA-40ED-BEF3-48F3FE2FA847}" = Philips Media Converter
"17D063A0A9F5D5A225B76B1D9BCB5ADBE85C8382" = Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver”  (05/31/2012 7.1.2.0)
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Avira AntiVir Desktop" = Avira Free Antivirus
"BabylonToolbar" = Babylon toolbar on IE
"DVD Shrink DE_is1" = DVD Shrink 3.2 deutsch (DeCSS-frei)
"DVDFab 8 Qt_is1" = DVDFab 8.2.2.4 (06/12/2012) Qt
"incredibar" = Incredibar Toolbar  on IE
"InstallShield_{4EA8EA5D-8E46-4698-9BF7-2F2AD8E1C185}" = Easy Network Manager 3.0
"loadtbs-3.0" = loadtbs-3.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"ManyCam" = ManyCam 3.0.48 (remove only)
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 3.5 Language Pack SP1 - deu" = Microsoft .NET Framework 3.5 Language Pack SP1 - DEU
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Nokia Suite" = Nokia Suite
"NSS" = Norton Security Scan
"NVIDIA Display Control Panel" = NVIDIA Display Control Panel
"NVIDIA Drivers" = NVIDIA Drivers
"R for Windows 2.15.0_is1" = R for Windows 2.15.0
"RealPlayer 16.0" = RealPlayer
"VLC media player" = VLC media player 1.1.11
"WinGimp-2.0_is1" = GIMP 2.6.12
"WinX DVD Ripper_is1" = WinX DVD Ripper 5.5.5
"WNLT" = IB Updater Service
"Xilisoft DVD Ripper Platinum 5" = Xilisoft DVD Ripper Platinum 5
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"FoxTab Media Player" = FoxTab Media Player
"Google Chrome" = Google Chrome
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 16.12.2012 12:31:02 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 20.12.2012 21:03:14 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2012 06:24:33 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 22.12.2012 06:47:14 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 25.12.2012 12:53:04 | Computer Name = alleuser-PC | Source = VSS | ID = 8194
Description = 
 
Error - 26.12.2012 06:01:31 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 20:51:55 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 20:58:49 | Computer Name = alleuser-PC | Source = VSS | ID = 12289
Description = 
 
Error - 02.01.2013 22:14:54 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
Error - 02.01.2013 22:14:54 | Computer Name = alleuser-PC | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Windows\Installer\{AF7EBCA4-9FAF-4DC8-8D09-67854BB84D34}\recordingmanager.exe".
Die
 abhängige Assemblierung "rpshellextension.1.0,language="&#x2a;",type="win32",version="1.0.0.0""
 konnte nicht gefunden werden.  Verwenden Sie für eine detaillierte Diagnose das Programm
 "sxstrace.exe".
 
[ Cisco AnyConnect VPN Client Events ]
Error - 03.01.2013 06:52:32 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CTlsTransport::OnTransportInitiateComplete File: .\IP\TlsTransport.cpp
Line:
 344 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:32 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:32 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:32 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpSessionAsync::OnTransportInitiateComplete File: .\IP\HttpSessionAsync.cpp
Line:
 1051 Invoked Function: ISocketTransportCB::OnTransportInitiateComplete Return Code:
 -31522780 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CHttpProbeAsync::OnOpenRequestComplete File: .\IP\HttpProbeAsync.cpp
Line:
 254 Invoked Function: CHttpSessionAsync::OnOpenRequestComplete Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CSocketTransport::OnTimerExpired File: .\IPC\SocketTransport.cpp
Line:
 1175 Invoked Function: CSocketTransport::postConnectProcessing Return Code: -31522780
 (0xFE1F0024) Description: SOCKETTRANSPORT_ERROR_CONNECT_TIMEOUT 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestAccessToSG File: .\NetEnvironment.cpp
Line:
 1019 Invoked Function: CNetEnvironment::analyzeHttpResponse Return Code: -28901363
 (0xFE47000D) Description: NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could
 not contact target 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::testNetwork File: .\NetEnvironment.cpp Line:
 855 Invoked Function: CNetEnvironment::IsSGAccessible Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
Error - 03.01.2013 06:52:40 | Computer Name = alleuser-PC | Source = vpnagent | ID = 67108866
Description = Function: CNetEnvironment::TestNetEnv File: .\NetEnvironment.cpp Line:
 190 Invoked Function: CNetEnvironment::testNetwork Return Code: -28901363 (0xFE47000D)
Description:
 NETENVIRONMENT_ERROR_PROBE_INCOMPLETE:Network Probe could not contact target 
 
[ System Events ]
Error - 11.08.2012 18:12:05 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 11.08.2012 18:12:05 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.08.2012 05:42:58 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.08.2012 05:42:58 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.08.2012 06:13:07 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.08.2012 06:13:07 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 13.08.2012 12:24:37 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 13.08.2012 12:24:37 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7000
Description = 
 
Error - 15.08.2012 11:36:23 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7011
Description = 
 
Error - 15.08.2012 11:36:23 | Computer Name = alleuser-PC | Source = Service Control Manager | ID = 7000
Description = 
 
 
< End of report >
         
--- --- ---
__________________

Alt 05.01.2013, 16:29   #4
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 05.01.2013, 17:09   #5
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi, vielen Dank für die Antwort!
bei Durchlauf gab es keine Funde.


17:02:28.0128 0360 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
17:02:28.0269 0360 ============================================================
17:02:28.0269 0360 Current date / time: 2013/01/05 17:02:28.0269
17:02:28.0269 0360 SystemInfo:
17:02:28.0269 0360
17:02:28.0269 0360 OS Version: 6.0.6002 ServicePack: 2.0
17:02:28.0269 0360 Product type: Workstation
17:02:28.0269 0360 ComputerName: ALLEUSER-PC
17:02:28.0269 0360 UserName: alle user
17:02:28.0269 0360 Windows directory: C:\Windows
17:02:28.0269 0360 System windows directory: C:\Windows
17:02:28.0269 0360 Processor architecture: Intel x86
17:02:28.0269 0360 Number of processors: 2
17:02:28.0269 0360 Page size: 0x1000
17:02:28.0269 0360 Boot type: Normal boot
17:02:28.0269 0360 ============================================================
17:02:29.0164 0360 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:02:29.0166 0360 ============================================================
17:02:29.0166 0360 \Device\Harddisk0\DR0:
17:02:29.0166 0360 MBR partitions:
17:02:29.0166 0360 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1F411F8, BlocksNum 0x1C24714E
17:02:29.0166 0360 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1E188346, BlocksNum 0x1C1FC8FB
17:02:29.0166 0360 ============================================================
17:02:29.0220 0360 C: <-> \Device\Harddisk0\DR0\Partition1
17:02:29.0271 0360 D: <-> \Device\Harddisk0\DR0\Partition2
17:02:29.0300 0360 ============================================================
17:02:29.0301 0360 Initialize success
17:02:29.0301 0360 ============================================================
17:02:37.0798 6328 ============================================================
17:02:37.0799 6328 Scan started
17:02:37.0799 6328 Mode: Manual; SigCheck; TDLFS;
17:02:37.0799 6328 ============================================================
17:02:38.0321 6328 ================ Scan system memory ========================
17:02:38.0321 6328 System memory - ok
17:02:38.0322 6328 ================ Scan services =============================
17:02:38.0611 6328 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:02:38.0797 6328 ACPI - ok
17:02:38.0906 6328 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:02:38.0918 6328 AdobeARMservice - ok
17:02:38.0950 6328 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:02:38.0976 6328 adp94xx - ok
17:02:39.0024 6328 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:02:39.0043 6328 adpahci - ok
17:02:39.0066 6328 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:02:39.0091 6328 adpu160m - ok
17:02:39.0114 6328 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:02:39.0130 6328 adpu320 - ok
17:02:39.0175 6328 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:02:39.0302 6328 AeLookupSvc - ok
17:02:39.0361 6328 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:02:39.0432 6328 AFD - ok
17:02:39.0464 6328 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:02:39.0484 6328 agp440 - ok
17:02:39.0516 6328 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:02:39.0537 6328 aic78xx - ok
17:02:39.0563 6328 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:02:39.0720 6328 ALG - ok
17:02:39.0749 6328 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:02:39.0771 6328 aliide - ok
17:02:39.0803 6328 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:02:39.0819 6328 amdagp - ok
17:02:39.0859 6328 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:02:39.0871 6328 amdide - ok
17:02:39.0904 6328 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:02:39.0975 6328 AmdK7 - ok
17:02:40.0002 6328 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:02:40.0049 6328 AmdK8 - ok
17:02:40.0127 6328 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:02:40.0168 6328 AntiVirSchedulerService - ok
17:02:40.0238 6328 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:02:40.0253 6328 AntiVirService - ok
17:02:40.0317 6328 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:02:40.0400 6328 Appinfo - ok
17:02:40.0435 6328 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:02:40.0485 6328 arc - ok
17:02:40.0529 6328 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:02:40.0550 6328 arcsas - ok
17:02:40.0582 6328 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:02:40.0646 6328 AsyncMac - ok
17:02:40.0677 6328 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:02:40.0698 6328 atapi - ok
17:02:40.0781 6328 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys
17:02:40.0932 6328 athr - ok
17:02:41.0017 6328 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:02:41.0098 6328 AudioEndpointBuilder - ok
17:02:41.0110 6328 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:02:41.0156 6328 Audiosrv - ok
17:02:41.0217 6328 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:02:41.0257 6328 avgntflt - ok
17:02:41.0357 6328 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:02:41.0393 6328 avipbb - ok
17:02:41.0409 6328 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:02:41.0421 6328 avkmgr - ok
17:02:41.0474 6328 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:02:41.0545 6328 Beep - ok
17:02:41.0605 6328 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:02:41.0669 6328 BFE - ok
17:02:41.0782 6328 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:02:41.0859 6328 BITS - ok
17:02:41.0912 6328 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:02:41.0970 6328 blbdrive - ok
17:02:42.0026 6328 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:02:42.0085 6328 bowser - ok
17:02:42.0127 6328 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:02:42.0185 6328 BrFiltLo - ok
17:02:42.0210 6328 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:02:42.0290 6328 BrFiltUp - ok
17:02:42.0327 6328 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:02:42.0421 6328 Browser - ok
17:02:42.0470 6328 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:02:42.0680 6328 Brserid - ok
17:02:42.0719 6328 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:02:42.0854 6328 BrSerWdm - ok
17:02:42.0881 6328 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:02:42.0997 6328 BrUsbMdm - ok
17:02:43.0035 6328 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:02:43.0148 6328 BrUsbSer - ok
17:02:43.0188 6328 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:02:43.0256 6328 BTHMODEM - ok
17:02:43.0284 6328 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:02:43.0324 6328 cdfs - ok
17:02:43.0357 6328 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:02:43.0397 6328 cdrom - ok
17:02:43.0446 6328 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:02:43.0494 6328 CertPropSvc - ok
17:02:43.0508 6328 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:02:43.0564 6328 circlass - ok
17:02:43.0597 6328 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:02:43.0644 6328 CLFS - ok
17:02:43.0737 6328 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:02:43.0772 6328 clr_optimization_v2.0.50727_32 - ok
17:02:43.0866 6328 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:02:43.0886 6328 clr_optimization_v4.0.30319_32 - ok
17:02:43.0939 6328 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:02:44.0004 6328 CmBatt - ok
17:02:44.0058 6328 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:02:44.0077 6328 cmdide - ok
17:02:44.0111 6328 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:02:44.0133 6328 Compbatt - ok
17:02:44.0140 6328 COMSysApp - ok
17:02:44.0170 6328 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:02:44.0188 6328 crcdisk - ok
17:02:44.0207 6328 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:02:44.0258 6328 Crusoe - ok
17:02:44.0329 6328 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:02:44.0431 6328 CryptSvc - ok
17:02:44.0495 6328 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:02:44.0572 6328 DcomLaunch - ok
17:02:44.0618 6328 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:02:44.0697 6328 DfsC - ok
17:02:44.0800 6328 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:02:44.0917 6328 DFSR - ok
17:02:44.0974 6328 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:02:45.0020 6328 Dhcp - ok
17:02:45.0077 6328 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:02:45.0091 6328 disk - ok
17:02:45.0139 6328 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:02:45.0176 6328 Dnscache - ok
17:02:45.0215 6328 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:02:45.0242 6328 dot3svc - ok
17:02:45.0274 6328 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:02:45.0307 6328 DPS - ok
17:02:45.0350 6328 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:02:45.0398 6328 drmkaud - ok
17:02:45.0447 6328 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:02:45.0488 6328 DXGKrnl - ok
17:02:45.0548 6328 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:02:45.0602 6328 E1G60 - ok
17:02:45.0642 6328 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:02:45.0695 6328 EapHost - ok
17:02:45.0743 6328 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:02:45.0774 6328 Ecache - ok
17:02:45.0847 6328 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:02:45.0898 6328 ehRecvr - ok
17:02:45.0922 6328 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:02:45.0982 6328 ehSched - ok
17:02:45.0995 6328 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:02:46.0034 6328 ehstart - ok
17:02:46.0073 6328 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:02:46.0112 6328 elxstor - ok
17:02:46.0165 6328 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:02:46.0259 6328 EMDMgmt - ok
17:02:46.0295 6328 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:02:46.0351 6328 ErrDev - ok
17:02:46.0383 6328 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:02:46.0447 6328 EventSystem - ok
17:02:46.0486 6328 EverestDriver - ok
17:02:46.0529 6328 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:02:46.0595 6328 exfat - ok
17:02:46.0634 6328 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:02:46.0676 6328 fastfat - ok
17:02:46.0698 6328 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:02:46.0756 6328 fdc - ok
17:02:46.0785 6328 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:02:46.0811 6328 fdPHost - ok
17:02:46.0817 6328 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:02:46.0863 6328 FDResPub - ok
17:02:46.0894 6328 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:02:46.0908 6328 FileInfo - ok
17:02:46.0931 6328 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:02:46.0957 6328 Filetrace - ok
17:02:46.0979 6328 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:02:47.0021 6328 flpydisk - ok
17:02:47.0069 6328 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:02:47.0086 6328 FltMgr - ok
17:02:47.0143 6328 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:02:47.0229 6328 FontCache - ok
17:02:47.0304 6328 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:02:47.0318 6328 FontCache3.0.0.0 - ok
17:02:47.0357 6328 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:02:47.0415 6328 Fs_Rec - ok
17:02:47.0441 6328 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:02:47.0457 6328 gagp30kx - ok
17:02:47.0505 6328 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:02:47.0564 6328 gpsvc - ok
17:02:47.0665 6328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:02:47.0681 6328 gupdate - ok
17:02:47.0688 6328 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:02:47.0704 6328 gupdatem - ok
17:02:47.0753 6328 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:02:47.0822 6328 HdAudAddService - ok
17:02:47.0896 6328 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:02:47.0983 6328 HDAudBus - ok
17:02:48.0034 6328 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:02:48.0149 6328 HidBth - ok
17:02:48.0183 6328 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:02:48.0253 6328 HidIr - ok
17:02:48.0311 6328 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:02:48.0365 6328 hidserv - ok
17:02:48.0406 6328 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:02:48.0463 6328 HidUsb - ok
17:02:48.0517 6328 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:02:48.0554 6328 hkmsvc - ok
17:02:48.0583 6328 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:02:48.0620 6328 HpCISSs - ok
17:02:48.0664 6328 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:02:48.0729 6328 HTTP - ok
17:02:48.0763 6328 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:02:48.0791 6328 i2omp - ok
17:02:48.0852 6328 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:02:48.0916 6328 i8042prt - ok
17:02:48.0954 6328 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:02:48.0975 6328 iaStor - ok
17:02:49.0006 6328 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:02:49.0032 6328 iaStorV - ok
17:02:49.0089 6328 [ 8B672417438380704E6A39B2F9D78EE8 ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
17:02:49.0109 6328 IB Updater - ok
17:02:49.0152 6328 [ 05B1323C82849E1CC4E774D470254215 ] IBUpdaterService C:\Windows\system32\dmwu.exe
17:02:49.0222 6328 IBUpdaterService - ok
17:02:49.0315 6328 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:02:49.0374 6328 idsvc - ok
17:02:49.0396 6328 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:02:49.0426 6328 iirsp - ok
17:02:49.0484 6328 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:02:49.0587 6328 IKEEXT - ok
17:02:49.0711 6328 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:02:49.0808 6328 IntcAzAudAddService - ok
17:02:49.0868 6328 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:02:49.0881 6328 intelide - ok
17:02:49.0912 6328 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:02:49.0958 6328 intelppm - ok
17:02:50.0000 6328 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:02:50.0051 6328 IPBusEnum - ok
17:02:50.0078 6328 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:02:50.0126 6328 IpFilterDriver - ok
17:02:50.0168 6328 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:02:50.0231 6328 iphlpsvc - ok
17:02:50.0237 6328 IpInIp - ok
17:02:50.0269 6328 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:02:50.0318 6328 IPMIDRV - ok
17:02:50.0339 6328 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:02:50.0374 6328 IPNAT - ok
17:02:50.0397 6328 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:02:50.0434 6328 IRENUM - ok
17:02:50.0451 6328 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:02:50.0481 6328 isapnp - ok
17:02:50.0520 6328 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:02:50.0558 6328 iScsiPrt - ok
17:02:50.0586 6328 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:02:50.0603 6328 iteatapi - ok
17:02:50.0622 6328 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:02:50.0640 6328 iteraid - ok
17:02:50.0665 6328 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:02:50.0685 6328 kbdclass - ok
17:02:50.0703 6328 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:02:50.0733 6328 kbdhid - ok
17:02:50.0761 6328 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:02:50.0811 6328 KeyIso - ok
17:02:50.0879 6328 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
17:02:50.0936 6328 KMDFMEMIO - ok
17:02:50.0983 6328 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:02:51.0018 6328 KSecDD - ok
17:02:51.0053 6328 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:02:51.0109 6328 KtmRm - ok
17:02:51.0146 6328 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:02:51.0217 6328 LanmanServer - ok
17:02:51.0284 6328 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:02:51.0350 6328 LanmanWorkstation - ok
17:02:51.0399 6328 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:02:51.0475 6328 lltdio - ok
17:02:51.0547 6328 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:02:51.0635 6328 lltdsvc - ok
17:02:51.0666 6328 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:02:51.0752 6328 lmhosts - ok
17:02:51.0778 6328 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:02:51.0792 6328 LSI_FC - ok
17:02:51.0816 6328 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:02:51.0831 6328 LSI_SAS - ok
17:02:51.0861 6328 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:02:51.0876 6328 LSI_SCSI - ok
17:02:51.0892 6328 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:02:51.0929 6328 luafv - ok
17:02:51.0971 6328 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
17:02:52.0011 6328 ManyCam - ok
17:02:52.0064 6328 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:02:52.0074 6328 MBAMProtector - ok
17:02:52.0099 6328 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:02:52.0137 6328 MBAMScheduler - ok
17:02:52.0175 6328 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:02:52.0238 6328 MBAMService - ok
17:02:52.0272 6328 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
17:02:52.0327 6328 mcaudrv_simple - ok
17:02:52.0391 6328 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
17:02:52.0414 6328 McComponentHostService - ok
17:02:52.0449 6328 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:02:52.0490 6328 Mcx2Svc - ok
17:02:52.0544 6328 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:02:52.0564 6328 megasas - ok
17:02:52.0609 6328 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:02:52.0655 6328 MegaSR - ok
17:02:52.0692 6328 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:02:52.0769 6328 MMCSS - ok
17:02:52.0789 6328 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:02:52.0861 6328 Modem - ok
17:02:52.0907 6328 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:02:52.0974 6328 monitor - ok
17:02:52.0998 6328 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:02:53.0023 6328 mouclass - ok
17:02:53.0034 6328 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:02:53.0093 6328 mouhid - ok
17:02:53.0117 6328 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:02:53.0143 6328 MountMgr - ok
17:02:53.0197 6328 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:02:53.0226 6328 mpio - ok
17:02:53.0260 6328 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:02:53.0322 6328 mpsdrv - ok
17:02:53.0382 6328 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:02:53.0465 6328 MpsSvc - ok
17:02:53.0498 6328 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:02:53.0524 6328 Mraid35x - ok
17:02:53.0542 6328 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:02:53.0580 6328 MRxDAV - ok
17:02:53.0621 6328 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:02:53.0674 6328 mrxsmb - ok
17:02:53.0707 6328 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:02:53.0752 6328 mrxsmb10 - ok
17:02:53.0775 6328 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:02:53.0812 6328 mrxsmb20 - ok
17:02:53.0858 6328 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
17:02:53.0884 6328 msahci - ok
17:02:53.0914 6328 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:02:53.0943 6328 msdsm - ok
17:02:53.0972 6328 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:02:54.0033 6328 MSDTC - ok
17:02:54.0047 6328 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:02:54.0104 6328 Msfs - ok
17:02:54.0143 6328 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:02:54.0156 6328 msisadrv - ok
17:02:54.0201 6328 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:02:54.0229 6328 MSiSCSI - ok
17:02:54.0235 6328 msiserver - ok
17:02:54.0260 6328 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:02:54.0298 6328 MSKSSRV - ok
17:02:54.0342 6328 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:02:54.0369 6328 MSPCLOCK - ok
17:02:54.0385 6328 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:02:54.0432 6328 MSPQM - ok
17:02:54.0481 6328 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:02:54.0521 6328 MsRPC - ok
17:02:54.0576 6328 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:02:54.0592 6328 mssmbios - ok
17:02:54.0641 6328 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:02:54.0706 6328 MSTEE - ok
17:02:54.0729 6328 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:02:54.0751 6328 Mup - ok
17:02:54.0796 6328 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:02:54.0849 6328 napagent - ok
17:02:54.0887 6328 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:02:54.0905 6328 NativeWifiP - ok
17:02:54.0942 6328 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:02:54.0992 6328 NDIS - ok
17:02:55.0057 6328 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:02:55.0100 6328 NdisTapi - ok
17:02:55.0119 6328 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:02:55.0164 6328 Ndisuio - ok
17:02:55.0198 6328 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:02:55.0232 6328 NdisWan - ok
17:02:55.0251 6328 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:02:55.0275 6328 NDProxy - ok
17:02:55.0310 6328 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:02:55.0341 6328 NetBIOS - ok
17:02:55.0371 6328 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:02:55.0412 6328 netbt - ok
17:02:55.0427 6328 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:02:55.0444 6328 Netlogon - ok
17:02:55.0482 6328 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:02:55.0547 6328 Netman - ok
17:02:55.0569 6328 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:02:55.0620 6328 netprofm - ok
17:02:55.0654 6328 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:02:55.0672 6328 NetTcpPortSharing - ok
17:02:55.0728 6328 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:02:55.0746 6328 nfrd960 - ok
17:02:55.0778 6328 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:02:55.0836 6328 NlaSvc - ok
17:02:55.0874 6328 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:02:55.0935 6328 Npfs - ok
17:02:55.0988 6328 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:02:56.0047 6328 nsi - ok
17:02:56.0067 6328 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:02:56.0147 6328 nsiproxy - ok
17:02:56.0214 6328 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:02:56.0285 6328 Ntfs - ok
17:02:56.0309 6328 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:02:56.0378 6328 ntrigdigi - ok
17:02:56.0417 6328 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:02:56.0456 6328 Null - ok
17:02:56.0517 6328 [ B4F70FAC4EA61CF150823AA063A39FF9 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:02:56.0534 6328 NVHDA - ok
17:02:56.0851 6328 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:02:57.0782 6328 nvlddmkm - ok
17:02:57.0835 6328 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:02:57.0864 6328 nvraid - ok
17:02:57.0888 6328 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:02:57.0916 6328 nvstor - ok
17:02:57.0960 6328 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:02:57.0985 6328 nvsvc - ok
17:02:58.0014 6328 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:02:58.0052 6328 nv_agp - ok
17:02:58.0061 6328 NwlnkFlt - ok
17:02:58.0071 6328 NwlnkFwd - ok
17:02:58.0110 6328 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:02:58.0196 6328 ohci1394 - ok
17:02:58.0259 6328 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:02:58.0368 6328 p2pimsvc - ok
17:02:58.0412 6328 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:02:58.0458 6328 p2psvc - ok
17:02:58.0509 6328 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:02:58.0600 6328 Parport - ok
17:02:58.0648 6328 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:02:58.0675 6328 partmgr - ok
17:02:58.0717 6328 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:02:58.0817 6328 Parvdm - ok
17:02:58.0863 6328 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:02:58.0933 6328 PcaSvc - ok
17:02:58.0988 6328 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:02:59.0038 6328 pccsmcfd - ok
17:02:59.0101 6328 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:02:59.0132 6328 pci - ok
17:02:59.0156 6328 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
17:02:59.0190 6328 pciide - ok
17:02:59.0212 6328 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:02:59.0240 6328 pcmcia - ok
17:02:59.0285 6328 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:02:59.0381 6328 PEAUTH - ok
17:02:59.0480 6328 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:02:59.0591 6328 pla - ok
17:02:59.0645 6328 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:02:59.0707 6328 PlugPlay - ok
17:02:59.0768 6328 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:02:59.0813 6328 PNRPAutoReg - ok
17:02:59.0825 6328 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:02:59.0850 6328 PNRPsvc - ok
17:02:59.0893 6328 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:02:59.0945 6328 PolicyAgent - ok
17:02:59.0986 6328 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:03:00.0054 6328 PptpMiniport - ok
17:03:00.0076 6328 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:03:00.0105 6328 Processor - ok
17:03:00.0158 6328 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:03:00.0188 6328 ProfSvc - ok
17:03:00.0204 6328 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:03:00.0250 6328 ProtectedStorage - ok
17:03:00.0286 6328 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:03:00.0327 6328 PSched - ok
17:03:00.0462 6328 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:03:00.0514 6328 ql2300 - ok
17:03:00.0533 6328 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:03:00.0549 6328 ql40xx - ok
17:03:00.0593 6328 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:03:00.0640 6328 QWAVE - ok
17:03:00.0669 6328 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:03:00.0697 6328 QWAVEdrv - ok
17:03:00.0729 6328 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:03:00.0771 6328 RasAcd - ok
17:03:00.0791 6328 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:03:00.0850 6328 RasAuto - ok
17:03:00.0874 6328 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:03:00.0914 6328 Rasl2tp - ok
17:03:00.0929 6328 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:03:00.0958 6328 RasMan - ok
17:03:00.0977 6328 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:03:01.0011 6328 RasPppoe - ok
17:03:01.0034 6328 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:03:01.0051 6328 RasSstp - ok
17:03:01.0077 6328 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:03:01.0104 6328 rdbss - ok
17:03:01.0131 6328 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:03:01.0171 6328 RDPCDD - ok
17:03:01.0200 6328 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:03:01.0229 6328 rdpdr - ok
17:03:01.0248 6328 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:03:01.0278 6328 RDPENCDD - ok
17:03:01.0351 6328 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:03:01.0399 6328 RDPWD - ok
17:03:01.0499 6328 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:03:01.0515 6328 RealNetworks Downloader Resolver Service - ok
17:03:01.0561 6328 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:03:01.0593 6328 RemoteAccess - ok
17:03:01.0626 6328 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:03:01.0654 6328 RemoteRegistry - ok
17:03:01.0693 6328 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:03:01.0726 6328 RpcLocator - ok
17:03:01.0747 6328 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:03:01.0785 6328 RpcSs - ok
17:03:01.0814 6328 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:03:01.0869 6328 rspndr - ok
17:03:01.0875 6328 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:03:01.0893 6328 SamSs - ok
17:03:01.0929 6328 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:03:01.0946 6328 sbp2port - ok
17:03:01.0974 6328 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:03:02.0000 6328 SCardSvr - ok
17:03:02.0072 6328 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:03:02.0150 6328 Schedule - ok
17:03:02.0188 6328 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:03:02.0217 6328 SCPolicySvc - ok
17:03:02.0244 6328 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:03:02.0275 6328 SDRSVC - ok
17:03:02.0300 6328 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:03:02.0376 6328 secdrv - ok
17:03:02.0411 6328 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:03:02.0472 6328 seclogon - ok
17:03:02.0504 6328 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:03:02.0546 6328 SENS - ok
17:03:02.0577 6328 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:03:02.0658 6328 Serenum - ok
17:03:02.0689 6328 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:03:02.0777 6328 Serial - ok
17:03:02.0798 6328 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:03:02.0835 6328 sermouse - ok
17:03:02.0935 6328 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:03:03.0011 6328 ServiceLayer - ok
17:03:03.0107 6328 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:03:03.0197 6328 SessionEnv - ok
17:03:03.0227 6328 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:03:03.0265 6328 sffdisk - ok
17:03:03.0295 6328 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:03:03.0353 6328 sffp_mmc - ok
17:03:03.0396 6328 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:03:03.0456 6328 sffp_sd - ok
17:03:03.0518 6328 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:03:03.0629 6328 sfloppy - ok
17:03:03.0662 6328 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:03:03.0746 6328 SharedAccess - ok
17:03:03.0793 6328 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:03:03.0841 6328 ShellHWDetection - ok
17:03:03.0873 6328 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:03:03.0901 6328 sisagp - ok
17:03:03.0937 6328 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:03:03.0963 6328 SiSRaid2 - ok
17:03:03.0980 6328 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:03:04.0008 6328 SiSRaid4 - ok
17:03:04.0092 6328 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:03:04.0133 6328 SkypeUpdate - ok
17:03:04.0285 6328 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:03:04.0505 6328 slsvc - ok
17:03:04.0570 6328 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:03:04.0647 6328 SLUINotify - ok
17:03:04.0684 6328 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:03:04.0753 6328 Smb - ok
17:03:04.0797 6328 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:03:04.0829 6328 SNMPTRAP - ok
17:03:04.0897 6328 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:03:04.0921 6328 spldr - ok
17:03:04.0964 6328 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:03:05.0033 6328 Spooler - ok
17:03:05.0116 6328 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:03:05.0192 6328 srv - ok
17:03:05.0251 6328 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:03:05.0351 6328 srv2 - ok
17:03:05.0370 6328 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:03:05.0388 6328 srvnet - ok
17:03:05.0439 6328 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:03:05.0495 6328 SSDPSRV - ok
17:03:05.0520 6328 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:03:05.0532 6328 ssmdrv - ok
17:03:05.0560 6328 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:03:05.0584 6328 SstpSvc - ok
17:03:05.0666 6328 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:03:05.0741 6328 stisvc - ok
17:03:05.0802 6328 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:03:05.0831 6328 swenum - ok
17:03:05.0875 6328 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:03:05.0948 6328 swprv - ok
17:03:05.0964 6328 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:03:06.0000 6328 Symc8xx - ok
17:03:06.0015 6328 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:03:06.0055 6328 Sym_hi - ok
17:03:06.0117 6328 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:03:06.0137 6328 Sym_u3 - ok
17:03:06.0174 6328 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:03:06.0244 6328 SysMain - ok
17:03:06.0299 6328 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:03:06.0371 6328 TabletInputService - ok
17:03:06.0440 6328 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:03:06.0499 6328 TapiSrv - ok
17:03:06.0539 6328 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:03:06.0593 6328 TBS - ok
17:03:06.0726 6328 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:03:06.0809 6328 Tcpip - ok
17:03:06.0868 6328 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:03:06.0924 6328 Tcpip6 - ok
17:03:06.0960 6328 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:03:07.0010 6328 tcpipreg - ok
17:03:07.0065 6328 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:03:07.0140 6328 TDPIPE - ok
17:03:07.0182 6328 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:03:07.0232 6328 TDTCP - ok
17:03:07.0280 6328 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:03:07.0360 6328 tdx - ok
17:03:07.0404 6328 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:03:07.0432 6328 TermDD - ok
17:03:07.0477 6328 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:03:07.0562 6328 TermService - ok
17:03:07.0626 6328 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:03:07.0659 6328 Themes - ok
17:03:07.0701 6328 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:03:07.0752 6328 THREADORDER - ok
17:03:07.0775 6328 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:03:07.0856 6328 TrkWks - ok
17:03:07.0955 6328 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:03:08.0026 6328 TrustedInstaller - ok
17:03:08.0060 6328 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:03:08.0144 6328 tssecsrv - ok
17:03:08.0197 6328 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:03:08.0258 6328 tunmp - ok
17:03:08.0295 6328 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:03:08.0344 6328 tunnel - ok
17:03:08.0361 6328 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:03:08.0388 6328 uagp35 - ok
17:03:08.0417 6328 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:03:08.0462 6328 udfs - ok
17:03:08.0517 6328 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:03:08.0572 6328 UI0Detect - ok
17:03:08.0607 6328 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:03:08.0636 6328 uliagpkx - ok
17:03:08.0672 6328 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:03:08.0705 6328 uliahci - ok
17:03:08.0744 6328 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:03:08.0769 6328 UlSata - ok
17:03:08.0789 6328 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:03:08.0815 6328 ulsata2 - ok
17:03:08.0842 6328 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:03:08.0908 6328 umbus - ok
17:03:08.0954 6328 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:03:09.0028 6328 upnphost - ok
17:03:09.0096 6328 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:03:09.0153 6328 usbccgp - ok
17:03:09.0204 6328 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:03:09.0294 6328 usbcir - ok
17:03:09.0317 6328 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:03:09.0367 6328 usbehci - ok
17:03:09.0426 6328 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:03:09.0468 6328 usbhub - ok
17:03:09.0487 6328 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:03:09.0567 6328 usbohci - ok
17:03:09.0614 6328 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:03:09.0640 6328 usbprint - ok
17:03:09.0688 6328 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:03:09.0743 6328 USBSTOR - ok
17:03:09.0766 6328 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:03:09.0787 6328 usbuhci - ok
17:03:09.0836 6328 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:03:09.0880 6328 usbvideo - ok
17:03:09.0923 6328 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:03:09.0981 6328 UxSms - ok
17:03:10.0095 6328 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:03:10.0193 6328 vds - ok
17:03:10.0237 6328 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:03:10.0284 6328 vga - ok
17:03:10.0326 6328 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:03:10.0394 6328 VgaSave - ok
17:03:10.0420 6328 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:03:10.0440 6328 viaagp - ok
17:03:10.0457 6328 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:03:10.0498 6328 ViaC7 - ok
17:03:10.0528 6328 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:03:10.0547 6328 viaide - ok
17:03:10.0628 6328 [ C30A79CFEE47F1A9633F403C5ACE872F ] VMC302 C:\Windows\system32\Drivers\VMC302.sys
17:03:10.0680 6328 VMC302 - ok
17:03:10.0702 6328 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:03:10.0721 6328 volmgr - ok
17:03:10.0755 6328 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:03:10.0791 6328 volmgrx - ok
17:03:10.0834 6328 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:03:10.0867 6328 volsnap - ok
17:03:10.0953 6328 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:03:10.0990 6328 vpnagent - ok
17:03:11.0012 6328 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
17:03:11.0028 6328 vpnva - ok
17:03:11.0078 6328 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:03:11.0104 6328 vsmraid - ok
17:03:11.0153 6328 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:03:11.0253 6328 VSS - ok
17:03:11.0303 6328 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:03:11.0353 6328 W32Time - ok
17:03:11.0374 6328 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:03:11.0459 6328 WacomPen - ok
17:03:11.0507 6328 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:03:11.0542 6328 Wanarp - ok
17:03:11.0550 6328 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:03:11.0570 6328 Wanarpv6 - ok
17:03:11.0622 6328 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:03:11.0683 6328 wcncsvc - ok
17:03:11.0710 6328 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:03:11.0732 6328 WcsPlugInService - ok
17:03:11.0753 6328 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:03:11.0767 6328 Wd - ok
17:03:11.0831 6328 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:03:11.0860 6328 Wdf01000 - ok
17:03:11.0882 6328 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:03:11.0934 6328 WdiServiceHost - ok
17:03:11.0940 6328 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:03:11.0974 6328 WdiSystemHost - ok
17:03:12.0002 6328 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:03:12.0053 6328 WebClient - ok
17:03:12.0084 6328 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:03:12.0127 6328 Wecsvc - ok
17:03:12.0148 6328 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:03:12.0197 6328 wercplsupport - ok
17:03:12.0246 6328 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:03:12.0282 6328 WerSvc - ok
17:03:12.0372 6328 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:03:12.0397 6328 WinDefend - ok
17:03:12.0406 6328 WinHttpAutoProxySvc - ok
17:03:12.0480 6328 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:03:12.0525 6328 Winmgmt - ok
17:03:12.0591 6328 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:03:12.0705 6328 WinRM - ok
17:03:12.0775 6328 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:03:12.0844 6328 Wlansvc - ok
17:03:12.0891 6328 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:03:12.0930 6328 WmiAcpi - ok
17:03:12.0994 6328 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:03:13.0066 6328 wmiApSrv - ok
17:03:13.0151 6328 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:03:13.0221 6328 WMPNetworkSvc - ok
17:03:13.0248 6328 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:03:13.0332 6328 WPCSvc - ok
17:03:13.0370 6328 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:03:13.0463 6328 WPDBusEnum - ok
17:03:13.0533 6328 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:03:13.0577 6328 WpdUsb - ok
17:03:13.0696 6328 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:03:13.0746 6328 WPFFontCache_v0400 - ok
17:03:13.0768 6328 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:03:13.0831 6328 ws2ifsl - ok
17:03:13.0876 6328 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:03:13.0932 6328 wscsvc - ok
17:03:13.0939 6328 WSearch - ok
17:03:14.0033 6328 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:03:14.0119 6328 wuauserv - ok
17:03:14.0188 6328 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:03:14.0229 6328 WudfPf - ok
17:03:14.0268 6328 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:03:14.0284 6328 WUDFRd - ok
17:03:14.0331 6328 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:03:14.0348 6328 wudfsvc - ok
17:03:14.0399 6328 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
17:03:14.0463 6328 yukonwlh - ok
17:03:14.0485 6328 ================ Scan global ===============================
17:03:14.0520 6328 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:03:14.0585 6328 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:03:14.0600 6328 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:03:14.0634 6328 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:03:14.0640 6328 [Global] - ok
17:03:14.0641 6328 ================ Scan MBR ==================================
17:03:14.0679 6328 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:03:15.0442 6328 \Device\Harddisk0\DR0 - ok
17:03:15.0443 6328 ================ Scan VBR ==================================
17:03:15.0477 6328 [ 5B6F2FEB0BD131ACDA1891D32F6DE2DF ] \Device\Harddisk0\DR0\Partition1
17:03:15.0479 6328 \Device\Harddisk0\DR0\Partition1 - ok
17:03:15.0513 6328 [ 5907D4FE357A823B29ACE6AD43AD756D ] \Device\Harddisk0\DR0\Partition2
17:03:15.0542 6328 \Device\Harddisk0\DR0\Partition2 - ok
17:03:15.0543 6328 ============================================================
17:03:15.0543 6328 Scan finished
17:03:15.0543 6328 ============================================================
17:03:15.0616 8104 Detected object count: 0
17:03:15.0616 8104 Actual detected object count: 0
17:04:22.0262 6352 ============================================================
17:04:22.0262 6352 Scan started
17:04:22.0262 6352 Mode: Manual; SigCheck; TDLFS;
17:04:22.0262 6352 ============================================================
17:04:22.0487 6352 ================ Scan system memory ========================
17:04:22.0487 6352 System memory - ok
17:04:22.0487 6352 ================ Scan services =============================
17:04:22.0715 6352 [ 82B296AE1892FE3DBEE00C9CF92F8AC7 ] ACPI C:\Windows\system32\drivers\acpi.sys
17:04:22.0769 6352 ACPI - ok
17:04:22.0867 6352 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:04:22.0889 6352 AdobeARMservice - ok
17:04:22.0922 6352 [ 04F0FCAC69C7C71A3AC4EB97FAFC8303 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
17:04:22.0963 6352 adp94xx - ok
17:04:22.0996 6352 [ 60505E0041F7751BDBB80F88BF45C2CE ] adpahci C:\Windows\system32\drivers\adpahci.sys
17:04:23.0028 6352 adpahci - ok
17:04:23.0049 6352 [ 8A42779B02AEC986EAB64ECFC98F8BD7 ] adpu160m C:\Windows\system32\drivers\adpu160m.sys
17:04:23.0077 6352 adpu160m - ok
17:04:23.0108 6352 [ 241C9E37F8CE45EF51C3DE27515CA4E5 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
17:04:23.0135 6352 adpu320 - ok
17:04:23.0169 6352 [ 9D1FDA9E086BA64E3C93C9DE32461BCF ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:04:23.0208 6352 AeLookupSvc - ok
17:04:23.0244 6352 [ 3911B972B55FEA0478476B2E777B29FA ] AFD C:\Windows\system32\drivers\afd.sys
17:04:23.0278 6352 AFD - ok
17:04:23.0314 6352 [ 13F9E33747E6B41A3FF305C37DB0D360 ] agp440 C:\Windows\system32\drivers\agp440.sys
17:04:23.0338 6352 agp440 - ok
17:04:23.0377 6352 [ AE1FDF7BF7BB6C6A70F67699D880592A ] aic78xx C:\Windows\system32\drivers\djsvs.sys
17:04:23.0403 6352 aic78xx - ok
17:04:23.0434 6352 [ A1545B731579895D8CC44FC0481C1192 ] ALG C:\Windows\System32\alg.exe
17:04:23.0482 6352 ALG - ok
17:04:23.0509 6352 [ 9EAEF5FC9B8E351AFA7E78A6FAE91F91 ] aliide C:\Windows\system32\drivers\aliide.sys
17:04:23.0535 6352 aliide - ok
17:04:23.0563 6352 [ C47344BC706E5F0B9DCE369516661578 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:04:23.0588 6352 amdagp - ok
17:04:23.0608 6352 [ 9B78A39A4C173FDBC1321E0DD659B34C ] amdide C:\Windows\system32\drivers\amdide.sys
17:04:23.0632 6352 amdide - ok
17:04:23.0653 6352 [ 18F29B49AD23ECEE3D2A826C725C8D48 ] AmdK7 C:\Windows\system32\drivers\amdk7.sys
17:04:23.0701 6352 AmdK7 - ok
17:04:23.0730 6352 [ 93AE7F7DD54AB986A6F1A1B37BE7442D ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
17:04:23.0778 6352 AmdK8 - ok
17:04:23.0843 6352 [ 466A0D95960DAD3222C896D2CEA99993 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:04:23.0866 6352 AntiVirSchedulerService - ok
17:04:23.0921 6352 [ A489BE6BB0AA1FF406B488B60542314B ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:04:23.0943 6352 AntiVirService - ok
17:04:23.0988 6352 [ C6D704C7F0434DC791AAC37CAC4B6E14 ] Appinfo C:\Windows\System32\appinfo.dll
17:04:24.0016 6352 Appinfo - ok
17:04:24.0039 6352 [ 5D2888182FB46632511ACEE92FDAD522 ] arc C:\Windows\system32\drivers\arc.sys
17:04:24.0066 6352 arc - ok
17:04:24.0091 6352 [ 5E2A321BD7C8B3624E41FDEC3E244945 ] arcsas C:\Windows\system32\drivers\arcsas.sys
17:04:24.0117 6352 arcsas - ok
17:04:24.0143 6352 [ 53B202ABEE6455406254444303E87BE1 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:04:24.0190 6352 AsyncMac - ok
17:04:24.0238 6352 [ 1F05B78AB91C9075565A9D8A4B880BC4 ] atapi C:\Windows\system32\drivers\atapi.sys
17:04:24.0263 6352 atapi - ok
17:04:24.0330 6352 [ F32FEE7CB2EE32C1F808409BC8019701 ] athr C:\Windows\system32\DRIVERS\athr.sys
17:04:24.0387 6352 athr - ok
17:04:24.0432 6352 [ 68E2A1A0407A66CF50DA0300852424AB ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:04:24.0476 6352 AudioEndpointBuilder - ok
17:04:24.0486 6352 [ 68E2A1A0407A66CF50DA0300852424AB ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:04:24.0532 6352 Audiosrv - ok
17:04:24.0578 6352 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:04:24.0601 6352 avgntflt - ok
17:04:24.0662 6352 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:04:24.0686 6352 avipbb - ok
17:04:24.0714 6352 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:04:24.0736 6352 avkmgr - ok
17:04:24.0778 6352 [ 67E506B75BD5326A3EC7B70BD014DFB6 ] Beep C:\Windows\system32\drivers\Beep.sys
17:04:24.0832 6352 Beep - ok
17:04:24.0877 6352 [ C789AF0F724FDA5852FB9A7D3A432381 ] BFE C:\Windows\System32\bfe.dll
17:04:24.0950 6352 BFE - ok
17:04:25.0008 6352 [ 93952506C6D67330367F7E7934B6A02F ] BITS C:\Windows\System32\qmgr.dll
17:04:25.0041 6352 BITS - ok
17:04:25.0072 6352 [ D4DF28447741FD3D953526E33A617397 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
17:04:25.0097 6352 blbdrive - ok
17:04:25.0130 6352 [ 35F376253F687BDE63976CCB3F2108CA ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:04:25.0143 6352 bowser - ok
17:04:25.0176 6352 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\brfiltlo.sys
17:04:25.0195 6352 BrFiltLo - ok
17:04:25.0215 6352 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\brfiltup.sys
17:04:25.0234 6352 BrFiltUp - ok
17:04:25.0276 6352 [ A3629A0C4226F9E9C72FAAEEBC3AD33C ] Browser C:\Windows\System32\browser.dll
17:04:25.0305 6352 Browser - ok
17:04:25.0352 6352 [ B304E75CFF293029EDDF094246747113 ] Brserid C:\Windows\system32\drivers\brserid.sys
17:04:25.0403 6352 Brserid - ok
17:04:25.0446 6352 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\system32\drivers\brserwdm.sys
17:04:25.0497 6352 BrSerWdm - ok
17:04:25.0542 6352 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\system32\drivers\brusbmdm.sys
17:04:25.0593 6352 BrUsbMdm - ok
17:04:25.0618 6352 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\system32\drivers\brusbser.sys
17:04:25.0669 6352 BrUsbSer - ok
17:04:25.0703 6352 [ AD07C1EC6665B8B35741AB91200C6B68 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
17:04:25.0755 6352 BTHMODEM - ok
17:04:25.0777 6352 [ 7ADD03E75BEB9E6DD102C3081D29840A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:04:25.0808 6352 cdfs - ok
17:04:25.0851 6352 [ 6B4BFFB9BECD728097024276430DB314 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:04:25.0875 6352 cdrom - ok
17:04:25.0918 6352 [ 312EC3E37A0A1F2006534913E37B4423 ] CertPropSvc C:\Windows\System32\certprop.dll
17:04:25.0942 6352 CertPropSvc - ok
17:04:25.0957 6352 [ E5D4133F37219DBCFE102BC61072589D ] circlass C:\Windows\system32\drivers\circlass.sys
17:04:25.0995 6352 circlass - ok
17:04:26.0035 6352 [ D7659D3B5B92C31E84E53C1431F35132 ] CLFS C:\Windows\system32\CLFS.sys
17:04:26.0063 6352 CLFS - ok
17:04:26.0164 6352 [ 8EE772032E2FE80A924F3B8DD5082194 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:04:26.0189 6352 clr_optimization_v2.0.50727_32 - ok
17:04:26.0259 6352 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:04:26.0285 6352 clr_optimization_v4.0.30319_32 - ok
17:04:26.0321 6352 [ 99AFC3795B58CC478FBBBCDC658FCB56 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:04:26.0371 6352 CmBatt - ok
17:04:26.0396 6352 [ 0CA25E686A4928484E9FDABD168AB629 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:04:26.0421 6352 cmdide - ok
17:04:26.0438 6352 [ 6AFEF0B60FA25DE07C0968983EE4F60A ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:04:26.0461 6352 Compbatt - ok
17:04:26.0466 6352 COMSysApp - ok
17:04:26.0487 6352 [ 741E9DFF4F42D2D8477D0FC1DC0DF871 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
17:04:26.0500 6352 crcdisk - ok
17:04:26.0533 6352 [ 1F07BECDCA750766A96CDA811BA86410 ] Crusoe C:\Windows\system32\drivers\crusoe.sys
17:04:26.0559 6352 Crusoe - ok
17:04:26.0611 6352 [ F1E8C34892336D33EDDCDFE44E474F64 ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:04:26.0641 6352 CryptSvc - ok
17:04:26.0677 6352 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] DcomLaunch C:\Windows\system32\rpcss.dll
17:04:26.0710 6352 DcomLaunch - ok
17:04:26.0779 6352 [ 622C41A07CA7E6DD91770F50D532CB6C ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:04:26.0828 6352 DfsC - ok
17:04:26.0917 6352 [ 2CC3DCFB533A1035B13DCAB6160AB38B ] DFSR C:\Windows\system32\DFSR.exe
17:04:27.0023 6352 DFSR - ok
17:04:27.0079 6352 [ 9028559C132146FB75EB7ACF384B086A ] Dhcp C:\Windows\System32\dhcpcsvc.dll
17:04:27.0108 6352 Dhcp - ok
17:04:27.0171 6352 [ 5D4AEFC3386920236A548271F8F1AF6A ] disk C:\Windows\system32\drivers\disk.sys
17:04:27.0191 6352 disk - ok
17:04:27.0232 6352 [ 57D762F6F5974AF0DA2BE88A3349BAAA ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:04:27.0272 6352 Dnscache - ok
17:04:27.0309 6352 [ 324FD74686B1EF5E7C19A8AF49E748F6 ] dot3svc C:\Windows\System32\dot3svc.dll
17:04:27.0343 6352 dot3svc - ok
17:04:27.0368 6352 [ A622E888F8AA2F6B49E9BC466F0E5DEF ] DPS C:\Windows\system32\dps.dll
17:04:27.0409 6352 DPS - ok
17:04:27.0455 6352 [ 97FEF831AB90BEE128C9AF390E243F80 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:04:27.0495 6352 drmkaud - ok
17:04:27.0552 6352 [ C68AC676B0EF30CFBB1080ADCE49EB1F ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:04:27.0604 6352 DXGKrnl - ok
17:04:27.0642 6352 [ 5425F74AC0C1DBD96A1E04F17D63F94C ] E1G60 C:\Windows\system32\DRIVERS\E1G60I32.sys
17:04:27.0685 6352 E1G60 - ok
17:04:27.0725 6352 [ C0B95E40D85CD807D614E264248A45B9 ] EapHost C:\Windows\System32\eapsvc.dll
17:04:27.0757 6352 EapHost - ok
17:04:27.0781 6352 [ 7F64EA048DCFAC7ACF8B4D7B4E6FE371 ] Ecache C:\Windows\system32\drivers\ecache.sys
17:04:27.0805 6352 Ecache - ok
17:04:27.0884 6352 [ 9BE3744D295A7701EB425332014F0797 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:04:27.0906 6352 ehRecvr - ok
17:04:27.0938 6352 [ AD1870C8E5D6DD340C829E6074BF3C3F ] ehSched C:\Windows\ehome\ehsched.exe
17:04:27.0958 6352 ehSched - ok
17:04:27.0988 6352 [ C27C4EE8926E74AA72EFCAB24C5242C3 ] ehstart C:\Windows\ehome\ehstart.dll
17:04:28.0011 6352 ehstart - ok
17:04:28.0044 6352 [ 23B62471681A124889978F6295B3F4C6 ] elxstor C:\Windows\system32\drivers\elxstor.sys
17:04:28.0083 6352 elxstor - ok
17:04:28.0136 6352 [ 4E6B23DFC917EA39306B529B773950F4 ] EMDMgmt C:\Windows\system32\emdmgmt.dll
17:04:28.0180 6352 EMDMgmt - ok
17:04:28.0222 6352 [ A81AB23EDDB4693612014D87367D014C ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:04:28.0260 6352 ErrDev - ok
17:04:28.0309 6352 [ 67058C46504BC12D821F38CF99B7B28F ] EventSystem C:\Windows\system32\es.dll
17:04:28.0354 6352 EventSystem - ok
17:04:28.0360 6352 EverestDriver - ok
17:04:28.0390 6352 [ 22B408651F9123527BCEE54B4F6C5CAE ] exfat C:\Windows\system32\drivers\exfat.sys
17:04:28.0430 6352 exfat - ok
17:04:28.0450 6352 [ 1E9B9A70D332103C52995E957DC09EF8 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:04:28.0493 6352 fastfat - ok
17:04:28.0537 6352 [ AFE1E8B9782A0DD7FB46BBD88E43F89A ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:04:28.0590 6352 fdc - ok
17:04:28.0623 6352 [ 6629B5F0E98151F4AFDD87567EA32BA3 ] fdPHost C:\Windows\system32\fdPHost.dll
17:04:28.0666 6352 fdPHost - ok
17:04:28.0672 6352 [ 89ED56DCE8E47AF40892778A5BD31FD2 ] FDResPub C:\Windows\system32\fdrespub.dll
17:04:28.0717 6352 FDResPub - ok
17:04:28.0744 6352 [ A8C0139A884861E3AAE9CFE73B208A9F ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:04:28.0758 6352 FileInfo - ok
17:04:28.0781 6352 [ 0AE429A696AECBC5970E3CF2C62635AE ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:04:28.0806 6352 Filetrace - ok
17:04:28.0839 6352 [ 85B7CF99D532820495D68D747FDA9EBD ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:04:28.0866 6352 flpydisk - ok
17:04:28.0896 6352 [ 01334F9EA68E6877C4EF05D3EA8ABB05 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:04:28.0913 6352 FltMgr - ok
17:04:28.0981 6352 [ 8CE364388C8ECA59B14B539179276D44 ] FontCache C:\Windows\system32\FntCache.dll
17:04:29.0056 6352 FontCache - ok
17:04:29.0186 6352 [ C7FBDD1ED42F82BFA35167A5C9803EA3 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:04:29.0200 6352 FontCache3.0.0.0 - ok
17:04:29.0251 6352 [ B972A66758577E0BFD1DE0F91AAA27B5 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:04:29.0297 6352 Fs_Rec - ok
17:04:29.0357 6352 [ 34582A6E6573D54A07ECE5FE24A126B5 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
17:04:29.0376 6352 gagp30kx - ok
17:04:29.0441 6352 [ CD5D0AEEE35DFD4E986A5AA1500A6E66 ] gpsvc C:\Windows\System32\gpsvc.dll
17:04:29.0516 6352 gpsvc - ok
17:04:29.0636 6352 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:04:29.0681 6352 gupdate - ok
17:04:29.0713 6352 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:04:29.0733 6352 gupdatem - ok
17:04:29.0813 6352 [ 3F90E001369A07243763BD5A523D8722 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:04:29.0849 6352 HdAudAddService - ok
17:04:29.0921 6352 [ 062452B7FFD68C8C042A6261FE8DFF4A ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
17:04:29.0956 6352 HDAudBus - ok
17:04:29.0994 6352 [ 1338520E78D90154ED6BE8F84DE5FCEB ] HidBth C:\Windows\system32\drivers\hidbth.sys
17:04:30.0061 6352 HidBth - ok
17:04:30.0090 6352 [ FF3160C3A2445128C5A6D9B076DA519E ] HidIr C:\Windows\system32\drivers\hidir.sys
17:04:30.0140 6352 HidIr - ok
17:04:30.0182 6352 [ 84067081F3318162797385E11A8F0582 ] hidserv C:\Windows\system32\hidserv.dll
17:04:30.0206 6352 hidserv - ok
17:04:30.0304 6352 [ CCA4B519B17E23A00B826C55716809CC ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:04:30.0348 6352 HidUsb - ok
17:04:30.0411 6352 [ D8AD255B37DA92434C26E4876DB7D418 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:04:30.0439 6352 hkmsvc - ok
17:04:30.0498 6352 [ 7EBEC5EB56B90ED65A8BBD91464E5CFB ] HpCISSs C:\Windows\system32\drivers\hpcisss.sys
17:04:30.0525 6352 HpCISSs - ok
17:04:30.0652 6352 [ F870AA3E254628EBEAFE754108D664DE ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:04:30.0734 6352 HTTP - ok
17:04:30.0768 6352 [ C6B032D69650985468160FC9937CF5B4 ] i2omp C:\Windows\system32\drivers\i2omp.sys
17:04:30.0806 6352 i2omp - ok
17:04:30.0845 6352 [ 22D56C8184586B7A1F6FA60BE5F5A2BD ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
17:04:30.0873 6352 i8042prt - ok
17:04:30.0914 6352 [ ABFEBC5F846C71AFEBD7F8F6BA740C03 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys
17:04:30.0932 6352 iaStor - ok
17:04:30.0967 6352 [ 54155EA1B0DF185878E0FC9EC3AC3A14 ] iaStorV C:\Windows\system32\drivers\iastorv.sys
17:04:31.0008 6352 iaStorV - ok
17:04:31.0071 6352 [ 8B672417438380704E6A39B2F9D78EE8 ] IB Updater C:\Program Files\IB Updater\ExtensionUpdaterService.exe
17:04:31.0087 6352 IB Updater - ok
17:04:31.0189 6352 [ 05B1323C82849E1CC4E774D470254215 ] IBUpdaterService C:\Windows\system32\dmwu.exe
17:04:31.0328 6352 IBUpdaterService - ok
17:04:31.0397 6352 [ 98477B08E61945F974ED9FDC4CB6BDAB ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:04:31.0452 6352 idsvc - ok
17:04:31.0479 6352 [ 2D077BF86E843F901D8DB709C95B49A5 ] iirsp C:\Windows\system32\drivers\iirsp.sys
17:04:31.0508 6352 iirsp - ok
17:04:31.0634 6352 [ 9908D8A397B76CD8D31D0D383C5773C9 ] IKEEXT C:\Windows\System32\ikeext.dll
17:04:31.0702 6352 IKEEXT - ok
17:04:31.0920 6352 [ FFD2B3BC042596ABE785D3C15F51AB46 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys
17:04:32.0005 6352 IntcAzAudAddService - ok
17:04:32.0073 6352 [ 83AA759F3189E6370C30DE5DC5590718 ] intelide C:\Windows\system32\drivers\intelide.sys
17:04:32.0097 6352 intelide - ok
17:04:32.0116 6352 [ 224191001E78C89DFA78924C3EA595FF ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:04:32.0152 6352 intelppm - ok
17:04:32.0238 6352 [ 9AC218C6E6105477484C6FDBE7D409A4 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:04:32.0268 6352 IPBusEnum - ok
17:04:32.0294 6352 [ 62C265C38769B864CB25B4BCF62DF6C3 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:04:32.0356 6352 IpFilterDriver - ok
17:04:32.0394 6352 [ 1998BD97F950680BB55F55A7244679C2 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:04:32.0436 6352 iphlpsvc - ok
17:04:32.0446 6352 IpInIp - ok
17:04:32.0496 6352 [ 4B9C0F4D4A3ACC535F9771039ECD6365 ] IPMIDRV C:\Windows\system32\drivers\ipmidrv.sys
17:04:32.0540 6352 IPMIDRV - ok
17:04:32.0566 6352 [ 8793643A67B42CEC66490B2A0CF92D68 ] IPNAT C:\Windows\system32\DRIVERS\ipnat.sys
17:04:32.0618 6352 IPNAT - ok
17:04:32.0658 6352 [ 109C0DFB82C3632FBD11949B73AEEAC9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:04:32.0698 6352 IRENUM - ok
17:04:32.0722 6352 [ 6C70698A3E5C4376C6AB5C7C17FB0614 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:04:32.0753 6352 isapnp - ok
17:04:32.0813 6352 [ 232FA340531D940AAC623B121A595034 ] iScsiPrt C:\Windows\system32\DRIVERS\msiscsi.sys
17:04:32.0852 6352 iScsiPrt - ok
17:04:32.0895 6352 [ BCED60D16156E428F8DF8CF27B0DF150 ] iteatapi C:\Windows\system32\drivers\iteatapi.sys
17:04:32.0963 6352 iteatapi - ok
17:04:32.0982 6352 [ 06FA654504A498C30ADCA8BEC4E87E7E ] iteraid C:\Windows\system32\drivers\iteraid.sys
17:04:32.0999 6352 iteraid - ok
17:04:33.0092 6352 [ 37605E0A8CF00CBBA538E753E4344C6E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
17:04:33.0113 6352 kbdclass - ok
17:04:33.0172 6352 [ EDE59EC70E25C24581ADD1FBEC7325F7 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
17:04:33.0201 6352 kbdhid - ok
17:04:33.0233 6352 [ A3E186B4B935905B829219502557314E ] KeyIso C:\Windows\system32\lsass.exe
17:04:33.0257 6352 KeyIso - ok
17:04:33.0295 6352 [ EBC507F129DF8F0E0CA270DCFC0CF87F ] KMDFMEMIO C:\Windows\system32\DRIVERS\kmdfmemio.sys
17:04:33.0338 6352 KMDFMEMIO - ok
17:04:33.0444 6352 [ 4A1445EFA932A3BAF5BDB02D7131EE20 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:04:33.0515 6352 KSecDD - ok
17:04:33.0557 6352 [ 8078F8F8F7A79E2E6B494523A828C585 ] KtmRm C:\Windows\system32\msdtckrm.dll
17:04:33.0696 6352 KtmRm - ok
17:04:33.0750 6352 [ 1BF5EEBFD518DD7298434D8C862F825D ] LanmanServer C:\Windows\system32\srvsvc.dll
17:04:33.0770 6352 LanmanServer - ok
17:04:33.0811 6352 [ 1DB69705B695B987082C8BAEC0C6B34F ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:04:33.0871 6352 LanmanWorkstation - ok
17:04:33.0926 6352 [ D1C5883087A0C3F1344D9D55A44901F6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:04:33.0956 6352 lltdio - ok
17:04:34.0065 6352 [ 2D5A428872F1442631D0959A34ABFF63 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:04:34.0118 6352 lltdsvc - ok
17:04:34.0149 6352 [ 35D40113E4A5B961B6CE5C5857702518 ] lmhosts C:\Windows\System32\lmhsvc.dll
17:04:34.0259 6352 lmhosts - ok
17:04:34.0337 6352 [ C7E15E82879BF3235B559563D4185365 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
17:04:34.0367 6352 LSI_FC - ok
17:04:34.0399 6352 [ EE01EBAE8C9BF0FA072E0FF68718920A ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
17:04:34.0414 6352 LSI_SAS - ok
17:04:34.0454 6352 [ 912A04696E9CA30146A62AFA1463DD5C ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
17:04:34.0480 6352 LSI_SCSI - ok
17:04:34.0518 6352 [ 8F5C7426567798E62A3B3614965D62CC ] luafv C:\Windows\system32\drivers\luafv.sys
17:04:34.0559 6352 luafv - ok
17:04:34.0620 6352 [ 8E17D513D8011B0EE03C355EAAB0E0CC ] ManyCam C:\Windows\system32\DRIVERS\mcvidrv.sys
17:04:34.0661 6352 ManyCam - ok
17:04:34.0702 6352 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:04:34.0717 6352 MBAMProtector - ok
17:04:34.0816 6352 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:04:34.0842 6352 MBAMScheduler - ok
17:04:34.0882 6352 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:04:34.0939 6352 MBAMService - ok
17:04:35.0063 6352 [ 562D95E00E14A944DEBE655DECBD3F5B ] mcaudrv_simple C:\Windows\system32\drivers\mcaudrv.sys
17:04:35.0131 6352 mcaudrv_simple - ok
17:04:35.0217 6352 [ F453D1E6D881E8F8717E20CCD4199E85 ] McComponentHostService C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe
17:04:35.0236 6352 McComponentHostService - ok
17:04:35.0276 6352 [ AEF9BABB8A506BC4CE0451A64AADED46 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:04:35.0295 6352 Mcx2Svc - ok
17:04:35.0349 6352 [ 0001CE609D66632FA17B84705F658879 ] megasas C:\Windows\system32\drivers\megasas.sys
17:04:35.0366 6352 megasas - ok
17:04:35.0424 6352 [ C252F32CD9A49DBFC25ECF26EBD51A99 ] MegaSR C:\Windows\system32\drivers\megasr.sys
17:04:35.0449 6352 MegaSR - ok
17:04:35.0508 6352 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] MMCSS C:\Windows\system32\mmcss.dll
17:04:35.0546 6352 MMCSS - ok
17:04:35.0572 6352 [ E13B5EA0F51BA5B1512EC671393D09BA ] Modem C:\Windows\system32\drivers\modem.sys
17:04:35.0602 6352 Modem - ok
17:04:35.0623 6352 [ 0A9BB33B56E294F686ABB7C1E4E2D8A8 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:04:35.0660 6352 monitor - ok
17:04:35.0680 6352 [ 5BF6A1326A335C5298477754A506D263 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:04:35.0694 6352 mouclass - ok
17:04:35.0728 6352 [ 93B8D4869E12CFBE663915502900876F ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:04:35.0757 6352 mouhid - ok
17:04:35.0788 6352 [ BDAFC88AA6B92F7842416EA6A48E1600 ] MountMgr C:\Windows\system32\drivers\mountmgr.sys
17:04:35.0804 6352 MountMgr - ok
17:04:35.0846 6352 [ 5DA347912FD3AF24D7BFB3DE519D4BD0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:04:35.0863 6352 mpio - ok
17:04:35.0887 6352 [ 22241FEBA9B2DEFA669C8CB0A8DD7D2E ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:04:35.0922 6352 mpsdrv - ok
17:04:36.0019 6352 [ 5DE62C6E9108F14F6794060A9BDECAEC ] MpsSvc C:\Windows\system32\mpssvc.dll
17:04:36.0060 6352 MpsSvc - ok
17:04:36.0127 6352 [ 4FBBB70D30FD20EC51F80061703B001E ] Mraid35x C:\Windows\system32\drivers\mraid35x.sys
17:04:36.0140 6352 Mraid35x - ok
17:04:36.0180 6352 [ 82CEA0395524AACFEB58BA1448E8325C ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:04:36.0204 6352 MRxDAV - ok
17:04:36.0270 6352 [ 1E94971C4B446AB2290DEB71D01CF0C2 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:04:36.0314 6352 mrxsmb - ok
17:04:36.0388 6352 [ 4FCCB34D793B116423209C0F8B7A3B03 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:04:36.0409 6352 mrxsmb10 - ok
17:04:36.0468 6352 [ C3CB1B40AD4A0124D617A1199B0B9D7C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:04:36.0487 6352 mrxsmb20 - ok
17:04:36.0507 6352 [ 5457DCFA7C0DA43522F4D9D4049C1472 ] msahci C:\Windows\system32\drivers\msahci.sys
17:04:36.0523 6352 msahci - ok
17:04:36.0541 6352 [ 2C563AEF15B8D0014C36C5F27742AC7B ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:04:36.0560 6352 msdsm - ok
17:04:36.0588 6352 [ FD7520CC3A80C5FC8C48852BB24C6DED ] MSDTC C:\Windows\System32\msdtc.exe
17:04:36.0625 6352 MSDTC - ok
17:04:36.0709 6352 [ A9927F4A46B816C92F461ACB90CF8515 ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:04:36.0741 6352 Msfs - ok
17:04:36.0759 6352 [ 0F400E306F385C56317357D6DEA56F62 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:04:36.0784 6352 msisadrv - ok
17:04:36.0839 6352 [ 85466C0757A23D9A9AECDC0755203CB2 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:04:36.0884 6352 MSiSCSI - ok
17:04:36.0902 6352 msiserver - ok
17:04:36.0931 6352 [ D8C63D34D9C9E56C059E24EC7185CC07 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:04:36.0963 6352 MSKSSRV - ok
17:04:36.0980 6352 [ 1D373C90D62DDB641D50E55B9E78D65E ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:04:37.0006 6352 MSPCLOCK - ok
17:04:37.0034 6352 [ B572DA05BF4E098D4BBA3A4734FB505B ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:04:37.0062 6352 MSPQM - ok
17:04:37.0086 6352 [ B49456D70555DE905C311BCDA6EC6ADB ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:04:37.0106 6352 MsRPC - ok
17:04:37.0137 6352 [ E384487CB84BE41D09711C30CA79646C ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
17:04:37.0157 6352 mssmbios - ok
17:04:37.0201 6352 [ 7199C1EEC1E4993CAF96B8C0A26BD58A ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:04:37.0229 6352 MSTEE - ok
17:04:37.0256 6352 [ 6A57B5733D4CB702C8EA4542E836B96C ] Mup C:\Windows\system32\Drivers\mup.sys
17:04:37.0276 6352 Mup - ok
17:04:37.0324 6352 [ E4EAF0C5C1B41B5C83386CF212CA9584 ] napagent C:\Windows\system32\qagentRT.dll
17:04:37.0354 6352 napagent - ok
17:04:37.0415 6352 [ 85C44FDFF9CF7E72A40DCB7EC06A4416 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:04:37.0439 6352 NativeWifiP - ok
17:04:37.0469 6352 [ 1357274D1883F68300AEADD15D7BBB42 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:04:37.0512 6352 NDIS - ok
17:04:37.0539 6352 [ 0E186E90404980569FB449BA7519AE61 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:04:37.0586 6352 NdisTapi - ok
17:04:37.0624 6352 [ D6973AA34C4D5D76C0430B181C3CD389 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:04:37.0670 6352 Ndisuio - ok
17:04:37.0736 6352 [ 818F648618AE34F729FDB47EC68345C3 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:04:37.0785 6352 NdisWan - ok
17:04:37.0811 6352 [ 71DAB552B41936358F3B541AE5997FB3 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:04:37.0849 6352 NDProxy - ok
17:04:37.0882 6352 [ BCD093A5A6777CF626434568DC7DBA78 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:04:37.0913 6352 NetBIOS - ok
17:04:37.0943 6352 [ ECD64230A59CBD93C85F1CD1CAB9F3F6 ] netbt C:\Windows\system32\DRIVERS\netbt.sys
17:04:37.0966 6352 netbt - ok
17:04:37.0999 6352 [ A3E186B4B935905B829219502557314E ] Netlogon C:\Windows\system32\lsass.exe
17:04:38.0050 6352 Netlogon - ok
17:04:38.0088 6352 [ C8052711DAECC48B982434C5116CA401 ] Netman C:\Windows\System32\netman.dll
17:04:38.0131 6352 Netman - ok
17:04:38.0157 6352 [ 2EF3BBE22E5A5ACD1428EE387A0D0172 ] netprofm C:\Windows\System32\netprofm.dll
17:04:38.0195 6352 netprofm - ok
17:04:38.0237 6352 [ D6C4E4A39A36029AC0813D476FBD0248 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:04:38.0255 6352 NetTcpPortSharing - ok
17:04:38.0333 6352 [ 2E7FB731D4790A1BC6270ACCEFACB36E ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
17:04:38.0348 6352 nfrd960 - ok
17:04:38.0372 6352 [ 2997B15415F9BBE05B5A4C1C85E0C6A2 ] NlaSvc C:\Windows\System32\nlasvc.dll
17:04:38.0416 6352 NlaSvc - ok
17:04:38.0468 6352 [ D36F239D7CCE1931598E8FB90A0DBC26 ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:04:38.0521 6352 Npfs - ok
17:04:38.0571 6352 [ 8BB86F0C7EEA2BDED6FE095D0B4CA9BD ] nsi C:\Windows\system32\nsisvc.dll
17:04:38.0607 6352 nsi - ok
17:04:38.0616 6352 [ 609773E344A97410CE4EBF74A8914FCF ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:04:38.0664 6352 nsiproxy - ok
17:04:38.0742 6352 [ 6A4A98CEE84CF9E99564510DDA4BAA47 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:04:38.0823 6352 Ntfs - ok
17:04:38.0847 6352 [ E875C093AEC0C978A90F30C9E0DFBB72 ] ntrigdigi C:\Windows\system32\drivers\ntrigdigi.sys
17:04:38.0964 6352 ntrigdigi - ok
17:04:38.0999 6352 [ C5DBBCDA07D780BDA9B685DF333BB41E ] Null C:\Windows\system32\drivers\Null.sys
17:04:39.0027 6352 Null - ok
17:04:39.0100 6352 [ B4F70FAC4EA61CF150823AA063A39FF9 ] NVHDA C:\Windows\system32\drivers\nvhda32v.sys
17:04:39.0113 6352 NVHDA - ok
17:04:40.0204 6352 [ 377140A534D013BD661C69F1741DE43C ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
17:04:41.0242 6352 nvlddmkm - ok
17:04:41.0306 6352 [ 2EDF9E7751554B42CBB60116DE727101 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:04:41.0325 6352 nvraid - ok
17:04:41.0359 6352 [ ABED0C09758D1D97DB0042DBB2688177 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:04:41.0384 6352 nvstor - ok
17:04:41.0431 6352 [ 4ED813EFD77A9B7E57E341CDC1C5CBC4 ] nvsvc C:\Windows\system32\nvvsvc.exe
17:04:41.0447 6352 nvsvc - ok
17:04:41.0507 6352 [ 18BBDF913916B71BD54575BDB6EEAC0B ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:04:41.0526 6352 nv_agp - ok
17:04:41.0535 6352 NwlnkFlt - ok
17:04:41.0540 6352 NwlnkFwd - ok
17:04:41.0570 6352 [ BE32DA025A0BE1878F0EE8D6D9386CD5 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:04:41.0620 6352 ohci1394 - ok
17:04:41.0692 6352 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2pimsvc C:\Windows\system32\p2psvc.dll
17:04:41.0742 6352 p2pimsvc - ok
17:04:41.0761 6352 [ 0C8E8E61AD1EB0B250B846712C917506 ] p2psvc C:\Windows\system32\p2psvc.dll
17:04:41.0788 6352 p2psvc - ok
17:04:41.0824 6352 [ 0FA9B5055484649D63C303FE404E5F4D ] Parport C:\Windows\system32\drivers\parport.sys
17:04:41.0871 6352 Parport - ok
17:04:41.0908 6352 [ B9C2B89F08670E159F7181891E449CD9 ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:04:41.0931 6352 partmgr - ok
17:04:41.0955 6352 [ 4F9A6A8A31413180D0FCB279AD5D8112 ] Parvdm C:\Windows\system32\drivers\parvdm.sys
17:04:42.0004 6352 Parvdm - ok
17:04:42.0034 6352 [ C6276AD11F4BB49B58AA1ED88537F14A ] PcaSvc C:\Windows\System32\pcasvc.dll
17:04:42.0066 6352 PcaSvc - ok
17:04:42.0115 6352 [ F451DCACBAA67F3307305EBD4A39EA07 ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfd.sys
17:04:42.0148 6352 pccsmcfd - ok
17:04:42.0205 6352 [ 941DC1D19E7E8620F40BBC206981EFDB ] pci C:\Windows\system32\drivers\pci.sys
17:04:42.0228 6352 pci - ok
17:04:42.0261 6352 [ 1636D43F10416AEB483BC6001097B26C ] pciide C:\Windows\system32\drivers\pciide.sys
17:04:42.0277 6352 pciide - ok
17:04:42.0338 6352 [ E6F3FB1B86AA519E7698AD05E58B04E5 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
17:04:42.0362 6352 pcmcia - ok
17:04:42.0390 6352 [ 6349F6ED9C623B44B52EA3C63C831A92 ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:04:42.0478 6352 PEAUTH - ok
17:04:42.0585 6352 [ B1689DF169143F57053F795390C99DB3 ] pla C:\Windows\system32\pla.dll
17:04:42.0679 6352 pla - ok
17:04:42.0739 6352 [ C5E7F8A996EC0A82D508FD9064A5569E ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:04:42.0780 6352 PlugPlay - ok
17:04:42.0839 6352 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPAutoReg C:\Windows\system32\p2psvc.dll
17:04:42.0866 6352 PNRPAutoReg - ok
17:04:42.0901 6352 [ 0C8E8E61AD1EB0B250B846712C917506 ] PNRPsvc C:\Windows\system32\p2psvc.dll
17:04:42.0928 6352 PNRPsvc - ok
17:04:43.0059 6352 [ D0494460421A03CD5225CCA0059AA146 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:04:43.0114 6352 PolicyAgent - ok
17:04:43.0169 6352 [ ECFFFAEC0C1ECD8DBC77F39070EA1DB1 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:04:43.0208 6352 PptpMiniport - ok
17:04:43.0247 6352 [ 2027293619DD0F047C584CF2E7DF4FFD ] Processor C:\Windows\system32\drivers\processr.sys
17:04:43.0275 6352 Processor - ok
17:04:43.0320 6352 [ 0508FAA222D28835310B7BFCA7A77346 ] ProfSvc C:\Windows\system32\profsvc.dll
17:04:43.0352 6352 ProfSvc - ok
17:04:43.0398 6352 [ A3E186B4B935905B829219502557314E ] ProtectedStorage C:\Windows\system32\lsass.exe
17:04:43.0416 6352 ProtectedStorage - ok
17:04:43.0447 6352 [ 99514FAA8DF93D34B5589187DB3AA0BA ] PSched C:\Windows\system32\DRIVERS\pacer.sys
17:04:43.0484 6352 PSched - ok
17:04:43.0545 6352 [ 0A6DB55AFB7820C99AA1F3A1D270F4F6 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
17:04:43.0614 6352 ql2300 - ok
17:04:43.0648 6352 [ 81A7E5C076E59995D54BC1ED3A16E60B ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
17:04:43.0684 6352 ql40xx - ok
17:04:43.0709 6352 [ E9ECAE663F47E6CB43962D18AB18890F ] QWAVE C:\Windows\system32\qwave.dll
17:04:43.0736 6352 QWAVE - ok
17:04:43.0751 6352 [ 9F5E0E1926014D17486901C88ECA2DB7 ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:04:43.0768 6352 QWAVEdrv - ok
17:04:43.0822 6352 [ 147D7F9C556D259924351FEB0DE606C3 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:04:43.0871 6352 RasAcd - ok
17:04:43.0918 6352 [ F6A452EB4CEADBB51C9E0EE6B3ECEF0F ] RasAuto C:\Windows\System32\rasauto.dll
17:04:43.0957 6352 RasAuto - ok
17:04:43.0990 6352 [ A214ADBAF4CB47DD2728859EF31F26B0 ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:04:44.0022 6352 Rasl2tp - ok
17:04:44.0060 6352 [ 75D47445D70CA6F9F894B032FBC64FCF ] RasMan C:\Windows\System32\rasmans.dll
17:04:44.0092 6352 RasMan - ok
17:04:44.0115 6352 [ 509A98DD18AF4375E1FC40BC175F1DEF ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:04:44.0143 6352 RasPppoe - ok
17:04:44.0156 6352 [ 2005F4A1E05FA09389AC85840F0A9E4D ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:04:44.0191 6352 RasSstp - ok
17:04:44.0237 6352 [ B14C9D5B9ADD2F84F70570BBBFAA7935 ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:04:44.0282 6352 rdbss - ok
17:04:44.0327 6352 [ 89E59BE9A564262A3FB6C4F4F1CD9899 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:04:44.0414 6352 RDPCDD - ok
17:04:44.0495 6352 [ 943B18305EAE3935598A9B4A3D560B4C ] rdpdr C:\Windows\system32\drivers\rdpdr.sys
17:04:44.0534 6352 rdpdr - ok
17:04:44.0583 6352 [ 9D91FE5286F748862ECFFA05F8A0710C ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:04:44.0641 6352 RDPENCDD - ok
17:04:44.0735 6352 [ C127EBD5AFAB31524662C48DFCEB773A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:04:44.0781 6352 RDPWD - ok
17:04:44.0882 6352 [ A0FF419B61AE47E26ADF3BB15DB4F2FE ] RealNetworks Downloader Resolver Service C:\Program Files\RealNetworks\RealDownloader\rndlresolversvc.exe
17:04:44.0906 6352 RealNetworks Downloader Resolver Service - ok
17:04:44.0955 6352 [ BCDD6B4804D06B1F7EBF29E53A57ECE9 ] RemoteAccess C:\Windows\System32\mprdim.dll
17:04:44.0988 6352 RemoteAccess - ok
17:04:45.0018 6352 [ 9E6894EA18DAFF37B63E1005F83AE4AB ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:04:45.0043 6352 RemoteRegistry - ok
17:04:45.0090 6352 [ 5123F83CBC4349D065534EEB6BBDC42B ] RpcLocator C:\Windows\system32\locator.exe
17:04:45.0127 6352 RpcLocator - ok
17:04:45.0262 6352 [ 3B5B4D53FEC14F7476CA29A20CC31AC9 ] RpcSs C:\Windows\system32\rpcss.dll
17:04:45.0318 6352 RpcSs - ok
17:04:45.0352 6352 [ 9C508F4074A39E8B4B31D27198146FAD ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:04:45.0380 6352 rspndr - ok
17:04:45.0408 6352 [ A3E186B4B935905B829219502557314E ] SamSs C:\Windows\system32\lsass.exe
17:04:45.0425 6352 SamSs - ok
17:04:45.0454 6352 [ 3CE8F073A557E172B330109436984E30 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:04:45.0483 6352 sbp2port - ok
17:04:45.0545 6352 [ 77B7A11A0C3D78D3386398FBBEA1B632 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:04:45.0576 6352 SCardSvr - ok
17:04:45.0675 6352 [ 1A58069DB21D05EB2AB58EE5753EBE8D ] Schedule C:\Windows\system32\schedsvc.dll
17:04:45.0762 6352 Schedule - ok
17:04:45.0792 6352 [ 312EC3E37A0A1F2006534913E37B4423 ] SCPolicySvc C:\Windows\System32\certprop.dll
17:04:45.0818 6352 SCPolicySvc - ok
17:04:45.0882 6352 [ 716313D9F6B0529D03F726D5AAF6F191 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:04:45.0920 6352 SDRSVC - ok
17:04:45.0949 6352 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:04:46.0007 6352 secdrv - ok
17:04:46.0060 6352 [ FD5199D4D8A521005E4B5EE7FE00FA9B ] seclogon C:\Windows\system32\seclogon.dll
17:04:46.0099 6352 seclogon - ok
17:04:46.0154 6352 [ A9BBAB5759771E523F55563D6CBE140F ] SENS C:\Windows\System32\sens.dll
17:04:46.0192 6352 SENS - ok
17:04:46.0214 6352 [ 68E44E331D46F0FB38F0863A84CD1A31 ] Serenum C:\Windows\system32\drivers\serenum.sys
17:04:46.0279 6352 Serenum - ok
17:04:46.0304 6352 [ C70D69A918B178D3C3B06339B40C2E1B ] Serial C:\Windows\system32\drivers\serial.sys
17:04:46.0351 6352 Serial - ok
17:04:46.0380 6352 [ 8AF3D28A879BF75DB53A0EE7A4289624 ] sermouse C:\Windows\system32\drivers\sermouse.sys
17:04:46.0417 6352 sermouse - ok
17:04:46.0570 6352 [ 9BDE8F1F5D060E912FCF9FB58B71CBC1 ] ServiceLayer C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
17:04:46.0609 6352 ServiceLayer - ok
17:04:46.0643 6352 [ D2193326F729B163125610DBF3E17D57 ] SessionEnv C:\Windows\system32\sessenv.dll
17:04:46.0689 6352 SessionEnv - ok
17:04:46.0709 6352 [ 3EFA810BDCA87F6ECC24F9832243FE86 ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
17:04:46.0756 6352 sffdisk - ok
17:04:46.0801 6352 [ E5EAFE85815BD89095FEF3144A09AB68 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:04:46.0823 6352 sffp_mmc - ok
17:04:46.0845 6352 [ 9F66A46C55D6F1CCABC79BB7AFCCC545 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
17:04:46.0868 6352 sffp_sd - ok
17:04:46.0923 6352 [ 46ED8E91793B2E6F848015445A0AC188 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
17:04:46.0985 6352 sfloppy - ok
17:04:47.0042 6352 [ E1499BD0FF76B1B2FBBF1AF339D91165 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:04:47.0073 6352 SharedAccess - ok
17:04:47.0163 6352 [ C7230FBEE14437716701C15BE02C27B8 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:04:47.0192 6352 ShellHWDetection - ok
17:04:47.0222 6352 [ 1D76624A09A054F682D746B924E2DBC3 ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:04:47.0236 6352 sisagp - ok
17:04:47.0263 6352 [ 43CB7AA756C7DB280D01DA9B676CFDE2 ] SiSRaid2 C:\Windows\system32\drivers\sisraid2.sys
17:04:47.0289 6352 SiSRaid2 - ok
17:04:47.0307 6352 [ A99C6C8B0BAA970D8AA59DDC50B57F94 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
17:04:47.0336 6352 SiSRaid4 - ok
17:04:47.0396 6352 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:04:47.0411 6352 SkypeUpdate - ok
17:04:47.0582 6352 [ 862BB4CBC05D80C5B45BE430E5EF872F ] slsvc C:\Windows\system32\SLsvc.exe
17:04:47.0833 6352 slsvc - ok
17:04:47.0885 6352 [ 6EDC422215CD78AA8A9CDE6B30ABBD35 ] SLUINotify C:\Windows\system32\SLUINotify.dll
17:04:47.0912 6352 SLUINotify - ok
17:04:47.0955 6352 [ 7B75299A4D201D6A6533603D6914AB04 ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:04:47.0982 6352 Smb - ok
17:04:48.0012 6352 [ 2A146A055B4401C16EE62D18B8E2A032 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:04:48.0030 6352 SNMPTRAP - ok
17:04:48.0093 6352 [ 7AEBDEEF071FE28B0EEF2CDD69102BFF ] spldr C:\Windows\system32\drivers\spldr.sys
17:04:48.0106 6352 spldr - ok
17:04:48.0147 6352 [ 8554097E5136C3BF9F69FE578A1B35F4 ] Spooler C:\Windows\System32\spoolsv.exe
17:04:48.0177 6352 Spooler - ok
17:04:48.0276 6352 [ 41987F9FC0E61ADF54F581E15029AD91 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:04:48.0332 6352 srv - ok
17:04:48.0390 6352 [ FF33AFF99564B1AA534F58868CBE41EF ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:04:48.0456 6352 srv2 - ok
17:04:48.0486 6352 [ 7605C0E1D01A08F3ECD743F38B834A44 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:04:48.0521 6352 srvnet - ok
17:04:48.0578 6352 [ 03D50B37234967433A5EA5BA72BC0B62 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:04:48.0619 6352 SSDPSRV - ok
17:04:48.0660 6352 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:04:48.0673 6352 ssmdrv - ok
17:04:48.0709 6352 [ 6F1A32E7B7B30F004D9A20AFADB14944 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:04:48.0734 6352 SstpSvc - ok
17:04:48.0816 6352 [ 5DE7D67E49B88F5F07F3E53C4B92A352 ] stisvc C:\Windows\System32\wiaservc.dll
17:04:48.0851 6352 stisvc - ok
17:04:48.0907 6352 [ 7BA58ECF0C0A9A69D44B3DCA62BECF56 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
17:04:48.0940 6352 swenum - ok
17:04:48.0970 6352 [ F21FD248040681CCA1FB6C9A03AAA93D ] swprv C:\Windows\System32\swprv.dll
17:04:49.0026 6352 swprv - ok
17:04:49.0057 6352 [ 192AA3AC01DF071B541094F251DEED10 ] Symc8xx C:\Windows\system32\drivers\symc8xx.sys
17:04:49.0078 6352 Symc8xx - ok
17:04:49.0108 6352 [ 8C8EB8C76736EBAF3B13B633B2E64125 ] Sym_hi C:\Windows\system32\drivers\sym_hi.sys
17:04:49.0121 6352 Sym_hi - ok
17:04:49.0155 6352 [ 8072AF52B5FD103BBBA387A1E49F62CB ] Sym_u3 C:\Windows\system32\drivers\sym_u3.sys
17:04:49.0173 6352 Sym_u3 - ok
17:04:49.0221 6352 [ 9A51B04E9886AA4EE90093586B0BA88D ] SysMain C:\Windows\system32\sysmain.dll
17:04:49.0288 6352 SysMain - ok
17:04:49.0348 6352 [ 2DCA225EAE15F42C0933E998EE0231C3 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:04:49.0379 6352 TabletInputService - ok
17:04:49.0434 6352 [ D7673E4B38CE21EE54C59EEEB65E2483 ] TapiSrv C:\Windows\System32\tapisrv.dll
17:04:49.0460 6352 TapiSrv - ok
17:04:49.0477 6352 [ CB05822CD9CC6C688168E113C603DBE7 ] TBS C:\Windows\System32\tbssvc.dll
17:04:49.0511 6352 TBS - ok
17:04:49.0678 6352 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:04:49.0728 6352 Tcpip - ok
17:04:49.0793 6352 [ 27D470DABC77BC60D0A3B0E4DEB6CB91 ] Tcpip6 C:\Windows\system32\DRIVERS\tcpip.sys
17:04:49.0945 6352 Tcpip6 - ok
17:04:49.0987 6352 [ 608C345A255D82A6289C2D468EB41FD7 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:04:50.0033 6352 tcpipreg - ok
17:04:50.0080 6352 [ 5DCF5E267BE67A1AE926F2DF77FBCC56 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:04:50.0107 6352 TDPIPE - ok
17:04:50.0131 6352 [ 389C63E32B3CEFED425B61ED92D3F021 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:04:50.0158 6352 TDTCP - ok
17:04:50.0185 6352 [ 76B06EB8A01FC8624D699E7045303E54 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:04:50.0212 6352 tdx - ok
17:04:50.0231 6352 [ 3CAD38910468EAB9A6479E2F01DB43C7 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
17:04:50.0248 6352 TermDD - ok
17:04:50.0302 6352 [ BB95DA09BEF6E7A131BFF3BA5032090D ] TermService C:\Windows\System32\termsrv.dll
17:04:50.0366 6352 TermService - ok
17:04:50.0408 6352 [ C7230FBEE14437716701C15BE02C27B8 ] Themes C:\Windows\system32\shsvcs.dll
17:04:50.0433 6352 Themes - ok
17:04:50.0450 6352 [ 1076FFCFFAAE8385FD62DFCB25AC4708 ] THREADORDER C:\Windows\system32\mmcss.dll
17:04:50.0487 6352 THREADORDER - ok
17:04:50.0524 6352 [ EC74E77D0EB004BD3A809B5F8FB8C2CE ] TrkWks C:\Windows\System32\trkwks.dll
17:04:50.0559 6352 TrkWks - ok
17:04:50.0638 6352 [ 97D9D6A04E3AD9B6C626B9931DB78DBA ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:04:50.0669 6352 TrustedInstaller - ok
17:04:50.0709 6352 [ DCF0F056A2E4F52287264F5AB29CF206 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:04:50.0741 6352 tssecsrv - ok
17:04:50.0780 6352 [ CAECC0120AC49E3D2F758B9169872D38 ] tunmp C:\Windows\system32\DRIVERS\tunmp.sys
17:04:50.0832 6352 tunmp - ok
17:04:50.0861 6352 [ 300DB877AC094FEAB0BE7688C3454A9C ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:04:50.0880 6352 tunnel - ok
17:04:50.0910 6352 [ 7D33C4DB2CE363C8518D2DFCF533941F ] uagp35 C:\Windows\system32\drivers\uagp35.sys
17:04:50.0930 6352 uagp35 - ok
17:04:50.0943 6352 [ D9728AF68C4C7693CB100B8441CBDEC6 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:04:50.0972 6352 udfs - ok
17:04:51.0033 6352 [ ECEF404F62863755951E09C802C94AD5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:04:51.0078 6352 UI0Detect - ok
17:04:51.0134 6352 [ B0ACFDC9E4AF279E9116C03E014B2B27 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:04:51.0148 6352 uliagpkx - ok
17:04:51.0187 6352 [ 9224BB254F591DE4CA8D572A5F0D635C ] uliahci C:\Windows\system32\drivers\uliahci.sys
17:04:51.0206 6352 uliahci - ok
17:04:51.0248 6352 [ 8514D0E5CD0534467C5FC61BE94A569F ] UlSata C:\Windows\system32\drivers\ulsata.sys
17:04:51.0265 6352 UlSata - ok
17:04:51.0305 6352 [ 38C3C6E62B157A6BC46594FADA45C62B ] ulsata2 C:\Windows\system32\drivers\ulsata2.sys
17:04:51.0350 6352 ulsata2 - ok
17:04:51.0374 6352 [ 32CFF9F809AE9AED85464492BF3E32D2 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:04:51.0409 6352 umbus - ok
17:04:51.0469 6352 [ 68308183F4AE0BE7BF8ECD07CB297999 ] upnphost C:\Windows\System32\upnphost.dll
17:04:51.0507 6352 upnphost - ok
17:04:51.0568 6352 [ CAF811AE4C147FFCD5B51750C7F09142 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:04:51.0600 6352 usbccgp - ok
17:04:51.0620 6352 [ E9476E6C486E76BC4898074768FB7131 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:04:51.0675 6352 usbcir - ok
17:04:51.0699 6352 [ 79E96C23A97CE7B8F14D310DA2DB0C9B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:04:51.0734 6352 usbehci - ok
17:04:51.0786 6352 [ 4673BBCB006AF60E7ABDDBE7A130BA42 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:04:51.0831 6352 usbhub - ok
17:04:51.0847 6352 [ 38DBC7DD6CC5A72011F187425384388B ] usbohci C:\Windows\system32\drivers\usbohci.sys
17:04:51.0895 6352 usbohci - ok
17:04:51.0941 6352 [ E75C4B5269091D15A2E7DC0B6D35F2F5 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:04:51.0980 6352 usbprint - ok
17:04:52.0026 6352 [ BE3DA31C191BC222D9AD503C5224F2AD ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:04:52.0063 6352 USBSTOR - ok
17:04:52.0104 6352 [ 814D653EFC4D48BE3B04A307ECEFF56F ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:04:52.0126 6352 usbuhci - ok
17:04:52.0164 6352 [ E67998E8F14CB0627A769F6530BCB352 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
17:04:52.0196 6352 usbvideo - ok
17:04:52.0296 6352 [ 1509E705F3AC1D474C92454A5C2DD81F ] UxSms C:\Windows\System32\uxsms.dll
17:04:52.0333 6352 UxSms - ok
17:04:52.0411 6352 [ CD88D1B7776DC17A119049742EC07EB4 ] vds C:\Windows\System32\vds.exe
17:04:52.0442 6352 vds - ok
17:04:52.0475 6352 [ 87B06E1F30B749A114F74622D013F8D4 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:04:52.0516 6352 vga - ok
17:04:52.0553 6352 [ 2E93AC0A1D8C79D019DB6C51F036636C ] VgaSave C:\Windows\System32\drivers\vga.sys
17:04:52.0580 6352 VgaSave - ok
17:04:52.0624 6352 [ 5D7159DEF58A800D5781BA3A879627BC ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:04:52.0647 6352 viaagp - ok
17:04:52.0673 6352 [ C4F3A691B5BAD343E6249BD8C2D45DEE ] ViaC7 C:\Windows\system32\drivers\viac7.sys
17:04:52.0705 6352 ViaC7 - ok
17:04:52.0744 6352 [ AADF5587A4063F52C2C3FED7887426FC ] viaide C:\Windows\system32\drivers\viaide.sys
17:04:52.0757 6352 viaide - ok
17:04:52.0821 6352 [ C30A79CFEE47F1A9633F403C5ACE872F ] VMC302 C:\Windows\system32\Drivers\VMC302.sys
17:04:52.0870 6352 VMC302 - ok
17:04:52.0906 6352 [ 69503668AC66C77C6CD7AF86FBDF8C43 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:04:52.0937 6352 volmgr - ok
17:04:53.0003 6352 [ 23E41B834759917BFD6B9A0D625D0C28 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:04:53.0027 6352 volmgrx - ok
17:04:53.0072 6352 [ 786DB5771F05EF300390399F626BF30A ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:04:53.0095 6352 volsnap - ok
17:04:53.0213 6352 [ D6653180D162CB3144FDBC8A651CEBB1 ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
17:04:53.0245 6352 vpnagent - ok
17:04:53.0273 6352 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys
17:04:53.0307 6352 vpnva - ok
17:04:53.0363 6352 [ 587253E09325E6BF226B299774B728A9 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
17:04:53.0393 6352 vsmraid - ok
17:04:53.0490 6352 [ DB3D19F850C6EB32BDCB9BC0836ACDDB ] VSS C:\Windows\system32\vssvc.exe
17:04:53.0561 6352 VSS - ok
17:04:53.0609 6352 [ 96EA68B9EB310A69C25EBB0282B2B9DE ] W32Time C:\Windows\system32\w32time.dll
17:04:53.0639 6352 W32Time - ok
17:04:53.0678 6352 [ 48DFEE8F1AF7C8235D4E626F0C4FE031 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
17:04:53.0733 6352 WacomPen - ok
17:04:53.0767 6352 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
17:04:53.0795 6352 Wanarp - ok
17:04:53.0803 6352 [ 55201897378CCA7AF8B5EFD874374A26 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:04:53.0827 6352 Wanarpv6 - ok
17:04:53.0880 6352 [ A3CD60FD826381B49F03832590E069AF ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:04:53.0910 6352 wcncsvc - ok
17:04:53.0937 6352 [ 11BCB7AFCDD7AADACB5746F544D3A9C7 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:04:53.0959 6352 WcsPlugInService - ok
17:04:53.0980 6352 [ 78FE9542363F297B18C027B2D7E7C07F ] Wd C:\Windows\system32\drivers\wd.sys
17:04:53.0994 6352 Wd - ok
17:04:54.0069 6352 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:04:54.0118 6352 Wdf01000 - ok
17:04:54.0154 6352 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:04:54.0188 6352 WdiServiceHost - ok
17:04:54.0213 6352 [ ABFC76B48BB6C96E3338D8943C5D93B5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:04:54.0245 6352 WdiSystemHost - ok
17:04:54.0297 6352 [ 04C37D8107320312FBAE09926103D5E2 ] WebClient C:\Windows\System32\webclnt.dll
17:04:54.0336 6352 WebClient - ok
17:04:54.0378 6352 [ AE3736E7E8892241C23E4EBBB7453B60 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:04:54.0405 6352 Wecsvc - ok
17:04:54.0442 6352 [ 670FF720071ED741206D69BD995EA453 ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:04:54.0474 6352 wercplsupport - ok
17:04:54.0495 6352 [ 32B88481D3B326DA6DEB07B1D03481E7 ] WerSvc C:\Windows\System32\WerSvc.dll
17:04:54.0550 6352 WerSvc - ok
17:04:54.0632 6352 [ 4575AA12561C5648483403541D0D7F2B ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:04:54.0659 6352 WinDefend - ok
17:04:54.0665 6352 WinHttpAutoProxySvc - ok
17:04:54.0740 6352 [ 6B2A1D0E80110E3D04E6863C6E62FD8A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:04:54.0773 6352 Winmgmt - ok
17:04:54.0911 6352 [ 7CFE68BDC065E55AA5E8421607037511 ] WinRM C:\Windows\system32\WsmSvc.dll
17:04:54.0991 6352 WinRM - ok
17:04:55.0054 6352 [ C008405E4FEEB069E30DA1D823910234 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:04:55.0080 6352 Wlansvc - ok
17:04:55.0118 6352 [ 2E7255D172DF0B8283CDFB7B433B864E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:04:55.0138 6352 WmiAcpi - ok
17:04:55.0220 6352 [ 43BE3875207DCB62A85C8C49970B66CC ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:04:55.0241 6352 wmiApSrv - ok
17:04:55.0341 6352 [ 3978704576A121A9204F8CC49A301A9B ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:04:55.0405 6352 WMPNetworkSvc - ok
17:04:55.0504 6352 [ CFC5A04558F5070CEE3E3A7809F3FF52 ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:04:55.0541 6352 WPCSvc - ok
17:04:55.0608 6352 [ 801FBDB89D472B3C467EB112A0FC9246 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:04:55.0636 6352 WPDBusEnum - ok
17:04:55.0671 6352 [ DE9D36F91A4DF3D911626643DEBF11EA ] WpdUsb C:\Windows\system32\DRIVERS\wpdusb.sys
17:04:55.0690 6352 WpdUsb - ok
17:04:55.0866 6352 [ DCF3E3EDF5109EE8BC02FE6E1F045795 ] WPFFontCache_v0400 C:\Windows\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe
17:04:55.0917 6352 WPFFontCache_v0400 - ok
17:04:55.0962 6352 [ E3A3CB253C0EC2494D4A61F5E43A389C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:04:56.0011 6352 ws2ifsl - ok
17:04:56.0070 6352 [ 1CA6C40261DDC0425987980D0CD2AAAB ] wscsvc C:\Windows\System32\wscsvc.dll
17:04:56.0107 6352 wscsvc - ok
17:04:56.0115 6352 WSearch - ok
17:04:56.0248 6352 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:04:56.0373 6352 wuauserv - ok
17:04:56.0426 6352 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:04:56.0476 6352 WudfPf - ok
17:04:56.0542 6352 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:04:56.0586 6352 WUDFRd - ok
17:04:56.0648 6352 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:04:56.0680 6352 wudfsvc - ok
17:04:56.0727 6352 [ 04E268ADFC81964C49DC0C082D520F7E ] yukonwlh C:\Windows\system32\DRIVERS\yk60x86.sys
17:04:56.0776 6352 yukonwlh - ok
17:04:56.0787 6352 ================ Scan global ===============================
17:04:56.0814 6352 [ F31EEBC1A1C81FD04005489CC3DCDFE7 ] C:\Windows\system32\basesrv.dll
17:04:56.0857 6352 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:04:56.0882 6352 [ D2293B069E4B63DC17B2F08D45E71124 ] C:\Windows\system32\winsrv.dll
17:04:56.0966 6352 [ D4E6D91C1349B7BFB3599A6ADA56851B ] C:\Windows\system32\services.exe
17:04:56.0975 6352 [Global] - ok
17:04:56.0976 6352 ================ Scan MBR ==================================
17:04:57.0006 6352 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0
17:04:57.0947 6352 \Device\Harddisk0\DR0 - ok
17:04:57.0949 6352 ================ Scan VBR ==================================
17:04:57.0982 6352 [ 5B6F2FEB0BD131ACDA1891D32F6DE2DF ] \Device\Harddisk0\DR0\Partition1
17:04:58.0002 6352 \Device\Harddisk0\DR0\Partition1 - ok
17:04:58.0040 6352 [ 5907D4FE357A823B29ACE6AD43AD756D ] \Device\Harddisk0\DR0\Partition2
17:04:58.0042 6352 \Device\Harddisk0\DR0\Partition2 - ok
17:04:58.0042 6352 ============================================================
17:04:58.0042 6352 Scan finished
17:04:58.0042 6352 ============================================================
17:04:58.0052 7436 Detected object count: 0
17:04:58.0052 7436 Actual detected object count: 0


Alt 05.01.2013, 19:25   #6
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Gut,
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
--> Von meinem e-mail-account werden unautorisiert links versendet

Alt 05.01.2013, 21:41   #7
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Ich bin nicht sicher,ob die Deaktivierung der anderen Antivirus-Programme funktioniert hat.
Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-05.01 - alle user 05.01.2013  21:08:48.2.2 - x86
Microsoft® Windows Vista™ Home Premium   6.0.6002.2.1252.49.1031.18.3066.2124 [GMT 1:00]
ausgeführt von:: c:\users\alle user\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((((((((((((((((   Weitere Löschungen   ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB05A.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB165.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB1F4.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB205.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB227.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB277.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB298.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB345.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB3D4.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB462.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB4B2.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB4E3.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB504.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB5A2.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB602.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB671.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB74F.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB7ED.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB8BA.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB949.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMB96A.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBAA5.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBC4C.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBCEA.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBDD6.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMBF3F.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC098.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC1B3.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC270.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC34C.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC419.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC4C7.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC517.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMC5F3.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMDE46.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMEEFA.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF053.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF535.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF5C4.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF7C9.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF81A.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF83B.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF84C.tmp
c:\users\alle user\AppData\Local\Temp\XTMP1MC3VE\DEMF86E.tmp
c:\users\alle user\AppData\Local\Temp\YTMP7MC8AA\TAA6C03.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB05A.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB165.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB1F4.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB205.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB227.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB277.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB298.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB345.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB3D4.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB462.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB4B2.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB4E3.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB504.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB5A2.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB602.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB671.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB6A2.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB74F.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB7ED.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB8BA.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB949.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMB96A.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMBAA5.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMBC4C.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMBCEA.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMBDD6.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMBF3F.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC098.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC1B3.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC270.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC34C.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC419.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC4C7.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC517.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMC5F3.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMDE46.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMEEFA.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF053.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF535.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF5C4.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF7C9.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF81A.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF83B.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF84C.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\XTMP1MC3VE\DEMF86E.tmp
c:\users\ALLEUS~1\AppData\Local\Temp\YTMP7MC8AA\TAA6C03.tmp
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-05 bis 2013-01-05  ))))))))))))))))))))))))))))))
.
.
2013-01-05 20:16 . 2013-01-05 20:16	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-05 00:27 . 2012-11-08 18:00	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{51FC3050-DB71-4362-B490-543993C313A7}\mpengine.dll
2013-01-03 01:16 . 2013-01-03 01:16	--------	d-----w-	c:\users\alle user\AppData\Roaming\Malwarebytes
2013-01-03 01:15 . 2013-01-03 01:15	--------	d-----w-	c:\programdata\Malwarebytes
2013-01-03 01:15 . 2013-01-03 01:15	--------	d-----w-	c:\program files\Malwarebytes' Anti-Malware
2013-01-03 01:15 . 2012-12-14 15:49	21104	----a-w-	c:\windows\system32\drivers\mbam.sys
2012-12-26 22:47 . 2012-12-26 22:47	--------	d-----w-	c:\programdata\Apple Computer
2012-12-22 10:53 . 2012-12-22 10:53	--------	d-----w-	c:\program files\Dropbox
2012-12-22 10:29 . 2012-12-16 13:12	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-22 10:29 . 2012-12-16 10:50	293376	----a-w-	c:\windows\system32\atmfd.dll
2012-12-13 09:02 . 2012-07-26 02:46	9728	----a-w-	c:\windows\system32\Wdfres.dll
2012-12-13 09:02 . 2012-07-26 03:20	73216	----a-w-	c:\windows\system32\WUDFSvc.dll
2012-12-13 09:02 . 2012-07-26 03:20	172032	----a-w-	c:\windows\system32\WUDFPlatform.dll
2012-12-13 09:02 . 2012-07-26 02:33	66560	----a-w-	c:\windows\system32\drivers\WUDFPf.sys
2012-12-13 09:02 . 2012-07-26 02:32	155136	----a-w-	c:\windows\system32\drivers\WUDFRd.sys
2012-12-13 09:02 . 2009-07-14 12:12	16896	----a-w-	c:\windows\system32\winusb.dll
2012-12-13 09:02 . 2012-07-26 03:39	526952	----a-w-	c:\windows\system32\drivers\Wdf01000.sys
2012-12-13 09:02 . 2012-07-26 03:39	47720	----a-w-	c:\windows\system32\drivers\WdfLdr.sys
2012-12-13 09:02 . 2012-07-26 03:21	196608	----a-w-	c:\windows\system32\WUDFHost.exe
2012-12-13 09:02 . 2012-07-26 03:20	613888	----a-w-	c:\windows\system32\WUDFx.dll
2012-12-13 09:02 . 2012-07-26 03:20	38912	----a-w-	c:\windows\system32\WUDFCoinstaller.dll
2012-12-12 11:39 . 2012-12-12 11:39	--------	d-----w-	c:\users\alle user\AppData\Roaming\RealNetworks
2012-12-12 11:38 . 2012-12-12 11:38	--------	d-----w-	c:\program files\RealNetworks
2012-12-12 11:38 . 2012-12-12 11:38	--------	d-----w-	c:\programdata\RealNetworks
2012-12-12 11:38 . 2012-12-12 11:38	--------	d-----w-	c:\program files\Common Files\xing shared
2012-12-12 11:17 . 2012-12-12 11:17	499712	----a-w-	c:\windows\system32\msvcp71.dll
2012-12-12 10:22 . 2012-11-13 01:36	2048000	----a-w-	c:\windows\system32\win32k.sys
2012-12-12 10:22 . 2012-11-02 10:18	376320	----a-w-	c:\windows\system32\dpnet.dll
2012-12-12 10:22 . 2012-11-02 08:26	23040	----a-w-	c:\windows\system32\dpnsvr.exe
2012-12-12 10:22 . 2012-08-21 11:47	224640	----a-w-	c:\windows\system32\drivers\volsnap.sys
2012-12-12 10:22 . 2012-11-13 01:29	2048	----a-w-	c:\windows\system32\tzres.dll
2012-12-07 11:05 . 2012-12-07 11:05	--------	d-----w-	c:\programdata\dvdfab
2012-12-07 11:04 . 2012-12-07 11:04	--------	d-----w-	c:\users\alle user\AppData\Roaming\NVIDIA
2012-12-07 11:04 . 2012-12-07 11:04	--------	d-----w-	c:\program files\DVDFab 8 Qt
2012-12-07 10:58 . 2012-12-07 10:58	--------	d-----w-	c:\program files\Perion
2012-12-07 10:58 . 2011-05-13 23:17	632656	----a-w-	c:\windows\system32\msvcr80.dll
2012-12-07 10:58 . 2011-05-13 23:17	479232	----a-w-	c:\windows\system32\msvcm80.dll
2012-12-07 10:58 . 2011-05-13 23:17	554832	----a-w-	c:\windows\system32\msvcp80.dll
2012-12-07 10:58 . 2012-12-08 12:08	--------	d-----w-	c:\windows\system32\WNLT
2012-12-07 10:58 . 2012-12-07 10:58	--------	d-----w-	c:\windows\system32\ARFC
2012-12-07 10:58 . 2012-10-02 15:20	1008496	----a-w-	c:\windows\system32\dmwu.exe
2012-12-07 10:58 . 2012-10-02 15:18	28160	----a-w-	c:\windows\system32\ImHttpComm.dll
2012-12-07 10:58 . 2012-12-07 10:58	--------	d-----w-	c:\program files\IB Updater
2012-12-07 10:57 . 2012-12-07 10:57	--------	d-----w-	c:\users\alle user\AppData\Roaming\Digiarty
2012-12-07 10:57 . 2012-12-07 10:57	--------	d-----w-	c:\program files\Digiarty
2012-12-07 10:56 . 2012-12-07 10:56	--------	d-----w-	c:\users\alle user\AppData\Roaming\convert
2012-12-07 10:56 . 2012-12-07 10:57	--------	d-----w-	c:\users\alle user\AppData\Roaming\loadtbs
2012-12-07 10:56 . 2012-12-07 10:56	--------	d-----w-	c:\users\alle user\Gutscheinaffe
2012-12-07 10:47 . 2012-12-07 10:47	--------	d-----w-	c:\programdata\DVD Shrink
2012-12-07 10:47 . 2012-12-07 10:47	--------	d-----w-	c:\program files\DVD Shrink DE
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-12 11:17 . 2012-01-31 21:15	348160	----a-w-	c:\windows\system32\msvcr71.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\alle user\AppData\Roaming\loadtbs\toolbar.dll" [2012-12-07 616448]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\alle user\AppData\Roaming\loadtbs\toolbar.dll" [2012-12-07 616448]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\alle user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\alle user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\alle user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"ManyCam"="c:\program files\ManyCam\Bin\ManyCam.exe" [2012-03-07 2096504]
"NokiaSuite.exe"="c:\program files\Nokia\Nokia Suite\NokiaSuite.exe" [2012-10-13 1088424]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RtHDVCpl.exe" [2008-04-17 6111232]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2012-08-10 348664]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-01-03 843712]
"TkBellExe"="c:\program files\real\realplayer\Update\realsched.exe" [2012-12-12 295072]
.
c:\users\alle user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\alle user\AppData\Roaming\Dropbox\bin\Dropbox.exe [2012-12-22 28538560]
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\2.0.181\SSScheduler.exe [2010-1-15 255536]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WudfSvc]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation	REG_MULTI_SZ   	FontCache
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 19:42]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-04-18 19:42]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009650958-1073252964-1774183698-1000Core.job
- c:\users\alle user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 17:40]
.
2013-01-05 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-1009650958-1073252964-1774183698-1000UA.job
- c:\users\alle user\AppData\Local\Google\Update\GoogleUpdate.exe [2012-01-25 17:40]
.
2013-01-05 c:\windows\Tasks\Norton Security Scan for alle user.job
- c:\progra~1\NORTON~2\Engine\353~1.1\Nss.exe [2012-02-01 00:45]
.
.
------- Zusätzlicher Suchlauf -------
.
TCP: DhcpNameServer = 192.168.2.1
DPF: CC679CB8-DC4B-458B-B817-D447B3B6AC31 - vpnweb.cab
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, hxxp://www.gmer.net
Rootkit scan 2013-01-05 21:20
Windows 6.0.6002 Service Pack 2 NTFS
.
Scanne versteckte Prozesse... 
.
Scanne versteckte Autostarteinträge... 
.
Scanne versteckte Dateien... 
.
Scan erfolgreich abgeschlossen
versteckte Dateien: 0
.
**************************************************************************
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\EverestDriver]
"ImagePath"="\??\f:\everest 530\kerneld.wnt"
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(5804)
c:\users\alle user\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
------------------------ Weitere laufende Prozesse ------------------------
.
c:\windows\system32\nvvsvc.exe
c:\program files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe
c:\windows\system32\nvvsvc.exe
c:\program files\Avira\AntiVir Desktop\sched.exe
c:\program files\Common Files\Adobe\ARM\1.0\armsvc.exe
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\IB Updater\ExtensionUpdaterService.exe
c:\windows\system32\dmwu.exe
c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe
c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe
c:\program files\RealNetworks\RealDownloader\rndlresolversvc.exe
c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe
c:\program files\Avira\AntiVir Desktop\avshadow.exe
c:\windows\system32\conime.exe
c:\windows\RtHDVCpl.exe
c:\windows\ehome\ehmsas.exe
c:\program files\OpenOffice.org 3\program\soffice.exe
c:\program files\OpenOffice.org 3\program\soffice.bin
c:\program files\PC Connectivity Solution\ServiceLayer.exe
c:\program files\PC Connectivity Solution\Transports\NclUSBSrv.exe
c:\program files\PC Connectivity Solution\Transports\NclMSBTSrvEx.exe
c:\windows\servicing\TrustedInstaller.exe
.
**************************************************************************
.
Zeit der Fertigstellung: 2013-01-05  21:26:04 - PC wurde neu gestartet
ComboFix-quarantined-files.txt  2013-01-05 20:26
ComboFix2.txt  2013-01-05 19:52
.
Vor Suchlauf: 20 Verzeichnis(se), 14.388.039.680 Bytes frei
Nach Suchlauf: 22 Verzeichnis(se), 14.147.174.400 Bytes frei
.
- - End Of File - - 07B1D10BBA489DEA5B04EC45076BE5CA
         
--- --- ---


Vielen Dank!

Alt 06.01.2013, 18:16   #8
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi,

lade den CCleaner standard:
CCleaner - Download - Filepony
falls der CCleaner
bereits instaliert, überspringen.
öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen.
hinter, jedes von dir benötigte programm, schreibe notwendig.
hinter, jedes, von dir nicht benötigte, unnötig.
hinter, dir unbekannte, unbekannt.
liste posten.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 07.01.2013, 17:18   #9
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



7-Zip 9.20 16.04.2012 3,53MB
Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 23.01.2012 11.1.102.55 nötig
Adobe Reader X (10.1.3) - Deutsch Adobe Systems Incorporated 01.07.2012 149MB 10.1.3 nötig
Atheros Wireless LAN 23.01.2012 928KB nötig
Avira Free Antivirus Avira 15.11.2012 199MB 12.1.9.1236 unnötig
Babylon toolbar on IE 12.03.2012 1,73MB unbekannt
CCleaner Piriform 19.12.2012 5,08MB 3.26 unnötig
Cisco AnyConnect VPN Client Cisco Systems, Inc. 02.04.2012 7,28MB 2.5.3054 nötig
Dropbox Dropbox, Inc. 22.12.2012 30,8MB 1.6.10 nötig
DVD Shrink 3.2 deutsch (DeCSS-frei) DVD Shrink 07.12.2012 1,10MB unnötig
DVDFab 8.2.2.4 (06/12/2012) Qt Fengtao Software Inc. 07.12.2012 54,8MB unnötig
Easy Battery Manager Samsung 23.01.2012 7,89MB 3.2.1.7 nötig
Easy Display Manager Samsung 23.01.2012 11,4MB 2.0.0.0 nötig
Easy Network Manager 3.0 Ihr Firmenname 23.01.2012 36,9MB 3.0.0.0 nötig
Easy SpeedUp Manager 23.01.2012 3,69MB 2.0.1.3 unbekannt
FreeRIP 3.92 GreenTree Applications SRL 04.12.2012 5,42MB 3.92 unnötig
GIMP 2.6.12 The GIMP Team 15.02.2012 119MB 2.6.12 unnötig
Google Chrome Google Inc. 25.01.2012 1,03GB 23.0.1271.97 nötig
Google Earth Google 23.04.2012 107MB 6.2.2.6613 unnötig
IB Updater 2.0.0.530 IncrediBar 07.12.2012 1,93MB 2.0.0.530 unbekannt
IB Updater Service 07.12.2012 2.0.0.3 unbekannt
Intel® Matrix Storage Manager Intel Corporation 23.01.2012 804KB nötig
Java(TM) 6 Update 22 Oracle 28.01.2012 97,0MB 6.0.220 nötig
loadtbs-3.0 07.12.2012 1,93MB unbekannt
Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 03.01.2013 12,2MB 1.70.0.1100 unnötig
ManyCam 3.0.48 (remove only) ManyCam LLC 19.03.2012 26,4MB 3.0.48 unnötig
McAfee Security Scan Plus McAfee, Inc. 02.02.2012 9,56MB 2.0.181.2 unnötig
Microsoft .NET Framework 3.5 Language Pack SP1 - DEU Microsoft Corporation 23.01.2012 36,9MB nötig
Microsoft .NET Framework 3.5 SP1 Microsoft Corporation 23.01.2012 36,9MB nötig
Microsoft .NET Framework 4 Client Profile Microsoft Corporation 23.01.2012 120MB 4.0.30319 nötig
Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 23.01.2012 24,5MB 4.0.30319 nötig
Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 22.05.2012 420KB 8.0.56336 nötig
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 28.01.2012 590KB 9.0.30729.4148 nötig
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 25.01.2012 11,1MB 10.0.40219 nötig
MSXML 4.0 SP2 (KB927978) Microsoft Corporation 03.12.2012 34,0KB 4.20.9841.0 nötig
MSXML 4.0 SP2 (KB954430) Microsoft Corporation 03.12.2012 34,0KB 4.20.9870.0 nötig
MSXML 4.0 SP2 (KB973688) Microsoft Corporation 03.12.2012 1,33MB 4.20.9876.0 nötig
Nokia Connectivity Cable Driver Nokia 01.12.2012 3,35MB 7.1.92.0 unnötig
Nokia Suite Nokia 01.12.2012 129MB 3.6.36.0 unnötig
Norton Security Scan Symantec Corporation 01.02.2012 14,3MB 3.5.3.1 unnötig
NVIDIA Display Control Panel NVIDIA Corporation 23.01.2012 58,6MB 6.14.12.5896 nötig
NVIDIA Drivers NVIDIA Corporation 23.01.2012 1,75MB 1.10.62.40 nötig
OpenOffice.org 3.3 OpenOffice.org 28.01.2012 412MB 3.3.9567 nötig
PASW Statistics 18 SPSS Inc. 22.05.2012 591MB 18.0.0 nötig
PC Connectivity Solution Nokia 01.12.2012 15,0MB 12.0.48.0 unnötig
Philips Media Converter Philips 24.07.2012 5,55MB 1.03 nötig
Poladroid Poladroid.net 21.11.2012 16,6MB 0.9.6.0 nötig
R for Windows 2.15.0 R Development Core Team 16.04.2012 98,5MB 2.15.0 nötig
Realtek High Definition Audio Driver Realtek Semiconductor Corp. 23.01.2012 11,3MB 6.0.1.5605 nötig
Skype Click to Call Skype Technologies S.A. 24.08.2012 10,0MB 5.9.9216 nötig
Skype™ 6.0 Skype Technologies S.A. 30.11.2012 20,3MB 6.0.126 nötig
Vimicro UVC Camera Vimicro Corporation 23.01.2012 2,15MB 1.00.0000 unbekannt
VLC media player 1.1.11 VideoLAN 31.01.2012 82,1MB 1.1.11 nötig
Windows-Treiberpaket - Nokia pccsmcfd “LegacyDriver” (05/31/2012 7.1.2.0) Nokia 01.12.2012 3,02GB 05/31/2012 7.1.2.0 unnötig
WinX DVD Ripper 5.5.5 Digiarty Software, Inc. 07.12.2012 36,3MB unnötig
Xilisoft DVD Ripper Platinum 5 Xilisoft 06.12.2012 45,2MB 5.0.48.0122 unnötig

Alt 07.01.2013, 17:39   #10
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



deinstaliere:
Adobe Flash Player alle
Adobe - Adobe Flash Player installieren
neueste version laden
adobe reader:
Adobe - Adobe Reader herunterladen - Alle Versionen
haken bei mcafee security scan raus nehmen

bitte auch mal den adobe reader wie folgt konfigurieren:
adobe reader öffnen, bearbeiten, voreinstellungen.
allgemein:
nur zertifizierte zusatz module verwenden, anhaken.
internet:
hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc.
es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht.
bei javascript den haken bei java script verwenden raus nehmen
bei updater, automatisch instalieren wählen.
übernehmen /ok



deinstaliere:
Babylon
DVD Shrink
DVDFab
FreeRIP
GIMP
Google Earth
IB Updater : beide
Java
downloade Java jre:
Java-Downloads für alle Betriebssysteme
klicke:
Download der Java-Software für Windows Offline
laden, und instalieren
deinstaliere:
loadtbs
ManyCam
McAfee
Malwarebytes
Nokia : alle
Norton
PC Connectivity
WinX
Xilisoft

Öffne Ccleaner, analysieren, starten, PC neustarten
Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Suche.
  • Nach Ende des Suchlaufs öffnet sich eine Textdatei.
  • Poste
    mir den Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[R1].txt.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 08.01.2013, 22:17   #11
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi,
hier die Textdatei:
# AdwCleaner v2.105 - Datei am 08/01/2013 um 22:16:38 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : alle user - ALLEUSER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alle user\Downloads\adwcleaner.exe
# Option [Suche]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gefunden : C:\user.js
Ordner Gefunden : C:\Program Files\Perion
Ordner Gefunden : C:\ProgramData\Ask
Ordner Gefunden : C:\ProgramData\Babylon
Ordner Gefunden : C:\ProgramData\FreeRIP
Ordner Gefunden : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gefunden : C:\Users\alle user\AppData\Local\Babylon
Ordner Gefunden : C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gefunden : C:\Users\alle user\AppData\LocalLow\BabylonToolbar
Ordner Gefunden : C:\Users\alle user\AppData\Roaming\Babylon
Ordner Gefunden : C:\Users\alle user\AppData\Roaming\loadtbs

***** [Registrierungsdatenbank] *****

Schlüssel Gefunden : HKCU\Software\APN PIP
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gefunden : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\InstallCore
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gefunden : HKCU\Software\Softonic
Schlüssel Gefunden : HKLM\Software\Babylon
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\I
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gefunden : HKLM\Software\DealPly
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gefunden : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Schlüssel Gefunden : HKLM\Software\IB Updater
Schlüssel Gefunden : HKLM\Software\incredibar.com
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gefunden : HKLM\Software\PIP
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-1009650958-1073252964-1774183698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gefunden : HKU\S-1-5-21-1009650958-1073252964-1774183698-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gefunden : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

[HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://search.babylon.com/?babsrc=HP_Prot

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gefunden [l.12] : homepage = "hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=70969029000000000000002163454513",
Gefunden [l.1730] : homepage = "hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=70969029000000000000002163454513",

*************************

AdwCleaner[R1].txt - [8282 octets] - [08/01/2013 22:16:38]

########## EOF - C:\AdwCleaner[R1].txt - [8342 octets] ##########

Dankeschön!

Alt 08.01.2013, 23:20   #12
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hi,

Downloade Dir bitte AdwCleaner auf deinen Desktop.
  • Schließe
    alle offenen Programme und Browser.
  • Starte die adwcleaner.exe mit einem Doppelklick.
  • Klicke auf Löschen.
  • Bestätige jeweils mit Ok.
  • Dein
    Rechner wird neu gestartet, je nach Schwere der Infektion auch mehrmals - das ist normal. Nach dem Neustart öffnet sich eine Textdatei.
  • Poste mir den
    Inhalt mit deiner nächsten Antwort.
  • Die Logdatei findest du auch unter C:\AdwCleaner[Sx].txt. (x = fortlaufende Nummer)

Neustarten, teste bitte, wie PC + Programme wie Browser laufen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 09.01.2013, 10:17   #13
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



# AdwCleaner v2.105 - Datei am 09/01/2013 um 10:00:17 erstellt
# Aktualisiert am 08/01/2013 von Xplode
# Betriebssystem : Windows Vista (TM) Home Premium Service Pack 2 (32 bits)
# Benutzer : alle user - ALLEUSER-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\alle user\Desktop\adwcleaner (1).exe
# Option [Löschen]


**** [Dienste] ****


***** [Dateien / Ordner] *****

Datei Gelöscht : C:\user.js
Ordner Gelöscht : C:\Program Files\Perion
Ordner Gelöscht : C:\ProgramData\Ask
Ordner Gelöscht : C:\ProgramData\Babylon
Ordner Gelöscht : C:\ProgramData\FreeRIP
Ordner Gelöscht : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DealPly
Ordner Gelöscht : C:\Users\alle user\AppData\Local\Babylon
Ordner Gelöscht : C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Ordner Gelöscht : C:\Users\alle user\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\alle user\AppData\Roaming\Babylon
Ordner Gelöscht : C:\Users\alle user\AppData\Roaming\loadtbs

***** [Registrierungsdatenbank] *****

Schlüssel Gelöscht : HKCU\Software\APN PIP
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\I Want This
Schlüssel Gelöscht : HKCU\Software\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0ECDF796-C2DC-4D79-A620-CCE0C0A66CC9}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{98889811-442D-49DD-99D7-DC866BE87DBC}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372}
Schlüssel Gelöscht : HKCU\Software\Softonic
Schlüssel Gelöscht : HKLM\Software\Babylon
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{4E1E9D45-8BF9-4139-915C-9F83CC3D5921}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{B302A1BD-0157-49FA-90F1-4E94F22C7B4B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escortApp.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escorTlbr.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\Extension.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C01315C7-B4E2-4864-B43D-5FAFC414D179}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{C1545464-C77C-4130-A572-1C619E2895FE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{ED0E67AD-926C-4008-87E5-03CF72AA2A7E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{EF7FEC6D-451B-4452-9D26-7E10C6B5DB6E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\esrv.IncredibarESrvc.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\I
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\IncredibarApp.appCore.1
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{22B0769F-794B-4422-AC84-47B123C8986D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{255E0B2A-D747-4EEF-B7CE-159D73A3656D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{28ED590D-F5ED-4E05-A87F-1D759F1C6169}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{45D5B93F-E2ED-4AF2-915E-DCDDBDA8C33C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{66666666-6666-6666-6666-660066226658}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{771B99AB-636F-4A11-9039-8DFEB927B061}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{77777777-7777-7777-7777-770077227758}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A36867C6-302D-49FC-9D8E-1EB037B5F1AB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{A8321AA2-2227-40C7-8525-6C2F4E1B0EBE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AA41A731-6814-4A70-A6F1-C0A20FBBFBD5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{ABBB8A9E-D8AF-40D1-94BE-5175077465FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{BF737694-56F6-46FA-9FDC-FA99A5B25FAD}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{CFCD164E-8AC9-478E-9ECC-B616A932016C}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{D5961CC0-B442-4567-8030-67E241EF4CC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{E450067F-1C93-41A7-928E-07E5C2EEC680}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{F977D9F2-4BDC-44A6-B508-7C0284C61EED}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Prod.cap
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{48C9C8B0-A546-46C1-A81F-47A31E623E9D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{CFE8AAFD-A0F3-4329-84E9-6B679EC93EC2}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{D7EE8177-D51E-4F89-92B6-83EA2EC40800}
Schlüssel Gelöscht : HKLM\Software\DealPly
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\gaiilaahiahdejapggenmdmafpmbipje
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg
Schlüssel Gelöscht : HKLM\SOFTWARE\Google\Chrome\Extensions\mpfapcdfbbledbojijcbcclmlieaoogk
Schlüssel Gelöscht : HKLM\Software\IB Updater
Schlüssel Gelöscht : HKLM\Software\incredibar.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{74C36554-31F0-49DD-8857-ED6A64DF45BE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\I Want This
Schlüssel Gelöscht : HKLM\Software\PIP
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\New Windows\Allow [*.crossrider.com]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar [{DFEFCDEE-CF1A-4FC8-88AD-129872198372}]
Wert Gelöscht : HKLM\SOFTWARE\Mozilla\Firefox\extensions [{336D0C35-8A85-403a-B9D2-65C292C39087}]

***** [Internet Browser] *****

-\\ Internet Explorer v9.0.8112.16457

Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - Start Page] = hxxp://go.microsoft.com/fwlink/?LinkId=56626&homepage=hxxp://search.babylon.com/?babsrc=HP_Prot --> hxxp://www.google.com

-\\ Google Chrome v23.0.1271.97

Datei : C:\Users\alle user\AppData\Local\Google\Chrome\User Data\Default\Preferences

Gelöscht [l.12] : homepage = "hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=709690290000000000000021[...]
Gelöscht [l.1734] : homepage = "hxxp://search.babylon.com/?AF=110004&babsrc=HP_ss&mntrId=709690290000000000000021634[...]

*************************

AdwCleaner[R1].txt - [8411 octets] - [08/01/2013 22:16:38]
AdwCleaner[S2].txt - [8051 octets] - [09/01/2013 10:00:17]

########## EOF - C:\AdwCleaner[S2].txt - [8111 octets] ##########

Alt 09.01.2013, 14:10   #14
markusg
/// Malware-holic
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Teste bitte, wie PC und Programme laufen, auch Browser wie den ie mit testen.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 12.01.2013, 12:04   #15
charl
 
Von meinem e-mail-account werden unautorisiert links versendet - Standard

Von meinem e-mail-account werden unautorisiert links versendet



Hallo,
vielen Dank für Deine Hilfe!
Leider wurde gestern wieder eine Mail mit folgendem Link:
hxxp://www.teamtmi.com/dev/Scripts/WorkNews3.html
an alle meine Kontakte versendet.

Hallo,
ich habe mir gerade meine jüngsten Anmeldeaktivitäten bei meinem Mailaccount angeguckt und gesehen, dass ich zu Zeiten, an denen von meinem Accounts Links verschickt werden einmal in Peru und einmal in Malaysia angemeldet war.

Antwort

Themen zu Von meinem e-mail-account werden unautorisiert links versendet
administrator, anti-malware, antivirus, autostart, avira, browser, dateien, desktop, diverse, explorer, free, gelöscht, google, helper, infizierte, install.exe, links, loadtbs-3.0, malwarebytes, microsoft, ordner, programm, recycle.bin, software, system, system volume information, system32, temp




Ähnliche Themen: Von meinem e-mail-account werden unautorisiert links versendet


  1. Spam von meinem Arcor Account versendet
    Plagegeister aller Art und deren Bekämpfung - 07.11.2015 (28)
  2. LiveMail mein Account versendet Mail an Adressbucheinträge
    Log-Analyse und Auswertung - 21.10.2015 (15)
  3. Yahoo-Account versendet auch in meinem Namen aber mit .com Endung Mails
    Plagegeister aller Art und deren Bekämpfung - 08.07.2014 (9)
  4. Yahoo-Account versendet mit meinem Namen aber anderer Endung Mails
    Plagegeister aller Art und deren Bekämpfung - 01.07.2014 (18)
  5. Mein E-Mail Account versendet selbständig Links an meine Adressliste
    Log-Analyse und Auswertung - 26.04.2014 (13)
  6. E-Mail Account gehackt - unauthorisierte Mails von meinem Account werden verschickt
    Log-Analyse und Auswertung - 19.04.2014 (5)
  7. Mail Account versendet lt. Provider, Schadsoftware, wie z.B Viren oder Trojaner
    Log-Analyse und Auswertung - 09.02.2014 (1)
  8. E-Mail Account versendet Spam-Mails
    Log-Analyse und Auswertung - 15.08.2013 (11)
  9. Gmx versendet Mails mit meinem Account an meine Adressliste und ich weiß nichts davon
    Plagegeister aller Art und deren Bekämpfung - 20.08.2012 (13)
  10. Yahoo-Account versendet Spam-Links
    Log-Analyse und Auswertung - 28.06.2012 (2)
  11. AOL-Account versendet Spam-Mail
    Log-Analyse und Auswertung - 25.06.2012 (1)
  12. Yahoo-Mail Account versendet Spam Mails
    Log-Analyse und Auswertung - 25.05.2012 (10)
  13. E-Mail Account versendet Spam E-Mails
    Plagegeister aller Art und deren Bekämpfung - 15.04.2012 (15)
  14. Yahoo-Mail-Account versendet Spam-Mails an Kontakte aus meinem Adressbuch
    Plagegeister aller Art und deren Bekämpfung - 24.03.2012 (3)
  15. spam-mail über mein web.de-account versendet, spam-mail auch im gesendet Ordner
    Log-Analyse und Auswertung - 16.11.2011 (3)
  16. AOL hat Spam von meinem Account aus versendet
    Log-Analyse und Auswertung - 20.04.2011 (2)
  17. Mein AOL E-Mail Account versendet Spammails an meine Kontakte Outlook2007
    Plagegeister aller Art und deren Bekämpfung - 11.04.2011 (18)

Zum Thema Von meinem e-mail-account werden unautorisiert links versendet - Hallo, Von meinem e-mail-account werden seit ca. zwei monaten e-mails an alle meine kontakte verschickt. die e-mails tauchen nicht im ordner gesendet auf und enthalten diverse links (z.B.: hxxp://treecare4u.com/updates/concrete5.4.2.1/NewYear.html ). - Von meinem e-mail-account werden unautorisiert links versendet...
Archiv
Du betrachtest: Von meinem e-mail-account werden unautorisiert links versendet auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.