|
Plagegeister aller Art und deren Bekämpfung: Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nichtWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
14.01.2013, 18:11 | #1 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht Guten Tag, aufmerksam habe ich bereits andere Threads gelesen und versucht in Kombination mit meinem eigenen Können (Lesen und Anwenden) mein "GVU Ihr PC ist gesperrt"-Problem zu lösen. Vergebens. Mein infizierter Standrechner zeigt nach dem Hochfahren den bekannten Problembildschirm an. Die Möglichkeit den Rechner im abgesicherten Modus zu starten, funktioniert nicht. Er läd sich zwar, doch sobald der Kennwort-Eingeben-Bildschirm erscheint, fährt er sich nach 10 Sekunden einfach runter und zwar in allen 3 abgesicherter-Modus-Möglichkeiten. Mein Standrechner hat W7,32 bit. Mein Hilfsrechner ebenfalls (kein CD Laufwerk). Bei den bootfähigen Sticks hat es auch geharpert. Ich las, dass W7 nicht gerne OTLPE bootfähig macht. Bevor ich meinen Rechner nun ganz abschieße, wende ich mich lieber an einen Hilfsbereiten mit den richtigen Softwareideen. Von Lösungsmöglichkeiten teilweise abzuschreiben und auf das eigene Problem anzuwenden, wird ja an einigen Stellen stark abgeraten. Könnte eine Kapsersky WindowsUnlocker Methode bei mir helfen? Vielen Dank im vorraus, nyrt Sekunde! Gerade den Thread von gestern entdeckt. Passt vom Titel her zu meinem Problem. Ich schaue, ob ich die OTL Files hinbekomme! |
14.01.2013, 19:46 | #2 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hi
__________________Mit einem sauberen 2. Rechner eine OTLPE-CD erstellen und den infizierten Rechner dann von dieser CD booten: Falls Du kein Brennprogramm installiert hast, lade dir bitte ISOBurner herunter. Das Programm wird Dir erlauben, OTLPE auf eine CD zu brennen und sie bootfähig zu machen. Du brauchst das Tool nur zu installieren, der Rest läuft automatisch => Wie brenne ich eine ISO Datei auf CD/DVD. Lade OTLPENet.exe von OldTimer herunter und speichere sie auf Deinem Desktop. Anmerkung: Die Datei ist ca. 120 MB groß und es wird bei langsamer Internet-Verbindung ein wenig dauern, bis Du sie runtergeladen hast.
Bebilderte Anleitung: OTLpe-Scan
__________________ |
15.01.2013, 11:01 | #3 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht Moin,
__________________vielen Dank für die Hilfe. Boot CD erstellt. Hat geklappt. Führe OTLPE aus. Die Frage "Do you wish to load the remote registry" kommt bei mir nicht. Stattdessen soll ich den Windows Ordner auswählen und danach kommt direkt die Frage mit "remote user profiles for scanning". Auch wird nur die OTL.txt Datei erstellt. Lese, dass auch noch eine Extras.txt Datei erstellt werden müsste. hier die otl.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/15/2013 10:33:47 AM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.50% Space Free | Partition Type: NTFS Drive D: | 75.13 Gb Total Space | 38.56 Gb Free Space | 51.32% Space Free | Partition Type: NTFS Drive E: | 19.53 Gb Total Space | 16.33 Gb Free Space | 83.59% Space Free | Partition Type: NTFS Drive F: | 175.78 Gb Total Space | 55.77 Gb Free Space | 31.73% Space Free | Partition Type: NTFS Drive G: | 175.78 Gb Total Space | 63.88 Gb Free Space | 36.34% Space Free | Partition Type: NTFS Drive H: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive I: | 1.85 Gb Total Space | 1.85 Gb Free Space | 100.00% Space Free | Partition Type: FAT32 Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (mitsijm2012) SRV - File not found [Auto] -- -- (AntiVirService) SRV - File not found [Auto] -- -- (AntiVirSchedulerService) SRV - [2013/01/14 07:30:24 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe -- (Winmgmt) SRV - [2013/01/04 12:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/09/02 07:51:55 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/05/03 10:53:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/05/18 05:24:32 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2007/12/19 18:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- D:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - [2013/01/14 07:49:48 | 000,022,328 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\PnkBstrK.sys -- (PnkBstrK) DRV - [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012/12/11 16:17:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 16:17:18 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/14 06:10:04 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/09/12 06:36:37 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/06/11 13:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012/06/11 11:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012/05/11 00:34:08 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2012/05/11 00:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2012/04/25 04:27:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/04/25 04:23:55 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012/02/23 07:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012/02/09 15:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/09/09 10:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2011/05/18 05:12:08 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/03/23 06:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009/07/13 17:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV - [2008/11/16 11:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/12/19 18:04:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007/12/19 18:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A8 6A 68 00 23 CD 01 [binary data] IE - HKU\Step_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found [2013/01/13 11:29:40 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2012/05/03 06:29:15 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: comments (such as these) may be inserted on individual O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKU\Step_ON_D\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O4 - HKLM..\Run: [AMD AVT] D:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\Step_ON_D..\Run: [DAEMON Tools Lite] File not found O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - File not found O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O20 - AppInit_DLLs: (c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/08/24 00:43:12 | 000,000,224 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {073FDCA0-1998-DE8E-CBBA-A70AE1307521} - Internet Explorer ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {359FC3CE-4E8E-D845-B1F9-D9B7EC21549A} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8AAE06DA-3D1A-259A-2797-581B55E39372} - Microsoft Windows Media Player ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {95407D9E-38E3-2BB1-45A5-7F14749AE4A5} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CFCCD20E-4D39-9933-4272-F61C02830A9C} - Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: winmgmt - D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - D:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - () MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - D:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 ========== Files/Folders - Created Within 30 Days ========== [2013/01/14 07:38:41 | 000,000,000 | -HSD | C] -- D:\Config.Msi [2013/01/14 06:29:35 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Anno 1404 [2013/01/14 05:54:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Ubisoft [2013/01/14 05:53:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Tages [2013/01/14 04:41:22 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Amazon Downloader Logs [2013/01/13 11:48:02 | 000,000,000 | ---D | C] -- D:\Windows\symbols [2013/01/13 11:48:00 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Merge Modules [2013/01/13 11:29:55 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\SpecialSavings [2013/01/13 11:29:52 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService [2013/01/13 11:29:51 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/01/13 11:29:47 | 000,000,000 | ---D | C] -- D:\Program Files\File Scout [2013/01/13 11:29:44 | 000,000,000 | ---D | C] -- D:\ProgramData\BrowserProtect [2013/01/13 11:29:40 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox [2013/01/13 11:28:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\Wajam [2013/01/13 11:28:09 | 002,719,736 | ---- | C] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe [2013/01/10 14:15:57 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server [2013/01/10 14:13:23 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Visual Studio 2010 [2013/01/10 14:13:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SDKs [2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Help Viewer [2013/01/10 13:59:05 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- D:\Windows\System32\drivers\teamviewervpn.sys [2013/01/10 13:57:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01 [2013/01/10 11:00:03 | 000,000,000 | ---D | C] -- D:\Users\Step\Desktop\Master [2013/01/10 10:02:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll [2013/01/10 10:02:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll [2013/01/10 10:02:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dcsx_43.dll [2013/01/10 10:02:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_7.dll [2013/01/10 10:02:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_43.dll [2013/01/10 10:02:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx11_43.dll [2013/01/10 10:02:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_7.dll [2013/01/10 10:02:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_5.dll [2012/12/20 10:57:57 | 000,000,000 | RH-D | C] -- D:\MSOCache [2012/12/20 10:52:53 | 000,000,000 | --SD | C] -- D:\Users\Step\Documents\Meine Shapes [2012/12/20 10:50:22 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Analysis Services [2012/12/20 08:48:05 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\e-academy Inc [2012/12/19 04:45:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013/01/14 11:45:10 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/14 11:44:47 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 11:44:47 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/14 11:39:44 | 000,000,500 | ---- | M] () -- D:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2013/01/14 11:38:44 | 095,023,320 | ---- | M] () -- D:\ProgramData\RWvESYd.pad [2013/01/14 11:38:13 | 000,000,878 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/14 11:37:09 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013/01/14 11:36:53 | 2616,496,128 | -HS- | M] () -- D:\hiberfil.sys [2013/01/14 07:50:35 | 000,103,736 | ---- | M] () -- D:\Windows\System32\PnkBstrB.ex0 [2013/01/14 07:49:48 | 000,022,328 | ---- | M] () -- D:\Windows\System32\drivers\PnkBstrK.sys [2013/01/14 07:30:27 | 000,003,174 | ---- | M] () -- D:\ProgramData\RWvESYd.js [2013/01/14 07:30:27 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013/01/14 07:03:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/14 06:54:42 | 000,281,768 | ---- | M] () -- D:\Windows\System32\PnkBstrB.xtr [2013/01/14 05:52:49 | 000,000,348 | ---- | M] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk [2013/01/14 05:52:13 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () -- D:\Windows\System32\drivers\atksgt.sys [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () -- D:\Windows\System32\drivers\lirsgt.sys [2013/01/14 04:09:24 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2013/01/14 04:09:24 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2013/01/14 04:09:24 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2013/01/14 04:09:24 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2013/01/13 11:49:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2013/01/13 11:28:19 | 000,621,888 | ---- | M] () -- D:\Users\Step\Desktop\bundleSetup.exe [2013/01/13 11:28:12 | 002,719,736 | ---- | M] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe [2013/01/10 14:18:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 [2013/01/10 13:58:37 | 000,001,143 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2013/01/10 13:57:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01 [2013/01/10 10:17:34 | 000,000,205 | ---- | M] () -- D:\Users\Step\Desktop\Saints Row The Third.url [2013/01/10 10:04:00 | 000,001,055 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/10 10:03:43 | 000,001,021 | ---- | M] () -- D:\Users\Step\Desktop\Dropbox.lnk [2013/01/10 08:07:29 | 000,434,952 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2012/12/20 10:55:11 | 000,015,360 | ---- | M] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd [2012/12/20 10:51:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/12/20 10:37:49 | 000,003,133 | ---- | M] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk [2012/12/19 04:45:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2 D:\Windows\*.tmp files -> D:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013/01/14 07:30:27 | 000,003,174 | ---- | C] () -- D:\ProgramData\RWvESYd.js [2013/01/14 07:30:27 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad [2013/01/14 05:52:49 | 000,000,348 | ---- | C] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk [2013/01/14 05:52:10 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys [2013/01/14 05:52:09 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys [2013/01/13 11:28:09 | 000,621,888 | ---- | C] () -- D:\Users\Step\Desktop\bundleSetup.exe [2013/01/10 10:17:34 | 000,000,205 | ---- | C] () -- D:\Users\Step\Desktop\Saints Row The Third.url [2012/12/20 10:52:50 | 000,015,360 | ---- | C] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd [2012/12/20 08:46:56 | 000,003,133 | ---- | C] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk [2012/10/20 09:55:26 | 000,000,044 | ---- | C] () -- D:\Users\Step\AppData\Local\EnergyViewer.cfg [2012/08/01 13:21:17 | 000,000,051 | ---- | C] () -- D:\ProgramData\flnpcwngpuvkodn [2012/07/30 10:44:55 | 000,000,000 | ---- | C] () -- D:\ProgramData\0x0304A000.sfl [2012/06/11 11:41:48 | 000,204,952 | ---- | C] () -- D:\Windows\System32\ativvsvl.dat [2012/06/11 11:41:48 | 000,157,144 | ---- | C] () -- D:\Windows\System32\ativvsva.dat [2012/06/11 06:50:42 | 000,159,232 | ---- | C] () -- D:\Windows\System32\clinfo.exe [2012/06/04 04:12:53 | 000,065,536 | ---- | C] () -- D:\Windows\System32\HPPLVS.dll [2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys [2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Users\Step\AppData\Roaming\PnkBstrK.sys [2012/05/14 05:54:42 | 000,103,736 | ---- | C] () -- D:\Windows\System32\PnkBstrB.exe [2012/05/14 05:54:39 | 000,076,888 | ---- | C] () -- D:\Windows\System32\PnkBstrA.exe [2012/05/14 05:54:38 | 000,000,286 | ---- | C] () -- D:\Windows\game.ini [2012/05/14 04:10:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin [2012/05/14 04:07:55 | 000,003,917 | ---- | C] () -- D:\Windows\System32\atipblag.dat [2012/05/10 09:35:16 | 000,029,184 | ---- | C] () -- D:\Windows\System32\kdbsdk32.dll [2012/05/07 13:28:00 | 000,000,017 | ---- | C] () -- D:\Users\Step\AppData\Local\resmon.resmoncfg [2012/05/03 03:38:13 | 000,000,028 | ---- | C] () -- D:\Windows\sbinetpro.ini [2012/05/03 03:38:13 | 000,000,026 | ---- | C] () -- D:\Windows\skat24pro.ini [2012/04/12 14:30:10 | 000,637,743 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat [2012/02/29 06:26:56 | 000,416,064 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe [2011/04/11 20:30:05 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat [2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat [2011/04/11 20:30:05 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat [2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat [2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll [2010/06/18 06:40:28 | 000,180,224 | ---- | C] () -- D:\Windows\System32\hpputoar.dll [2010/04/09 15:08:26 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll [2010/03/23 06:26:48 | 000,201,512 | ---- | C] () -- D:\Windows\System32\vpnapi.dll [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 23:33:53 | 000,434,952 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT [2009/07/13 21:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat [2009/07/13 21:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat [2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat [2008/02/07 03:05:18 | 000,163,840 | ---- | C] () -- D:\Windows\System32\hppatusg01.dll [2007/12/19 18:04:00 | 000,097,360 | ---- | C] () -- D:\Windows\System32\drivers\Fwusb1b.bin [2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2012/10/03 07:58:55 | 000,000,000 | ---D | M] -- D:\ProgramData\8618834A8B5E071A007686180D3A0E34 [2012/07/09 02:57:22 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2012/09/02 08:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk [2012/05/03 10:50:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon [2013/01/13 11:29:44 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect [2012/04/25 12:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco [2012/08/21 09:37:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files [2012/04/25 04:30:09 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2012/11/09 10:28:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Dynasim [2012/07/06 15:32:15 | 000,000,000 | ---D | M] -- D:\ProgramData\elsterformular [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2013/01/13 11:29:52 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService [2012/10/20 09:56:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ITI GmbH [2012/12/10 18:20:44 | 000,000,000 | ---D | M] -- D:\ProgramData\OriginLab [2012/04/24 13:12:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Panda Security [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2013/01/14 05:54:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages [2012/05/14 06:39:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2012/05/04 10:56:12 | 000,000,000 | ---D | M] -- D:\ProgramData\TLK-Thermo GmbH [2012/08/21 09:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2012/08/02 01:58:31 | 000,000,000 | ---D | M] -- D:\ProgramData\ytryjrpbxdmjtcf [2012/08/21 09:37:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/10/18 09:20:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\{FFCC117F-633D-49E2-9279-CBF58ED15A69} [2013/01/14 11:39:44 | 000,000,500 | ---- | M] () -- D:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012/12/02 17:03:32 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/10/03 07:55:57 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin [2012/07/09 02:53:31 | 000,000,000 | ---D | M] -- D:\AMD [2013/01/14 07:51:49 | 000,000,000 | -HSD | M] -- D:\Config.Msi [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen [2012/06/04 04:12:31 | 000,000,000 | ---D | M] -- D:\hp_P1000_P1500_Full_Solution [2012/09/02 07:44:41 | 000,000,000 | ---D | M] -- D:\MITSI 2012 Temporary Files [2012/12/20 10:57:57 | 000,000,000 | RH-D | M] -- D:\MSOCache [2012/05/10 14:01:28 | 000,000,000 | ---D | M] -- D:\NVIDIA [2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs [2013/01/14 07:39:34 | 000,000,000 | R--D | M] -- D:\Program Files [2013/01/14 07:30:27 | 000,000,000 | -H-D | M] -- D:\ProgramData [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Programme [2012/04/24 11:59:39 | 000,000,000 | -HSD | M] -- D:\Recovery [2013/01/14 11:05:13 | 000,000,000 | -HSD | M] -- D:\System Volume Information [2012/05/12 09:12:18 | 000,000,000 | R--D | M] -- D:\Users [2013/01/13 11:48:02 | 000,000,000 | ---D | M] -- D:\Windows < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\drivers\iaStorV.sys [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\System32\netlogon.dll [2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\drivers\nvstor.sys [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\System32\scecli.dll [2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\System32\user32.dll [2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe [2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe [2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010/11/20 16:29:08 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\fontext.dll [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > Viele Grüße, nyrt |
15.01.2013, 20:16 | #4 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL [2013/01/14 07:30:27 | 000,003,174 | ---- | M] () -- D:\ProgramData\RWvESYd.js [2013/01/14 07:30:27 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013/01/14 07:30:25 | 095,023,320 | ---- | C] () -- D:\ProgramData\RWvESYd.pad :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.01.2013, 09:04 | #5 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht alles getan. PC startete nicht neu. Es öffnete sich nach dem FIX diese Datei namens 01162013_084112 Code:
ATTFilter ========== OTL ========== D:\ProgramData\RWvESYd.js moved successfully. D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. D:\ProgramData\RWvESYd.pad moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Step Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users User: Default User: Default User User: Public User: Step %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 1460256 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 254503705 bytes Total Files Cleaned = 244.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 01162013_084112 Er fährt komplett hoch. Allerdings kommt nun die Meldung "Server ist ausgelastet. DIeser Vorgang kan nnicht ausgeführt werden, da die andere Anwendung aktig ist. Klicken SIe auf Wechseln zu, um zu der anderen Anwendung zu wechseln und das Problem zu beheben." Ein Klick auf den Arbeitsplatz lässt die Meldung verschwinden. Vielen Dank und viele Grüße, nyrt |
16.01.2013, 18:41 | #6 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht ok, schaun wir mal weiter. download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________ --> Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht |
16.01.2013, 19:23 | #7 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht programm ausgeführt. Scan war beendet. er hatte 4 Sachen gefunden. und plötzlich kam der "Ihr Computer ist gesperrt" Bildschirm wieder, bevor ich den log sichern konnte. |
16.01.2013, 19:26 | #8 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht Hi nutze bitte keine illegalen streams wie kinox.to, sonst wirst du dir das wieder und wieder einfangen, auch keine Pornoseiten, sind auch gefärliche ecken im netz :-) poste ein neues otl log
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.01.2013, 19:31 | #9 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht ok starte wieder bei schritt 1. hier die OTL.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 1/16/2013 7:39:02 PM - Run OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE Windows 7 Professional Service Pack 1 (Version = 6.1.7601) - Type = System Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 91.00% Memory free 3.00 Gb Paging File | 3.00 Gb Available in Paging File | 98.00% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = D: | %SystemRoot% = D:\Windows | %ProgramFiles% = D:\Program Files Drive C: | 19.53 Gb Total Space | 19.44 Gb Free Space | 99.50% Space Free | Partition Type: NTFS Drive D: | 75.13 Gb Total Space | 38.69 Gb Free Space | 51.49% Space Free | Partition Type: NTFS Drive E: | 19.53 Gb Total Space | 16.33 Gb Free Space | 83.59% Space Free | Partition Type: NTFS Drive F: | 175.78 Gb Total Space | 55.77 Gb Free Space | 31.73% Space Free | Partition Type: NTFS Drive G: | 1.85 Gb Total Space | 1.85 Gb Free Space | 99.88% Space Free | Partition Type: FAT32 Drive H: | 175.78 Gb Total Space | 63.88 Gb Free Space | 36.34% Space Free | Partition Type: NTFS Drive I: | 4.13 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS Computer Name: REATOGO | User Name: SYSTEM Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days Using ControlSet: ControlSet001 ========== Win32 Services (SafeList) ========== SRV - File not found [Auto] -- -- (mitsijm2012) SRV - File not found [Auto] -- -- (AntiVirService) SRV - File not found [Auto] -- -- (AntiVirSchedulerService) SRV - [2013/01/14 07:30:24 | 000,143,360 | ---- | M] (Microsoft Corporation) [Auto] -- D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe -- (Winmgmt) SRV - [2013/01/04 12:01:47 | 002,554,472 | ---- | M] () [Auto] -- D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe -- (BrowserProtect) SRV - [2012/10/23 04:47:48 | 002,848,168 | ---- | M] (TeamViewer GmbH) [Auto] -- D:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe -- (TeamViewer7) SRV - [2012/09/02 07:51:55 | 001,044,816 | ---- | M] (Flexera Software, Inc.) [On_Demand] -- D:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2012/06/11 12:19:02 | 000,217,600 | ---- | M] (AMD) [Auto] -- D:\Windows\System32\atiesrxx.exe -- (AMD External Events Utility) SRV - [2012/05/03 10:53:14 | 000,253,088 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- D:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2011/05/18 05:24:32 | 000,641,464 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe -- (vpnagent) SRV - [2010/03/23 06:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto] -- D:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND) SRV - [2009/07/16 10:04:16 | 000,316,664 | ---- | M] (Valve Corporation) [On_Demand] -- D:\Program Files\Common Files\Steam\SteamService.exe -- (Steam Client Service) SRV - [2009/07/13 20:16:15 | 000,016,384 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\StorSvc.dll -- (StorSvc) SRV - [2009/07/13 20:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\sensrsvc.dll -- (SensrSvc) SRV - [2009/07/13 20:16:12 | 001,004,544 | ---- | M] (Microsoft Corporation) [On_Demand] -- D:\Windows\System32\PeerDistSvc.dll -- (PeerDistSvc) SRV - [2007/12/19 18:04:00 | 000,364,544 | R--- | M] (AVM Berlin) [Auto] -- D:\Program Files\avmwlanstick\WLanNetService.exe -- (AVM WLAN Connection Service) ========== Driver Services (SafeList) ========== DRV - [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\atksgt.sys -- (atksgt) DRV - [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () [Kernel | Auto] -- D:\Windows\System32\drivers\lirsgt.sys -- (lirsgt) DRV - [2012/12/11 16:17:20 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avipbb.sys -- (avipbb) DRV - [2012/12/11 16:17:18 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- D:\Windows\System32\drivers\avgntflt.sys -- (avgntflt) DRV - [2012/11/14 06:10:04 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- D:\Windows\System32\drivers\avkmgr.sys -- (avkmgr) DRV - [2012/09/12 06:36:37 | 000,025,088 | ---- | M] (TeamViewer GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\teamviewervpn.sys -- (teamviewervpn) DRV - [2012/08/27 08:50:24 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- D:\Windows\System32\drivers\ssmdrv.sys -- (ssmdrv) DRV - [2012/06/11 13:58:44 | 008,733,696 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmdag.sys -- (amdkmdag) DRV - [2012/06/11 11:25:48 | 000,295,936 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\atikmpag.sys -- (amdkmdap) DRV - [2012/05/11 00:34:08 | 000,181,432 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudmdm.sys -- (ssudmdm) SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.) DRV - [2012/05/11 00:34:06 | 000,080,824 | ---- | M] (DEVGURU Co., LTD.(www.devguru.co.kr)) [Kernel | On_Demand] -- D:\Windows\System32\drivers\ssudbus.sys -- (dg_ssudbus) SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.) DRV - [2012/04/25 04:27:01 | 000,242,240 | ---- | M] (DT Soft Ltd) [Kernel | System] -- D:\Windows\System32\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV - [2012/04/25 04:23:55 | 000,717,296 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- D:\Windows\System32\drivers\sptd.sys -- (sptd) DRV - [2012/02/23 07:31:58 | 000,086,544 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand] -- D:\Windows\System32\drivers\AtihdW73.sys -- (AtiHDAudioService) DRV - [2012/02/09 15:43:00 | 010,816,832 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm) DRV - [2011/09/09 10:59:19 | 000,087,976 | R--- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\acsock.sys -- (acsock) DRV - [2011/05/18 05:12:08 | 000,019,192 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\vpnva.sys -- (vpnva) DRV - [2010/11/20 16:29:24 | 000,052,224 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV - [2010/11/20 16:29:03 | 000,175,360 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vmbus.sys -- (vmbus) DRV - [2010/11/20 16:29:03 | 000,062,464 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\dmvsc.sys -- (dmvsc) DRV - [2010/11/20 16:29:03 | 000,040,704 | ---- | M] (Microsoft Corporation) [Kernel | Boot] -- D:\Windows\System32\drivers\vmstorfl.sys -- (storflt) DRV - [2010/11/20 16:29:03 | 000,035,968 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\System32\drivers\winusb.sys -- (WinUsb) DRV - [2010/11/20 16:29:03 | 000,028,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\storvsc.sys -- (storvsc) DRV - [2010/11/20 16:29:03 | 000,027,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\TsUsbGD.sys -- (TsUsbGD) DRV - [2010/11/20 16:29:03 | 000,017,920 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\VMBusHID.sys -- (VMBusHID) DRV - [2010/11/20 16:29:03 | 000,005,632 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- D:\Windows\system32\drivers\vms3cap.sys -- (s3cap) DRV - [2010/03/23 06:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto] -- D:\Windows\System32\drivers\CVPNDRVA.sys -- (CVPNDRVA) DRV - [2009/07/13 17:02:52 | 000,043,008 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- D:\Windows\System32\drivers\Rtnicxp.sys -- (RTL8023xp) DRV - [2009/07/13 17:02:47 | 000,047,104 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\L1E62x86.sys -- (L1E) NDIS Miniport Driver for Atheros AR8121/AR8113/AR8114 PCI-E Ethernet Controller(NDIS6.20) DRV - [2008/11/16 11:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\dne2000.sys -- (DNE) DRV - [2007/12/19 18:04:00 | 000,265,088 | ---- | M] (AVM GmbH) [Kernel | On_Demand] -- D:\Windows\System32\drivers\fwlanusb.sys -- (FWLANUSB) DRV - [2007/12/19 18:04:00 | 000,004,352 | R--- | M] (AVM Berlin) [Kernel | On_Demand] -- D:\Windows\System32\drivers\avmeject.sys -- (avmeject) DRV - [2007/01/18 13:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand] -- D:\Windows\System32\drivers\CVirtA.sys -- (CVirtA) DRV - [2004/08/13 02:56:20 | 000,005,810 | ---- | M] () [Kernel | On_Demand] -- D:\Windows\System32\drivers\ASACPI.sys -- (MTsensor) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,bProtector Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.claro-search.com/?affID=116143&tt=0213_5&babsrc=HP_clro&mntrId=7610071a000000000000000c29caf2f0 IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\Step_ON_D\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 40 A8 6A 68 00 23 CD 01 [binary data] IE - HKU\Step_ON_D\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: D:\Windows\System32\Macromed\Flash\NPSWF32_11_2_202_233.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: D:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: D:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3502.0922: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=15.4.3555.0308: D:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: D:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: File not found [2013/01/13 11:29:40 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions O1 HOSTS File: ([2012/05/03 06:29:15 | 000,000,824 | ---- | M]) - D:\Windows\System32\drivers\etc\hosts O1 - Hosts: comments (such as these) may be inserted on individual O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - File not found O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - File not found O3 - HKU\Step_ON_D\..\Toolbar\WebBrowser: (no name) - {977AE9CC-AF83-45E8-9E03-E2798216E2D5} - No CLSID value found. O4 - HKLM..\Run: [AMD AVT] D:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKLM..\Run: [avgnt] File not found O4 - HKLM..\Run: [AVMWlanClient] D:\Program Files\avmwlanstick\WLanGUI.exe (AVM Berlin) O4 - HKLM..\Run: [StartCCC] D:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\Step_ON_D..\Run: [DAEMON Tools Lite] File not found O4 - HKU\LocalService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\NetworkService_ON_D..\RunOnce: [mctadmin] D:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: Error locating startup folders. O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: PromptOnSecureDesktop = 0 O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data] O7 - HKU\Step_ON_D\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HideSCAHealth = 1 O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - File not found O9 - Extra Button: ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - File not found O9 - Extra 'Tools' menuitem : ICQ7.7 - {77F665FD-3F60-4B0A-AE14-EC124B7A7FCE} - File not found O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - File not found O13 - gopher Prefix: missing O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O16 - DPF: 55963676-2F5E-4BAF-AC28-CF26AA587566 vpnweb.cab (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O20 - AppInit_DLLs: (c:\progra~2\browse~1\261070~1.41\{c16c1~1\browse~1.dll) - D:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.dll () O20 - HKLM Winlogon: Shell - (explorer.exe) - D:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - D:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - CLSID or File not found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009/06/10 16:42:20 | 000,000,024 | ---- | M] () - D:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2006/08/24 00:43:12 | 000,000,224 | R--- | M] () - I:\autorun.inf -- [ CDFS ] O32 - AutoRun File - [2006/03/24 06:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX: {073FDCA0-1998-DE8E-CBBA-A70AE1307521} - Internet Explorer ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun) ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {359FC3CE-4E8E-D845-B1F9-D9B7EC21549A} - Java (Sun) ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX: {8AAE06DA-3D1A-259A-2797-581B55E39372} - Microsoft Windows Media Player ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {95407D9E-38E3-2BB1-45A5-7F14749AE4A5} - Java (Sun) ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CFCCD20E-4D39-9933-4272-F61C02830A9C} - Internet Explorer ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs: FastUserSwitchingCompatibility - File not found NetSvcs: Ias - File not found NetSvcs: Nla - File not found NetSvcs: Ntmssvc - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Sharedaccess - File not found NetSvcs: SRService - File not found NetSvcs: WmdmPmSp - File not found NetSvcs: wuauserv - File not found NetSvcs: BITS - File not found NetSvcs: LogonHours - File not found NetSvcs: PCAudit - File not found NetSvcs: helpsvc - File not found NetSvcs: uploadmgr - File not found NetSvcs: winmgmt - D:\Users\Step\AppData\Local\Temp\dYSEvWR.exe (Microsoft Corporation) MsConfig - StartUpFolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^VPN Client.lnk - D:\Windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico - () MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2007 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig - StartUpFolder: C:^Users^Step^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.3.lnk - - File not found MsConfig - StartUpReg: Adobe ARM - hkey= - key= - D:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig - StartUpReg: Adobe Reader Speed Launcher - hkey= - key= - File not found MsConfig - StartUpReg: Cisco AnyConnect Secure Mobility Agent for Windows - hkey= - key= - D:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe (Cisco Systems, Inc.) MsConfig - StartUpReg: DAEMON Tools Lite - hkey= - key= - File not found MsConfig - StartUpReg: RGSC - hkey= - key= - File not found MsConfig - StartUpReg: Steam - hkey= - key= - File not found MsConfig - StartUpReg: SunJavaUpdateSched - hkey= - key= - D:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.) MsConfig - State: "startup" - 2 MsConfig - State: "services" - 0 ========== Files/Folders - Created Within 30 Days ========== [2013/01/16 08:41:13 | 000,000,000 | ---D | C] -- D:\_OTL [2013/01/14 07:38:41 | 000,000,000 | -HSD | C] -- D:\Config.Msi [2013/01/14 06:29:35 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Anno 1404 [2013/01/14 05:54:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Ubisoft [2013/01/14 05:53:50 | 000,000,000 | ---D | C] -- D:\ProgramData\Tages [2013/01/14 04:41:22 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Amazon Downloader Logs [2013/01/13 11:48:02 | 000,000,000 | ---D | C] -- D:\Windows\symbols [2013/01/13 11:48:00 | 000,000,000 | ---D | C] -- D:\Program Files\Common Files\Merge Modules [2013/01/13 11:29:55 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\SpecialSavings [2013/01/13 11:29:52 | 000,000,000 | ---D | C] -- D:\ProgramData\IBUpdaterService [2013/01/13 11:29:51 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BrowserProtect [2013/01/13 11:29:47 | 000,000,000 | ---D | C] -- D:\Program Files\File Scout [2013/01/13 11:29:44 | 000,000,000 | ---D | C] -- D:\ProgramData\BrowserProtect [2013/01/13 11:29:40 | 000,000,000 | ---D | C] -- D:\Program Files\Mozilla Firefox [2013/01/13 11:28:56 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\Wajam [2013/01/13 11:28:09 | 002,719,736 | ---- | C] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe [2013/01/10 14:15:57 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SQL Server [2013/01/10 14:13:23 | 000,000,000 | ---D | C] -- D:\Users\Step\Documents\Visual Studio 2010 [2013/01/10 14:13:09 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft SDKs [2013/01/10 14:12:16 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Help Viewer [2013/01/10 13:59:05 | 000,025,088 | ---- | C] (TeamViewer GmbH) -- D:\Windows\System32\drivers\teamviewervpn.sys [2013/01/10 13:57:15 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01 [2013/01/10 11:00:03 | 000,000,000 | ---D | C] -- D:\Users\Step\Desktop\Master [2013/01/10 10:02:08 | 002,106,216 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DCompiler_43.dll [2013/01/10 10:02:08 | 001,998,168 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\D3DX9_43.dll [2013/01/10 10:02:08 | 001,868,128 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dcsx_43.dll [2013/01/10 10:02:08 | 000,527,192 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAudio2_7.dll [2013/01/10 10:02:08 | 000,470,880 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx10_43.dll [2013/01/10 10:02:08 | 000,248,672 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\d3dx11_43.dll [2013/01/10 10:02:08 | 000,239,960 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\xactengine3_7.dll [2013/01/10 10:02:08 | 000,074,072 | ---- | C] (Microsoft Corporation) -- D:\Windows\System32\XAPOFX1_5.dll [2012/12/20 10:57:57 | 000,000,000 | RH-D | C] -- D:\MSOCache [2012/12/20 10:52:53 | 000,000,000 | --SD | C] -- D:\Users\Step\Documents\Meine Shapes [2012/12/20 10:50:22 | 000,000,000 | ---D | C] -- D:\Program Files\Microsoft Analysis Services [2012/12/20 08:48:05 | 000,000,000 | ---D | C] -- D:\Users\Step\AppData\Local\e-academy Inc [2012/12/19 04:45:38 | 000,000,000 | ---D | C] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files - Modified Within 30 Days ========== [2013/01/16 13:28:07 | 095,023,320 | ---- | M] () -- D:\ProgramData\rwvesyd.pad [2013/01/16 13:24:48 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/16 13:24:48 | 000,021,808 | -H-- | M] () -- D:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/16 13:18:36 | 000,000,500 | ---- | M] () -- D:\Windows\tasks\MATLAB R2011b Startup Accelerator.job [2013/01/16 13:17:38 | 000,000,878 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/16 13:17:22 | 000,067,584 | --S- | M] () -- D:\Windows\bootstat.dat [2013/01/16 13:17:06 | 2616,496,128 | -HS- | M] () -- D:\hiberfil.sys [2013/01/16 03:03:00 | 000,000,884 | ---- | M] () -- D:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/16 02:50:26 | 000,003,184 | ---- | M] () -- D:\ProgramData\rwvesyd.js [2013/01/16 02:50:26 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013/01/14 11:45:10 | 000,000,882 | ---- | M] () -- D:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/14 07:50:35 | 000,103,736 | ---- | M] () -- D:\Windows\System32\PnkBstrB.ex0 [2013/01/14 07:49:48 | 000,022,328 | ---- | M] () -- D:\Windows\System32\drivers\PnkBstrK.sys [2013/01/14 06:54:42 | 000,281,768 | ---- | M] () -- D:\Windows\System32\PnkBstrB.xtr [2013/01/14 05:52:49 | 000,000,348 | ---- | M] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk [2013/01/14 05:52:13 | 000,000,000 | R--D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games [2013/01/14 05:52:10 | 000,281,760 | ---- | M] () -- D:\Windows\System32\drivers\atksgt.sys [2013/01/14 05:52:09 | 000,025,888 | ---- | M] () -- D:\Windows\System32\drivers\lirsgt.sys [2013/01/14 04:09:24 | 000,696,620 | ---- | M] () -- D:\Windows\System32\perfh007.dat [2013/01/14 04:09:24 | 000,651,938 | ---- | M] () -- D:\Windows\System32\perfh009.dat [2013/01/14 04:09:24 | 000,147,916 | ---- | M] () -- D:\Windows\System32\perfc007.dat [2013/01/14 04:09:24 | 000,120,870 | ---- | M] () -- D:\Windows\System32\perfc009.dat [2013/01/13 11:49:04 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2010 Express [2013/01/13 11:28:19 | 000,621,888 | ---- | M] () -- D:\Users\Step\Desktop\bundleSetup.exe [2013/01/13 11:28:12 | 002,719,736 | ---- | M] (Microsoft Corporation) -- D:\Users\Step\Desktop\vcsetup.exe [2013/01/10 14:18:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 [2013/01/10 13:58:37 | 000,001,143 | ---- | M] () -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 7.lnk [2013/01/10 13:57:16 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dymola 2013 FD01 [2013/01/10 10:17:34 | 000,000,205 | ---- | M] () -- D:\Users\Step\Desktop\Saints Row The Third.url [2013/01/10 10:04:00 | 000,001,055 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2013/01/10 10:03:43 | 000,001,021 | ---- | M] () -- D:\Users\Step\Desktop\Dropbox.lnk [2013/01/10 08:07:29 | 000,434,952 | ---- | M] () -- D:\Windows\System32\FNTCACHE.DAT [2012/12/20 10:55:11 | 000,015,360 | ---- | M] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd [2012/12/20 10:51:27 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office [2012/12/20 10:37:49 | 000,003,133 | ---- | M] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk [2012/12/19 04:45:38 | 000,000,000 | ---D | M] -- D:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth ========== Files Created - No Company Name ========== [2013/01/16 02:50:26 | 000,003,184 | ---- | C] () -- D:\ProgramData\rwvesyd.js [2013/01/16 02:50:26 | 000,001,080 | ---- | C] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk [2013/01/16 02:49:58 | 095,023,320 | ---- | C] () -- D:\ProgramData\rwvesyd.pad [2013/01/14 05:52:49 | 000,000,348 | ---- | C] () -- D:\Users\Step\Desktop\Anno 1404 - Verknüpfung.lnk [2013/01/14 05:52:10 | 000,281,760 | ---- | C] () -- D:\Windows\System32\drivers\atksgt.sys [2013/01/14 05:52:09 | 000,025,888 | ---- | C] () -- D:\Windows\System32\drivers\lirsgt.sys [2013/01/13 11:28:09 | 000,621,888 | ---- | C] () -- D:\Users\Step\Desktop\bundleSetup.exe [2013/01/10 10:17:34 | 000,000,205 | ---- | C] () -- D:\Users\Step\Desktop\Saints Row The Third.url [2012/12/20 10:52:50 | 000,015,360 | ---- | C] () -- D:\Users\Step\Desktop\Microsoft Visio-Zeichnung (neu).vsd [2012/12/20 08:46:56 | 000,003,133 | ---- | C] () -- D:\Users\Step\Desktop\Secure Download Manager.lnk [2012/10/20 09:55:26 | 000,000,044 | ---- | C] () -- D:\Users\Step\AppData\Local\EnergyViewer.cfg [2012/08/01 13:21:17 | 000,000,051 | ---- | C] () -- D:\ProgramData\flnpcwngpuvkodn [2012/07/30 10:44:55 | 000,000,000 | ---- | C] () -- D:\ProgramData\0x0304A000.sfl [2012/06/11 11:41:48 | 000,204,952 | ---- | C] () -- D:\Windows\System32\ativvsvl.dat [2012/06/11 11:41:48 | 000,157,144 | ---- | C] () -- D:\Windows\System32\ativvsva.dat [2012/06/11 06:50:42 | 000,159,232 | ---- | C] () -- D:\Windows\System32\clinfo.exe [2012/06/04 04:12:53 | 000,065,536 | ---- | C] () -- D:\Windows\System32\HPPLVS.dll [2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Windows\System32\drivers\PnkBstrK.sys [2012/05/14 05:54:59 | 000,022,328 | ---- | C] () -- D:\Users\Step\AppData\Roaming\PnkBstrK.sys [2012/05/14 05:54:42 | 000,103,736 | ---- | C] () -- D:\Windows\System32\PnkBstrB.exe [2012/05/14 05:54:39 | 000,076,888 | ---- | C] () -- D:\Windows\System32\PnkBstrA.exe [2012/05/14 05:54:38 | 000,000,286 | ---- | C] () -- D:\Windows\game.ini [2012/05/14 04:10:37 | 000,000,000 | ---- | C] () -- D:\Windows\ativpsrm.bin [2012/05/14 04:07:55 | 000,003,917 | ---- | C] () -- D:\Windows\System32\atipblag.dat [2012/05/10 09:35:16 | 000,029,184 | ---- | C] () -- D:\Windows\System32\kdbsdk32.dll [2012/05/07 13:28:00 | 000,000,017 | ---- | C] () -- D:\Users\Step\AppData\Local\resmon.resmoncfg [2012/05/03 03:38:13 | 000,000,028 | ---- | C] () -- D:\Windows\sbinetpro.ini [2012/05/03 03:38:13 | 000,000,026 | ---- | C] () -- D:\Windows\skat24pro.ini [2012/04/12 14:30:10 | 000,637,743 | ---- | C] () -- D:\Windows\System32\atiicdxx.dat [2012/02/29 06:26:56 | 000,416,064 | ---- | C] () -- D:\Windows\System32\nvStreaming.exe [2011/04/11 20:30:05 | 000,696,620 | ---- | C] () -- D:\Windows\System32\perfh007.dat [2011/04/11 20:30:05 | 000,295,922 | ---- | C] () -- D:\Windows\System32\perfi007.dat [2011/04/11 20:30:05 | 000,147,916 | ---- | C] () -- D:\Windows\System32\perfc007.dat [2011/04/11 20:30:05 | 000,038,104 | ---- | C] () -- D:\Windows\System32\perfd007.dat [2010/11/20 16:29:26 | 000,066,048 | ---- | C] () -- D:\Windows\System32\PrintBrmUi.exe [2010/11/20 16:29:24 | 000,252,928 | ---- | C] () -- D:\Windows\System32\DShowRdpFilter.dll [2010/06/18 06:40:28 | 000,180,224 | ---- | C] () -- D:\Windows\System32\hpputoar.dll [2010/04/09 15:08:26 | 000,094,208 | ---- | C] () -- D:\Windows\System32\zmbv.dll [2010/03/23 06:26:48 | 000,201,512 | ---- | C] () -- D:\Windows\System32\vpnapi.dll [2009/07/13 23:57:37 | 000,067,584 | --S- | C] () -- D:\Windows\bootstat.dat [2009/07/13 23:33:53 | 000,434,952 | ---- | C] () -- D:\Windows\System32\FNTCACHE.DAT [2009/07/13 21:05:48 | 000,651,938 | ---- | C] () -- D:\Windows\System32\perfh009.dat [2009/07/13 21:05:48 | 000,291,294 | ---- | C] () -- D:\Windows\System32\perfi009.dat [2009/07/13 21:05:48 | 000,120,870 | ---- | C] () -- D:\Windows\System32\perfc009.dat [2009/07/13 21:05:48 | 000,031,548 | ---- | C] () -- D:\Windows\System32\perfd009.dat [2009/07/13 21:05:05 | 000,000,741 | ---- | C] () -- D:\Windows\System32\NOISE.DAT [2009/07/13 21:04:11 | 000,215,943 | ---- | C] () -- D:\Windows\System32\dssec.dat [2009/07/13 18:55:01 | 000,043,131 | ---- | C] () -- D:\Windows\mib.bin [2009/07/13 18:51:43 | 000,073,728 | ---- | C] () -- D:\Windows\System32\BthpanContextHandler.dll [2009/07/13 18:42:10 | 000,064,000 | ---- | C] () -- D:\Windows\System32\BWContextHandler.dll [2009/06/10 16:26:10 | 000,673,088 | ---- | C] () -- D:\Windows\System32\mlang.dat [2008/10/21 22:29:06 | 000,173,550 | ---- | C] () -- D:\Windows\System32\xlive.dll.cat [2008/02/07 03:05:18 | 000,163,840 | ---- | C] () -- D:\Windows\System32\hppatusg01.dll [2007/12/19 18:04:00 | 000,097,360 | ---- | C] () -- D:\Windows\System32\drivers\Fwusb1b.bin [2004/08/13 02:56:20 | 000,005,810 | ---- | C] () -- D:\Windows\System32\drivers\ASACPI.sys ========== LOP Check ========== [2012/10/03 07:58:55 | 000,000,000 | ---D | M] -- D:\ProgramData\8618834A8B5E071A007686180D3A0E34 [2012/07/09 02:57:22 | 000,000,000 | ---D | M] -- D:\ProgramData\AMD [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Anwendungsdaten [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Application Data [2012/09/02 08:52:02 | 000,000,000 | ---D | M] -- D:\ProgramData\Autodesk [2012/05/03 10:50:13 | 000,000,000 | ---D | M] -- D:\ProgramData\Babylon [2013/01/13 11:29:44 | 000,000,000 | ---D | M] -- D:\ProgramData\BrowserProtect [2012/04/25 12:57:24 | 000,000,000 | ---D | M] -- D:\ProgramData\Cisco [2012/08/21 09:37:14 | 000,000,000 | -H-D | M] -- D:\ProgramData\Common Files [2012/04/25 04:30:09 | 000,000,000 | ---D | M] -- D:\ProgramData\DAEMON Tools Lite [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Desktop [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Documents [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Dokumente [2012/11/09 10:28:34 | 000,000,000 | ---D | M] -- D:\ProgramData\Dynasim [2012/07/06 15:32:15 | 000,000,000 | ---D | M] -- D:\ProgramData\elsterformular [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favoriten [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Favorites [2013/01/13 11:29:52 | 000,000,000 | ---D | M] -- D:\ProgramData\IBUpdaterService [2012/10/20 09:56:00 | 000,000,000 | ---D | M] -- D:\ProgramData\ITI GmbH [2012/12/10 18:20:44 | 000,000,000 | ---D | M] -- D:\ProgramData\OriginLab [2012/04/24 13:12:53 | 000,000,000 | ---D | M] -- D:\ProgramData\Panda Security [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Start Menu [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Startmenü [2013/01/14 05:54:31 | 000,000,000 | ---D | M] -- D:\ProgramData\Tages [2012/05/14 06:39:19 | 000,000,000 | ---D | M] -- D:\ProgramData\Tarma Installer [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\ProgramData\Templates [2012/05/04 10:56:12 | 000,000,000 | ---D | M] -- D:\ProgramData\TLK-Thermo GmbH [2012/08/21 09:37:37 | 000,000,000 | ---D | M] -- D:\ProgramData\TuneUp Software [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\ProgramData\Vorlagen [2012/08/02 01:58:31 | 000,000,000 | ---D | M] -- D:\ProgramData\ytryjrpbxdmjtcf [2012/08/21 09:37:14 | 000,000,000 | -HSD | M] -- D:\ProgramData\{32364CEA-7855-4A3C-B674-53D8E9B97936} [2012/10/18 09:20:00 | 000,000,000 | -H-D | M] -- D:\ProgramData\{FFCC117F-633D-49E2-9279-CBF58ED15A69} [2013/01/16 13:18:36 | 000,000,500 | ---- | M] () -- D:\Windows\Tasks\MATLAB R2011b Startup Accelerator.job [2012/12/02 17:03:32 | 000,032,632 | ---- | M] () -- D:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012/10/03 07:55:57 | 000,000,000 | -HSD | M] -- D:\$Recycle.Bin [2012/07/09 02:53:31 | 000,000,000 | ---D | M] -- D:\AMD [2013/01/14 07:51:49 | 000,000,000 | -HSD | M] -- D:\Config.Msi [2009/07/13 23:53:55 | 000,000,000 | -HSD | M] -- D:\Documents and Settings [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Dokumente und Einstellungen [2012/06/04 04:12:31 | 000,000,000 | ---D | M] -- D:\hp_P1000_P1500_Full_Solution [2012/09/02 07:44:41 | 000,000,000 | ---D | M] -- D:\MITSI 2012 Temporary Files [2012/12/20 10:57:57 | 000,000,000 | RH-D | M] -- D:\MSOCache [2012/05/10 14:01:28 | 000,000,000 | ---D | M] -- D:\NVIDIA [2009/07/13 21:37:05 | 000,000,000 | ---D | M] -- D:\PerfLogs [2013/01/14 07:39:34 | 000,000,000 | R--D | M] -- D:\Program Files [2013/01/16 13:22:08 | 000,000,000 | -H-D | M] -- D:\ProgramData [2012/04/24 11:59:38 | 000,000,000 | -HSD | M] -- D:\Programme [2012/04/24 11:59:39 | 000,000,000 | -HSD | M] -- D:\Recovery [2013/01/14 11:05:13 | 000,000,000 | -HSD | M] -- D:\System Volume Information [2012/05/12 09:12:18 | 000,000,000 | R--D | M] -- D:\Users [2013/01/16 08:41:14 | 000,000,000 | ---D | M] -- D:\Windows [2013/01/16 08:41:13 | 000,000,000 | ---D | M] -- D:\_OTL < %PROGRAMFILES%\*.exe > Invalid Environment Variable: %LOCALAPPDATA%\*.exe < %systemroot%\*. /mp /s > < MD5 for: AGP440.SYS > [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\drivers\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys [2009/07/13 20:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- D:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys < MD5 for: ATAPI.SYS > [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\drivers\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys [2009/07/13 20:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- D:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\System32\cngaudit.dll [2009/07/13 20:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- D:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011/02/26 00:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe [2010/11/20 16:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\explorer.exe [2011/02/25 00:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- D:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe < MD5 for: IASTORV.SYS > [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\drivers\iaStorV.sys [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys [2011/03/11 00:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys [2011/03/11 00:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys [2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys [2010/11/20 16:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- D:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\System32\netlogon.dll [2010/11/20 16:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- D:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll < MD5 for: NVSTOR.SYS > [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\drivers\nvstor.sys [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys [2011/03/11 00:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys [2011/03/11 00:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys [2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys [2010/11/20 16:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- D:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys < MD5 for: SCECLI.DLL > [2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\System32\scecli.dll [2010/11/20 16:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- D:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll < MD5 for: USER32.DLL > [2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\System32\user32.dll [2010/11/20 16:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- D:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll < MD5 for: USERINIT.EXE > [2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\System32\userinit.exe [2010/11/20 16:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- D:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe < MD5 for: WINLOGON.EXE > [2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\System32\winlogon.exe [2010/11/20 16:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- D:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\System32\drivers\ws2ifsl.sys [2009/07/13 18:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- D:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [2010/11/20 16:29:08 | 000,828,928 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\fontext.dll [2012/06/08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- D:\Windows\system32\shell32.dll Invalid Environment Variable: %USERPROFILE%\*.* Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.exe Invalid Environment Variable: %USERPROFILE%\Local Settings\Temp\*.dll Invalid Environment Variable: %USERPROFILE%\Application Data\*.exe < End of report > [/code] |
16.01.2013, 22:47 | #10 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hi auf deinem zweiten pc gehe auf start, programme zubehör editor, kopiere dort rein: Code:
ATTFilter :OTL [2013/01/16 02:50:26 | 000,003,184 | ---- | M] () -- D:\ProgramData\rwvesyd.js [2013/01/16 02:50:26 | 000,001,080 | ---- | M] () -- D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk :Files :Commands [EMPTYFLASH] [emptytemp] dieses speicherst du auf nem usb stick als fix.txt nutze nun wieder OTLPENet.exe (starte also von der erstellten cd) und hake alles an, wie es bereits im post zu OTLPENet.exe beschrieben ist. • Klicke nun bitte auf den Fix Button. es sollte nun eine meldung ähnlich dieser: "load fix from file" erscheinen, lade also die fix.txt von deinem stick. wenn dies nicht funktioniert, bitte den fix manuell eintragen. dann klicke erneut den fix buton. pc startet evtl. neu. wenn ja, nimm die cd aus dem laufwerk, windows sollte nun normal starten und die otl.txt öffnen, log posten bitte.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
16.01.2013, 23:32 | #11 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht Aus irgendeinem Grund wollte mein infizierter Rechner unter Reatogo USB Sticks nicht lesen. Habe dann nocheinmal neugestartet. Beim runterfahren hing er sich wieder auf. Also wieder manuell ausgeschaltet. Danach hat er sie wieder erkannt. Fix war nach etwa einer Sekunde durch. Hier die Datei die erstellt wurde Namens 01162013_232117: Code:
ATTFilter ========== OTL ========== D:\ProgramData\rwvesyd.js moved successfully. D:\Users\Step\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\runctf.lnk moved successfully. ========== FILES ========== ========== COMMANDS ========== [EMPTYFLASH] User: All Users -> No Temporary Internet Files cache folder defined! User: Default -> No Temporary Internet Files cache folder defined! User: Default User -> No Temporary Internet Files cache folder defined! User: Public -> No Temporary Internet Files cache folder defined! User: Step -> No Temporary Internet Files cache folder defined! Total Flash Files Cleaned = 0.00 mb [EMPTYTEMP] User: All Users -> No Temporary Internet Files cache folder defined! User: Default -> No Temporary Internet Files cache folder defined! User: Default User -> No Temporary Internet Files cache folder defined! User: Public -> No Temporary Internet Files cache folder defined! User: Step -> No Temporary Internet Files cache folder defined! %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 0 bytes Total Files Cleaned = 0.00 mb OTLPE by OldTimer - Version 3.1.48.0 log created on 01162013_232117 Keine "server ist ausgelastet" meldung. nochmal vielen vielen dank für die bisherige Hilfe und Zeit! Gruß, nyrt |
17.01.2013, 15:30 | #12 |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 17:03 | #13 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hier die datei wie beschrieben mit datum version etc von tdsskiller. es wurden noch 4 threads gefunden. die waren alle auf skip eingestellt. sind die nochmal extra abgespeichert? Code:
ATTFilter 16:58:38.0174 2852 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 16:58:38.0190 2852 ============================================================ 16:58:38.0190 2852 Current date / time: 2013/01/17 16:58:38.0190 16:58:38.0190 2852 SystemInfo: 16:58:38.0190 2852 16:58:38.0190 2852 OS Version: 6.1.7601 ServicePack: 1.0 16:58:38.0190 2852 Product type: Workstation 16:58:38.0190 2852 ComputerName: STEP-PC 16:58:38.0190 2852 UserName: Step 16:58:38.0190 2852 Windows directory: C:\Windows 16:58:38.0190 2852 System windows directory: C:\Windows 16:58:38.0190 2852 Processor architecture: Intel x86 16:58:38.0190 2852 Number of processors: 2 16:58:38.0190 2852 Page size: 0x1000 16:58:38.0190 2852 Boot type: Normal boot 16:58:38.0190 2852 ============================================================ 16:58:40.0468 2852 Drive \Device\Harddisk0\DR0 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 16:58:40.0468 2852 Drive \Device\Harddisk1\DR1 - Size: 0x77270000 (1.86 Gb), SectorSize: 0x200, Cylinders: 0xF3, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 16:58:40.0468 2852 ============================================================ 16:58:40.0468 2852 \Device\Harddisk0\DR0: 16:58:40.0468 2852 MBR partitions: 16:58:40.0468 2852 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x3F, BlocksNum 0x2711637 16:58:40.0468 2852 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x2711676, BlocksNum 0x15F8CF22 16:58:40.0483 2852 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x1869E5D7, BlocksNum 0x9644211 16:58:40.0483 2852 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x21CE2827, BlocksNum 0x2711637 16:58:40.0499 2852 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x243F3E9D, BlocksNum 0x15F8CEE3 16:58:40.0499 2852 \Device\Harddisk1\DR1: 16:58:40.0499 2852 MBR partitions: 16:58:40.0499 2852 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x6, StartLBA 0x20, BlocksNum 0x3B9360 16:58:40.0499 2852 ============================================================ 16:58:40.0530 2852 C: <-> \Device\Harddisk0\DR0\Partition3 16:58:40.0577 2852 D: <-> \Device\Harddisk0\DR0\Partition4 16:58:40.0608 2852 E: <-> \Device\Harddisk0\DR0\Partition5 16:58:40.0639 2852 F: <-> \Device\Harddisk0\DR0\Partition2 16:58:40.0639 2852 ============================================================ 16:58:40.0639 2852 Initialize success 16:58:40.0639 2852 ============================================================ 16:58:56.0130 3268 ============================================================ 16:58:56.0130 3268 Scan started 16:58:56.0130 3268 Mode: Manual; SigCheck; TDLFS; 16:58:56.0130 3268 ============================================================ 16:58:58.0844 3268 ================ Scan system memory ======================== 16:58:58.0844 3268 System memory - ok 16:58:58.0844 3268 ================ Scan services ============================= 16:58:59.0047 3268 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\DRIVERS\1394ohci.sys 16:58:59.0219 3268 1394ohci - ok 16:58:59.0281 3268 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 16:58:59.0312 3268 ACPI - ok 16:58:59.0344 3268 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 16:58:59.0390 3268 AcpiPmi - ok 16:58:59.0453 3268 [ 8C729FF9B5C47730EA54E841E2D8B617 ] acsock C:\Windows\system32\DRIVERS\acsock.sys 16:58:59.0515 3268 acsock - ok 16:58:59.0578 3268 [ 459AC130C6AB892B1CD5D7544626EFC5 ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 16:58:59.0609 3268 AdobeFlashPlayerUpdateSvc - ok 16:58:59.0656 3268 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys 16:58:59.0687 3268 adp94xx - ok 16:58:59.0718 3268 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys 16:58:59.0765 3268 adpahci - ok 16:58:59.0780 3268 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys 16:58:59.0796 3268 adpu320 - ok 16:58:59.0827 3268 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 16:58:59.0936 3268 AeLookupSvc - ok 16:58:59.0999 3268 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 16:59:00.0061 3268 AFD - ok 16:59:00.0077 3268 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 16:59:00.0108 3268 agp440 - ok 16:59:00.0139 3268 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys 16:59:00.0170 3268 aic78xx - ok 16:59:00.0202 3268 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 16:59:00.0248 3268 ALG - ok 16:59:00.0280 3268 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 16:59:00.0295 3268 aliide - ok 16:59:00.0342 3268 [ B90A4332CF4C6580C845266A656DE4AB ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 16:59:00.0404 3268 AMD External Events Utility - ok 16:59:00.0420 3268 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 16:59:00.0436 3268 amdagp - ok 16:59:00.0451 3268 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 16:59:00.0467 3268 amdide - ok 16:59:00.0498 3268 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys 16:59:00.0529 3268 AmdK8 - ok 16:59:00.0748 3268 [ 7844984A5E1E6F18D93AF9E9BCC65436 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 16:59:01.0138 3268 amdkmdag - ok 16:59:01.0169 3268 [ 202DEF509D76105B08741D36C3A7E4D7 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 16:59:01.0216 3268 amdkmdap - ok 16:59:01.0231 3268 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys 16:59:01.0278 3268 AmdPPM - ok 16:59:01.0325 3268 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 16:59:01.0340 3268 amdsata - ok 16:59:01.0387 3268 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys 16:59:01.0403 3268 amdsbs - ok 16:59:01.0418 3268 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 16:59:01.0450 3268 amdxata - ok 16:59:01.0528 3268 [ D89562A6AE8E07A457452E5B5560EB43 ] AntiVirSchedulerService F:\Programme\Antivir\Avira\AntiVir Desktop\sched.exe 16:59:01.0559 3268 AntiVirSchedulerService - ok 16:59:01.0590 3268 [ E953EB70B3C4F0BA108C35D45420B86B ] AntiVirService F:\Programme\Antivir\Avira\AntiVir Desktop\avguard.exe 16:59:01.0621 3268 AntiVirService - ok 16:59:01.0652 3268 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 16:59:01.0730 3268 AppID - ok 16:59:01.0793 3268 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 16:59:01.0871 3268 AppIDSvc - ok 16:59:01.0902 3268 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 16:59:01.0949 3268 Appinfo - ok 16:59:01.0996 3268 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll 16:59:02.0042 3268 AppMgmt - ok 16:59:02.0074 3268 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys 16:59:02.0105 3268 arc - ok 16:59:02.0136 3268 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys 16:59:02.0152 3268 arcsas - ok 16:59:02.0276 3268 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe 16:59:02.0354 3268 aspnet_state - ok 16:59:02.0401 3268 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 16:59:02.0479 3268 AsyncMac - ok 16:59:02.0510 3268 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 16:59:02.0526 3268 atapi - ok 16:59:02.0588 3268 [ 6ADC42CF4A6AB84975CA63DCCFAAF5D8 ] AtiHDAudioService C:\Windows\system32\drivers\AtihdW73.sys 16:59:02.0635 3268 AtiHDAudioService - ok 16:59:02.0713 3268 [ F0D933B42CD0594048E4D5200AE9E417 ] atksgt C:\Windows\system32\DRIVERS\atksgt.sys 16:59:02.0854 3268 atksgt - ok 16:59:02.0901 3268 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 16:59:03.0072 3268 AudioEndpointBuilder - ok 16:59:03.0088 3268 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 16:59:03.0119 3268 Audiosrv - ok 16:59:03.0166 3268 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 16:59:03.0197 3268 avgntflt - ok 16:59:03.0228 3268 [ 0189056DDBF23C7DEF09D2B5999C5405 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 16:59:03.0244 3268 avipbb - ok 16:59:03.0259 3268 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 16:59:03.0291 3268 avkmgr - ok 16:59:03.0384 3268 [ B5AB073A8EAA0024DFE4D6E2F7AC2924 ] AVM WLAN Connection Service C:\Program Files\avmwlanstick\WlanNetService.exe 16:59:03.0400 3268 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - warning 16:59:03.0400 3268 AVM WLAN Connection Service - detected UnsignedFile.Multi.Generic (1) 16:59:03.0447 3268 [ 263CF9D248FD5E020A1333ED4F7EAA88 ] avmeject C:\Windows\system32\drivers\avmeject.sys 16:59:03.0478 3268 avmeject ( UnsignedFile.Multi.Generic ) - warning 16:59:03.0478 3268 avmeject - detected UnsignedFile.Multi.Generic (1) 16:59:03.0525 3268 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 16:59:03.0603 3268 AxInstSV - ok 16:59:03.0649 3268 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys 16:59:03.0743 3268 b06bdrv - ok 16:59:03.0774 3268 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 16:59:03.0805 3268 b57nd60x - ok 16:59:03.0837 3268 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 16:59:03.0883 3268 BDESVC - ok 16:59:03.0915 3268 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 16:59:03.0946 3268 Beep - ok 16:59:03.0961 3268 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 16:59:03.0993 3268 blbdrive - ok 16:59:04.0024 3268 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 16:59:04.0071 3268 bowser - ok 16:59:04.0086 3268 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys 16:59:04.0133 3268 BrFiltLo - ok 16:59:04.0149 3268 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys 16:59:04.0180 3268 BrFiltUp - ok 16:59:04.0211 3268 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 16:59:04.0258 3268 Browser - ok 16:59:04.0383 3268 [ B2958F59C2DAFB76348224832FB7C26F ] BrowserProtect C:\ProgramData\BrowserProtect\2.6.1070.41\{c16c1ccb-7046-4e5c-a2f3-533ad2fec8e8}\BrowserProtect.exe 16:59:04.0461 3268 BrowserProtect - ok 16:59:04.0476 3268 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 16:59:04.0507 3268 Brserid - ok 16:59:04.0523 3268 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 16:59:04.0570 3268 BrSerWdm - ok 16:59:04.0585 3268 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 16:59:04.0617 3268 BrUsbMdm - ok 16:59:04.0632 3268 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 16:59:04.0695 3268 BrUsbSer - ok 16:59:04.0726 3268 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys 16:59:04.0757 3268 BTHMODEM - ok 16:59:04.0788 3268 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 16:59:04.0835 3268 bthserv - ok 16:59:04.0866 3268 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 16:59:04.0913 3268 cdfs - ok 16:59:04.0944 3268 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 16:59:04.0975 3268 cdrom - ok 16:59:05.0022 3268 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 16:59:05.0053 3268 CertPropSvc - ok 16:59:05.0085 3268 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\drivers\circlass.sys 16:59:05.0100 3268 circlass - ok 16:59:05.0131 3268 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 16:59:05.0163 3268 CLFS - ok 16:59:05.0241 3268 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 16:59:05.0256 3268 clr_optimization_v2.0.50727_32 - ok 16:59:05.0303 3268 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 16:59:05.0350 3268 clr_optimization_v4.0.30319_32 - ok 16:59:05.0365 3268 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys 16:59:05.0412 3268 CmBatt - ok 16:59:05.0428 3268 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 16:59:05.0443 3268 cmdide - ok 16:59:05.0475 3268 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 16:59:05.0521 3268 CNG - ok 16:59:05.0521 3268 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\drivers\compbatt.sys 16:59:05.0537 3268 Compbatt - ok 16:59:05.0568 3268 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys 16:59:05.0615 3268 CompositeBus - ok 16:59:05.0646 3268 COMSysApp - ok 16:59:05.0677 3268 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys 16:59:05.0709 3268 crcdisk - ok 16:59:05.0740 3268 [ 06E771AA596B8761107AB57E99F128D7 ] CryptSvc C:\Windows\system32\cryptsvc.dll 16:59:05.0787 3268 CryptSvc - ok 16:59:05.0833 3268 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys 16:59:05.0896 3268 CSC - ok 16:59:05.0927 3268 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll 16:59:06.0005 3268 CscService - ok 16:59:06.0083 3268 [ B5ECADF7708960F1818C7FA015F4C239 ] CVirtA C:\Windows\system32\DRIVERS\CVirtA.sys 16:59:06.0130 3268 CVirtA - ok 16:59:06.0317 3268 [ 66257CB4E4FB69887CDDC71663741435 ] CVPND C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe 16:59:06.0520 3268 CVPND - ok 16:59:06.0598 3268 [ 18994842386FD3039279D7865740ABBD ] CVPNDRVA C:\Windows\system32\Drivers\CVPNDRVA.sys 16:59:06.0660 3268 CVPNDRVA ( UnsignedFile.Multi.Generic ) - warning 16:59:06.0660 3268 CVPNDRVA - detected UnsignedFile.Multi.Generic (1) 16:59:06.0691 3268 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 16:59:06.0785 3268 DcomLaunch - ok 16:59:06.0879 3268 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 16:59:06.0941 3268 defragsvc - ok 16:59:06.0972 3268 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 16:59:07.0081 3268 DfsC - ok 16:59:07.0175 3268 [ F9F31A9F2A8C0DD0CEB6E380BF0985D4 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys 16:59:07.0237 3268 dg_ssudbus - ok 16:59:07.0284 3268 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 16:59:07.0440 3268 Dhcp - ok 16:59:07.0471 3268 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 16:59:07.0534 3268 discache - ok 16:59:07.0581 3268 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys 16:59:07.0659 3268 Disk - ok 16:59:07.0705 3268 [ 2A958EF85DB1B61FFCA65044FA4BCE9E ] dmvsc C:\Windows\system32\drivers\dmvsc.sys 16:59:07.0783 3268 dmvsc - ok 16:59:07.0877 3268 [ B5AA5AA5AC327BD7C1AEC0C58F0C1144 ] DNE C:\Windows\system32\DRIVERS\dne2000.sys 16:59:07.0893 3268 DNE - ok 16:59:07.0955 3268 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 16:59:08.0002 3268 Dnscache - ok 16:59:08.0017 3268 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 16:59:08.0064 3268 dot3svc - ok 16:59:08.0095 3268 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 16:59:08.0142 3268 DPS - ok 16:59:08.0173 3268 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 16:59:08.0189 3268 drmkaud - ok 16:59:08.0267 3268 [ 687AF6BB383885FF6A64071B189A7F3E ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 16:59:08.0298 3268 dtsoftbus01 - ok 16:59:08.0345 3268 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 16:59:08.0392 3268 DXGKrnl - ok 16:59:08.0392 3268 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 16:59:08.0470 3268 EapHost - ok 16:59:08.0782 3268 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys 16:59:09.0016 3268 ebdrv - ok 16:59:09.0063 3268 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 16:59:09.0156 3268 EFS - ok 16:59:09.0359 3268 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 16:59:09.0484 3268 ehRecvr - ok 16:59:09.0499 3268 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 16:59:09.0531 3268 ehSched - ok 16:59:09.0609 3268 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys 16:59:09.0640 3268 elxstor - ok 16:59:09.0671 3268 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 16:59:09.0702 3268 ErrDev - ok 16:59:09.0765 3268 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 16:59:09.0827 3268 EventSystem - ok 16:59:09.0874 3268 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 16:59:09.0905 3268 exfat - ok 16:59:09.0936 3268 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 16:59:09.0983 3268 fastfat - ok 16:59:10.0030 3268 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 16:59:10.0092 3268 Fax - ok 16:59:10.0139 3268 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 16:59:10.0170 3268 fdc - ok 16:59:10.0201 3268 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 16:59:10.0233 3268 fdPHost - ok 16:59:10.0264 3268 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 16:59:10.0295 3268 FDResPub - ok 16:59:10.0342 3268 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 16:59:10.0357 3268 FileInfo - ok 16:59:10.0373 3268 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 16:59:10.0420 3268 Filetrace - ok 16:59:10.0498 3268 [ 73081CF28F0AE20A52CA4F67CEE6E6B0 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 16:59:10.0576 3268 FLEXnet Licensing Service - ok 16:59:10.0576 3268 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 16:59:10.0607 3268 flpydisk - ok 16:59:10.0638 3268 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 16:59:10.0654 3268 FltMgr - ok 16:59:10.0716 3268 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 16:59:10.0779 3268 FontCache - ok 16:59:10.0841 3268 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 16:59:10.0857 3268 FontCache3.0.0.0 - ok 16:59:10.0872 3268 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 16:59:10.0888 3268 FsDepends - ok 16:59:10.0935 3268 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 16:59:10.0950 3268 Fs_Rec - ok 16:59:10.0981 3268 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 16:59:11.0013 3268 fvevol - ok 16:59:11.0169 3268 [ FF12FA487265DA2AC7DE4BE53F72FF1A ] FWLANUSB C:\Windows\system32\DRIVERS\fwlanusb.sys 16:59:11.0262 3268 FWLANUSB - ok 16:59:11.0325 3268 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys 16:59:11.0387 3268 gagp30kx - ok 16:59:11.0465 3268 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 16:59:11.0605 3268 gpsvc - ok 16:59:11.0824 3268 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 16:59:11.0839 3268 gupdate - ok 16:59:11.0949 3268 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 16:59:11.0964 3268 gupdatem - ok 16:59:12.0011 3268 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 16:59:12.0042 3268 hcw85cir - ok 16:59:12.0089 3268 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 16:59:12.0167 3268 HdAudAddService - ok 16:59:12.0198 3268 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys 16:59:12.0229 3268 HDAudBus - ok 16:59:12.0261 3268 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys 16:59:12.0292 3268 HidBatt - ok 16:59:12.0307 3268 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys 16:59:12.0370 3268 HidBth - ok 16:59:12.0432 3268 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\drivers\hidir.sys 16:59:12.0463 3268 HidIr - ok 16:59:12.0510 3268 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 16:59:12.0557 3268 hidserv - ok 16:59:12.0619 3268 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 16:59:12.0682 3268 HidUsb - ok 16:59:12.0729 3268 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 16:59:12.0760 3268 hkmsvc - ok 16:59:12.0807 3268 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 16:59:12.0885 3268 HomeGroupListener - ok 16:59:12.0916 3268 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 16:59:12.0978 3268 HomeGroupProvider - ok 16:59:13.0087 3268 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 16:59:13.0181 3268 HpSAMD - ok 16:59:13.0306 3268 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 16:59:13.0618 3268 HTTP - ok 16:59:13.0696 3268 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 16:59:13.0711 3268 hwpolicy - ok 16:59:13.0867 3268 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 16:59:14.0070 3268 i8042prt - ok 16:59:14.0289 3268 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 16:59:14.0445 3268 iaStorV - ok 16:59:14.0569 3268 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 16:59:14.0679 3268 idsvc - ok 16:59:14.0725 3268 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys 16:59:14.0741 3268 iirsp - ok 16:59:14.0835 3268 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 16:59:14.0928 3268 IKEEXT - ok 16:59:14.0975 3268 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 16:59:14.0991 3268 intelide - ok 16:59:15.0100 3268 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 16:59:15.0131 3268 intelppm - ok 16:59:15.0209 3268 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 16:59:15.0271 3268 IPBusEnum - ok 16:59:15.0303 3268 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 16:59:15.0365 3268 IpFilterDriver - ok 16:59:15.0427 3268 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 16:59:15.0474 3268 IPMIDRV - ok 16:59:15.0505 3268 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 16:59:15.0552 3268 IPNAT - ok 16:59:15.0599 3268 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 16:59:15.0646 3268 IRENUM - ok 16:59:15.0708 3268 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 16:59:15.0739 3268 isapnp - ok 16:59:15.0786 3268 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 16:59:15.0833 3268 iScsiPrt - ok 16:59:15.0864 3268 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys 16:59:15.0895 3268 kbdclass - ok 16:59:15.0927 3268 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys 16:59:15.0958 3268 kbdhid - ok 16:59:15.0973 3268 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 16:59:15.0989 3268 KeyIso - ok 16:59:16.0005 3268 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 16:59:16.0036 3268 KSecDD - ok 16:59:16.0083 3268 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 16:59:16.0098 3268 KSecPkg - ok 16:59:16.0192 3268 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 16:59:16.0254 3268 KtmRm - ok 16:59:16.0301 3268 [ 8C804B1FFAD1EFA952B747E8285C3B76 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys 16:59:16.0332 3268 L1E - ok 16:59:16.0379 3268 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 16:59:16.0410 3268 LanmanServer - ok 16:59:16.0441 3268 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 16:59:16.0473 3268 LanmanWorkstation - ok 16:59:16.0551 3268 [ F8A7212D0864EF5E9185FB95E6623F4D ] lirsgt C:\Windows\system32\DRIVERS\lirsgt.sys 16:59:16.0582 3268 lirsgt - ok 16:59:16.0629 3268 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 16:59:16.0691 3268 lltdio - ok 16:59:16.0753 3268 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 16:59:16.0800 3268 lltdsvc - ok 16:59:16.0816 3268 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 16:59:16.0847 3268 lmhosts - ok 16:59:16.0894 3268 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys 16:59:16.0925 3268 LSI_FC - ok 16:59:16.0972 3268 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys 16:59:16.0987 3268 LSI_SAS - ok 16:59:17.0112 3268 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys 16:59:17.0159 3268 LSI_SAS2 - ok 16:59:17.0253 3268 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys 16:59:17.0299 3268 LSI_SCSI - ok 16:59:17.0315 3268 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 16:59:17.0393 3268 luafv - ok 16:59:17.0424 3268 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 16:59:17.0440 3268 Mcx2Svc - ok 16:59:17.0455 3268 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys 16:59:17.0471 3268 megasas - ok 16:59:17.0502 3268 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys 16:59:17.0549 3268 MegaSR - ok 16:59:17.0877 3268 [ B2896AC99901738B882F28004F79A455 ] mitsijm2012 F:\Programme\Inventor\Inventor\Inventor 2012\Moldflow\bin\mitsijm.exe 16:59:17.0908 3268 mitsijm2012 - ok 16:59:17.0939 3268 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 16:59:17.0970 3268 MMCSS - ok 16:59:17.0986 3268 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 16:59:18.0048 3268 Modem - ok 16:59:18.0079 3268 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 16:59:18.0111 3268 monitor - ok 16:59:18.0142 3268 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 16:59:18.0157 3268 mouclass - ok 16:59:18.0189 3268 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 16:59:18.0204 3268 mouhid - ok 16:59:18.0251 3268 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 16:59:18.0313 3268 mountmgr - ok 16:59:18.0360 3268 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 16:59:18.0391 3268 mpio - ok 16:59:18.0438 3268 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 16:59:18.0469 3268 mpsdrv - ok 16:59:18.0516 3268 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 16:59:18.0547 3268 MRxDAV - ok 16:59:18.0594 3268 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 16:59:18.0625 3268 mrxsmb - ok 16:59:18.0657 3268 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 16:59:18.0719 3268 mrxsmb10 - ok 16:59:18.0735 3268 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 16:59:18.0750 3268 mrxsmb20 - ok 16:59:18.0766 3268 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 16:59:18.0781 3268 msahci - ok 16:59:18.0813 3268 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 16:59:18.0828 3268 msdsm - ok 16:59:18.0859 3268 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 16:59:18.0906 3268 MSDTC - ok 16:59:18.0969 3268 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 16:59:19.0000 3268 Msfs - ok 16:59:19.0015 3268 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 16:59:19.0047 3268 mshidkmdf - ok 16:59:19.0047 3268 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 16:59:19.0078 3268 msisadrv - ok 16:59:19.0218 3268 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 16:59:19.0327 3268 MSiSCSI - ok 16:59:19.0343 3268 msiserver - ok 16:59:19.0359 3268 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 16:59:19.0437 3268 MSKSSRV - ok 16:59:19.0468 3268 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 16:59:19.0515 3268 MSPCLOCK - ok 16:59:19.0546 3268 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 16:59:19.0608 3268 MSPQM - ok 16:59:19.0639 3268 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 16:59:19.0686 3268 MsRPC - ok 16:59:19.0702 3268 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys 16:59:19.0733 3268 mssmbios - ok 16:59:19.0749 3268 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 16:59:19.0780 3268 MSTEE - ok 16:59:19.0827 3268 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys 16:59:19.0858 3268 MTConfig - ok 16:59:19.0920 3268 [ D48659BB24C48345D926ECB45C1EBDF5 ] MTsensor C:\Windows\system32\DRIVERS\ASACPI.sys 16:59:19.0951 3268 MTsensor - ok 16:59:19.0967 3268 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 16:59:19.0983 3268 Mup - ok 16:59:20.0045 3268 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 16:59:20.0139 3268 napagent - ok 16:59:20.0279 3268 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 16:59:20.0388 3268 NativeWifiP - ok 16:59:20.0482 3268 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 16:59:20.0731 3268 NDIS - ok 16:59:20.0809 3268 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 16:59:20.0903 3268 NdisCap - ok 16:59:20.0950 3268 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 16:59:21.0012 3268 NdisTapi - ok 16:59:21.0106 3268 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 16:59:21.0246 3268 Ndisuio - ok 16:59:21.0293 3268 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 16:59:21.0371 3268 NdisWan - ok 16:59:21.0418 3268 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 16:59:21.0465 3268 NDProxy - ok 16:59:21.0496 3268 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 16:59:21.0589 3268 NetBIOS - ok 16:59:21.0621 3268 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 16:59:21.0761 3268 NetBT - ok 16:59:21.0792 3268 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 16:59:21.0808 3268 Netlogon - ok 16:59:21.0901 3268 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 16:59:21.0933 3268 Netman - ok 16:59:21.0995 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 16:59:22.0104 3268 NetMsmqActivator - ok 16:59:22.0135 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 16:59:22.0135 3268 NetPipeActivator - ok 16:59:22.0182 3268 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 16:59:22.0260 3268 netprofm - ok 16:59:22.0276 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 16:59:22.0276 3268 NetTcpActivator - ok 16:59:22.0291 3268 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe 16:59:22.0307 3268 NetTcpPortSharing - ok 16:59:22.0369 3268 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys 16:59:22.0416 3268 nfrd960 - ok 16:59:22.0447 3268 [ 912084381D30D8B89EC4E293053F4710 ] NlaSvc C:\Windows\System32\nlasvc.dll 16:59:22.0525 3268 NlaSvc - ok 16:59:22.0557 3268 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 16:59:22.0635 3268 Npfs - ok 16:59:22.0697 3268 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 16:59:22.0759 3268 nsi - ok 16:59:22.0791 3268 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 16:59:22.0822 3268 nsiproxy - ok 16:59:22.0915 3268 [ 81189C3D7763838E55C397759D49007A ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 16:59:23.0025 3268 Ntfs - ok 16:59:23.0056 3268 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 16:59:23.0165 3268 Null - ok 16:59:25.0053 3268 [ F452E6AD3EDA2852F44BE492E283C40F ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 16:59:25.0677 3268 nvlddmkm - ok 16:59:25.0723 3268 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 16:59:25.0755 3268 nvraid - ok 16:59:25.0817 3268 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 16:59:25.0879 3268 nvstor - ok 16:59:26.0129 3268 [ 70145ADE9EFE2CE296DD5FC761B4969B ] nvsvc C:\Windows\system32\nvvsvc.exe 16:59:26.0191 3268 nvsvc - ok 16:59:26.0254 3268 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 16:59:26.0301 3268 nv_agp - ok 16:59:26.0488 3268 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE 16:59:26.0613 3268 odserv - ok 16:59:26.0644 3268 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 16:59:26.0691 3268 ohci1394 - ok 16:59:26.0815 3268 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 16:59:26.0893 3268 ose - ok 16:59:27.0720 3268 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 16:59:28.0204 3268 osppsvc - ok 16:59:28.0251 3268 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 16:59:28.0297 3268 p2pimsvc - ok 16:59:28.0329 3268 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 16:59:28.0375 3268 p2psvc - ok 16:59:28.0422 3268 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys 16:59:28.0438 3268 Parport - ok 16:59:28.0516 3268 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 16:59:28.0531 3268 partmgr - ok 16:59:28.0563 3268 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys 16:59:28.0578 3268 Parvdm - ok 16:59:28.0687 3268 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 16:59:28.0719 3268 PcaSvc - ok 16:59:28.0750 3268 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 16:59:28.0765 3268 pci - ok 16:59:28.0781 3268 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 16:59:28.0797 3268 pciide - ok 16:59:28.0812 3268 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys 16:59:28.0843 3268 pcmcia - ok 16:59:28.0875 3268 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 16:59:28.0890 3268 pcw - ok 16:59:28.0999 3268 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 16:59:29.0124 3268 PEAUTH - ok 16:59:29.0171 3268 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll 16:59:29.0249 3268 PeerDistSvc - ok 16:59:29.0327 3268 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 16:59:29.0421 3268 pla - ok 16:59:29.0514 3268 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 16:59:29.0623 3268 PlugPlay - ok 16:59:29.0701 3268 [ 205E1B699FD3F2F9B036EEA2EC30C620 ] PnkBstrA C:\Windows\system32\PnkBstrA.exe 16:59:29.0733 3268 PnkBstrA - ok 16:59:29.0748 3268 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 16:59:29.0779 3268 PNRPAutoReg - ok 16:59:29.0811 3268 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 16:59:29.0826 3268 PNRPsvc - ok 16:59:29.0889 3268 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 16:59:29.0967 3268 PolicyAgent - ok 16:59:30.0013 3268 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 16:59:30.0060 3268 Power - ok 16:59:30.0107 3268 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 16:59:30.0154 3268 PptpMiniport - ok 16:59:30.0169 3268 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys 16:59:30.0216 3268 Processor - ok 16:59:30.0263 3268 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 16:59:30.0325 3268 ProfSvc - ok 16:59:30.0341 3268 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 16:59:30.0357 3268 ProtectedStorage - ok 16:59:30.0388 3268 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 16:59:30.0435 3268 Psched - ok 16:59:30.0481 3268 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys 16:59:30.0606 3268 ql2300 - ok 16:59:30.0622 3268 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys 16:59:30.0653 3268 ql40xx - ok 16:59:30.0715 3268 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 16:59:30.0778 3268 QWAVE - ok 16:59:30.0793 3268 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 16:59:30.0825 3268 QWAVEdrv - ok 16:59:30.0840 3268 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 16:59:30.0887 3268 RasAcd - ok 16:59:30.0918 3268 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 16:59:30.0981 3268 RasAgileVpn - ok 16:59:30.0996 3268 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 16:59:31.0074 3268 RasAuto - ok 16:59:31.0121 3268 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 16:59:31.0199 3268 Rasl2tp - ok 16:59:31.0261 3268 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 16:59:31.0386 3268 RasMan - ok 16:59:31.0402 3268 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 16:59:31.0464 3268 RasPppoe - ok 16:59:31.0495 3268 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 16:59:31.0542 3268 RasSstp - ok 16:59:31.0620 3268 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 16:59:31.0714 3268 rdbss - ok 16:59:31.0745 3268 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 16:59:31.0776 3268 rdpbus - ok 16:59:31.0792 3268 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 16:59:31.0839 3268 RDPCDD - ok 16:59:31.0885 3268 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys 16:59:31.0963 3268 RDPDR - ok 16:59:31.0995 3268 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 16:59:32.0041 3268 RDPENCDD - ok 16:59:32.0088 3268 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 16:59:32.0135 3268 RDPREFMP - ok 16:59:32.0197 3268 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 16:59:32.0260 3268 RDPWD - ok 16:59:32.0322 3268 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 16:59:32.0385 3268 rdyboost - ok 16:59:32.0416 3268 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 16:59:32.0447 3268 RemoteAccess - ok 16:59:32.0494 3268 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 16:59:32.0541 3268 RemoteRegistry - ok 16:59:32.0572 3268 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 16:59:32.0619 3268 RpcEptMapper - ok 16:59:32.0681 3268 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 16:59:32.0712 3268 RpcLocator - ok 16:59:32.0728 3268 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 16:59:32.0775 3268 RpcSs - ok 16:59:32.0806 3268 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 16:59:32.0915 3268 rspndr - ok 16:59:33.0040 3268 [ 4E20765744BFBC16F6D6E5BD5598786B ] RTL8023xp C:\Windows\system32\DRIVERS\Rtnicxp.sys 16:59:33.0055 3268 RTL8023xp - ok 16:59:33.0087 3268 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys 16:59:33.0118 3268 s3cap - ok 16:59:33.0133 3268 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 16:59:33.0149 3268 SamSs - ok 16:59:33.0180 3268 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 16:59:33.0196 3268 sbp2port - ok 16:59:33.0227 3268 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 16:59:33.0274 3268 SCardSvr - ok 16:59:33.0289 3268 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 16:59:33.0336 3268 scfilter - ok 16:59:33.0430 3268 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 16:59:33.0492 3268 Schedule - ok 16:59:33.0508 3268 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 16:59:33.0539 3268 SCPolicySvc - ok 16:59:33.0555 3268 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 16:59:33.0586 3268 SDRSVC - ok 16:59:33.0633 3268 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 16:59:33.0664 3268 secdrv - ok 16:59:33.0711 3268 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 16:59:33.0773 3268 seclogon - ok 16:59:33.0820 3268 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 16:59:33.0867 3268 SENS - ok 16:59:33.0882 3268 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 16:59:33.0945 3268 SensrSvc - ok 16:59:33.0991 3268 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 16:59:34.0038 3268 Serenum - ok 16:59:34.0069 3268 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 16:59:34.0116 3268 Serial - ok 16:59:34.0194 3268 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys 16:59:34.0225 3268 sermouse - ok 16:59:34.0272 3268 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 16:59:34.0319 3268 SessionEnv - ok 16:59:34.0335 3268 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 16:59:34.0366 3268 sffdisk - ok 16:59:34.0381 3268 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 16:59:34.0413 3268 sffp_mmc - ok 16:59:34.0428 3268 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 16:59:34.0459 3268 sffp_sd - ok 16:59:34.0475 3268 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys 16:59:34.0537 3268 sfloppy - ok 16:59:34.0569 3268 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 16:59:34.0615 3268 ShellHWDetection - ok 16:59:34.0647 3268 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 16:59:34.0678 3268 sisagp - ok 16:59:34.0709 3268 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys 16:59:34.0725 3268 SiSRaid2 - ok 16:59:34.0756 3268 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys 16:59:34.0771 3268 SiSRaid4 - ok 16:59:34.0803 3268 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 16:59:34.0865 3268 Smb - ok 16:59:34.0943 3268 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 16:59:34.0959 3268 SNMPTRAP - ok 16:59:34.0974 3268 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 16:59:34.0990 3268 spldr - ok 16:59:35.0068 3268 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 16:59:35.0177 3268 Spooler - ok 16:59:35.0333 3268 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 16:59:35.0427 3268 sppsvc - ok 16:59:35.0458 3268 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 16:59:35.0489 3268 sppuinotify - ok 16:59:35.0661 3268 [ 71E276F6D189413266EA22171806597B ] sptd C:\Windows\system32\Drivers\sptd.sys 16:59:35.0801 3268 sptd - ok 16:59:35.0817 3268 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 16:59:35.0926 3268 srv - ok 16:59:36.0004 3268 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 16:59:36.0066 3268 srv2 - ok 16:59:36.0097 3268 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 16:59:36.0129 3268 srvnet - ok 16:59:36.0191 3268 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 16:59:36.0222 3268 SSDPSRV - ok 16:59:36.0285 3268 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 16:59:36.0300 3268 ssmdrv - ok 16:59:36.0331 3268 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 16:59:36.0378 3268 SstpSvc - ok 16:59:36.0503 3268 [ 07318149E102FD9197AB444C27774372 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys 16:59:36.0565 3268 ssudmdm - ok 16:59:36.0675 3268 Steam Client Service - ok 16:59:36.0706 3268 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys 16:59:36.0753 3268 stexstor - ok 16:59:36.0862 3268 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 16:59:36.0940 3268 StiSvc - ok 16:59:37.0018 3268 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys 16:59:37.0049 3268 storflt - ok 16:59:37.0096 3268 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll 16:59:37.0158 3268 StorSvc - ok 16:59:37.0221 3268 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys 16:59:37.0252 3268 storvsc - ok 16:59:37.0283 3268 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys 16:59:37.0299 3268 swenum - ok 16:59:37.0361 3268 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 16:59:37.0455 3268 swprv - ok 16:59:37.0579 3268 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 16:59:37.0657 3268 SysMain - ok 16:59:37.0720 3268 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 16:59:37.0767 3268 TabletInputService - ok 16:59:37.0798 3268 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 16:59:37.0891 3268 TapiSrv - ok 16:59:37.0938 3268 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 16:59:38.0047 3268 TBS - ok 16:59:38.0203 3268 [ A5EBB8F648000E88B7D9390B514976BF ] Tcpip C:\Windows\system32\drivers\tcpip.sys 16:59:38.0281 3268 Tcpip - ok 16:59:38.0344 3268 [ A5EBB8F648000E88B7D9390B514976BF ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 16:59:38.0375 3268 TCPIP6 - ok 16:59:38.0406 3268 [ CCA24162E055C3714CE5A88B100C64ED ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 16:59:38.0453 3268 tcpipreg - ok 16:59:38.0469 3268 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 16:59:38.0515 3268 TDPIPE - ok 16:59:38.0547 3268 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 16:59:38.0578 3268 TDTCP - ok 16:59:38.0609 3268 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 16:59:38.0640 3268 tdx - ok 16:59:38.0921 3268 [ C9B9373A0A430C11F0213E359D0772B2 ] TeamViewer7 C:\Program Files\TeamViewer\Version7\TeamViewer_Service.exe 16:59:38.0968 3268 TeamViewer7 - ok 16:59:39.0030 3268 [ 9101FFFCFCCD1A30E870A5B8A9091B10 ] teamviewervpn C:\Windows\system32\DRIVERS\teamviewervpn.sys 16:59:39.0108 3268 teamviewervpn - ok 16:59:39.0139 3268 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys 16:59:39.0155 3268 TermDD - ok 16:59:39.0217 3268 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 16:59:39.0280 3268 TermService - ok 16:59:39.0311 3268 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 16:59:39.0342 3268 Themes - ok 16:59:39.0373 3268 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 16:59:39.0420 3268 THREADORDER - ok 16:59:39.0451 3268 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 16:59:39.0498 3268 TrkWks - ok 16:59:39.0576 3268 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 16:59:39.0701 3268 TrustedInstaller - ok 16:59:39.0748 3268 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 16:59:39.0810 3268 tssecsrv - ok 16:59:39.0826 3268 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 16:59:39.0919 3268 TsUsbFlt - ok 16:59:39.0935 3268 [ 01246F0BAAD7B68EC0F472AA41E33282 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys 16:59:39.0966 3268 TsUsbGD - ok 16:59:40.0060 3268 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 16:59:40.0091 3268 tunnel - ok 16:59:40.0107 3268 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys 16:59:40.0153 3268 uagp35 - ok 16:59:40.0185 3268 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 16:59:40.0231 3268 udfs - ok 16:59:40.0263 3268 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 16:59:40.0309 3268 UI0Detect - ok 16:59:40.0325 3268 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 16:59:40.0372 3268 uliagpkx - ok 16:59:40.0403 3268 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys 16:59:40.0434 3268 umbus - ok 16:59:40.0450 3268 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys 16:59:40.0528 3268 UmPass - ok 16:59:40.0684 3268 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll 16:59:40.0715 3268 UmRdpService - ok 16:59:40.0746 3268 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 16:59:40.0809 3268 upnphost - ok 16:59:40.0855 3268 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 16:59:40.0887 3268 usbccgp - ok 16:59:40.0902 3268 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 16:59:40.0933 3268 usbcir - ok 16:59:40.0949 3268 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys 16:59:40.0980 3268 usbehci - ok 16:59:41.0011 3268 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 16:59:41.0074 3268 usbhub - ok 16:59:41.0105 3268 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 16:59:41.0136 3268 usbohci - ok 16:59:41.0183 3268 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 16:59:41.0214 3268 usbprint - ok 16:59:41.0261 3268 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 16:59:41.0339 3268 USBSTOR - ok 16:59:41.0370 3268 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys 16:59:41.0464 3268 usbuhci - ok 16:59:41.0495 3268 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 16:59:41.0542 3268 UxSms - ok 16:59:41.0557 3268 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 16:59:41.0573 3268 VaultSvc - ok 16:59:41.0604 3268 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 16:59:41.0651 3268 vdrvroot - ok 16:59:41.0745 3268 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 16:59:41.0823 3268 vds - ok 16:59:41.0854 3268 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 16:59:41.0885 3268 vga - ok 16:59:41.0901 3268 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 16:59:41.0947 3268 VgaSave - ok 16:59:42.0010 3268 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 16:59:42.0041 3268 vhdmp - ok 16:59:42.0072 3268 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 16:59:42.0103 3268 viaagp - ok 16:59:42.0135 3268 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys 16:59:42.0181 3268 ViaC7 - ok 16:59:42.0213 3268 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 16:59:42.0244 3268 viaide - ok 16:59:42.0353 3268 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys 16:59:42.0400 3268 vmbus - ok 16:59:42.0431 3268 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys 16:59:42.0478 3268 VMBusHID - ok 16:59:42.0509 3268 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 16:59:42.0525 3268 volmgr - ok 16:59:42.0603 3268 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 16:59:42.0665 3268 volmgrx - ok 16:59:42.0712 3268 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 16:59:42.0805 3268 volsnap - ok 16:59:43.0008 3268 [ EA8869FA708554BD8130C91BB985C14D ] vpnagent C:\Program Files\Cisco\Cisco AnyConnect VPN Client\vpnagent.exe 16:59:43.0039 3268 vpnagent - ok 16:59:43.0071 3268 [ FC94804932CFC35F01B3AE510E3B4D5C ] vpnva C:\Windows\system32\DRIVERS\vpnva.sys 16:59:43.0086 3268 vpnva - ok 16:59:43.0149 3268 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys 16:59:43.0180 3268 vsmraid - ok 16:59:43.0336 3268 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 16:59:43.0429 3268 VSS - ok 16:59:43.0461 3268 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 16:59:43.0476 3268 vwifibus - ok 16:59:43.0492 3268 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 16:59:43.0570 3268 W32Time - ok 16:59:43.0585 3268 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys 16:59:43.0632 3268 WacomPen - ok 16:59:43.0679 3268 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 16:59:43.0788 3268 WANARP - ok 16:59:43.0788 3268 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 16:59:43.0819 3268 Wanarpv6 - ok 16:59:44.0007 3268 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 16:59:44.0085 3268 wbengine - ok 16:59:44.0100 3268 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 16:59:44.0147 3268 WbioSrvc - ok 16:59:44.0178 3268 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 16:59:44.0209 3268 wcncsvc - ok 16:59:44.0241 3268 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 16:59:44.0303 3268 WcsPlugInService - ok 16:59:44.0319 3268 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys 16:59:44.0334 3268 Wd - ok 16:59:44.0397 3268 [ 9950E3D0F08141C7E89E64456AE7DC73 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 16:59:44.0459 3268 Wdf01000 - ok 16:59:44.0475 3268 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 16:59:44.0584 3268 WdiServiceHost - ok 16:59:44.0584 3268 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 16:59:44.0599 3268 WdiSystemHost - ok 16:59:44.0662 3268 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 16:59:44.0709 3268 WebClient - ok 16:59:44.0771 3268 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 16:59:44.0833 3268 Wecsvc - ok 16:59:44.0849 3268 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 16:59:44.0896 3268 wercplsupport - ok 16:59:44.0989 3268 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 16:59:45.0130 3268 WerSvc - ok 16:59:45.0192 3268 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 16:59:45.0255 3268 WfpLwf - ok 16:59:45.0270 3268 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 16:59:45.0301 3268 WIMMount - ok 16:59:45.0317 3268 WinHttpAutoProxySvc - ok 16:59:45.0613 3268 [ 13E30E6DC99EDF4C823873505FCC108C ] Winmgmt C:\Users\Step\AppData\Local\Temp\dYSEvWR.exe 16:59:46.0019 3268 Suspicious file (NoAccess): C:\Users\Step\AppData\Local\Temp\dYSEvWR.exe. md5: 13E30E6DC99EDF4C823873505FCC108C 16:59:46.0019 3268 Winmgmt ( LockedFile.Multi.Generic ) - warning 16:59:46.0019 3268 Winmgmt - detected LockedFile.Multi.Generic (1) 16:59:46.0159 3268 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 16:59:46.0300 3268 WinRM - ok 16:59:46.0534 3268 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 16:59:46.0627 3268 WinUsb - ok 16:59:46.0893 3268 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 16:59:46.0939 3268 Wlansvc - ok 16:59:47.0049 3268 [ FB01D4AE207B9EFDBABFC55DC95C7E31 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 16:59:47.0111 3268 wlidsvc - ok 16:59:47.0142 3268 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 16:59:47.0173 3268 WmiAcpi - ok 16:59:47.0251 3268 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 16:59:47.0298 3268 wmiApSrv - ok 16:59:47.0376 3268 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 16:59:47.0439 3268 WMPNetworkSvc - ok 16:59:47.0485 3268 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 16:59:47.0641 3268 WPCSvc - ok 16:59:47.0673 3268 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 16:59:47.0735 3268 WPDBusEnum - ok 16:59:47.0766 3268 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 16:59:47.0797 3268 ws2ifsl - ok 16:59:47.0797 3268 WSearch - ok 16:59:47.0813 3268 [ E714A1C0354636837E20CCBF00888EE7 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 16:59:47.0875 3268 WudfPf - ok 16:59:47.0891 3268 [ 1023EE888C9B47178C5293ED5336AB69 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 16:59:47.0922 3268 WUDFRd - ok 16:59:47.0938 3268 [ 8D1E1E529A2C9E9B6A85B55A345F7629 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 16:59:47.0985 3268 wudfsvc - ok 16:59:48.0000 3268 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 16:59:48.0094 3268 WwanSvc - ok 16:59:48.0141 3268 ================ Scan global =============================== 16:59:48.0172 3268 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 16:59:48.0203 3268 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 16:59:48.0234 3268 [ 183B4188D5D91B271613EC3EFD1B3CEF ] C:\Windows\system32\winsrv.dll 16:59:48.0265 3268 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 16:59:48.0328 3268 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 16:59:48.0343 3268 [Global] - ok 16:59:48.0343 3268 ================ Scan MBR ================================== 16:59:48.0390 3268 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 16:59:48.0718 3268 \Device\Harddisk0\DR0 - ok 16:59:48.0718 3268 [ 8F558EB6672622401DA993E1E865C861 ] \Device\Harddisk1\DR1 16:59:51.0136 3268 \Device\Harddisk1\DR1 - ok 16:59:51.0136 3268 ================ Scan VBR ================================== 16:59:51.0151 3268 [ 4D69FDEA9DD9B541F31D1074F11C8983 ] \Device\Harddisk0\DR0\Partition1 16:59:51.0151 3268 \Device\Harddisk0\DR0\Partition1 - ok 16:59:51.0167 3268 [ 104913DABDA69D208C60C773E30A4316 ] \Device\Harddisk0\DR0\Partition2 16:59:51.0183 3268 \Device\Harddisk0\DR0\Partition2 - ok 16:59:51.0198 3268 [ F62F87A3C9489156EBE7BB6C5EB4D92A ] \Device\Harddisk0\DR0\Partition3 16:59:51.0214 3268 \Device\Harddisk0\DR0\Partition3 - ok 16:59:51.0229 3268 [ 17ACB6D2A2FEBAB29A77ABEF0D04276C ] \Device\Harddisk0\DR0\Partition4 16:59:51.0261 3268 \Device\Harddisk0\DR0\Partition4 - ok 16:59:51.0276 3268 [ 413066B3A000F832F860D35D5C61AB79 ] \Device\Harddisk0\DR0\Partition5 16:59:51.0307 3268 \Device\Harddisk0\DR0\Partition5 - ok 16:59:51.0307 3268 [ BE5F6BB3B2564600A1AAD29B8E0E5954 ] \Device\Harddisk1\DR1\Partition1 16:59:51.0307 3268 \Device\Harddisk1\DR1\Partition1 - ok 16:59:51.0307 3268 ============================================================ 16:59:51.0307 3268 Scan finished 16:59:51.0307 3268 ============================================================ 16:59:51.0323 3320 Detected object count: 4 16:59:51.0323 3320 Actual detected object count: 4 17:00:06.0502 3320 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - skipped by user 17:00:06.0502 3320 AVM WLAN Connection Service ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:00:06.0517 3320 avmeject ( UnsignedFile.Multi.Generic ) - skipped by user 17:00:06.0517 3320 avmeject ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:00:06.0517 3320 CVPNDRVA ( UnsignedFile.Multi.Generic ) - skipped by user 17:00:06.0517 3320 CVPNDRVA ( UnsignedFile.Multi.Generic ) - User select action: Skip 17:00:06.0517 3320 Winmgmt ( LockedFile.Multi.Generic ) - skipped by user 17:00:06.0517 3320 Winmgmt ( LockedFile.Multi.Generic ) - User select action: Skip |
17.01.2013, 18:15 | #14 | |
/// Malware-holic | Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht hi, lade: http://download.bleepingcomputer.com.../7/Winmgmt.reg doppelklicken, nachfrage bestätigen, neustarten. combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
17.01.2013, 18:37 | #15 |
| Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht doppelgeklickt etc, neugestartet. ComboFix ausgeführt. vorher Avira Antivir deaktiviert. Dann meinte ComboFix, dass Panda Cloud aktiv sei. Dabei hatte ich es schon vor längerem deinstalliert. Auch eine neue Vergewisserung ob es sich nicht doch noch irgendwo versteckt war erfolglos. Nicht aufzufinden. Combofix ausgeführt. Dann laufen ja die Stufen durch. irgendwann poppt ein neues Fenster auf, dass PEV.exe nicht mehr richtig funktionieren würde und beendet werden würde. Combofix lief aber weiter durch nun isses bei stufe 50 lösche dateien einmal rwvesyd.pad und IDropPTB.dll und macht nichts mehr. sind auch keine Symbole mehr da. nur noch mein Hintergrund. PC scheint auch nicht mehr zu arbeiten |
Themen zu Ihr Computer ist gesperrt, GVU, Abgesicherter Modus startet nicht |
abgesicherten, abgesicherter, abgesicherter modus startet nicht, andere, bootfähige, computer, ebenfalls, einfach, erscheint, funktioniert, gesperrt, guten, hochfahren, laufwerk, lieber, modus, runter, sekunden, stark, starte, starten, startet, startet nicht, stelle, threads, versucht |