| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PC schreibt und klickt von selbstWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.01.2013, 17:42
| #1 |
 |  PC schreibt und klickt von selbst Hallo liebe TB community!  habe oben genanntes Problem und lasse gerade diesen Malwarebytes scanner durchlaufen.  ich sollte dann irgentwas hier reinposten. was nochmal? der suchlauf wurde beendet und es wurde 1 objekt gefunden.  löschen  ober in quarantäne? ich habe beides gelesen und bin etwas verunsichert... und welche schritte muss man danach noch befolgen, dass der pc wieder clean ist? MfG gully  |
|
10.01.2013, 18:13
| #2 |
| /// Malware-holic   | PC schreibt und klickt von selbst Hi
__________________woher sollen wir denn wissen, ob das Objekt gelöscht werden sollen, ohne den Bericht zu kennen? poste ihn erst mal, ohne zu löschen und schließe malwarebytes. dann: Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
10.01.2013, 19:46
| #3 |
| | PC schreibt und klickt von selbst OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 10.01.2013 19:04:57 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Downloads 64bit- Ultimate Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4,00 Gb Total Physical Memory | 1,12 Gb Available Physical Memory | 27,90% Memory free 8,00 Gb Paging File | 4,71 Gb Available in Paging File | 58,93% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,51 Gb Total Space | 11,11 Gb Free Space | 1,19% Space Free | Partition Type: NTFS Drive D: | 400,86 Gb Total Space | 399,83 Gb Free Space | 99,74% Space Free | Partition Type: NTFS Computer Name: *****-PC | User Name: ********* | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_5_502_146.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) PRC - C:\Windows\SysWOW64\PnkBstrA.exe () PRC - C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf () MOD - C:\Program Files (x86)\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll () ========== Services (SafeList) ========== SRV:64bit: - (LBTServ) -- C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe (Logitech, Inc.) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Steam Client Service) -- C:\Program Files (x86)\Common Files\Steam\SteamService.exe (Valve Corporation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (Stereo Service) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Program Files (x86)\Skype\Updater\Updater.exe (Skype Technologies) SRV - (NIS) -- C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe (Symantec Corporation) SRV - (PnkBstrA) -- C:\Windows\SysWOW64\PnkBstrA.exe () SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (BrlAPI) -- C:\cygwin\bin\cygrunsrv.exe () SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (GEST Service) -- C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe () ========== Driver Services (SafeList) ========== DRV:64bit: - (VBoxNetAdp) -- C:\Windows\SysNative\drivers\VBoxNetAdp.sys (Oracle Corporation) DRV:64bit: - (Point64) -- C:\Windows\SysNative\drivers\point64.sys (Microsoft Corporation) DRV:64bit: - (sptd) -- C:\Windows\SysNative\drivers\sptd.sys (Duplex Secure Ltd.) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (LHidFilt) -- C:\Windows\SysNative\drivers\LHidFilt.Sys (Logitech, Inc.) DRV:64bit: - (LMouFilt) -- C:\Windows\SysNative\drivers\LMouFilt.Sys (Logitech, Inc.) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (SRTSPX) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtspx64.sys (Symantec Corporation) DRV:64bit: - (SRTSP) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\srtsp64.sys (Symantec Corporation) DRV:64bit: - (ccSet_NIS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ccsetx64.sys (Symantec Corporation) DRV:64bit: - (SymEvent) -- C:\Windows\SysNative\drivers\SYMEVENT64x86.SYS (Symantec Corporation) DRV:64bit: - (SymEFA) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symefa64.sys (Symantec Corporation) DRV:64bit: - (SymNetS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symnets.sys (Symantec Corporation) DRV:64bit: - (SymIRON) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\ironx64.sys (Symantec Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (SymDS) -- C:\Windows\SysNative\drivers\NISx64\1309000.009\symds64.sys (Symantec Corporation) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (nusb3xhc) -- C:\Windows\SysNative\drivers\nusb3xhc.sys (Renesas Electronics Corporation) DRV:64bit: - (nusb3hub) -- C:\Windows\SysNative\drivers\nusb3hub.sys (Renesas Electronics Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (RTL8167) -- C:\Windows\SysNative\drivers\Rt64win7.sys (Realtek Corporation ) DRV:64bit: - (skfiltv) -- C:\Windows\SysNative\drivers\skfiltv.sys (Creative Technology Ltd.) DRV:64bit: - (JRAID) -- C:\Windows\SysNative\drivers\jraid.sys (JMicron Technology Corp.) DRV - (NAVEX15) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130109.040\ex64.sys (Symantec Corporation) DRV - (NAVENG) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130109.040\eng64.sys (Symantec Corporation) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (EraserUtilRebootDrv) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation) DRV - (BHDrvx64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130107.001\BHDrvx64.sys (Symantec Corporation) DRV - (IDSVia64) -- C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130109.001\IDSviA64.sys (Symantec Corporation) DRV - (eeCtrl) -- C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys (Symantec Corporation) DRV - (GVTDrv64) -- C:\Windows\GVTDrv64.sys () DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = Dell Official Site - The Power To Do More | Dell IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Google IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "google.de" FF - prefs.js..extensions.enabledAddons: nosquint%40urandom.ca:2.1.6 FF - prefs.js..extensions.enabledAddons: %7BBBDA0591-3099-440a-AA10-41764D9DB4DB%7D:11.1.1.5%20-%202 FF - prefs.js..extensions.enabledAddons: %7B2D3F3651-74B9-4795-BDEC-6DA2F431CB62%7D:2012.5.10.1 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:17.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\Windows\SysWOW64\Adobe\Director\np32dsw_1166636.dll (Adobe Systems, Inc.) FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.7.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~3\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~3\MICROS~2\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101753.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPlgn\ [2012.09.24 19:07:23 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\coFFPlgn\ [2013.01.10 15:13:10 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{F003DA68-8256-4b37-A6C4-350FA04494DF}: C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt [2012.12.15 17:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 12:37:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 12:37:31 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.12.07 12:37:34 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 17.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.07 12:37:31 | 000,000,000 | ---D | M] [2012.06.30 01:07:10 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Extensions [2012.11.24 11:53:49 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\Firefox\Profiles\j9td1q01.default\extensions [2012.11.13 21:53:10 | 000,113,112 | ---- | M] () (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\j9td1q01.default\extensions\nosquint@urandom.ca.xpi [2012.11.24 11:53:49 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Michi\AppData\Roaming\mozilla\firefox\profiles\j9td1q01.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.12.07 12:37:31 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.10 15:13:10 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\COFFPLGN [2012.09.24 19:07:23 | 000,000,000 | ---D | M] (Norton Vulnerability Protection) -- C:\PROGRAMDATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\IPSFFPLGN [2012.12.07 12:37:34 | 000,262,112 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.12 17:52:24 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.12 17:52:24 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.12 17:52:24 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.12 17:52:24 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.12 17:52:24 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~4\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (Norton Identity Protection) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O2 - BHO: (Norton Vulnerability Protection) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\IPS\IPSBHO.DLL (Symantec Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Logitech SetPoint) - {AF949550-9094-4807-95EC-D1C317803333} - C:\Program Files\Logitech\SetPointP\32-bit\SetPointSmooth.dll (Logitech, Inc.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~3\MICROS~2\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\coIEPlg.dll (Symantec Corporation) O4:64bit: - HKLM..\Run: [EvtMgr6] C:\Program Files\Logitech\SetPointP\SetPoint.exe (Logitech, Inc.) O4:64bit: - HKLM..\Run: [IntelliPoint] C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [IntelliType Pro] C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Microsoft Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Windows\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [JMB36X IDE Setup] C:\Windows\RaidTool\xInsIDE.exe () O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~3\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~3\MICROS~2\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~3\MICROS~2\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~3\MICROS~2\Office14\EXCEL.EXE/3000 File not found O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000007 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000007 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{242EE4B0-8265-4D9B-BDB4-77D5DBA6D870}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~3\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\LBTWlgn: DllName - (c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll) - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll (Logitech, Inc.) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O33 - MountPoints2\{68040fab-1b6a-11e2-8327-001fd09ab360}\Shell - "" = AutoRun O33 - MountPoints2\{68040fab-1b6a-11e2-8327-001fd09ab360}\Shell\AutoRun\command - "" = G:\autorun.exe O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.01.10 17:27:18 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Malwarebytes [2013.01.10 17:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.01.10 17:23:59 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.01.10 17:23:57 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.01.10 17:23:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.01.09 22:04:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Oracle VM VirtualBox [2013.01.09 22:00:20 | 000,000,000 | ---D | C] -- C:\Program Files\Oracle [2013.01.03 16:23:59 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Local\Gearbox Software [2013.01.03 16:23:33 | 000,000,000 | ---D | C] -- C:\Users\Michi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games [2012.12.16 11:41:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes [2012.12.16 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes [2012.12.16 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\iTunes [2012.12.16 11:40:54 | 000,000,000 | ---D | C] -- C:\Program Files\iPod [2012.12.16 11:40:54 | 000,000,000 | ---D | C] -- C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 [2012.12.15 17:55:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Logitech [2012.12.15 17:55:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Logitech [2012.12.15 17:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Logitech [2012.12.15 17:55:20 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\LogiShrd [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.01.10 18:52:14 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.01.10 17:24:02 | 000,001,136 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.01.10 15:20:09 | 000,025,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 15:20:08 | 000,025,648 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.01.10 15:12:37 | 000,418,208 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 15:12:30 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.01.10 15:11:45 | 3220,037,632 | -HS- | M] () -- C:\hiberfil.sys [2013.01.09 23:44:59 | 001,777,024 | ---- | M] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2013.01.09 23:44:59 | 000,763,004 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.01.09 23:44:59 | 000,718,322 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.01.09 23:44:59 | 000,173,390 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.01.09 23:44:59 | 000,146,344 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.01.09 23:44:51 | 001,777,024 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2012.12.22 22:09:04 | 597,963,001 | ---- | M] () -- C:\Users\Michi\Desktop\AC Bloodlines.rar [2012.12.16 11:41:32 | 000,001,806 | ---- | M] () -- C:\Users\Public\Desktop\iTunes.lnk [2012.12.14 16:49:28 | 000,024,176 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2012.12.11 20:49:31 | 000,000,600 | ---- | M] () -- C:\Users\Michi\AppData\Local\PUTTY.RND [1 C:\*.tmp files -> C:\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.01.10 17:24:02 | 000,001,136 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2012.12.23 18:08:02 | 602,126,863 | ---- | C] () -- C:\Users\Michi\Desktop\Assassin's Creed - Bloodlines.cso [2012.12.23 18:07:20 | 597,963,001 | ---- | C] () -- C:\Users\Michi\Desktop\AC Bloodlines.rar [2012.11.29 19:24:52 | 000,007,608 | ---- | C] () -- C:\Users\Michi\AppData\Local\Resmon.ResmonCfg [2012.10.30 20:24:06 | 000,000,600 | ---- | C] () -- C:\Users\Michi\AppData\Local\PUTTY.RND [2012.10.21 15:12:09 | 001,777,024 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2012.06.10 11:00:30 | 000,000,148 | ---- | C] () -- C:\Windows\OPHJ.INI [2012.06.05 20:14:53 | 000,215,128 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrB.exe [2012.06.05 20:14:50 | 002,434,856 | ---- | C] () -- C:\Windows\SysWow64\pbsvc_bc2.exe [2012.06.05 20:14:50 | 000,076,888 | ---- | C] () -- C:\Windows\SysWow64\PnkBstrA.exe [2012.06.05 19:08:28 | 000,030,528 | ---- | C] () -- C:\Windows\GVTDrv64.sys [2012.06.05 17:16:12 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.31 21:47:58 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Amazon [2012.06.29 23:32:12 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Babylon [2012.06.06 16:30:56 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\CrystalIdea Software [2012.10.21 15:05:39 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\DAEMON Tools Pro [2012.11.06 19:36:25 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\foobar2000 [2012.06.22 16:29:42 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\Leadertech [2012.06.07 10:51:22 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\mp3DirectCut [2012.06.10 11:02:49 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\OPHJ [2012.10.24 14:36:43 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TeamViewer [2012.06.07 11:15:46 | 000,000,000 | ---D | M] -- C:\Users\Michi\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.06.05 14:02:32 | 000,000,000 | -H-D | M] -- C:\$INPLACE.~TR [2012.06.05 16:42:09 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2012.10.18 23:30:57 | 000,000,000 | ---D | M] -- C:\cygwin [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.06.05 16:41:47 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2013.01.10 18:36:47 | 000,000,000 | R--D | M] -- C:\Downloads [2012.06.06 02:32:47 | 000,000,000 | ---D | M] -- C:\Drivers [2012.06.06 12:22:55 | 000,000,000 | ---D | M] -- C:\Eigene Dateien [2012.06.06 02:32:47 | 000,000,000 | ---D | M] -- C:\Hotfix [2012.06.05 18:43:19 | 000,000,000 | ---D | M] -- C:\Intel [2011.07.24 18:12:35 | 000,000,000 | -H-D | M] -- C:\msdownld.tmp [2012.06.26 11:23:13 | 000,000,000 | RH-D | M] -- C:\MSOCache [2012.06.11 17:37:50 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.06.10 10:47:11 | 000,000,000 | ---D | M] -- C:\OkiDriver [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.01.09 22:00:20 | 000,000,000 | R--D | M] -- C:\Program Files [2013.01.10 17:23:57 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.01.10 17:23:59 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.06.10 10:18:59 | 000,000,000 | ---D | M] -- C:\Programme [2012.06.05 18:49:19 | 000,000,000 | ---D | M] -- C:\RaidTool [2012.06.05 16:41:47 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.01.10 19:07:43 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.06.11 17:39:54 | 000,000,000 | R--D | M] -- C:\Users [2012.12.16 11:30:35 | 000,000,000 | ---D | M] -- C:\Windows [2012.05.21 16:35:22 | 000,000,000 | ---D | M] -- C:\WindowsImageBackup < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,640 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.06.06 13:06:15 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.01.10 19:07:45 | 007,602,176 | -HS- | M] () -- C:\Users\Michi\ntuser.dat [2013.01.10 19:07:45 | 000,262,144 | -HS- | M] () -- C:\Users\Michi\ntuser.dat.LOG1 [2012.06.05 16:41:58 | 000,000,000 | -HS- | M] () -- C:\Users\Michi\ntuser.dat.LOG2 [2012.06.10 09:43:16 | 000,000,000 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT_tureg_new.LOG1 [2012.06.10 09:43:16 | 000,000,000 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT_tureg_new.LOG2 [2012.06.10 09:41:45 | 001,048,576 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT_tureg_old [2012.06.05 16:44:25 | 000,065,536 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.06.05 16:44:25 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.06.05 16:44:25 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.06.10 13:39:00 | 000,065,536 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{36970370-b2d8-11e1-ba38-806e6f6e6963}.TM.blf [2012.06.10 13:39:00 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{36970370-b2d8-11e1-ba38-806e6f6e6963}.TMContainer00000000000000000001.regtrans-ms [2012.06.10 13:39:00 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\NTUSER.DAT{36970370-b2d8-11e1-ba38-806e6f6e6963}.TMContainer00000000000000000002.regtrans-ms [2012.06.13 10:27:26 | 000,065,536 | -HS- | M] () -- C:\Users\Michi\ntuser.dat{503424e2-b538-11e1-93f4-001fd09ab360}.TM.blf [2012.06.13 10:27:26 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\ntuser.dat{503424e2-b538-11e1-93f4-001fd09ab360}.TMContainer00000000000000000001.regtrans-ms [2012.06.13 10:27:26 | 000,524,288 | -HS- | M] () -- C:\Users\Michi\ntuser.dat{503424e2-b538-11e1-93f4-001fd09ab360}.TMContainer00000000000000000002.regtrans-ms [2012.06.05 16:41:58 | 000,000,020 | -HS- | M] () -- C:\Users\Michi\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > |
|
10.01.2013, 19:49
| #4 |
| /// Malware-holic | PC schreibt und klickt von selbst hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
10.01.2013, 20:33
| #5 |
| | PC schreibt und klickt von selbst servus! danke schomal für die hilfe! hier der log: 20:31:28.0196 2708 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 20:31:28.0446 2708 ============================================================ 20:31:28.0446 2708 Current date / time: 2013/01/10 20:31:28.0446 20:31:28.0446 2708 SystemInfo: 20:31:28.0446 2708 20:31:28.0446 2708 OS Version: 6.1.7601 ServicePack: 1.0 20:31:28.0446 2708 Product type: Workstation 20:31:28.0446 2708 ComputerName: **** -PC 20:31:28.0446 2708 UserName: ************ 20:31:28.0446 2708 Windows directory: C:\Windows 20:31:28.0446 2708 System windows directory: C:\Windows 20:31:28.0446 2708 Running under WOW64 20:31:28.0446 2708 Processor architecture: Intel x64 20:31:28.0446 2708 Number of processors: 2 20:31:28.0446 2708 Page size: 0x1000 20:31:28.0446 2708 Boot type: Normal boot 20:31:28.0446 2708 ============================================================ 20:31:29.0569 2708 Drive \Device\Harddisk1\DR1 - Size: 0x950AF4DE00 (596.17 Gb), SectorSize: 0x200, Cylinders: 0x13001, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:31:29.0569 2708 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 20:31:29.0585 2708 ============================================================ 20:31:29.0585 2708 \Device\Harddisk1\DR1: 20:31:29.0585 2708 MBR partitions: 20:31:29.0585 2708 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x186A0000 20:31:29.0585 2708 \Device\Harddisk1\DR1\Partition2: MBR, Type 0x7, StartLBA 0x186A0800, BlocksNum 0x321B7000 20:31:29.0585 2708 \Device\Harddisk0\DR0: 20:31:29.0585 2708 MBR partitions: 20:31:29.0585 2708 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 20:31:29.0585 2708 ============================================================ 20:31:29.0600 2708 C: <-> \Device\Harddisk0\DR0\Partition1 20:31:29.0616 2708 D: <-> \Device\Harddisk1\DR1\Partition2 20:31:29.0616 2708 ============================================================ 20:31:29.0616 2708 Initialize success 20:31:29.0616 2708 ============================================================ 20:31:37.0712 2976 ============================================================ 20:31:37.0712 2976 Scan started 20:31:37.0712 2976 Mode: Manual; SigCheck; 20:31:37.0712 2976 ============================================================ 20:31:38.0539 2976 ================ Scan system memory ======================== 20:31:38.0539 2976 System memory - ok 20:31:38.0539 2976 ================ Scan services ============================= 20:31:38.0633 2976 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 20:31:38.0680 2976 1394ohci - ok 20:31:38.0695 2976 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 20:31:38.0711 2976 ACPI - ok 20:31:38.0711 2976 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 20:31:38.0726 2976 AcpiPmi - ok 20:31:38.0851 2976 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 20:31:38.0851 2976 AdobeARMservice - ok 20:31:38.0960 2976 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe 20:31:38.0976 2976 AdobeFlashPlayerUpdateSvc - ok 20:31:38.0992 2976 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 20:31:39.0007 2976 adp94xx - ok 20:31:39.0023 2976 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys 20:31:39.0038 2976 adpahci - ok 20:31:39.0054 2976 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 20:31:39.0070 2976 adpu320 - ok 20:31:39.0101 2976 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 20:31:39.0132 2976 AeLookupSvc - ok 20:31:39.0163 2976 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 20:31:39.0179 2976 AFD - ok 20:31:39.0194 2976 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 20:31:39.0194 2976 agp440 - ok 20:31:39.0210 2976 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 20:31:39.0226 2976 ALG - ok 20:31:39.0226 2976 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 20:31:39.0241 2976 aliide - ok 20:31:39.0257 2976 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 20:31:39.0272 2976 amdide - ok 20:31:39.0288 2976 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 20:31:39.0304 2976 AmdK8 - ok 20:31:39.0304 2976 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 20:31:39.0319 2976 AmdPPM - ok 20:31:39.0366 2976 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 20:31:39.0382 2976 amdsata - ok 20:31:39.0382 2976 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 20:31:39.0397 2976 amdsbs - ok 20:31:39.0413 2976 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 20:31:39.0428 2976 amdxata - ok 20:31:39.0428 2976 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 20:31:39.0460 2976 AppID - ok 20:31:39.0475 2976 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 20:31:39.0506 2976 AppIDSvc - ok 20:31:39.0506 2976 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 20:31:39.0538 2976 Appinfo - ok 20:31:39.0569 2976 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 20:31:39.0569 2976 Apple Mobile Device - ok 20:31:39.0600 2976 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll 20:31:39.0616 2976 AppMgmt - ok 20:31:39.0631 2976 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys 20:31:39.0631 2976 arc - ok 20:31:39.0647 2976 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys 20:31:39.0662 2976 arcsas - ok 20:31:39.0772 2976 [ 9217D874131AE6FF8F642F124F00A555 ] aspnet_state C:\Windows\Microsoft.NET\Framework64\v4.0.30319\aspnet_state.exe 20:31:39.0787 2976 aspnet_state - ok 20:31:39.0803 2976 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 20:31:39.0818 2976 AsyncMac - ok 20:31:39.0834 2976 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 20:31:39.0834 2976 atapi - ok 20:31:39.0865 2976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 20:31:39.0896 2976 AudioEndpointBuilder - ok 20:31:39.0896 2976 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 20:31:39.0928 2976 AudioSrv - ok 20:31:39.0943 2976 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 20:31:39.0959 2976 AxInstSV - ok 20:31:39.0990 2976 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys 20:31:40.0006 2976 b06bdrv - ok 20:31:40.0021 2976 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 20:31:40.0037 2976 b57nd60a - ok 20:31:40.0052 2976 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 20:31:40.0068 2976 BDESVC - ok 20:31:40.0068 2976 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 20:31:40.0099 2976 Beep - ok 20:31:40.0115 2976 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 20:31:40.0146 2976 BFE - ok 20:31:40.0318 2976 [ ED97ADAF00A61F57A2CCBBB1CE58C600 ] BHDrvx64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130107.001\BHDrvx64.sys 20:31:40.0349 2976 BHDrvx64 - ok 20:31:40.0396 2976 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 20:31:40.0427 2976 BITS - ok 20:31:40.0442 2976 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 20:31:40.0458 2976 blbdrive - ok 20:31:40.0505 2976 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 20:31:40.0520 2976 Bonjour Service - ok 20:31:40.0536 2976 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 20:31:40.0552 2976 bowser - ok 20:31:40.0567 2976 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 20:31:40.0583 2976 BrFiltLo - ok 20:31:40.0598 2976 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 20:31:40.0598 2976 BrFiltUp - ok 20:31:40.0770 2976 [ DF32CE37D67439915903D49C81BF1D0E ] BrlAPI C:\cygwin\bin\cygrunsrv.exe 20:31:40.0770 2976 BrlAPI ( UnsignedFile.Multi.Generic ) - warning 20:31:40.0770 2976 BrlAPI - detected UnsignedFile.Multi.Generic (1) 20:31:40.0817 2976 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 20:31:40.0817 2976 Browser - ok 20:31:40.0832 2976 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 20:31:40.0848 2976 Brserid - ok 20:31:40.0864 2976 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 20:31:40.0879 2976 BrSerWdm - ok 20:31:40.0879 2976 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 20:31:40.0895 2976 BrUsbMdm - ok 20:31:40.0910 2976 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 20:31:40.0910 2976 BrUsbSer - ok 20:31:40.0926 2976 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 20:31:40.0942 2976 BTHMODEM - ok 20:31:40.0957 2976 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 20:31:40.0988 2976 bthserv - ok 20:31:41.0082 2976 [ 2C6FFCCA37B002AAB3C7C31A6D780A76 ] ccSet_NIS C:\Windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys 20:31:41.0082 2976 ccSet_NIS - ok 20:31:41.0098 2976 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 20:31:41.0129 2976 cdfs - ok 20:31:41.0144 2976 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 20:31:41.0160 2976 cdrom - ok 20:31:41.0176 2976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 20:31:41.0207 2976 CertPropSvc - ok 20:31:41.0207 2976 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys 20:31:41.0222 2976 circlass - ok 20:31:41.0254 2976 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 20:31:41.0269 2976 CLFS - ok 20:31:41.0316 2976 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 20:31:41.0316 2976 clr_optimization_v2.0.50727_32 - ok 20:31:41.0363 2976 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 20:31:41.0363 2976 clr_optimization_v2.0.50727_64 - ok 20:31:41.0410 2976 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 20:31:41.0425 2976 clr_optimization_v4.0.30319_32 - ok 20:31:41.0425 2976 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 20:31:41.0441 2976 clr_optimization_v4.0.30319_64 - ok 20:31:41.0456 2976 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 20:31:41.0456 2976 CmBatt - ok 20:31:41.0472 2976 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 20:31:41.0488 2976 cmdide - ok 20:31:41.0503 2976 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys 20:31:41.0534 2976 CNG - ok 20:31:41.0534 2976 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys 20:31:41.0550 2976 Compbatt - ok 20:31:41.0566 2976 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 20:31:41.0581 2976 CompositeBus - ok 20:31:41.0581 2976 COMSysApp - ok 20:31:41.0597 2976 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 20:31:41.0597 2976 crcdisk - ok 20:31:41.0644 2976 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 20:31:41.0659 2976 CryptSvc - ok 20:31:41.0675 2976 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys 20:31:41.0690 2976 CSC - ok 20:31:41.0722 2976 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll 20:31:41.0737 2976 CscService - ok 20:31:41.0753 2976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 20:31:41.0784 2976 DcomLaunch - ok 20:31:41.0815 2976 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 20:31:41.0846 2976 defragsvc - ok 20:31:41.0846 2976 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 20:31:41.0878 2976 DfsC - ok 20:31:41.0940 2976 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 20:31:41.0956 2976 dg_ssudbus - ok 20:31:41.0971 2976 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 20:31:41.0971 2976 Dhcp - ok 20:31:41.0987 2976 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 20:31:42.0018 2976 discache - ok 20:31:42.0034 2976 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys 20:31:42.0034 2976 Disk - ok 20:31:42.0065 2976 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 20:31:42.0080 2976 dmvsc - ok 20:31:42.0112 2976 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 20:31:42.0127 2976 Dnscache - ok 20:31:42.0236 2976 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 20:31:42.0268 2976 dot3svc - ok 20:31:42.0268 2976 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 20:31:42.0299 2976 DPS - ok 20:31:42.0314 2976 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 20:31:42.0330 2976 drmkaud - ok 20:31:42.0346 2976 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 20:31:42.0361 2976 DXGKrnl - ok 20:31:42.0377 2976 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 20:31:42.0408 2976 EapHost - ok 20:31:42.0470 2976 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys 20:31:42.0517 2976 ebdrv - ok 20:31:42.0533 2976 [ 4353FF94D47A0A9D52B89ECCF0CDB013 ] eeCtrl C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys 20:31:42.0548 2976 eeCtrl - ok 20:31:42.0564 2976 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 20:31:42.0580 2976 EFS - ok 20:31:42.0626 2976 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 20:31:42.0642 2976 ehRecvr - ok 20:31:42.0642 2976 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 20:31:42.0658 2976 ehSched - ok 20:31:42.0673 2976 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys 20:31:42.0689 2976 elxstor - ok 20:31:42.0751 2976 [ C5BCCB378D0A896304A3E71BE7215983 ] EraserUtilRebootDrv C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys 20:31:42.0751 2976 EraserUtilRebootDrv - ok 20:31:42.0767 2976 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 20:31:42.0782 2976 ErrDev - ok 20:31:42.0814 2976 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 20:31:42.0845 2976 EventSystem - ok 20:31:42.0860 2976 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 20:31:42.0892 2976 exfat - ok 20:31:42.0892 2976 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 20:31:42.0923 2976 fastfat - ok 20:31:42.0970 2976 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 20:31:42.0985 2976 Fax - ok 20:31:42.0985 2976 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 20:31:43.0001 2976 fdc - ok 20:31:43.0016 2976 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 20:31:43.0048 2976 fdPHost - ok 20:31:43.0079 2976 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 20:31:43.0094 2976 FDResPub - ok 20:31:43.0126 2976 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 20:31:43.0126 2976 FileInfo - ok 20:31:43.0204 2976 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 20:31:43.0219 2976 Filetrace - ok 20:31:43.0282 2976 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 20:31:43.0297 2976 flpydisk - ok 20:31:43.0391 2976 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 20:31:43.0406 2976 FltMgr - ok 20:31:43.0516 2976 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 20:31:43.0531 2976 FontCache - ok 20:31:43.0562 2976 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 20:31:43.0578 2976 FontCache3.0.0.0 - ok 20:31:43.0594 2976 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 20:31:43.0609 2976 FsDepends - ok 20:31:43.0640 2976 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 20:31:43.0656 2976 Fs_Rec - ok 20:31:43.0672 2976 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 20:31:43.0687 2976 fvevol - ok 20:31:43.0703 2976 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 20:31:43.0718 2976 gagp30kx - ok 20:31:43.0796 2976 [ 6275303610285B57361F03A375062FBA ] gdrv C:\Windows\gdrv.sys 20:31:43.0796 2976 gdrv - ok 20:31:43.0859 2976 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 20:31:43.0874 2976 GEARAspiWDM - ok 20:31:43.0890 2976 [ 604937407A431016577DDDB4E1DD2A85 ] GEST Service C:\Program Files (x86)\GIGABYTE\EnergySaver\GSvr.exe 20:31:43.0890 2976 GEST Service - ok 20:31:43.0906 2976 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 20:31:43.0937 2976 gpsvc - ok 20:31:43.0968 2976 [ 8126331FBD4ED29EB3B356F9C905064D ] GVTDrv64 C:\Windows\GVTDrv64.sys 20:31:43.0984 2976 GVTDrv64 - ok 20:31:43.0999 2976 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 20:31:43.0999 2976 hcw85cir - ok 20:31:44.0030 2976 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 20:31:44.0046 2976 HdAudAddService - ok 20:31:44.0062 2976 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 20:31:44.0077 2976 HDAudBus - ok 20:31:44.0077 2976 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 20:31:44.0093 2976 HidBatt - ok 20:31:44.0093 2976 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys 20:31:44.0108 2976 HidBth - ok 20:31:44.0124 2976 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys 20:31:44.0140 2976 HidIr - ok 20:31:44.0155 2976 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 20:31:44.0186 2976 hidserv - ok 20:31:44.0186 2976 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 20:31:44.0202 2976 HidUsb - ok 20:31:44.0218 2976 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 20:31:44.0249 2976 hkmsvc - ok 20:31:44.0264 2976 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 20:31:44.0280 2976 HomeGroupListener - ok 20:31:44.0296 2976 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 20:31:44.0311 2976 HomeGroupProvider - ok 20:31:44.0327 2976 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 20:31:44.0342 2976 HpSAMD - ok 20:31:44.0358 2976 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 20:31:44.0389 2976 HTTP - ok 20:31:44.0420 2976 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 20:31:44.0420 2976 hwpolicy - ok 20:31:44.0436 2976 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys 20:31:44.0452 2976 i8042prt - ok 20:31:44.0483 2976 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 20:31:44.0498 2976 iaStorV - ok 20:31:44.0545 2976 [ 1CF03C69B49ACB70C722DF92755C0C8C ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe 20:31:44.0545 2976 IDriverT ( UnsignedFile.Multi.Generic ) - warning 20:31:44.0545 2976 IDriverT - detected UnsignedFile.Multi.Generic (1) 20:31:44.0732 2976 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 20:31:44.0748 2976 idsvc - ok 20:31:44.0951 2976 [ A48928D4CCA6F8B731989DB08CF2C0AB ] IDSVia64 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130109.001\IDSvia64.sys 20:31:44.0966 2976 IDSVia64 - ok 20:31:44.0982 2976 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys 20:31:44.0982 2976 iirsp - ok 20:31:45.0107 2976 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 20:31:45.0138 2976 IKEEXT - ok 20:31:45.0341 2976 [ 4A725CDDE1A0C3D1B1EACA0D9D0D95D0 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 20:31:45.0372 2976 IntcAzAudAddService - ok 20:31:45.0388 2976 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 20:31:45.0403 2976 intelide - ok 20:31:45.0419 2976 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 20:31:45.0434 2976 intelppm - ok 20:31:45.0466 2976 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 20:31:45.0497 2976 IPBusEnum - ok 20:31:45.0528 2976 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 20:31:45.0559 2976 IpFilterDriver - ok 20:31:45.0590 2976 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 20:31:45.0606 2976 iphlpsvc - ok 20:31:45.0622 2976 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 20:31:45.0637 2976 IPMIDRV - ok 20:31:45.0653 2976 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 20:31:45.0684 2976 IPNAT - ok 20:31:45.0746 2976 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 20:31:45.0762 2976 iPod Service - ok 20:31:45.0762 2976 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 20:31:45.0778 2976 IRENUM - ok 20:31:45.0793 2976 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 20:31:45.0809 2976 isapnp - ok 20:31:45.0840 2976 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 20:31:45.0856 2976 iScsiPrt - ok 20:31:45.0856 2976 [ 3CE8227864A5C4574F5FD99658D69885 ] JRAID C:\Windows\system32\DRIVERS\jraid.sys 20:31:45.0871 2976 JRAID - ok 20:31:45.0887 2976 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 20:31:45.0887 2976 kbdclass - ok 20:31:45.0902 2976 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 20:31:45.0918 2976 kbdhid - ok 20:31:45.0918 2976 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 20:31:45.0934 2976 KeyIso - ok 20:31:45.0965 2976 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 20:31:45.0965 2976 KSecDD - ok 20:31:45.0996 2976 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 20:31:46.0012 2976 KSecPkg - ok 20:31:46.0012 2976 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 20:31:46.0043 2976 ksthunk - ok 20:31:46.0058 2976 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 20:31:46.0090 2976 KtmRm - ok 20:31:46.0105 2976 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 20:31:46.0136 2976 LanmanServer - ok 20:31:46.0152 2976 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 20:31:46.0168 2976 LanmanWorkstation - ok 20:31:46.0261 2976 [ 95EC0CB52692894E050CFC3573ABC3B2 ] LBTServ C:\Program Files\Common Files\LogiShrd\Bluetooth\lbtserv.exe 20:31:46.0277 2976 LBTServ - ok 20:31:46.0324 2976 [ E536A1D8502D0CA79B928CAB9EAEB807 ] LHidFilt C:\Windows\system32\DRIVERS\LHidFilt.Sys 20:31:46.0339 2976 LHidFilt - ok 20:31:46.0355 2976 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 20:31:46.0370 2976 lltdio - ok 20:31:46.0386 2976 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 20:31:46.0417 2976 lltdsvc - ok 20:31:46.0448 2976 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 20:31:46.0480 2976 lmhosts - ok 20:31:46.0526 2976 [ 2E6D0110DACC769AE478ADE6C2572E37 ] LMouFilt C:\Windows\system32\DRIVERS\LMouFilt.Sys 20:31:46.0526 2976 LMouFilt - ok 20:31:46.0542 2976 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 20:31:46.0558 2976 LSI_FC - ok 20:31:46.0558 2976 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 20:31:46.0573 2976 LSI_SAS - ok 20:31:46.0589 2976 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 20:31:46.0604 2976 LSI_SAS2 - ok 20:31:46.0604 2976 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 20:31:46.0620 2976 LSI_SCSI - ok 20:31:46.0636 2976 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 20:31:46.0667 2976 luafv - ok 20:31:46.0682 2976 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 20:31:46.0698 2976 Mcx2Svc - ok 20:31:46.0714 2976 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys 20:31:46.0729 2976 megasas - ok 20:31:46.0729 2976 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 20:31:46.0745 2976 MegaSR - ok 20:31:46.0776 2976 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 20:31:46.0792 2976 MMCSS - ok 20:31:46.0807 2976 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 20:31:46.0838 2976 Modem - ok 20:31:46.0854 2976 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 20:31:46.0870 2976 monitor - ok 20:31:46.0870 2976 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 20:31:46.0885 2976 mouclass - ok 20:31:46.0885 2976 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 20:31:46.0901 2976 mouhid - ok 20:31:46.0916 2976 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 20:31:46.0932 2976 mountmgr - ok 20:31:46.0948 2976 [ 8C7336950F1E69CDFD811CBBD9CF00A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 20:31:46.0963 2976 MozillaMaintenance - ok 20:31:46.0979 2976 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 20:31:46.0994 2976 mpio - ok 20:31:47.0010 2976 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 20:31:47.0026 2976 mpsdrv - ok 20:31:47.0041 2976 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 20:31:47.0088 2976 MpsSvc - ok 20:31:47.0104 2976 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 20:31:47.0119 2976 MRxDAV - ok 20:31:47.0135 2976 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 20:31:47.0135 2976 mrxsmb - ok 20:31:47.0150 2976 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 20:31:47.0166 2976 mrxsmb10 - ok 20:31:47.0182 2976 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 20:31:47.0182 2976 mrxsmb20 - ok 20:31:47.0197 2976 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 20:31:47.0213 2976 msahci - ok 20:31:47.0228 2976 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 20:31:47.0228 2976 msdsm - ok 20:31:47.0244 2976 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 20:31:47.0260 2976 MSDTC - ok 20:31:47.0260 2976 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 20:31:47.0291 2976 Msfs - ok 20:31:47.0291 2976 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 20:31:47.0322 2976 mshidkmdf - ok 20:31:47.0338 2976 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 20:31:47.0338 2976 msisadrv - ok 20:31:47.0369 2976 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 20:31:47.0400 2976 MSiSCSI - ok 20:31:47.0400 2976 msiserver - ok 20:31:47.0416 2976 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 20:31:47.0447 2976 MSKSSRV - ok 20:31:47.0462 2976 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 20:31:47.0494 2976 MSPCLOCK - ok 20:31:47.0509 2976 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 20:31:47.0525 2976 MSPQM - ok 20:31:47.0587 2976 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 20:31:47.0587 2976 MsRPC - ok 20:31:47.0603 2976 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 20:31:47.0618 2976 mssmbios - ok 20:31:47.0650 2976 MSSQL$SQLEXPRESS - ok 20:31:47.0728 2976 [ 7A2A8C975356858EB38466A6B1592E8D ] MSSQLServerADHelper100 C:\Program Files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE 20:31:47.0743 2976 MSSQLServerADHelper100 - ok 20:31:47.0759 2976 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 20:31:47.0790 2976 MSTEE - ok 20:31:47.0790 2976 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 20:31:47.0806 2976 MTConfig - ok 20:31:47.0821 2976 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 20:31:47.0837 2976 Mup - ok 20:31:47.0852 2976 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 20:31:47.0884 2976 napagent - ok 20:31:47.0899 2976 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 20:31:47.0915 2976 NativeWifiP - ok 20:31:47.0977 2976 [ C58D8A669D6551F616D90244BD2C2D4F ] NAVENG C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130109.040\ENG64.SYS 20:31:47.0977 2976 NAVENG - ok 20:31:48.0040 2976 [ A3DBDB412ADFA5882DD6843B11FE0828 ] NAVEX15 C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\VirusDefs\20130109.040\EX64.SYS 20:31:48.0071 2976 NAVEX15 - ok 20:31:48.0118 2976 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 20:31:48.0133 2976 NDIS - ok 20:31:48.0149 2976 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 20:31:48.0180 2976 NdisCap - ok 20:31:48.0180 2976 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 20:31:48.0211 2976 NdisTapi - ok 20:31:48.0227 2976 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 20:31:48.0242 2976 Ndisuio - ok 20:31:48.0258 2976 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 20:31:48.0289 2976 NdisWan - ok 20:31:48.0320 2976 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 20:31:48.0352 2976 NDProxy - ok 20:31:48.0352 2976 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 20:31:48.0383 2976 NetBIOS - ok 20:31:48.0398 2976 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 20:31:48.0430 2976 NetBT - ok 20:31:48.0430 2976 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 20:31:48.0445 2976 Netlogon - ok 20:31:48.0461 2976 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 20:31:48.0492 2976 Netman - ok 20:31:48.0523 2976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:31:48.0523 2976 NetMsmqActivator - ok 20:31:48.0523 2976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:31:48.0539 2976 NetPipeActivator - ok 20:31:48.0570 2976 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 20:31:48.0601 2976 netprofm - ok 20:31:48.0601 2976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:31:48.0617 2976 NetTcpActivator - ok 20:31:48.0617 2976 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe 20:31:48.0632 2976 NetTcpPortSharing - ok 20:31:48.0632 2976 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 20:31:48.0648 2976 nfrd960 - ok 20:31:48.0742 2976 [ F2840DBFE9322F35557219AE82CC4597 ] NIS C:\Program Files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe 20:31:48.0757 2976 NIS - ok 20:31:48.0773 2976 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 20:31:48.0773 2976 NlaSvc - ok 20:31:48.0788 2976 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 20:31:48.0820 2976 Npfs - ok 20:31:48.0835 2976 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 20:31:48.0866 2976 nsi - ok 20:31:48.0866 2976 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 20:31:48.0898 2976 nsiproxy - ok 20:31:48.0976 2976 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 20:31:48.0991 2976 Ntfs - ok 20:31:49.0007 2976 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 20:31:49.0038 2976 Null - ok 20:31:49.0054 2976 [ 786DB821BFD57C0551DBBE4F75384A7D ] nusb3hub C:\Windows\system32\drivers\nusb3hub.sys 20:31:49.0069 2976 nusb3hub - ok 20:31:49.0085 2976 [ DAA8005CAF745042BB427A1ED7433354 ] nusb3xhc C:\Windows\system32\drivers\nusb3xhc.sys 20:31:49.0100 2976 nusb3xhc - ok 20:31:49.0288 2976 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 20:31:49.0444 2976 nvlddmkm - ok 20:31:49.0459 2976 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 20:31:49.0475 2976 nvraid - ok 20:31:49.0522 2976 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 20:31:49.0522 2976 nvstor - ok 20:31:49.0662 2976 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 20:31:49.0678 2976 nvsvc - ok 20:31:49.0880 2976 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 20:31:49.0912 2976 nvUpdatusService - ok 20:31:49.0927 2976 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 20:31:49.0943 2976 nv_agp - ok 20:31:49.0974 2976 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 20:31:49.0974 2976 ohci1394 - ok 20:31:50.0036 2976 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 20:31:50.0052 2976 ose - ok 20:31:50.0177 2976 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 20:31:50.0239 2976 osppsvc - ok 20:31:50.0270 2976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 20:31:50.0286 2976 p2pimsvc - ok 20:31:50.0302 2976 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 20:31:50.0317 2976 p2psvc - ok 20:31:50.0317 2976 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 20:31:50.0333 2976 Parport - ok 20:31:50.0364 2976 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 20:31:50.0364 2976 partmgr - ok 20:31:50.0380 2976 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 20:31:50.0395 2976 PcaSvc - ok 20:31:50.0426 2976 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 20:31:50.0426 2976 pci - ok 20:31:50.0442 2976 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 20:31:50.0442 2976 pciide - ok 20:31:50.0458 2976 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 20:31:50.0473 2976 pcmcia - ok 20:31:50.0489 2976 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 20:31:50.0489 2976 pcw - ok 20:31:50.0520 2976 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 20:31:50.0551 2976 PEAUTH - ok 20:31:50.0582 2976 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 20:31:50.0598 2976 PeerDistSvc - ok 20:31:50.0660 2976 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 20:31:50.0676 2976 PerfHost - ok 20:31:50.0707 2976 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 20:31:50.0754 2976 pla - ok 20:31:50.0785 2976 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 20:31:50.0801 2976 PlugPlay - ok 20:31:50.0801 2976 PnkBstrA - ok 20:31:50.0816 2976 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 20:31:50.0832 2976 PNRPAutoReg - ok 20:31:50.0832 2976 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 20:31:50.0848 2976 PNRPsvc - ok 20:31:50.0863 2976 [ 5BC4D480DD527EB0CF33A67A090A130E ] Point64 C:\Windows\system32\DRIVERS\point64.sys 20:31:50.0879 2976 Point64 - ok 20:31:50.0894 2976 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 20:31:50.0926 2976 PolicyAgent - ok 20:31:50.0957 2976 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 20:31:50.0988 2976 Power - ok 20:31:51.0004 2976 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 20:31:51.0019 2976 PptpMiniport - ok 20:31:51.0035 2976 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys 20:31:51.0050 2976 Processor - ok 20:31:51.0097 2976 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 20:31:51.0113 2976 ProfSvc - ok 20:31:51.0128 2976 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 20:31:51.0128 2976 ProtectedStorage - ok 20:31:51.0144 2976 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 20:31:51.0175 2976 Psched - ok 20:31:51.0222 2976 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 20:31:51.0238 2976 ql2300 - ok 20:31:51.0253 2976 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 20:31:51.0269 2976 ql40xx - ok 20:31:51.0284 2976 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 20:31:51.0300 2976 QWAVE - ok 20:31:51.0316 2976 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 20:31:51.0331 2976 QWAVEdrv - ok 20:31:51.0347 2976 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 20:31:51.0378 2976 RasAcd - ok 20:31:51.0394 2976 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 20:31:51.0425 2976 RasAgileVpn - ok 20:31:51.0456 2976 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 20:31:51.0487 2976 RasAuto - ok 20:31:51.0518 2976 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 20:31:51.0550 2976 Rasl2tp - ok 20:31:51.0581 2976 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 20:31:51.0612 2976 RasMan - ok 20:31:51.0628 2976 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 20:31:51.0659 2976 RasPppoe - ok 20:31:51.0659 2976 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 20:31:51.0690 2976 RasSstp - ok 20:31:51.0706 2976 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 20:31:51.0737 2976 rdbss - ok 20:31:51.0752 2976 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 20:31:51.0752 2976 rdpbus - ok 20:31:51.0768 2976 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 20:31:51.0799 2976 RDPCDD - ok 20:31:51.0830 2976 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 20:31:51.0830 2976 RDPDR - ok 20:31:51.0846 2976 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 20:31:51.0877 2976 RDPENCDD - ok 20:31:51.0893 2976 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 20:31:51.0924 2976 RDPREFMP - ok 20:31:51.0940 2976 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 20:31:51.0955 2976 RdpVideoMiniport - ok 20:31:52.0002 2976 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 20:31:52.0018 2976 RDPWD - ok 20:31:52.0033 2976 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 20:31:52.0033 2976 rdyboost - ok 20:31:52.0064 2976 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 20:31:52.0096 2976 RemoteAccess - ok 20:31:52.0111 2976 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 20:31:52.0142 2976 RemoteRegistry - ok 20:31:52.0158 2976 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 20:31:52.0189 2976 RpcEptMapper - ok 20:31:52.0205 2976 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 20:31:52.0205 2976 RpcLocator - ok 20:31:52.0236 2976 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 20:31:52.0267 2976 RpcSs - ok 20:31:52.0314 2976 [ CD553B8633466A6D1C115812F2619F1F ] RsFx0103 C:\Windows\system32\DRIVERS\RsFx0103.sys 20:31:52.0330 2976 RsFx0103 - ok 20:31:52.0361 2976 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 20:31:52.0376 2976 rspndr - ok 20:31:52.0408 2976 [ ABCB5A38A0D85BDF69B7877E1AD1EED5 ] RTL8167 C:\Windows\system32\DRIVERS\Rt64win7.sys 20:31:52.0423 2976 RTL8167 - ok 20:31:52.0439 2976 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 20:31:52.0454 2976 s3cap - ok 20:31:52.0470 2976 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 20:31:52.0470 2976 SamSs - ok 20:31:52.0501 2976 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 20:31:52.0517 2976 sbp2port - ok 20:31:52.0532 2976 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 20:31:52.0564 2976 SCardSvr - ok 20:31:52.0564 2976 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 20:31:52.0595 2976 scfilter - ok 20:31:52.0626 2976 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 20:31:52.0673 2976 Schedule - ok 20:31:52.0704 2976 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 20:31:52.0720 2976 SCPolicySvc - ok 20:31:52.0735 2976 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 20:31:52.0751 2976 SDRSVC - ok 20:31:52.0751 2976 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 20:31:52.0782 2976 secdrv - ok 20:31:52.0798 2976 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 20:31:52.0829 2976 seclogon - ok 20:31:52.0829 2976 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 20:31:52.0860 2976 SENS - ok 20:31:52.0860 2976 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 20:31:52.0876 2976 SensrSvc - ok 20:31:52.0876 2976 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 20:31:52.0891 2976 Serenum - ok 20:31:52.0891 2976 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 20:31:52.0907 2976 Serial - ok 20:31:52.0922 2976 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys 20:31:52.0938 2976 sermouse - ok 20:31:52.0954 2976 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 20:31:52.0985 2976 SessionEnv - ok 20:31:53.0000 2976 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 20:31:53.0016 2976 sffdisk - ok 20:31:53.0032 2976 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 20:31:53.0047 2976 sffp_mmc - ok 20:31:53.0063 2976 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 20:31:53.0078 2976 sffp_sd - ok 20:31:53.0078 2976 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 20:31:53.0094 2976 sfloppy - ok 20:31:53.0125 2976 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 20:31:53.0156 2976 SharedAccess - ok 20:31:53.0188 2976 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 20:31:53.0219 2976 ShellHWDetection - ok 20:31:53.0250 2976 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 20:31:53.0250 2976 SiSRaid2 - ok 20:31:53.0266 2976 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 20:31:53.0281 2976 SiSRaid4 - ok 20:31:53.0312 2976 [ 01ACB9228C303DE1FFF82B807D28B2B0 ] skfiltv C:\Windows\system32\drivers\skfiltv.sys 20:31:53.0328 2976 skfiltv - ok 20:31:53.0390 2976 [ EA396139541706B4B433641D62EA53CE ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe 20:31:53.0390 2976 SkypeUpdate - ok 20:31:53.0422 2976 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 20:31:53.0453 2976 Smb - ok 20:31:53.0484 2976 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 20:31:53.0484 2976 SNMPTRAP - ok 20:31:53.0500 2976 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 20:31:53.0515 2976 spldr - ok 20:31:53.0562 2976 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 20:31:53.0578 2976 Spooler - ok 20:31:53.0640 2976 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 20:31:53.0687 2976 sppsvc - ok 20:31:53.0702 2976 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 20:31:53.0734 2976 sppuinotify - ok 20:31:53.0796 2976 [ AA90A319BB067E0D149B4C95608C4B05 ] sptd C:\Windows\system32\Drivers\sptd.sys 20:31:53.0812 2976 sptd - ok 20:31:53.0921 2976 [ 12E6D95CDE974B131DEFAA44BAB8B056 ] SQLAgent$SQLEXPRESS C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE 20:31:53.0936 2976 SQLAgent$SQLEXPRESS - ok 20:31:53.0999 2976 [ B54B48F6D92423440C264E91225C5FF1 ] SQLBrowser C:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe 20:31:54.0014 2976 SQLBrowser - ok 20:31:54.0061 2976 [ 6D65985945B03CA59B67D0B73702FC7B ] SQLWriter C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe 20:31:54.0077 2976 SQLWriter - ok 20:31:54.0186 2976 [ 891793E00432FA055CF040605C260E49 ] SRTSP C:\Windows\System32\Drivers\NISx64\1309000.009\SRTSP64.SYS 20:31:54.0202 2976 SRTSP - ok 20:31:54.0202 2976 [ 1CB7BB3B0561FB5ECFE37F7731E8BF3E ] SRTSPX C:\Windows\system32\drivers\NISx64\1309000.009\SRTSPX64.SYS 20:31:54.0217 2976 SRTSPX - ok 20:31:54.0233 2976 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 20:31:54.0248 2976 srv - ok 20:31:54.0264 2976 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 20:31:54.0280 2976 srv2 - ok 20:31:54.0295 2976 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 20:31:54.0311 2976 srvnet - ok 20:31:54.0326 2976 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 20:31:54.0358 2976 SSDPSRV - ok 20:31:54.0373 2976 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 20:31:54.0389 2976 SstpSvc - ok 20:31:54.0451 2976 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 20:31:54.0467 2976 ssudmdm - ok 20:31:54.0482 2976 Steam Client Service - ok 20:31:54.0545 2976 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 20:31:54.0560 2976 Stereo Service - ok 20:31:54.0592 2976 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys 20:31:54.0592 2976 stexstor - ok 20:31:54.0670 2976 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 20:31:54.0685 2976 stisvc - ok 20:31:54.0716 2976 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 20:31:54.0716 2976 storflt - ok 20:31:54.0732 2976 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys 20:31:54.0748 2976 storvsc - ok 20:31:54.0763 2976 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 20:31:54.0763 2976 swenum - ok 20:31:54.0794 2976 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 20:31:54.0826 2976 swprv - ok 20:31:54.0872 2976 [ 8B2430762099598DA40686F754632EFD ] SymDS C:\Windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS 20:31:54.0888 2976 SymDS - ok 20:31:55.0028 2976 [ 5CB7F2FD7E30A0F52F93574BFC3A8041 ] SymEFA C:\Windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS 20:31:55.0044 2976 SymEFA - ok 20:31:55.0060 2976 [ 898BB48C797483420DF523B2BBC1ECDB ] SymEvent C:\Windows\system32\Drivers\SYMEVENT64x86.SYS 20:31:55.0075 2976 SymEvent - ok 20:31:55.0122 2976 [ 5013A76CAAA1D7CF1C55214B490B4E35 ] SymIRON C:\Windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS 20:31:55.0138 2976 SymIRON - ok 20:31:55.0153 2976 [ 3911BD0E68C010E5438A87706ABBE9AB ] SymNetS C:\Windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS 20:31:55.0169 2976 SymNetS - ok 20:31:55.0184 2976 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\synth3dvsc.sys 20:31:55.0184 2976 Synth3dVsc - ok 20:31:55.0231 2976 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 20:31:55.0262 2976 SysMain - ok 20:31:55.0278 2976 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 20:31:55.0294 2976 TabletInputService - ok 20:31:55.0309 2976 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 20:31:55.0340 2976 TapiSrv - ok 20:31:55.0356 2976 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 20:31:55.0387 2976 TBS - ok 20:31:55.0434 2976 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 20:31:55.0465 2976 Tcpip - ok 20:31:55.0481 2976 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 20:31:55.0512 2976 TCPIP6 - ok 20:31:55.0543 2976 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 20:31:55.0559 2976 tcpipreg - ok 20:31:55.0606 2976 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 20:31:55.0606 2976 TDPIPE - ok 20:31:55.0668 2976 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 20:31:55.0668 2976 TDTCP - ok 20:31:55.0684 2976 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 20:31:55.0715 2976 tdx - ok 20:31:55.0715 2976 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 20:31:55.0730 2976 TermDD - ok 20:31:55.0746 2976 [ EF4469AB69EB15E5D3754E6AEAFBCD3D ] terminpt C:\Windows\system32\drivers\terminpt.sys 20:31:55.0762 2976 terminpt - ok 20:31:55.0793 2976 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 20:31:55.0824 2976 TermService - ok 20:31:55.0824 2976 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 20:31:55.0840 2976 Themes - ok 20:31:55.0871 2976 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 20:31:55.0886 2976 THREADORDER - ok 20:31:55.0902 2976 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 20:31:55.0933 2976 TrkWks - ok 20:31:55.0964 2976 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 20:31:55.0996 2976 TrustedInstaller - ok 20:31:56.0011 2976 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 20:31:56.0042 2976 tssecsrv - ok 20:31:56.0058 2976 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 20:31:56.0074 2976 TsUsbFlt - ok 20:31:56.0089 2976 [ AD64450A4ABE076F5CB34CC08EEACB07 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 20:31:56.0089 2976 TsUsbGD - ok 20:31:56.0120 2976 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys 20:31:56.0120 2976 tsusbhub - ok 20:31:56.0198 2976 [ 811A229718C85356BC81EB20F35EB7F6 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe 20:31:56.0230 2976 TuneUp.UtilitiesSvc - ok 20:31:56.0245 2976 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys 20:31:56.0245 2976 TuneUpUtilitiesDrv - ok 20:31:56.0261 2976 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 20:31:56.0292 2976 tunnel - ok 20:31:56.0292 2976 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys 20:31:56.0308 2976 uagp35 - ok 20:31:56.0323 2976 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 20:31:56.0354 2976 udfs - ok 20:31:56.0370 2976 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 20:31:56.0386 2976 UI0Detect - ok 20:31:56.0401 2976 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 20:31:56.0417 2976 uliagpkx - ok 20:31:56.0432 2976 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 20:31:56.0448 2976 umbus - ok 20:31:56.0448 2976 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys 20:31:56.0464 2976 UmPass - ok 20:31:56.0479 2976 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll 20:31:56.0495 2976 UmRdpService - ok 20:31:56.0510 2976 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 20:31:56.0526 2976 upnphost - ok 20:31:56.0557 2976 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 20:31:56.0573 2976 USBAAPL64 - ok 20:31:56.0651 2976 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys 20:31:56.0666 2976 usbaudio - ok 20:31:56.0713 2976 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 20:31:56.0729 2976 usbccgp - ok 20:31:56.0729 2976 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 20:31:56.0744 2976 usbcir - ok 20:31:56.0776 2976 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 20:31:56.0776 2976 usbehci - ok 20:31:56.0807 2976 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 20:31:56.0822 2976 usbhub - ok 20:31:56.0838 2976 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 20:31:56.0854 2976 usbohci - ok 20:31:56.0885 2976 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys 20:31:56.0900 2976 usbprint - ok 20:31:56.0916 2976 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 20:31:56.0916 2976 USBSTOR - ok 20:31:56.0932 2976 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 20:31:56.0947 2976 usbuhci - ok 20:31:56.0978 2976 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys 20:31:56.0978 2976 usbvideo - ok 20:31:57.0010 2976 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 20:31:57.0041 2976 UxSms - ok 20:31:57.0041 2976 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 20:31:57.0056 2976 VaultSvc - ok 20:31:57.0103 2976 [ D7FCD8FBBF6CC93140D9C7C7959ED60C ] VBoxDrv C:\Windows\system32\DRIVERS\VBoxDrv.sys 20:31:57.0119 2976 VBoxDrv - ok 20:31:57.0181 2976 [ 6B22F16BE58AEF1A57970611D7109507 ] VBoxNetAdp C:\Windows\system32\DRIVERS\VBoxNetAdp.sys 20:31:57.0197 2976 VBoxNetAdp - ok 20:31:57.0228 2976 [ 10DD814DA2F2064F53B9694E30FF45A4 ] VBoxNetFlt C:\Windows\system32\DRIVERS\VBoxNetFlt.sys 20:31:57.0244 2976 VBoxNetFlt - ok 20:31:57.0290 2976 [ 812C2E4EC41CFCACE761620E17463529 ] VBoxUSBMon C:\Windows\system32\DRIVERS\VBoxUSBMon.sys 20:31:57.0290 2976 VBoxUSBMon - ok 20:31:57.0306 2976 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 20:31:57.0322 2976 vdrvroot - ok 20:31:57.0337 2976 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 20:31:57.0368 2976 vds - ok 20:31:57.0384 2976 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 20:31:57.0384 2976 vga - ok 20:31:57.0415 2976 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 20:31:57.0446 2976 VgaSave - ok 20:31:57.0446 2976 VGPU - ok 20:31:57.0478 2976 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 20:31:57.0493 2976 vhdmp - ok 20:31:57.0493 2976 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 20:31:57.0509 2976 viaide - ok 20:31:57.0524 2976 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys 20:31:57.0540 2976 vmbus - ok 20:31:57.0556 2976 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 20:31:57.0556 2976 VMBusHID - ok 20:31:57.0571 2976 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 20:31:57.0571 2976 volmgr - ok 20:31:57.0649 2976 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 20:31:57.0665 2976 volmgrx - ok 20:31:57.0680 2976 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 20:31:57.0696 2976 volsnap - ok 20:31:57.0712 2976 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 20:31:57.0727 2976 vsmraid - ok 20:31:57.0883 2976 [ CA64A8838B4674D14BDF88ABA2F253EA ] VSPerfDrv100 C:\Program Files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys 20:31:57.0883 2976 VSPerfDrv100 - ok 20:31:57.0930 2976 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 20:31:57.0977 2976 VSS - ok 20:31:57.0992 2976 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 20:31:57.0992 2976 vwifibus - ok 20:31:58.0008 2976 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 20:31:58.0039 2976 W32Time - ok 20:31:58.0055 2976 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys 20:31:58.0070 2976 WacomPen - ok 20:31:58.0086 2976 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 20:31:58.0102 2976 WANARP - ok 20:31:58.0117 2976 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 20:31:58.0133 2976 Wanarpv6 - ok 20:31:58.0164 2976 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 20:31:58.0195 2976 wbengine - ok 20:31:58.0211 2976 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 20:31:58.0226 2976 WbioSrvc - ok 20:31:58.0242 2976 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 20:31:58.0258 2976 wcncsvc - ok 20:31:58.0273 2976 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 20:31:58.0289 2976 WcsPlugInService - ok 20:31:58.0304 2976 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys 20:31:58.0320 2976 Wd - ok 20:31:58.0351 2976 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 20:31:58.0367 2976 Wdf01000 - ok 20:31:58.0382 2976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 20:31:58.0398 2976 WdiServiceHost - ok 20:31:58.0414 2976 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 20:31:58.0429 2976 WdiSystemHost - ok 20:31:58.0445 2976 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 20:31:58.0460 2976 WebClient - ok 20:31:58.0476 2976 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 20:31:58.0507 2976 Wecsvc - ok 20:31:58.0523 2976 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 20:31:58.0554 2976 wercplsupport - ok 20:31:58.0570 2976 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 20:31:58.0601 2976 WerSvc - ok 20:31:58.0616 2976 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 20:31:58.0632 2976 WfpLwf - ok 20:31:58.0663 2976 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 20:31:58.0679 2976 WIMMount - ok 20:31:58.0694 2976 WinDefend - ok 20:31:58.0726 2976 WinHttpAutoProxySvc - ok 20:31:58.0757 2976 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 20:31:58.0788 2976 Winmgmt - ok 20:31:58.0835 2976 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 20:31:58.0882 2976 WinRM - ok 20:31:58.0913 2976 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 20:31:58.0928 2976 WinUsb - ok 20:31:58.0960 2976 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 20:31:58.0975 2976 Wlansvc - ok 20:31:59.0069 2976 [ 357CABBF155AFD1D3926E62539D2A3A7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 20:31:59.0100 2976 wlidsvc - ok 20:31:59.0116 2976 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 20:31:59.0116 2976 WmiAcpi - ok 20:31:59.0147 2976 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 20:31:59.0147 2976 wmiApSrv - ok 20:31:59.0162 2976 WMPNetworkSvc - ok 20:31:59.0178 2976 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 20:31:59.0194 2976 WPCSvc - ok 20:31:59.0209 2976 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 20:31:59.0225 2976 WPDBusEnum - ok 20:31:59.0240 2976 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 20:31:59.0256 2976 ws2ifsl - ok 20:31:59.0272 2976 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 20:31:59.0287 2976 wscsvc - ok 20:31:59.0350 2976 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys 20:31:59.0350 2976 WSDPrintDevice - ok 20:31:59.0365 2976 WSearch - ok 20:31:59.0428 2976 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 20:31:59.0459 2976 wuauserv - ok 20:31:59.0474 2976 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 20:31:59.0490 2976 WudfPf - ok 20:31:59.0506 2976 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 20:31:59.0506 2976 WUDFRd - ok 20:31:59.0537 2976 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 20:31:59.0552 2976 wudfsvc - ok 20:31:59.0568 2976 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 20:31:59.0584 2976 WwanSvc - ok 20:31:59.0740 2976 X6va009 - ok 20:31:59.0755 2976 ================ Scan global =============================== 20:31:59.0786 2976 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 20:31:59.0833 2976 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:31:59.0833 2976 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 20:31:59.0864 2976 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 20:31:59.0864 2976 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 20:31:59.0864 2976 [Global] - ok 20:31:59.0864 2976 ================ Scan MBR ================================== 20:31:59.0864 2976 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk1\DR1 20:31:59.0974 2976 \Device\Harddisk1\DR1 - ok 20:31:59.0974 2976 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk0\DR0 20:31:59.0989 2976 \Device\Harddisk0\DR0 - ok 20:31:59.0989 2976 ================ Scan VBR ================================== 20:31:59.0989 2976 [ 41CEB0E161D60D46B23FFD0A035A403D ] \Device\Harddisk1\DR1\Partition1 20:31:59.0989 2976 \Device\Harddisk1\DR1\Partition1 - ok 20:31:59.0989 2976 [ 1F94CC637FD444BE62C538B7C1C83C30 ] \Device\Harddisk1\DR1\Partition2 20:31:59.0989 2976 \Device\Harddisk1\DR1\Partition2 - ok 20:31:59.0989 2976 [ 78A7A0FF2B38B12D335F4E77B463DBF7 ] \Device\Harddisk0\DR0\Partition1 20:31:59.0989 2976 \Device\Harddisk0\DR0\Partition1 - ok 20:31:59.0989 2976 ============================================================ 20:31:59.0989 2976 Scan finished 20:31:59.0989 2976 ============================================================ 20:32:00.0005 5416 Detected object count: 2 20:32:00.0005 5416 Actual detected object count: 2 20:32:15.0059 5416 BrlAPI ( UnsignedFile.Multi.Generic ) - skipped by user 20:32:15.0059 5416 BrlAPI ( UnsignedFile.Multi.Generic ) - User select action: Skip 20:32:15.0059 5416 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 20:32:15.0059 5416 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
10.01.2013, 20:35
| #6 | |
| /// Malware-holic | PC schreibt und klickt von selbst Hi, combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ --> PC schreibt und klickt von selbst |
|
10.01.2013, 21:17
| #7 |
| | PC schreibt und klickt von selbst sooo da wären wir: Combofix Logfile: Code:
ATTFilter ComboFix 13-01-08.01 - ******* 10.01.2013 21:00:23.1.2 - x64
Microsoft Windows 7 Ultimate 6.1.7601.1.1252.49.1031.18.4094.2172 [GMT 1:00]
ausgeführt von:: c:\users\*******\Desktop\ComboFix.exe
AV: Norton Internet Security Online *Disabled/Updated* {63DF5164-9100-186D-2187-8DC619EFD8BF}
FW: Norton Internet Security Online *Disabled* {5BE4D041-DB6F-1935-0AD8-24F3E73C9FC4}
SP: Norton Internet Security Online *Disabled/Updated* {D8BEB080-B73A-17E3-1B37-B6B462689202}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\******\AppData\Local\assembly\tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-10 bis 2013-01-10 ))))))))))))))))))))))))))))))
.
.
2074-05-18 15:44 . 2008-03-21 12:46 607296 ----a-w- c:\program files (x86)\Microsoft Games\Age of Empires III\deformerdllyD.dll
2013-01-10 20:06 . 2013-01-10 20:06 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-01-10 20:06 . 2013-01-10 20:06 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-10 19:29 . 2013-01-10 19:29 -------- d-----w- C:\TDSSKiller_Quarantine
2013-01-10 16:27 . 2013-01-10 16:27 -------- d-----w- c:\users\Michi\AppData\Roaming\Malwarebytes
2013-01-10 16:23 . 2013-01-10 16:23 -------- d-----w- c:\programdata\Malwarebytes
2013-01-10 16:23 . 2013-01-10 16:24 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-01-10 16:23 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-01-09 21:04 . 2012-12-19 13:48 237992 ----a-w- c:\windows\system32\drivers\VBoxDrv.sys
2013-01-09 21:00 . 2012-12-19 13:47 120232 ----a-w- c:\windows\system32\drivers\VBoxUSBMon.sys
2013-01-09 21:00 . 2013-01-09 21:00 -------- d-----w- c:\program files\Oracle
2013-01-09 20:20 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 20:20 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 20:20 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 20:20 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 20:20 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 20:20 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 20:20 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 20:20 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 20:20 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-09 20:20 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-03 15:23 . 2013-01-03 15:23 -------- d-----w- c:\users\Michi\AppData\Local\Gearbox Software
2012-12-21 13:00 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-21 13:00 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-21 13:00 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-21 13:00 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-19 13:47 . 2012-12-19 13:47 204200 ----a-w- c:\windows\system32\VBoxNetFltNobj.dll
2012-12-19 13:47 . 2012-12-19 13:47 146856 ----a-w- c:\windows\system32\drivers\VBoxNetFlt.sys
2012-12-19 13:47 . 2012-12-19 13:47 132008 ----a-w- c:\windows\system32\drivers\VBoxNetAdp.sys
2012-12-16 10:40 . 2012-12-16 10:41 -------- d-----w- c:\programdata\34BE82C4-E596-4e99-A191-52C6199EBF69
2012-12-16 10:40 . 2012-12-16 10:41 -------- d-----w- c:\program files\iTunes
2012-12-16 10:40 . 2012-12-16 10:41 -------- d-----w- c:\program files (x86)\iTunes
2012-12-16 10:40 . 2012-12-16 10:40 -------- d-----w- c:\program files\iPod
2012-12-15 16:56 . 2012-12-15 16:56 53248 ----a-r- c:\users\Michi\AppData\Roaming\Microsoft\Installer\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}\ARPPRODUCTICON.exe
2012-12-15 16:55 . 2012-12-15 16:55 -------- d-----w- c:\programdata\Logitech
2012-12-15 16:55 . 2012-12-15 16:55 -------- d-----w- c:\program files\Logitech
2012-12-15 16:55 . 2012-12-15 16:56 -------- d-----w- c:\program files\Common Files\LogiShrd
2012-12-12 23:53 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2012-12-12 23:53 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2012-12-12 23:52 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2012-12-12 23:52 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-10 14:12 . 2012-06-05 16:16 24072 ----a-w- c:\windows\gdrv.sys
2013-01-09 22:37 . 2012-06-05 16:03 67599240 ----a-w- c:\windows\system32\MRT.exe
2013-01-09 21:52 . 2012-06-06 12:06 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 21:52 . 2012-06-06 12:06 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2012-12-15 16:56 . 2012-06-22 15:29 18960 ----a-w- c:\windows\system32\drivers\LNonPnP.sys
2012-12-11 13:21 . 2012-10-21 14:27 2492672 ----a-w- c:\programdata\Microsoft\VisualStudio\10.0\1031\ResourceCache.dll
2012-12-06 12:45 . 2012-06-07 13:20 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.xtr
2012-12-06 12:45 . 2012-06-05 19:14 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.exe
2012-11-30 21:06 . 2012-06-05 19:14 215128 ----a-w- c:\windows\SysWow64\PnkBstrB.ex0
2012-11-30 04:45 . 2013-01-09 20:19 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-02 14:38 . 2012-11-02 14:38 50856 ----a-w- c:\windows\system32\drivers\point64.sys
2012-11-02 14:38 . 2012-11-02 14:38 1795952 ----a-w- c:\windows\system32\WdfCoInstaller01011.dll
2012-10-20 18:27 . 2012-09-11 00:03 867064 ----a-w- c:\windows\system32\drivers\sptd.sys
2012-10-16 08:38 . 2012-11-28 07:15 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2012-10-16 08:38 . 2012-11-28 07:15 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2012-10-16 07:39 . 2012-11-28 07:15 561664 ----a-w- c:\windows\apppatch\AcLayers.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"JMB36X IDE Setup"="c:\windows\RaidTool\xInsIDE.exe" [2007-03-20 36864]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux3"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"EasyTuneVI"=c:\program files (x86)\GIGABYTE\ET6\ETcall.exe
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe"
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R0 sptd;sptd;c:\windows\System32\Drivers\sptd.sys [2012-10-20 867064]
R2 SkypeUpdate;Skype Updater;c:\program files (x86)\Skype\Updater\Updater.exe [2012-07-03 160944]
R3 BrlAPI;BrlAPI;c:\cygwin\bin\cygrunsrv.exe [2012-04-25 129550]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-19 102368]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 GVTDrv64;GVTDrv64;c:\windows\GVTDrv64.sys [2012-06-10 30528]
R3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\drivers\nusb3hub.sys [2010-09-30 80384]
R3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\drivers\nusb3xhc.sys [2010-09-30 180736]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-08-23 19456]
R3 skfiltv;skfiltv;c:\windows\system32\drivers\skfiltv.sys [2008-08-14 24064]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-19 203104]
R3 Synth3dVsc;Synth3dVsc;c:\windows\system32\drivers\synth3dvsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2012-08-23 29696]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2012-08-23 57856]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [2012-08-23 30208]
R3 tsusbhub;tsusbhub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-09-28 53760]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R3 VSPerfDrv100;Performance Tools Driver 10.0;c:\program files (x86)\Microsoft Visual Studio 10.0\Team Tools\Performance Tools\x64\VSPerfDrv100.sys [2011-01-18 68440]
R3 X6va009;X6va009;c:\windows\SysWOW64\Drivers\X6va009 [x]
R4 MSSQLServerADHelper100;SQL Server Hilfsdienst für Active Directory;c:\program files\Microsoft SQL Server\100\Shared\SQLADHLP.EXE [2009-07-21 61976]
R4 RsFx0103;RsFx0103 Driver;c:\windows\system32\DRIVERS\RsFx0103.sys [2009-03-30 311656]
R4 SQLAgent$SQLEXPRESS;SQL Server-Agent (SQLEXPRESS);c:\program files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [2009-03-30 427880]
S0 SymDS;Symantec Data Store;c:\windows\system32\drivers\NISx64\1309000.009\SYMDS64.SYS [2011-07-25 451192]
S0 SymEFA;Symantec Extended File Attributes;c:\windows\system32\drivers\NISx64\1309000.009\SYMEFA64.SYS [2012-05-22 1129120]
S1 BHDrvx64;BHDrvx64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\BASHDefs\20130107.001\BHDrvx64.sys [2012-10-23 1384608]
S1 ccSet_NIS;Norton Internet Security Settings Manager;c:\windows\system32\drivers\NISx64\1309000.009\ccSetx64.sys [2012-06-07 167072]
S1 IDSVia64;IDSVia64;c:\programdata\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_19.1.0.28\Definitions\IPSDefs\20130109.001\IDSvia64.sys [2012-09-01 513184]
S1 SymIRON;Symantec Iron Driver;c:\windows\system32\drivers\NISx64\1309000.009\Ironx64.SYS [2012-04-18 190072]
S1 SymNetS;Symantec Network Security WFP Driver;c:\windows\System32\Drivers\NISx64\1309000.009\SYMNETS.SYS [2012-04-18 405624]
S1 VBoxDrv;VirtualBox Service;c:\windows\system32\DRIVERS\VBoxDrv.sys [2012-12-19 237992]
S1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\DRIVERS\VBoxUSBMon.sys [2012-12-19 120232]
S2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
S2 GEST Service;GEST Service for program management.;c:\program files (x86)\GIGABYTE\EnergySaver\GSvr.exe [2008-08-08 80392]
S2 NIS;Norton Internet Security;c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe [2012-06-16 138272]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2012-05-29 2143072]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2012-11-09 138912]
S3 Point64;Microsoft Mouse and Keyboard Center Filter Driver;c:\windows\system32\DRIVERS\point64.sys [2012-11-02 50856]
S3 RTL8167;Realtek 8167 NT Driver;c:\windows\system32\DRIVERS\Rt64win7.sys [2009-03-01 187392]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2012-05-08 11856]
S3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\DRIVERS\VBoxNetAdp.sys [2012-12-19 132008]
S3 VBoxNetFlt;VirtualBox Bridged Networking Service;c:\windows\system32\DRIVERS\VBoxNetFlt.sys [2012-12-19 146856]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 12057682
*NewlyCreated* - 30399365
*Deregistered* - 12057682
*Deregistered* - 30399365
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-10 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-06-06 21:52]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="RAVCpl64.exe" [2008-07-24 6452256]
"Skytel"="Skytel.exe" [2008-07-24 1833504]
"IntelliType Pro"="c:\program files\Microsoft Mouse and Keyboard Center\itype.exe" [2012-11-02 1464944]
"IntelliPoint"="c:\program files\Microsoft Mouse and Keyboard Center\ipoint.exe" [2012-11-02 2076272]
"EvtMgr6"="c:\program files\Logitech\SetPointP\SetPoint.exe" [2012-11-04 2419512]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: An OneNote s&enden - c:\progra~3\MICROS~2\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~3\MICROS~2\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\j9td1q01.default\
FF - prefs.js: browser.startup.homepage - google.de
FF - ExtSQL: 2012-11-13 21:53; nosquint@urandom.ca; c:\users\Michi\AppData\Roaming\Mozilla\Firefox\Profiles\j9td1q01.default\extensions\nosquint@urandom.ca.xpi
FF - ExtSQL: 2012-12-15 17:55; {F003DA68-8256-4b37-A6C4-350FA04494DF}; c:\program files\Logitech\SetPointP\LogiSmoothFirefoxExt
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-PunkBusterSvc - c:\windows\system32\pbsvc_bc2.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\NIS]
"ImagePath"="\"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\ccSvcHst.exe\" /s \"NIS\" /m \"c:\program files (x86)\Norton Internet Security\Engine\19.9.0.9\diMaster.dll\" /prefetch:1"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\X6va009]
"ImagePath"="\??\c:\windows\SysWOW64\Drivers\X6va009"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-10 21:09:11
ComboFix-quarantined-files.txt 2013-01-10 20:09
.
Vor Suchlauf: 18 Verzeichnis(se), 10.899.390.464 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 10.992.418.816 Bytes frei
.
- - End Of File - - 9925495363CF9CF8DA2F576724E9DC7E
|
|
11.01.2013, 01:30
| #8 |
| /// Malware-holic | PC schreibt und klickt von selbst Hi wann tritt das mit dem schreiben auf, und was genau wird geschrieben? lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 19:13
| #9 |
| | PC schreibt und klickt von selbst Hey ! Das Problem trat gestern Mittag(sehr schlimm) und vorgester Abend (da aber nur kurzzeitig) auf. Meine Maus hat geklickt, ohne dass ich sie berührt habe. Dabei hat sich der Zeiger allerdings nicht bewegt. Außerdem hat dann mein Pc einfach an der Stelle, an der der Cursor gerade war angefangen Sätze zu schreiben, die ich kürzlich geschrieben habe. Meistens war es der gleiche Satz, aber er wurde irgendwann durch einen anderen Satz ersetzt. Heißt: ich hocke da, berühre nix und mein pc macht sachen alleine  grüße |
|
11.01.2013, 19:14
| #10 |
| /// Malware-holic | PC schreibt und klickt von selbst ok, weiter erst mal mit dem CCleaner, hast du mal irgendwelche macros genutzt, in word zb
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
11.01.2013, 20:30
| #11 |
| | PC schreibt und klickt von selbst Hey ich kenne ungefähr jedes programm (wie du sehe wirst) auf dem pc...muss also irgendwas verstecktes sein. @BIOS Ver.2.03 GIGABYTE 05.06.2012 2.03 wichtig, schon ewig drauf Adobe Flash Player 11 ActiveX Adobe Systems Incorporated kenn ich 09.01.2013 6,00MB 11.5.502.146 Adobe Flash Player 11 Plugin Adobe Systems Incorporated kenn ich 09.01.2013 6,00MB 11.5.502.146 Adobe Reader X (10.1.4) - Deutsch Adobe Systems Incorporated 30.08.2012 122MB 10.1.4 kenn ich Adobe Shockwave Player 11.6 Adobe Systems, Inc. 02.09.2012 11.6.6.636 kenn ich Age of Empires III Microsoft Game Studios 05.06.2012 2,09GB 1.00.0000 kenn ich Age of Empires III - The Asian Dynasties Microsoft Game Studios 05.06.2012 831MB 1.00.0000 kenn ich Age of Empires III - The WarChiefs Microsoft Game Studios 05.06.2012 801MB 1.00.0000 kenn ich Amazon MP3-Downloader 1.0.17 Amazon Services LLC 31.10.2012 1.0.17 kenn ich Apple Application Support Apple Inc. 02.12.2012 65,0MB 2.3.2 kenn ich Apple Mobile Device Support Apple Inc. 02.12.2012 25,1MB 6.0.1.3 kenn ich Apple Software Update Apple Inc. 06.06.2012 2,38MB 2.1.3.127 kenn ich Battlefield: Bad Company™ 2 Electronic Arts 05.06.2012 5,73GB 1.0.0.0 kenn ich Bonjour Apple Inc. 06.06.2012 2,00MB 3.0.0.10 kenn ich CCleaner Piriform 19.12.2012 3.26 erklärt sich von selbst Counter-Strike: Source Valve 15.08.2012 4,48GB 1.0.0.0 kenn ich Dotfuscator Software Services - Community Edition PreEmptive Solutions 10.12.2012 6,45MB 5.0.2500.0 bgekannt Dotfuscator Software Services - Community Edition - DEU PreEmptive Solutions 21.10.2012 2,84MB 5.0.2300.0 bekannt Easy Tune 6 B08.0908.1 GIGABYTE 05.06.2012 13,6MB 1.00.0000 bekannt Energy Saver Advance B8.0905.1 GIGABYTE 05.06.2012 1.10.0000 bekannt foobar2000 v1.1.14a Peter Pawlowski 14.09.2012 7,61MB 1.1.14a bekannt Foto-Mosaik-Edda Standard V6.8.12318.1 Steffen Schirmer 07.12.2012 5,23MB bekannt Free M4a to MP3 Converter 7.0 ManiacTools.com 07.06.2012 3,95MB bekannt Gigabyte Raid Configurer Gigabyte Technology Corp. 05.06.2012 1.00.0000 bekannt GOM Player Gretech Corporation 25.10.2012 2.1.43.5119 iTunes Apple Inc. 16.12.2012 189MB 11.0.1.12 bekannt Java 7 Update 7 Oracle 01.10.2012 128MB 7.0.70 bekannt Java 7 Update 7 (64-bit) Oracle 02.09.2012 127MB 7.0.70 bekannt JavaFX 2.1.1 Oracle Corporation 11.07.2012 20,8MB 2.1.1 bekannt JDownloader 0.9 AppWork GmbH 11.07.2012 0.9 bekannt Logitech SetPoint 6.51 Logitech 15.12.2012 39,0MB bekannt 6.51.8 Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 10.01.2013 18,4MB 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Corporation bekannt 05.06.2012 38,8MB 4.0.30319 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 05.06.2012 2,93MB 4.0.30319 bekannt Microsoft .NET Framework 4 Extended Microsoft Corporation 21.10.2012 51,9MB 4.0.30319 Microsoft .NET Framework 4 Extended DEU Language Pack Microsoft bekannt Corporation 21.10.2012 10,6MB 4.0.30319 bekannt Microsoft .NET Framework 4 Multi-Targeting Pack Microsoft Corporation 21.10.2012 83,4MB 4.0.30319 bekannt Microsoft ASP.NET MVC 2 Microsoft Corporation 21.10.2012 482KB 2.0.50217.0 bekannt Microsoft ASP.NET MVC 2 - DEU Microsoft Corporation 21.10.2012 25,0KB 2.0.50331.0 bekannt Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools Microsoft Corporation 21.10.2012 2,25MB 2.0.50217.0 bekannt Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools - DEU Microsoft Corporation 21.10.2012 2,07MB 2.0.50331.0 bekannt Microsoft Help Viewer 1.1 Microsoft Corporation 10.12.2012 3,97MB 1.1.40219 bekannt Microsoft Help Viewer 1.1 Language Pack - DEU Microsoft Corporation 10.12.2012 1,95MB 1.1.40219 bekannt Microsoft Office Outlook Connector Microsoft Corporation 12.07.2012 3,38MB 14.0.6123.5001 bekannt Microsoft Office Professional 2010 Microsoft Corporation 27.06.2012 14.0.6029.1000 bekannt Microsoft Outlook Social Connector Provider for Windows Live bekannt Messenger 32-bit Microsoft Corporation 04.12.2012 1,38MB 14.0.5120.5000 bekannt Microsoft Silverlight Microsoft Corporation 14.06.2012 50,6MB 5.1.10411.0 bekannt Microsoft Silverlight 3 SDK - Deutsch Microsoft Corporation 21.10.2012 32,7MB 3.0.40818.0 bekannt Microsoft Silverlight 4 SDK - Deutsch Microsoft Corporation 10.12.2012 52,3MB 4.0.50826.0 bekannt Microsoft SQL Server 2008 (64-bit) Microsoft Corporation 21.10.2012 bekannt Microsoft SQL Server 2008 Browser Microsoft Corporation 21.10.2012 8,00MB 10.1.2531.0 bekannt Microsoft SQL Server 2008 Native Client Microsoft Corporation 21.10.2012 7,07MB 10.1.2531.0 bekannt Microsoft SQL Server 2008 R2 Management Objects Microsoft Corporation 10.12.2012 14,4MB 10.50.1750.9 bekannt Microsoft SQL Server 2008 R2 Management Objects (x64) Microsoft Corporation 10.12.2012 6,58MB 10.50.1750.9 bekannt Microsoft SQL Server 2008 R2 Transact-SQL-Sprachdienst Microsoft Corporation 11.12.2012 6,79MB 10.50.1752.9 bekannt Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Framework Microsoft Corporation 10.12.2012 5,62MB 10.50.1750.9 bekannt Microsoft SQL Server 2008 R2-Datenebenenanwendungs-Projekt Microsoft Corporation 10.12.2012 14,1MB 10.50.1750.9 bekannt Microsoft SQL Server Compact 3.5 SP2 DEU Microsoft Corporation 21.10.2012 3,69MB 3.5.8080.0 bekannt Microsoft SQL Server Compact 3.5 SP2 x64 DEU Microsoft Corporation 21.10.2012 4,81MB 3.5.8080.0 bekannt Microsoft SQL Server Database Publishing Wizard 1.4 Microsoft Corporation 21.10.2012 10,1MB 10.1.2512.8 bekannt Microsoft SQL Server System CLR Types Microsoft Corporation 10.12.2012 951KB 10.50.1750.9 bekannt Microsoft SQL Server System CLR Types (x64) Microsoft Corporation 10.12.2012 830KB 10.50.1750.9 bekannt Microsoft SQL Server VSS Writer Microsoft Corporation 21.10.2012 3,59MB 10.1.2531.0 bekannt Microsoft Sync Framework Runtime v1.0 SP1 (x64) de Microsoft Corporation 21.10.2012 1,03MB 1.0.3010.0 bekannt Microsoft Sync Framework SDK v1.0 SP1 de Microsoft Corporation 21.10.2012 30,0MB 1.0.3010.0 bekannt Microsoft Sync Framework Services v1.0 SP1 (x64) de Microsoft Corporation 21.10.2012 2,89MB 1.0.3010.0 bekannt Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) de Microsoft Corporation 21.10.2012 598KB 2.0.3010.0 bekannt Microsoft Team Foundation Server 2010-Objektmodell - DEU Microsoft Corporation 10.12.2012 10.0.40219 bekannt Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 10.06.2012 298KB 8.0.61001 bekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 22.06.2012 788KB 9.0.30729 bekannt Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 bekannt Microsoft Corporation 23.06.2012 788KB 9.0.30729.6161 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974 bekannt Microsoft Corporation 21.10.2012 599KB 9.0.30729.4974 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161bekannt Microsoft Corporation 23.10.2012 600KB 9.0.30729.6161 bekannt Microsoft Visual C++ 2010 x64 Designtime - 10.0.30319 Microsoft Corporation 21.10.2012 310KB 10.0.30319 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219bekannt Microsoft Corporation 10.01.2013 13,8MB 10.0.40219 Microsoft Visual C++ 2010 x64 Runtime - 10.0.40219 Microsoft Corporation 10.12.2012 20,5MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 10.01.2013 11,1MB 10.0.40219 Microsoft Visual C++ 2010 x86 Runtime - 10.0.40219 Microsoft Corporation 10.12.2012 15,9MB 10.0.40219 Microsoft Visual F# 2.0 Runtime Microsoft Corporation 10.12.2012 5,84MB 10.0.40219 bekannt Microsoft Visual F# 2.0 Runtime Language Pack - DEU Microsoft Corporation 21.10.2012 1,30MB 10.0.30319 bekannt Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools Microsoft Corporation 10.12.2012 35,2MB 10.0.40219 bekannt Microsoft Visual Studio 2010 IntelliTrace Collection (x64)bekannt Microsoft Corporation 10.12.2012 836KB 10.0.40219 Microsoft Visual Studio 2010 Service Pack 1 Microsoft Corporation 10.12.2012 75,9MB 10.0.40219 bekannt Microsoft Visual Studio 2010 Tools for Office Runtime (x64) Microsoft Corporation 10.01.2013 10.0.40303 bekannt Microsoft Visual Studio 2010 Ultimate - DEU Microsoft Corporation 21.10.2012 10.0.30319 bekannt Microsoft Visual Studio 2010-Tools für Office-Laufzeit (x64) Language Pack - DEU Microsoft Corporation 10.01.2013 10.0.40303 bekannt Microsoft Visual Studio Macro Tools Microsoft Corporation 21.10.2012 9.0.30729 bekannt Microsoft Visual Studio Macro Tools - DEU Language Pack Microsoft Corporation 21.10.2012 9.0.30729 bekannt Microsoft-Maus- und Tastatur-Center Microsoft Corporation 10.12.2012 2.0.162.0 bekannt Mozilla Firefox 17.0.1 (x86 de) Mozilla 09.12.2012 41,5MB 17.0.1 bekannt Mozilla Maintenance Service Mozilla 09.12.2012 329KB 17.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 07.06.2012 1,27MB 4.20.9870.0 bekannt MSXML 4.0 SP2 (KB973688) Microsoft Corporation 07.06.2012 1,33MB 4.20.9876.0 bekannt Norton Internet Security Symantec Corporation 05.06.2012 19.9.0.9 bekannt NVIDIA 3D Vision Controller-Treiber 306.97 NVIDIA Corporation 10.10.2012 306.97 bekannt NVIDIA 3D Vision Treiber 306.97 NVIDIA Corporation 10.10.2012 306.97 bekannt NVIDIA Grafiktreiber 306.97 NVIDIA Corporation 10.10.2012 306.97 bekannt NVIDIA PhysX-Systemsoftware 9.12.0604 NVIDIA Corporation 10.10.2012 9.12.0604 bekannt NVIDIA Update 1.10.8 NVIDIA Corporation 10.10.2012 1.10.8 bekannt OKI Color Swatch-Dienstprogramm Okidata 10.06.2012 2.15.0000 bekannt OKI Network Extension Okidata 10.06.2012 1.00.000 bekannt Oracle VM VirtualBox 4.2.6 Oracle Corporation 09.01.2013 132MB 4.2.6 bekannt PDF-XChange Viewer Tracker Software Products Ltd. 06.06.2012 66,5MB 2.5.201.0 bekannt PunkBuster Services Even Balance, Inc. 05.06.2012 0.988 bekannt Realtek High Definition Audio Driver Realtek Semiconductor Corp. 05.06.2012 6.0.1.5672 bekannt Skype™ 5.10 Skype Technologies S.A. 18.09.2012 19,3MB 5.10.116 bekannt SopCast 3.5.0 www.sopcast.com 18.09.2012 3.5.0 bekannt Steam(TM) Valve 15.08.2012 16,5MB 1.0.0.0 bekannt Team Fortress 2 Valve 22.08.2012 bekannt Tunatic 10.09.2012 bekannt TuneUp Utilities 2012 TuneUp Software 07.06.2012 12.0.3600.73 bekannt Unterstützungsdateien für Microsoft SQL Server 2008-Setup Microsoft Corporation 21.10.2012 33,7MB 10.1.2731.0 bekannt Visual Studio 2010 Prerequisites - English Microsoft Corporation 10.12.2012 23,2MB 10.0.40219 bekannt Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 DEU bekannt Microsoft Corporation 21.10.2012 11,1MB 4.0.8080.0bekannt VLC media player 2.0.4 VideoLAN 07.11.2012 2.0.4 bekannt WCF RIA Services V1.0 SP1 Microsoft Corporation 10.12.2012 12,3MB 4.1.60114.0 bekannt Web Deployment Tool Microsoft Corporation 21.10.2012 3,10MB 1.1.0618 bekannt Windows Live Essentials Microsoft Corporation 04.12.2012 16.4.3505.0912 bekannt Windows Media Player Firefox Plugin Microsoft Corp 14.06.2012 296KB 1.0.0.8 bekannt WinRAR 4.11 (64-bit) win.rar GmbH 10.06.2012 4.11.0 bekannt Xming 6.9.0.31 Colin Harrison 30.10.2012 6.9.0.31 bekannt |
|
11.01.2013, 20:42
| #12 |
| /// Malware-holic | PC schreibt und klickt von selbst hatte noch ne Frage gestellt, bitte beantworten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
12.01.2013, 16:06
| #13 |
| | PC schreibt und klickt von selbst Ähm ich weiß nichtmal was ein macro ist. ich denke nein. |
|
13.01.2013, 17:26
| #14 |
| /// Malware-holic | PC schreibt und klickt von selbst das sind macros: Enable or disable macros in Office documents - Support - Office.com mal testweise alle deaktivieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
13.01.2013, 20:16
| #15 |
| | PC schreibt und klickt von selbst Servus! von den Eistellungen her sind die schon deaktiviert gewesen... =) Geändert von watergully (13.01.2013 um 20:30 Uhr) |
|
| Themen zu PC schreibt und klickt von selbst |
| beendet, clean, community, gefunde, klick, klickt, liebe, malwarebytes, objekt, party, pc schreibt selbständig, poste, problem, quarantäne, scan, scanner, schritte, suchlauf, von selbst |
Linear-Darstellung
