Zurück   Trojaner-Board > Malware entfernen > Plagegeister aller Art und deren Bekämpfung
MY start Incredibar auf google chrome

MY start Incredibar auf google chrome


Plagegeister aller Art und deren Bekämpfung: MY start Incredibar auf google chrome

Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen.

Antwort
Seite 1 von 2 1 2
Alt 15.01.2013, 21:21   #1
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


servus miteinander!

bin kein profi was software technisch da so abgeht, habe mich aber ein wenig eingelesen und so eine "LOG-FILE" mir durch TredSecure erstellen lassen.
So wie ich das immer gelesen habe soll man die ja dann hier posten.
Hier ist das Ding:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:11:33, on 15.01.2013
Platform: Unknown Windows (WinNT 6.01.3505 SP1)
MSIE: Internet Explorer v9.00 (9.00.8112.16457)
Boot mode: Normal

Running processes:
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\taskhost.exe
C:\Program Files\Uniblue\DriverScanner\dsmonitor.exe
C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe
C:\Program Files\Microsoft Security Client\msseces.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: IB Updater Helper - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Program Files\IB Updater\Extension32.dll
O2 - BHO: PDF Architect Helper - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Program Files\PDF Architect\PDFIEHelper.dll
O2 - BHO: Incredibar.com Helper Object - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll
O2 - BHO: Java(tm) Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre7\bin\ssv.dll
O2 - BHO: Evernote extension - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files\Evernote\Evernote\EvernoteIE.dll
O2 - BHO: SkypeIEPluginBHO - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~1\MICROS~3\Office14\URLREDIR.DLL
O2 - BHO: Java(tm) Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre7\bin\jp2ssv.dll
O3 - Toolbar: PDF Architect Toolbar - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Program Files\PDF Architect\PDFIEPlugin.dll
O3 - Toolbar: Incredibar Toolbar - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Program Files\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll
O4 - HKLM\..\Run: [MSC] "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [Adobe ARM] "C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /minimized /regrun
O4 - HKCU\..\Run: [DriverScanner] "C:\Program Files\Uniblue\DriverScanner\launcher.exe" delay 20000
O4 - HKCU\..\RunOnce: [Uninstall C:\Users\Kevin Jähnigen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin Jähnigen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-19\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'LOKALER DIENST')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /autoRun (User 'NETZWERKDIENST')
O4 - HKUS\S-1-5-20\..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (User 'NETZWERKDIENST')
O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~1\MICROS~3\Office14\ONBttnIE.dll/105
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~1\MICROS~3\Office14\EXCEL.EXE/3000
O8 - Extra context menu item: Neue Notiz - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html
O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html
O9 - Extra button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O9 - Extra button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O9 - Extra 'Tools' menuitem: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O13 - Gopher Prefix:
O18 - Protocol: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Adobe Acrobat Update Service (AdobeARMservice) - Adobe Systems Incorporated - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
O23 - Service: Google Update-Dienst (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update-Dienst (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: IB Updater - Unknown owner - C:\Program Files\IB Updater\ExtensionUpdaterService.exe
O23 - Service: IBUpdaterService - Unknown owner - C:\Windows\system32\dmwu.exe
O23 - Service: NVIDIA Display Driver Service (nvsvc) - NVIDIA Corporation - C:\Windows\system32\nvvsvc.exe
O23 - Service: PDF Architect Helper Service - pdfforge GbR - C:\Program Files\PDF Architect\HelperService.exe
O23 - Service: PDF Architect Service - pdfforge GbR - C:\Program Files\PDF Architect\ConversionService.exe
O23 - Service: Skype C2C Service - Skype Technologies S.A. - C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
O23 - Service: Skype Updater (SkypeUpdate) - Skype Technologies - C:\Program Files\Skype\Updater\Updater.exe

--
End of file - 8273 bytes



Vielen dank für Hilfe schon mal im Voraus

Alt 15.01.2013, 22:10   #2
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


hi
das hindert dich nicht, unsere Anleitungen zu lesen, hjt wollen wir lange nicht mehr sehen, ist unter win vista und höher eh nutzlos.
Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
  • Starte bitte die
    OTL.exe
    .
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Kopiere nun den Inhalt in die
    Textbox.
Code:
ATTFilter
activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
  • Schliesse bitte nun alle Programme. (Wichtig)
  • Klicke nun bitte auf den Quick Scan Button.
  • Kopiere
    nun den Inhalt aus OTL.txt und Extra.txt hier in Deinen Thread
__________________

__________________
Alt 16.01.2013, 06:36   #3
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


Pardon. hab nicht weit genug gelesen...
aber hier die texte:

OTL-Text:
OTL Logfile:
Code:
ATTFilter
OTL logfile created on: 15.01.2013 22:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin Jähnigen\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,31% Memory free
5,93 Gb Paging File | 4,98 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 87,97 Gb Free Space | 61,07% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 96,03 Gb Free Space | 68,35% Space Free | Partition Type: NTFS
 
Computer Name: KEVINJÄHNIGEN | User Name: Kevin Jähnigen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Processes (SafeList) ==========
 
PRC - File not found -- 
PRC - [2013.01.15 22:16:18 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Kevin Jähnigen\Downloads\OTL.exe
PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe
PRC - [2012.11.26 14:39:30 | 000,188,760 | ---- | M] () -- C:\Programme\IB Updater\ExtensionUpdaterService.exe
PRC - [2012.11.23 03:48:41 | 000,049,152 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\taskhost.exe
PRC - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\HelperService.exe
PRC - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) -- C:\Programme\PDF Architect\ConversionService.exe
PRC - [2012.10.02 16:20:26 | 001,008,496 | ---- | M] () -- C:\Windows\System32\dmwu.exe
PRC - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
PRC - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\NisSrv.exe
PRC - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) -- c:\Programme\Microsoft Security Client\MsMpEng.exe
PRC - [2012.09.12 17:19:44 | 000,947,176 | ---- | M] (Microsoft Corporation) -- C:\Programme\Microsoft Security Client\msseces.exe
PRC - [2012.07.10 12:51:16 | 000,026,016 | ---- | M] (Uniblue Systems Limited) -- C:\Programme\Uniblue\DriverScanner\dsmonitor.exe
PRC - [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) -- C:\Windows\explorer.exe
PRC - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) -- C:\Programme\Windows Media Player\wmpnetwk.exe
 
 
========== Modules (No Company Name) ==========
 
 
========== Services (SafeList) ==========
 
SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice)
SRV - [2012.12.13 23:25:36 | 001,343,400 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\Wat\WatAdminSvc.exe -- (WatAdminSvc)
SRV - [2012.11.26 14:39:30 | 000,188,760 | ---- | M] () [Auto | Running] -- C:\Programme\IB Updater\ExtensionUpdaterService.exe -- (IB Updater)
SRV - [2012.11.22 16:58:14 | 001,522,312 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\HelperService.exe -- (PDF Architect Helper Service)
SRV - [2012.11.22 16:56:10 | 000,905,864 | ---- | M] (pdfforge GbR) [Auto | Running] -- C:\Programme\PDF Architect\ConversionService.exe -- (PDF Architect Service)
SRV - [2012.11.09 11:21:24 | 000,160,944 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Programme\Skype\Updater\Updater.exe -- (SkypeUpdate)
SRV - [2012.10.02 16:20:26 | 001,008,496 | ---- | M] () [Auto | Running] -- C:\Windows\System32\dmwu.exe -- (IBUpdaterService)
SRV - [2012.10.02 12:13:44 | 003,064,000 | ---- | M] (Skype Technologies S.A.) [Auto | Running] -- C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe -- (Skype C2C Service)
SRV - [2012.09.12 17:25:24 | 000,287,824 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- c:\Programme\Microsoft Security Client\NisSrv.exe -- (NisSrv)
SRV - [2012.09.12 17:25:22 | 000,020,472 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2010.11.20 22:29:49 | 001,121,792 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Programme\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)
SRV - [2010.01.09 21:37:50 | 004,640,000 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc)
SRV - [2010.01.09 21:18:00 | 000,149,352 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE -- (ose)
SRV - [2009.07.14 02:16:13 | 000,025,088 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Windows\System32\sensrsvc.dll -- (SensrSvc)
SRV - [2009.07.14 02:15:41 | 000,680,960 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Programme\Windows Defender\MpSvc.dll -- (WinDefend)
 
 
========== Driver Services (SafeList) ==========
 
DRV - [2013.01.15 20:58:55 | 000,029,904 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{00868335-6314-4EFD-AE53-3C518C509BFB}\MpKsld805634f.sys -- (MpKsld805634f)
DRV - [2012.08.30 22:03:50 | 000,099,272 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\Windows\System32\drivers\NisDrvWFP.sys -- (NisDrv)
DRV - [2012.08.23 15:44:32 | 000,014,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\rdpvideominiport.sys -- (RdpVideoMiniport)
DRV - [2012.08.23 15:41:34 | 000,027,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbGD.sys -- (TsUsbGD)
DRV - [2012.08.23 15:40:25 | 000,049,664 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\System32\drivers\TsUsbFlt.sys -- (TsUsbFlt)
DRV - [2009.10.05 16:31:50 | 001,221,632 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\athr.sys -- (athr)
DRV - [2009.08.23 05:06:38 | 000,048,640 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\L1E62x86.sys -- (L1E)
DRV - [2009.07.28 07:56:00 | 009,791,552 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\nvlddmkm.sys -- (nvlddmkm)
DRV - [2007.03.28 07:51:40 | 000,043,008 | ---- | M] (Winbond Electronics Corporation) [Kernel | On_Demand | Running] -- C:\Windows\System32\drivers\winbondcir.sys -- (winbondcir)
 
 
========== Standard Registry (SafeList) ==========
 
 
========== Internet Explorer ==========
 
IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
 
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = BE 53 AF EA 0B D7 CD 01  [binary data]
IE - HKCU\..\SearchScopes,DefaultScope = {CFF4DB9B-135F-47c0-9269-B4C6572FD61A}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{CFF4DB9B-135F-47c0-9269-B4C6572FD61A}: "URL" = hxxp://mystart.incredibar.com/mb201/?search={searchTerms}&loc=IB_DS&a=6Oz0k43k5C&i=26
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
 
 
========== FireFox ==========
 
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.9.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
 
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\FFPDFArchitectConverter@pdfarchitect.com: C:\Program Files\PDF Architect\FFPDFArchitectExt [2012.12.10 20:51:51 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{336D0C35-8A85-403a-B9D2-65C292C39087}: C:\Program Files\IB Updater\Firefox [2013.01.15 06:25:18 | 000,000,000 | ---D | M]
 
[2013.01.15 06:25:28 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions
 
========== Chrome  ==========
 
CHR - homepage: hxxp://de.msn.com/
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?q={searchTerms}&{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}{google:assistedQueryStats}{google:searchFieldtrialParameter}sourceid=chrome&ie={inputEncoding}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?{google:searchFieldtrialParameter}client=chrome&hl={language}&q={searchTerms}&sugkey={google:suggestAPIKeyParameter},
CHR - homepage: hxxp://de.msn.com/
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\PepperFlash\pepflashplayer.dll
CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer
CHR - plugin: Native Client (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\24.0.1312.52\pdf.dll
CHR - plugin: Injovo Extension Plugin (Enabled) = C:\Users\Kevin J\u00E4hnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlnembnfbcpjnepmfjmngjenhhajpdfd\2.0.0.557_0\npbrowserext.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Kevin J\u00E4hnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\Plugins/PerionNewTabChrome-32.dll
CHR - plugin: Skype Click to Call (Enabled) = C:\Users\Kevin J\u00E4hnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl\6.3.0.11079_0\npSkypeChromePlugin.dll
CHR - plugin: Free Studio (Enabled) = C:\Users\Kevin J\u00E4hnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\nikpibnbobmbdbheedjfogjlikpgpnhp\1.0.1.1_0\np_dvs_plugin.dll
CHR - plugin: Perion plugin (Enabled) = C:\Users\Kevin J\u00E4hnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\niogeckbkdcabhnapjbkeiklablhjoca\1.0.5_0\plugins/PerionChromeInfoBar-32.dll
CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL
CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.124\npGoogleUpdate3.dll
CHR - plugin: Java(TM) Platform SE 7 U9 (Enabled) = C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll
CHR - plugin: VLC Web Plugin (Enabled) = C:\Program Files\VideoLAN\VLC\npvlc.dll
CHR - plugin: Java Deployment Toolkit 7.0.90.5 (Enabled) = C:\Windows\system32\npDeployJava1.dll
CHR - Extension: Google Translate = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb\1.2.4_0\
CHR - Extension: Angry Birds = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\aknpkdffaafgjchaibgeefbgmgeghloj\1.5.0.7_0\
CHR - Extension: Google Drive = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf\6.3_0\
CHR - Extension: YouTube Options for Google Chrome\u2122 = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\bdokagampppgbnjfdlkfpphniapiiifn\1.8.103_0\
CHR - Extension: TV = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\beobeededemalmllhkmnkinmfembdimh\1.0.11_0\
CHR - Extension: YouTube = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\
CHR - Extension: Google-Suche = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\
CHR - Extension: Dropbox = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl\3.0.2_0\
CHR - Extension: New tab for Chrome\u2122 = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\jifflliplgeajjdhmkcfnngfpgbjonjg\1.0.0_0\
CHR - Extension: Google Maps = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh\5.2.7_0\
CHR - Extension: Google Mail-Checker = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff\4.4.0_0\
CHR - Extension: Google Chrome to Phone Extension = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\oadboiipflhobonjjffjbfekfjcgkhco\2.3.1_0\
CHR - Extension: Google Mail = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\
CHR - Extension: Yann Arthus-Bertrand = C:\Users\Kevin Jähnigen\AppData\Local\Google\Chrome\User Data\Default\Extensions\plaekpceeonanmjojailaojkconcgofc\3_0\
 
O1 HOSTS File: ([2009.06.10 22:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts
O2 - BHO: (IB Updater) - {336D0C35-8A85-403a-B9D2-65C292C39087} - C:\Programme\IB Updater\Extension32.dll ()
O2 - BHO: (PDF Architect Helper) - {3A2D5EBA-F86D-4BD3-A177-019765996711} - C:\Programme\PDF Architect\PDFIEHelper.dll (pdfforge GbR)
O2 - BHO: (Incredibar.com Helper Object) - {6E13DDE1-2B6E-46CE-8B66-DC8BF36F6B99} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\bh\incredibar.dll (Montera Technologeis LTD)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation)
O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Programme\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation)
O3 - HKLM\..\Toolbar: (PDF Architect Toolbar) - {25A3A431-30BB-47C8-AD6A-E1063801134F} - C:\Programme\PDF Architect\PDFIEPlugin.dll (pdfforge GbR)
O3 - HKLM\..\Toolbar: (Incredibar Toolbar) - {F9639E4A-801B-4843-AEE3-03D9DA199E77} - C:\Programme\Incredibar.com\incredibar\1.5.11.14\incredibarTlbr.dll (Montera Technologeis LTD)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\Windows\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKCU..\Run: [DriverScanner] C:\Program Files\Uniblue\DriverScanner\launcher.exe (Uniblue Systems Limited)
O4 - HKCU..\RunOnce: [Uninstall C:\Users\Kevin Jähnigen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Kevin Jähnigen\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910" File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3
O8 - Extra context menu item: An OneNote s&enden - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O8 - Extra context menu item: Free YouTube Download - C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm ()
O8 - Extra context menu item: Free YouTube to MP3 Converter - C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm ()
O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - C:\Programme\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Neue Notiz - C:\Program Files\Evernote\Evernote\\EvernoteIERes\NewNote.html ()
O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files\Evernote\Evernote\\EvernoteIERes\Clip.html ()
O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O9 - Extra 'Tools' menuitem : @C:\Program Files\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files\Evernote\Evernote\\EvernoteIERes\AddNote.html ()
O13 - gopher Prefix: missing
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6B750C3B-A809-4D62-A868-08A2EA5C6241}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found.
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009.06.10 22:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
O38 - SubSystems\\Windows: (ServerDll=sxssrv,4)
 
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0
ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3C3901C5-3455-3E0A-A214-0B093A5070A6} - .NET Framework
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7
ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install
ActiveX: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
 
NetSvcs: FastUserSwitchingCompatibility -  File not found
NetSvcs: Ias - C:\Windows\System32\ias.dll (Microsoft Corporation)
NetSvcs: Nla -  File not found
NetSvcs: Ntmssvc -  File not found
NetSvcs: NWCWorkstation -  File not found
NetSvcs: Nwsapagent -  File not found
NetSvcs: SRService -  File not found
NetSvcs: WmdmPmSp -  File not found
NetSvcs: LogonHours -  File not found
NetSvcs: PCAudit -  File not found
NetSvcs: helpsvc -  File not found
NetSvcs: uploadmgr -  File not found
 
 
CREATERESTOREPOINT
Restore point Set: OTL Restore Point
 
========== Files/Folders - Created Within 30 Days ==========
 
[2013.01.15 21:09:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2013.01.15 21:09:55 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HijackThis
[2013.01.15 21:08:57 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2013.01.15 20:52:31 | 000,000,000 | ---D | C] -- C:\Program Files\Enigma Software Group
[2013.01.15 20:52:21 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\AppData\Roaming\Macromedia
[2013.01.15 20:51:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2013.01.15 20:41:39 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
[2013.01.15 06:25:50 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\Local Settings
[2013.01.15 06:25:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
[2013.01.15 06:25:47 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2013.01.15 06:25:45 | 000,000,000 | ---D | C] -- C:\Program Files\PricePeep
[2013.01.15 06:25:36 | 000,000,000 | ---D | C] -- C:\Program Files\Perion
[2013.01.15 06:25:31 | 000,000,000 | ---D | C] -- C:\Program Files\Incredibar.com
[2013.01.15 06:25:28 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2013.01.15 06:25:23 | 000,000,000 | ---D | C] -- C:\Windows\System32\ARFC
[2013.01.15 06:25:21 | 000,000,000 | ---D | C] -- C:\Windows\System32\WNLT
[2013.01.15 06:25:16 | 000,000,000 | ---D | C] -- C:\Program Files\IB Updater
[2013.01.14 21:39:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Uniblue
[2013.01.14 21:39:31 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\AppData\Roaming\Uniblue
[2013.01.14 21:39:28 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Uniblue
[2013.01.14 21:39:26 | 000,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2013.01.13 16:57:26 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\Desktop\Musik Jan 2013
[2013.01.13 15:13:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote
[2013.01.11 21:49:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DVDVideoSoft
[2013.01.11 21:49:50 | 000,000,000 | ---D | C] -- C:\Program Files\DVDVideoSoft
[2013.01.10 22:32:12 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\Desktop\Politische Bildung
[2013.01.01 15:11:28 | 000,000,000 | ---D | C] -- C:\Users\Kevin Jähnigen\AppData\Roaming\vlc
[2013.01.01 15:10:42 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
[2013.01.01 15:10:17 | 000,000,000 | ---D | C] -- C:\Program Files\VideoLAN
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files - Modified Within 30 Days ==========
 
[2013.01.15 21:45:00 | 000,001,114 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 21:09:55 | 000,002,043 | ---- | M] () -- C:\Users\Kevin Jähnigen\Desktop\HijackThis.lnk
[2013.01.15 21:02:33 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 21:02:33 | 000,021,888 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
[2013.01.15 21:00:54 | 000,696,870 | ---- | M] () -- C:\Windows\System32\perfh007.dat
[2013.01.15 21:00:54 | 000,652,148 | ---- | M] () -- C:\Windows\System32\perfh009.dat
[2013.01.15 21:00:54 | 000,148,134 | ---- | M] () -- C:\Windows\System32\perfc007.dat
[2013.01.15 21:00:54 | 000,121,080 | ---- | M] () -- C:\Windows\System32\perfc009.dat
[2013.01.15 20:57:21 | 000,000,011 | R--- | M] () -- C:\Windows\amunres.lsl
[2013.01.15 20:55:37 | 000,001,110 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 20:55:34 | 000,000,346 | ---- | M] () -- C:\Windows\tasks\DriverScanner.job
[2013.01.15 20:55:14 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat
[2013.01.15 20:55:09 | 2388,283,392 | -HS- | M] () -- C:\hiberfil.sys
[2013.01.15 20:41:39 | 000,002,205 | ---- | M] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.15 06:25:32 | 000,001,214 | ---- | M] () -- C:\user.js
[2013.01.14 21:39:28 | 000,001,151 | ---- | M] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013.01.14 19:36:12 | 000,001,264 | ---- | M] () -- C:\Users\Kevin Jähnigen\Desktop\Free YouTube Download.lnk
[2013.01.14 19:36:12 | 000,001,201 | ---- | M] () -- C:\Users\Kevin Jähnigen\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.11 21:50:06 | 000,001,360 | ---- | M] () -- C:\Users\Kevin Jähnigen\Desktop\Free YouTube to MP3 Converter.lnk
[2013.01.10 06:53:07 | 000,342,848 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT
[1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ]
 
========== Files Created - No Company Name ==========
 
[2013.01.15 21:09:55 | 000,002,043 | ---- | C] () -- C:\Users\Kevin Jähnigen\Desktop\HijackThis.lnk
[2013.01.15 20:57:21 | 000,000,011 | R--- | C] () -- C:\Windows\amunres.lsl
[2013.01.15 20:41:39 | 000,002,205 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk
[2013.01.15 20:40:48 | 000,001,114 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job
[2013.01.15 20:40:47 | 000,001,110 | ---- | C] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 06:25:23 | 001,008,496 | ---- | C] () -- C:\Windows\System32\dmwu.exe
[2013.01.15 06:25:22 | 000,028,160 | ---- | C] () -- C:\Windows\System32\ImHttpComm.dll
[2013.01.14 21:39:43 | 000,000,346 | ---- | C] () -- C:\Windows\tasks\DriverScanner.job
[2013.01.14 21:39:28 | 000,001,151 | ---- | C] () -- C:\Users\Public\Desktop\DriverScanner.lnk
[2013.01.14 19:36:12 | 000,001,264 | ---- | C] () -- C:\Users\Kevin Jähnigen\Desktop\Free YouTube Download.lnk
[2013.01.14 19:36:12 | 000,001,201 | ---- | C] () -- C:\Users\Kevin Jähnigen\Desktop\DVDVideoSoft Free Studio.lnk
[2013.01.11 21:50:06 | 000,001,360 | ---- | C] () -- C:\Users\Kevin Jähnigen\Desktop\Free YouTube to MP3 Converter.lnk
[2011.04.12 02:30:05 | 000,696,870 | ---- | C] () -- C:\Windows\System32\perfh007.dat
[2011.04.12 02:30:05 | 000,295,922 | ---- | C] () -- C:\Windows\System32\perfi007.dat
[2011.04.12 02:30:05 | 000,148,134 | ---- | C] () -- C:\Windows\System32\perfc007.dat
[2011.04.12 02:30:05 | 000,038,104 | ---- | C] () -- C:\Windows\System32\perfd007.dat
 
========== ZeroAccess Check ==========
 
[2009.07.14 05:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
 
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = %systemroot%\system32\wbem\fastprox.dll -- [2012.08.21 14:37:44 | 000,636,928 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
 
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = %systemroot%\system32\wbem\wbemess.dll -- [2012.08.21 14:34:24 | 000,351,744 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
 
========== LOP Check ==========
 
[2012.12.10 20:52:07 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\APP_NAME_NON_STRING
[2012.12.11 21:28:52 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\Auslogics
[2012.12.12 22:14:30 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\Dropbox
[2013.01.14 19:36:22 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoft
[2013.01.14 19:36:14 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers
[2012.12.12 21:43:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\PDF Architect
[2012.12.10 20:51:33 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\pdfforge
[2013.01.14 21:39:31 | 000,000,000 | ---D | M] -- C:\Users\Kevin Jähnigen\AppData\Roaming\Uniblue
 
========== Purity Check ==========
 
 
 
========== Custom Scans ==========
 
< %SYSTEMDRIVE%\*. >
[2012.12.10 20:14:15 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin
[2012.11.25 21:42:56 | 000,000,000 | ---D | M] -- C:\2d28c6f5dec2350fbe2e7ab5dc7b
[2008.11.29 15:33:52 | 000,000,000 | ---D | M] -- C:\ACER
[2009.01.14 20:51:55 | 000,000,000 | ---D | M] -- C:\ACERSW
[2012.08.06 12:34:33 | 000,000,000 | ---D | M] -- C:\bd_logs
[2008.11.27 20:57:30 | 000,000,000 | ---D | M] -- C:\book
[2012.12.10 19:45:18 | 000,000,000 | -HSD | M] -- C:\Boot
[2008.11.29 15:18:18 | 000,000,000 | ---D | M] -- C:\CLSetup
[2013.01.15 21:08:58 | 000,000,000 | -HSD | M] -- C:\Config.Msi
[2009.07.14 05:53:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings
[2009.01.14 20:42:32 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen
[2012.06.25 15:57:51 | 000,000,000 | ---D | M] -- C:\EasyFit
[2008.11.27 19:39:17 | 000,000,000 | ---D | M] -- C:\Intel
[2012.10.08 21:14:39 | 000,000,000 | ---D | M] -- C:\MAXIS
[2008.11.27 20:31:51 | 000,000,000 | RH-D | M] -- C:\MSOCache
[2012.11.25 21:59:03 | 000,000,000 | ---D | M] -- C:\NVIDIA
[2009.07.14 03:37:05 | 000,000,000 | ---D | M] -- C:\PerfLogs
[2012.09.05 09:01:05 | 000,000,000 | ---D | M] -- C:\PFS8.0 AE_TMP
[2013.01.15 21:09:55 | 000,000,000 | R--D | M] -- C:\Program Files
[2013.01.14 21:39:34 | 000,000,000 | -H-D | M] -- C:\ProgramData
[2009.01.14 20:42:32 | 000,000,000 | -HSD | M] -- C:\Programme
[2012.12.10 20:13:51 | 000,000,000 | -HSD | M] -- C:\Recovery
[2013.01.15 22:18:36 | 000,000,000 | -HSD | M] -- C:\System Volume Information
[2012.12.10 20:14:01 | 000,000,000 | R--D | M] -- C:\Users
[2010.04.10 18:43:07 | 000,000,000 | ---D | M] -- C:\WCH.CN
[2013.01.15 20:57:21 | 000,000,000 | ---D | M] -- C:\Windows
[2012.12.10 20:36:48 | 000,000,000 | ---D | M] -- C:\Windows.old
 
< %PROGRAMFILES%\*.exe >
 
< %LOCALAPPDATA%\*.exe >
 
< %systemroot%\*. /mp /s >
 
< C:\Windows\system32\*.tsp >
[2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp
[2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp
[2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp
[2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp
[2010.11.20 22:29:06 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp
[2009.07.14 05:53:46 | 000,010,460 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT
[2009.07.14 05:53:47 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT
[2013.01.14 21:39:43 | 000,000,346 | ---- | C] () -- C:\Windows\Tasks\DriverScanner.job
[2013.01.15 20:40:47 | 000,001,110 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
[2013.01.15 20:40:48 | 000,001,114 | ---- | C] () -- C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
 
< MD5 for: AGP440.SYS  >
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6001.18000_none_ba12ed3bbeb0d97a\AGP440.sys
[2008.01.21 03:23:01 | 000,056,376 | ---- | M] (Microsoft Corporation) MD5=13F9E33747E6B41A3FF305C37DB0D360 -- C:\Windows.old\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.0.6002.18005_none_bbfe6647bbd2a4c6\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\drivers\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\System32\DriverStore\FileRepository\machine.inf_x86_neutral_a97a2a0d0fbc6696\AGP440.sys
[2009.07.14 02:26:15 | 000,053,312 | ---- | M] (Microsoft Corporation) MD5=507812C3054C21CEF746B6EE3D04DD6E -- C:\Windows\winsxs\x86_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_bc1a57271cf2f285\AGP440.sys
 
< MD5 for: ATAPI.SYS  >
[2009.04.11 07:32:26 | 000,019,944 | ---- | M] (Microsoft Corporation) MD5=1F05B78AB91C9075565A9D8A4B880BC4 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6002.18005_none_df23a1261eab99e8\atapi.sys
[2008.01.21 03:23:00 | 000,021,560 | ---- | M] (Microsoft Corporation) MD5=2D9C903DC76A66813D350A562DE40ED9 -- C:\Windows.old\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.0.6001.18000_none_dd38281a2189ce9c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\drivers\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\System32\DriverStore\FileRepository\mshdc.inf_x86_neutral_fab873f3e8a3315c\atapi.sys
[2009.07.14 02:26:15 | 000,021,584 | ---- | M] (Microsoft Corporation) MD5=338C86357871C167A96AB976519BF59E -- C:\Windows\winsxs\x86_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_df3f92057fcbe7a7\atapi.sys
 
< MD5 for: CNGAUDIT.DLL  >
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\System32\cngaudit.dll
[2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
[2006.11.02 10:46:03 | 000,011,776 | ---- | M] (Microsoft Corporation) MD5=7F15B4953378C8B5161D65C26D5FED4D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.0.6000.16386_none_e62d292932a96ce6\cngaudit.dll
 
< MD5 for: EXPLORER.EXE  >
[2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_54149f9ef14031fc\explorer.exe
[2008.10.29 07:20:29 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=37440D09DEAE0B672A04DCCF7ABF06BE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.16771_none_4f83bb287ccdb7e3\explorer.exe
[2010.11.20 22:29:20 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_53bc10fdd7fe87ca\explorer.exe
[2008.10.29 07:29:41 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=4F554999D7D5F05DAAEBBA7B5BA1089D -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18164_none_5177ca9879e978e8\explorer.exe
[2008.10.30 04:59:17 | 002,927,616 | ---- | M] (Microsoft Corporation) MD5=50BA5850147410CDE89C523AD3BC606E -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.22298_none_51e4f8c7931bd1e1\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\explorer.exe
[2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_5389023fd8245f84\explorer.exe
[2009.04.11 07:27:36 | 002,926,592 | ---- | M] (Microsoft Corporation) MD5=D07D4C3038F3578FFCE1C0237F2A1253 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6002.18005_none_53a0201e76de3a0b\explorer.exe
[2008.10.28 03:15:02 | 002,923,520 | ---- | M] (Microsoft Corporation) MD5=E7156B0B74762D9DE0E66BDCDE06E5FB -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6000.20947_none_5033cb5995cd990b\explorer.exe
[2008.01.21 03:24:24 | 002,927,104 | ---- | M] (Microsoft Corporation) MD5=FFA764631CB70A30065C12EF8E174F9F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-explorer_31bf3856ad364e35_6.0.6001.18000_none_51b4a71279bc6ebf\explorer.exe
 
< MD5 for: IASTOR.SYS  >
[2008.07.20 10:44:44 | 000,324,120 | ---- | M] (Intel Corporation) MD5=707C1692214B1C290271067197F075F6 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver\IaStor.sys
[2008.07.20 10:44:54 | 000,402,456 | ---- | M] (Intel Corporation) MD5=FC28E90F2204D8FD147FA9BFA8A51C01 -- C:\ACER\Preload\Autorun\DRV\Intel Robson RBSMDL2G\Winall\Driver64\IaStor.sys
 
< MD5 for: IASTORV.SYS  >
[2008.01.21 03:23:23 | 000,235,064 | ---- | M] (Intel Corporation) MD5=54155EA1B0DF185878E0FC9EC3AC3A14 -- C:\Windows.old\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.0.6001.18000_none_af11527887c7fa8f\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\drivers\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_0bcee2057afcc090\iaStorV.sys
[2011.03.11 06:38:51 | 000,332,160 | ---- | M] (Intel Corporation) MD5=5CD5F9A5444E6CDCB0AC89BD62D8B76E -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_b0daddb9e6380745\iaStorV.sys
[2011.03.11 06:28:00 | 000,332,160 | ---- | M] (Intel Corporation) MD5=778D0E6D7D9EBA0C403BADBAAD41DB20 -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_b152a892ff64119f\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\System32\DriverStore\FileRepository\iastorv.inf_x86_neutral_668286aa35d55928\iaStorV.sys
[2010.11.20 22:29:03 | 000,332,160 | ---- | M] (Intel Corporation) MD5=A3CAE5D281DB4CFF7CFF8233507EE5AD -- C:\Windows\winsxs\x86_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_b118bc63e60a139a\iaStorV.sys
 
< MD5 for: NETLOGON.DLL  >
[2009.04.11 07:28:23 | 000,592,896 | ---- | M] (Microsoft Corporation) MD5=95DAECF0FB120A7B5DA679CC54E37DDE -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6002.18005_none_ffa3304f351bb3a3\netlogon.dll
[2008.01.21 03:24:05 | 000,592,384 | ---- | M] (Microsoft Corporation) MD5=A8EFC0B6E75B789F7FD3BA5025D4E37F -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.0.6001.18000_none_fdb7b74337f9e857\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\System32\netlogon.dll
[2010.11.20 22:29:12 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\x86_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_ffbf212e963c0162\netlogon.dll
 
< MD5 for: NVSTOR.SYS  >
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\drivers\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_0276fc3b3ea60d41\nvstor.sys
[2011.03.11 06:39:00 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=4380E59A170D88C4F1022EFF6719A8A4 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_3ba44e691d6eb11d\nvstor.sys
[2011.03.11 06:28:10 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=66D468654A58594F5F3BA63D5AD5B1AF -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_3c1c1942369abb77\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\System32\DriverStore\FileRepository\nvraid.inf_x86_neutral_dd659ed032d28a14\nvstor.sys
[2010.11.20 22:29:03 | 000,143,744 | ---- | M] (NVIDIA Corporation) MD5=9283C58EBAA2618F93482EB5DABCEC82 -- C:\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_3be22d131d40bd72\nvstor.sys
[2008.01.21 03:23:21 | 000,045,112 | ---- | M] (NVIDIA Corporation) MD5=ABED0C09758D1D97DB0042DBB2688177 -- C:\Windows.old\Windows\winsxs\x86_nvraid.inf_31bf3856ad364e35_6.0.6001.18000_none_39dac327befea467\nvstor.sys
 
< MD5 for: SCECLI.DLL  >
[2008.01.21 03:24:50 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=28B84EB538F7E8A0FE8B9299D591E0B9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6001.18000_none_380de25bd91b6f12\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\System32\scecli.dll
[2010.11.20 22:29:07 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_3a154c47375d881d\scecli.dll
[2009.04.11 07:28:24 | 000,177,152 | ---- | M] (Microsoft Corporation) MD5=8FC182167381E9915651267044105EE1 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.0.6002.18005_none_39f95b67d63d3a5e\scecli.dll
 
< MD5 for: USER32.DLL  >
[2009.04.11 07:28:25 | 000,627,712 | ---- | M] (Microsoft Corporation) MD5=75510147B94598407666F4802797C75A -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6002.18005_none_cf23e54d6a7e4a7e\user32.dll
[2008.01.21 03:24:21 | 000,627,200 | ---- | M] (Microsoft Corporation) MD5=B974D9F06DC7D1908E825DC201681269 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.0.6001.18000_none_cd386c416d5c7f32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\System32\user32.dll
[2010.11.20 22:29:20 | 000,811,520 | ---- | M] (Microsoft Corporation) MD5=F1DD3ACAEE5E6B4BBC69BC6DF75CEF66 -- C:\Windows\winsxs\x86_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_cf3fd62ccb9e983d\user32.dll
 
< MD5 for: USERINIT.EXE  >
[2008.01.21 03:24:49 | 000,025,088 | ---- | M] (Microsoft Corporation) MD5=0E135526E9785D085BCD9AEDE6FBCBF9 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.0.6001.18000_none_dc28ba15d1aff80b\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\System32\userinit.exe
[2010.11.20 22:29:06 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
 
< MD5 for: WINLOGON.EXE  >
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\System32\winlogon.exe
[2010.11.20 22:29:06 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=6D13E1406F50C66E2A95D97F22C47560 -- C:\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_71ca6b0233339500\winlogon.exe
[2009.04.11 07:28:13 | 000,314,368 | ---- | M] (Microsoft Corporation) MD5=898E7C06A350D4A1A64A9EA264D55452 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6002.18005_none_71ae7a22d2134741\winlogon.exe
[2008.01.21 03:24:49 | 000,314,880 | ---- | M] (Microsoft Corporation) MD5=C2610B6BDBEFC053BBDAB4F1B965CB24 -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-winlogon_31bf3856ad364e35_6.0.6001.18000_none_6fc30116d4f17bf5\winlogon.exe
 
< MD5 for: WS2IFSL.SYS  >
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\System32\drivers\ws2ifsl.sys
[2009.07.14 00:55:02 | 000,016,384 | ---- | M] (Microsoft Corporation) MD5=6DB3276587B853BF886B69528FDB048C -- C:\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_4f5cf6f829213bb2\ws2ifsl.sys
[2008.01.21 03:24:47 | 000,015,872 | ---- | M] (Microsoft Corporation) MD5=E3A3CB253C0EC2494D4A61F5E43A389C -- C:\Windows.old\Windows\winsxs\x86_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.0.6001.18000_none_4f86a0d4c7cda641\ws2ifsl.sys
 
< %systemroot%\system32\drivers\*.sys /lockedfiles >
 
< %systemroot%\System32\config\*.sav >
 
< %systemroot%\system32\*.dll /lockedfiles >
 
< %USERPROFILE%\*.* >
[2013.01.15 22:30:05 | 001,310,720 | -HS- | M] () -- C:\Users\Kevin Jähnigen\NTUSER.DAT
[2013.01.15 22:30:05 | 000,262,144 | -HS- | M] () -- C:\Users\Kevin Jähnigen\ntuser.dat.LOG1
[2012.12.10 20:14:04 | 000,000,000 | -HS- | M] () -- C:\Users\Kevin Jähnigen\ntuser.dat.LOG2
[2012.12.10 21:03:57 | 000,065,536 | -HS- | M] () -- C:\Users\Kevin Jähnigen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TM.blf
[2012.12.10 21:03:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin Jähnigen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000001.regtrans-ms
[2012.12.10 21:03:57 | 000,524,288 | -HS- | M] () -- C:\Users\Kevin Jähnigen\NTUSER.DAT{6cced2f1-6e01-11de-8bed-001e0bcd1824}.TMContainer00000000000000000002.regtrans-ms
[2012.12.10 20:14:05 | 000,000,020 | -HS- | M] () -- C:\Users\Kevin Jähnigen\ntuser.ini
 
< %USERPROFILE%\Local Settings\Temp\*.exe >
 
< %USERPROFILE%\Local Settings\Temp\*.dll >
 
< %USERPROFILE%\Application Data\*.exe >
 
< HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs >
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data]
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,12288,512 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16
 
<           >
 
========== Alternate Data Streams ==========
 
@Alternate Data Stream - 134 bytes -> C:\ProgramData\TEMP:07BF512B

< End of report >
--- --- ---



Extra-Text:
#OTL Logfile:
Code:
ATTFilter
OTL Extras logfile created on: 15.01.2013 22:17:23 - Run 1
OTL by OldTimer - Version 3.2.69.0     Folder = C:\Users\Kevin Jähnigen\Downloads
 Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
 
2,97 Gb Total Physical Memory | 2,29 Gb Available Physical Memory | 77,31% Memory free
5,93 Gb Paging File | 4,98 Gb Available in Paging File | 84,05% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
 
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 144,04 Gb Total Space | 87,97 Gb Free Space | 61,07% Space Free | Partition Type: NTFS
Drive D: | 140,50 Gb Total Space | 96,03 Gb Free Space | 68,35% Space Free | Partition Type: NTFS
 
Computer Name: KEVINJÄHNIGEN | User Name: Kevin Jähnigen | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
 
========== Extra Registry (SafeList) ==========
 
 
========== File Associations ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
 
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
 
========== Shell Spawning ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
 
========== Security Center Settings ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
 
========== Firewall Settings ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"EnableFirewall" = 1
"DisableNotifications" = 0
 
========== Authorized Applications List ==========
 
 
========== Vista Active Open Ports Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B43484E-5943-460C-A4E5-B73D7711675F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{0BCE9141-B507-49C1-AE96-52DBE8760110}" = lport=137 | protocol=17 | dir=in | app=system | 
"{126B6371-36EB-4A77-82ED-6B7CFA037974}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{1644337D-5187-4AA5-AA68-85303F08596C}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe | 
"{1FB401BC-9CD4-4104-B86C-D89C4D682B98}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 | 
"{2134CB64-308B-495E-A944-96FCB1F8AE0A}" = rport=139 | protocol=6 | dir=out | app=system | 
"{2EFBB558-1FB7-4EFF-8356-C99FCCA42052}" = rport=137 | protocol=17 | dir=out | app=system | 
"{305041AB-161E-49CF-B6D2-3D419095D0E8}" = lport=139 | protocol=6 | dir=in | app=system | 
"{5D89B57E-AB2A-40D8-819B-049AA370E86C}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{69A735FD-4B51-4C94-BC51-865F5E089234}" = lport=10243 | protocol=6 | dir=in | app=system | 
"{700F1C79-B3A1-4A09-8A16-D7AEBB2BBB08}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{893A7279-886F-485C-914B-1D4B84E39274}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe | 
"{8FCCA37C-7D37-4588-9161-812A385B85F6}" = rport=138 | protocol=17 | dir=out | app=system | 
"{923CA873-F011-4204-B753-B38C9CA00B10}" = rport=10243 | protocol=6 | dir=out | app=system | 
"{A38CEAAC-0CC5-444A-B177-FAC726B432AF}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe | 
"{A5E41612-CD77-417B-93D2-8F80A7806076}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{AE782E52-102A-445D-8E32-CD7EA25444AA}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe | 
"{D3436AEE-0C23-41F2-9039-5506410F9BFB}" = lport=445 | protocol=6 | dir=in | app=system | 
"{D89B5ACC-DCCD-4416-866A-A3893C6B0C3A}" = rport=445 | protocol=6 | dir=out | app=system | 
"{DC435529-0B8A-4BCA-9F8D-ADA808466830}" = lport=2869 | protocol=6 | dir=in | app=system | 
"{F98B091A-2EB7-46A8-8CEF-3AC65CD9742B}" = lport=138 | protocol=17 | dir=in | app=system | 
"{F9E884E5-B2A6-45C9-98D2-922D2248539E}" = lport=808 | protocol=6 | dir=in | svc=nettcpactivator | app=c:\windows\microsoft.net\framework\v4.0.30319\smsvchost.exe | 
 
========== Vista Active Application Exception List ==========
 
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{0B831A07-F20B-4D03-B6E5-1214E6727BDF}" = protocol=6 | dir=out | app=system | 
"{0E15BCC3-E63D-4ABB-91E3-4BC18E61FA0F}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe | 
"{157AFA75-F888-45C5-A13E-96CFC48341B6}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{34AD1619-C392-4C5C-BAA1-3B1B0CBB3B41}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{38A0455F-5ED3-4184-B723-9C8C4A7CDAD5}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{4872EC4A-A0E1-43CF-84E4-340067822439}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{52EF2AAF-3308-42A7-B384-B7AED4DC8E9B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{57E1C6E5-0695-460F-BB4B-754E1745BBBE}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe | 
"{61A0AFCF-06BD-4BF1-BD59-CE1D4A6DBA3E}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{67A43705-DCCA-461E-9E0D-276EE51DEE5C}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{6F564E5E-5177-40C9-B632-81BB27599623}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{7B339D7D-8D32-4BA7-83A6-3B31E8168C8E}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{83B9E1C4-6964-4E0F-AA37-03A7628B0A68}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{88A18547-B448-4FAC-B1EF-3B944CE61B82}" = protocol=17 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{8E6B61A4-137A-45A8-BFCA-70F77971CC93}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 | 
"{90E64914-7572-4C60-9A25-202B398B8DAF}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{A3749E3A-F01D-4C44-BE41-ED8CB155CBAB}" = protocol=6 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{B8D0B91B-0CCC-4F33-B0FB-9E292495470E}" = dir=in | app=c:\program files\skype\phone\skype.exe | 
"{BDD86A23-AB24-49EE-9FA3-BE8CAF631FCC}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 | 
"{C5CECD5A-10BA-4451-9E59-EACBE01D056A}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 | 
"{C8348E90-AFD3-484A-ACAB-B20593928773}" = protocol=6 | dir=in | app=c:\windows\system32\arfc\wrtc.exe | 
"{CA04DE8A-21C8-46E8-8534-6EB95E7B697D}" = protocol=17 | dir=in | app=c:\program files\microsoft office\office14\onenote.exe | 
"{DE163B67-C32F-45E9-B427-58AC72B6D727}" = protocol=6 | dir=in | app=c:\windows\system32\dmwu.exe | 
"{E47E9F76-7BE5-48A4-9DCB-2A7B37171616}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe | 
"{E4949A8A-467F-4838-B7E3-654AF82C22C8}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 | 
"{E7C6D2CF-F227-4764-B28F-A1939AB95D02}" = protocol=6 | dir=in | app=c:\users\kevin jähnigen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{EA2375A2-F92D-4ACD-BA90-65FA97D84646}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe | 
"{F109642D-ADB2-46CC-914F-27BB8983C0DD}" = protocol=17 | dir=in | app=c:\users\kevin jähnigen\appdata\roaming\dropbox\bin\dropbox.exe | 
"{F74C1E51-F008-4A69-B876-FB122192BD16}" = protocol=17 | dir=in | app=c:\windows\system32\dmwu.exe | 
 
========== HKEY_LOCAL_MACHINE Uninstall List ==========
 
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 9
"{30B41B7A-3C9D-44DE-A7A1-949011F33CC3}" = PDF Architect
"{336D0C35-8A85-403a-B9D2-65C292C39087}_is1" = IB Updater 2.0.0.557
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3D3E663D-4E7E-4577-A560-7ECDDD45548A}" = PVSonyDll
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{90140000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2010
"{90140000-0015-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2010
"{90140000-0016-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2010
"{90140000-0018-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2010
"{90140000-0019-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010
"{90140000-001A-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2010
"{90140000-001B-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010
"{90140000-001F-0407-0000-0000000FF1CE}_Office14.SingleImage_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}_Office14.SingleImage_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-040C-0000-0000000FF1CE}_Office14.SingleImage_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010
"{90140000-001F-0410-0000-0000000FF1CE}_Office14.SingleImage_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010
"{90140000-002C-0407-0000-0000000FF1CE}_Office14.SingleImage_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-003D-0000-0000-0000000FF1CE}" = Microsoft Office Single Image 2010
"{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010
"{90140000-006E-0407-0000-0000000FF1CE}_Office14.SingleImage_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{90140000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2010
"{90140000-00A1-0407-0000-0000000FF1CE}_Office14.SingleImage_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1)
"{98EABC7F-B1A1-43A5-B505-5B4EC3908DCD}" = Microsoft Security Client
"{9D8BAA74-5B7D-11E2-8273-984BE15F174E}" = Evernote v. 4.6.1
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{C2F8CA82-2BD9-4513-B2D1-08A47914C1DA}_is1" = Uniblue DriverScanner
"{C911A0C2-2236-3164-AA47-F2566C01AE5E}" = Microsoft .NET Framework 4 Extended DEU Language Pack
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 
"bi_uninstaller" = 7-Zip Uninstaller
"Free YouTube Download_is1" = Free YouTube Download version 3.1.42.1212
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.11.37.1212
"Google Chrome" = Google Chrome
"HijackThis" = HijackThis 2.0.2
"incredibar" = Incredibar Toolbar  on IE
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework 4 Extended DEU Language Pack" = Microsoft .NET Framework 4 Extended DEU Language Pack
"Microsoft Security Client" = Microsoft Security Essentials
"NVIDIA Drivers" = NVIDIA Drivers
"Office14.SingleImage" = Microsoft Office Home and Student 2010
"PricePeep" = PricePeep for Google Chrome
"VLC media player" = VLC media player 2.0.4
"WNLT" = IB Updater Service
 
========== HKEY_CURRENT_USER Uninstall List ==========
 
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
 
========== Last 20 Event Log Errors ==========
 
[ Application Events ]
Error - 09.01.2013 12:23:49 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 10.01.2013 01:29:34 | Computer Name = KevinJähnigen | Source = System Restore | ID = 8193
Description = 
 
Error - 10.01.2013 01:53:56 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 12.01.2013 00:37:45 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 13.01.2013 04:36:22 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 13.01.2013 17:28:46 | Computer Name = KevinJähnigen | Source = Application Hang | ID = 1002
Description = Programm Explorer.EXE, Version 6.1.7601.17567 kann nicht mehr unter
 Windows ausgeführt werden und wurde beendet. Überprüfen Sie den Problemverlauf 
in der Wartungscenter-Systemsteuerung, um nach weiteren Informationen zum Problem
 zu suchen.    Prozess-ID: e14    Startzeit: 01cdf1698d7b4a9b    Endzeit: 0    Anwendungspfad: C:\Windows\Explorer.EXE

Berichts-ID:
 2b4019ce-5dc8-11e2-9e7c-00238b2420b2  
 
Error - 14.01.2013 01:32:23 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 15.01.2013 01:18:58 | Computer Name = KevinJähnigen | Source = MsiInstaller | ID = 11609
Description = 
 
Error - 15.01.2013 01:19:51 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
Error - 15.01.2013 15:56:59 | Computer Name = KevinJähnigen | Source = Microsoft-Windows-WMI | ID = 10
Description = Der Ereignisfilter mit der Abfrage "SELECT * FROM __InstanceModificationEvent
 WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage
 > 99" konnte im Namespace "//./root/CIMV2" aufgrund des Fehlers "0x80041003" nicht
 reaktiviert werden. Solange dieses Problem besteht, können mit diesem Filter keine
 Ereignisse übermittelt werden.
 
[ System Events ]
Error - 13.12.2012 01:53:39 | Computer Name = KevinJähnigen | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.1528.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 13.12.2012 01:53:39 | Computer Name = KevinJähnigen | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.1528.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 13.12.2012 01:53:39 | Computer Name = KevinJähnigen | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.1528.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%853     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x80240016     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 10.01.2013 01:51:00 | Computer Name = KevinJähnigen | Source = Microsoft Antimalware | ID = 2001
Description = Beim Aktualisieren der Signaturen wurde von %%860 ein Fehler festgestellt.

	Neue
 Signaturversion:      Vorherige Signaturversion: 1.141.3477.0     Aktualisierungsquelle: 
%%859     Aktualisierungsphase: %%854     Quellpfad: hxxp://www.microsoft.com     Signaturtyp: 
%%800     Aktualisierungstyp: %%803     Benutzer: NT-AUTORITÄT\SYSTEM     Aktuelle Modulversion:
      Vorherige Modulversion: 1.1.9002.0     Fehlercode: 0x8024001e     Fehlerbeschreibung: Unerwartetes
 Problem bei der Überprüfung auf Updates. Informationen zum Installieren von Updates
 oder zur Problembehandlung finden Sie unter "Hilfe und Support". 
 
Error - 13.01.2013 17:14:09 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.01.2013 17:28:45 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.01.2013 17:28:46 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.01.2013 17:28:46 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 13.01.2013 17:28:47 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk1\DR1 gefunden.
 
Error - 15.01.2013 01:30:40 | Computer Name = KevinJähnigen | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk2\DR2 gefunden.
 
 
< End of report >
--- --- ---




Vielen dank für die Hilfe!!
__________________
Alt 16.01.2013, 18:43   #4
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


hi
download tdss killer:
http://www.trojaner-board.de/82358-t...entfernen.html
Klicke auf Change parameters
• Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system
• Klick auf OK und anschließend auf Start scan
- bei funden erst mal immer skip wählen, log posten
c: öffnen, tdsskiller-datum-version.txt öffnen, Inhal posten
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 16.01.2013, 20:51   #5
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


servus!

Danke für die Hilfe erstmal!!

Hab also den rotkit-killer von Kaspersky installiert und auch die Haken richtig gesetzt. Dann alle Programmfenster geschlossen und den Scan gestartet.
Insgesamt hab ich dann 4Scans gemacht und bei keinem wurde etwas gefunden.

Und jetzt?


Alt 16.01.2013, 22:39   #6
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


poste bitte das log.
__________________
--> MY start Incredibar auf google chrome

Alt 21.01.2013, 06:42   #7
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


Hier das LOG.

Alt 21.01.2013, 14:12   #8
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


keins zu sehen, evtl packen und anhängen
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 18:31   #9
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


18:30:11.0061 0936 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
18:30:11.0303 0936 ============================================================
18:30:11.0303 0936 Current date / time: 2013/01/21 18:30:11.0303
18:30:11.0303 0936 SystemInfo:
18:30:11.0303 0936
18:30:11.0303 0936 OS Version: 6.1.7601 ServicePack: 1.0
18:30:11.0303 0936 Product type: Workstation
18:30:11.0304 0936 ComputerName: KEVINJÄHNIGEN
18:30:11.0304 0936 UserName: Kevin Jähnigen
18:30:11.0304 0936 Windows directory: C:\Windows
18:30:11.0304 0936 System windows directory: C:\Windows
18:30:11.0304 0936 Processor architecture: Intel x86
18:30:11.0304 0936 Number of processors: 2
18:30:11.0304 0936 Page size: 0x1000
18:30:11.0304 0936 Boot type: Normal boot
18:30:11.0304 0936 ============================================================
18:30:13.0102 0936 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
18:30:13.0205 0936 ============================================================
18:30:13.0205 0936 \Device\Harddisk0\DR0:
18:30:13.0205 0936 MBR partitions:
18:30:13.0205 0936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1400800, BlocksNum 0x12016800
18:30:13.0205 0936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x13417000, BlocksNum 0x11900000
18:30:13.0205 0936 ============================================================
18:30:13.0225 0936 C: <-> \Device\Harddisk0\DR0\Partition1
18:30:13.0264 0936 D: <-> \Device\Harddisk0\DR0\Partition2
18:30:13.0264 0936 ============================================================
18:30:13.0265 0936 Initialize success
18:30:13.0265 0936 ============================================================
18:30:30.0377 0564 ============================================================
18:30:30.0377 0564 Scan started
18:30:30.0377 0564 Mode: Manual;
18:30:30.0377 0564 ============================================================
18:30:30.0863 0564 ================ Scan system memory ========================
18:30:30.0863 0564 System memory - ok
18:30:30.0864 0564 ================ Scan services =============================
18:30:31.0115 0564 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
18:30:31.0120 0564 1394ohci - ok
18:30:31.0141 0564 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
18:30:31.0147 0564 ACPI - ok
18:30:31.0170 0564 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
18:30:31.0171 0564 AcpiPmi - ok
18:30:31.0268 0564 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
18:30:31.0269 0564 AdobeARMservice - ok
18:30:31.0309 0564 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
18:30:31.0327 0564 adp94xx - ok
18:30:31.0348 0564 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\drivers\adpahci.sys
18:30:31.0357 0564 adpahci - ok
18:30:31.0387 0564 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
18:30:31.0392 0564 adpu320 - ok
18:30:31.0449 0564 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
18:30:31.0452 0564 AeLookupSvc - ok
18:30:31.0492 0564 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
18:30:31.0500 0564 AFD - ok
18:30:31.0515 0564 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
18:30:31.0517 0564 agp440 - ok
18:30:31.0549 0564 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\drivers\djsvs.sys
18:30:31.0552 0564 aic78xx - ok
18:30:31.0592 0564 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
18:30:31.0594 0564 ALG - ok
18:30:31.0631 0564 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
18:30:31.0633 0564 aliide - ok
18:30:31.0668 0564 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
18:30:31.0672 0564 amdagp - ok
18:30:31.0694 0564 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
18:30:31.0696 0564 amdide - ok
18:30:31.0740 0564 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
18:30:31.0743 0564 AmdK8 - ok
18:30:31.0771 0564 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
18:30:31.0773 0564 AmdPPM - ok
18:30:31.0807 0564 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
18:30:31.0811 0564 amdsata - ok
18:30:31.0850 0564 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
18:30:31.0856 0564 amdsbs - ok
18:30:31.0893 0564 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
18:30:31.0894 0564 amdxata - ok
18:30:31.0934 0564 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
18:30:31.0937 0564 AppID - ok
18:30:31.0989 0564 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
18:30:31.0990 0564 AppIDSvc - ok
18:30:32.0006 0564 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
18:30:32.0009 0564 Appinfo - ok
18:30:32.0039 0564 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\drivers\arc.sys
18:30:32.0042 0564 arc - ok
18:30:32.0076 0564 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\drivers\arcsas.sys
18:30:32.0079 0564 arcsas - ok
18:30:32.0229 0564 [ 776ACEFA0CA9DF0FAA51A5FB2F435705 ] aspnet_state C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe
18:30:32.0231 0564 aspnet_state - ok
18:30:32.0258 0564 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
18:30:32.0259 0564 AsyncMac - ok
18:30:32.0273 0564 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
18:30:32.0274 0564 atapi - ok
18:30:32.0343 0564 [ B01751CC563AECAC09BBE36AAA21FBEF ] athr C:\Windows\system32\DRIVERS\athr.sys
18:30:32.0377 0564 athr - ok
18:30:32.0435 0564 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
18:30:32.0454 0564 AudioEndpointBuilder - ok
18:30:32.0469 0564 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
18:30:32.0475 0564 Audiosrv - ok
18:30:32.0506 0564 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
18:30:32.0508 0564 AxInstSV - ok
18:30:32.0552 0564 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\drivers\bxvbdx.sys
18:30:32.0559 0564 b06bdrv - ok
18:30:32.0582 0564 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
18:30:32.0587 0564 b57nd60x - ok
18:30:32.0622 0564 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
18:30:32.0624 0564 BDESVC - ok
18:30:32.0647 0564 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
18:30:32.0648 0564 Beep - ok
18:30:32.0689 0564 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
18:30:32.0708 0564 BFE - ok
18:30:32.0749 0564 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
18:30:32.0772 0564 BITS - ok
18:30:32.0789 0564 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
18:30:32.0791 0564 blbdrive - ok
18:30:32.0823 0564 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
18:30:32.0824 0564 bowser - ok
18:30:32.0841 0564 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
18:30:32.0843 0564 BrFiltLo - ok
18:30:32.0873 0564 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
18:30:32.0883 0564 BrFiltUp - ok
18:30:32.0932 0564 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
18:30:32.0934 0564 Browser - ok
18:30:32.0957 0564 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
18:30:32.0962 0564 Brserid - ok
18:30:32.0975 0564 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
18:30:32.0978 0564 BrSerWdm - ok
18:30:33.0005 0564 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
18:30:33.0006 0564 BrUsbMdm - ok
18:30:33.0027 0564 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
18:30:33.0029 0564 BrUsbSer - ok
18:30:33.0069 0564 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
18:30:33.0071 0564 BTHMODEM - ok
18:30:33.0109 0564 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
18:30:33.0111 0564 bthserv - ok
18:30:33.0180 0564 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
18:30:33.0182 0564 cdfs - ok
18:30:33.0207 0564 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
18:30:33.0209 0564 cdrom - ok
18:30:33.0238 0564 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
18:30:33.0240 0564 CertPropSvc - ok
18:30:33.0277 0564 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
18:30:33.0279 0564 circlass - ok
18:30:33.0305 0564 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
18:30:33.0309 0564 CLFS - ok
18:30:33.0369 0564 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
18:30:33.0373 0564 clr_optimization_v2.0.50727_32 - ok
18:30:33.0407 0564 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
18:30:33.0411 0564 clr_optimization_v4.0.30319_32 - ok
18:30:33.0432 0564 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
18:30:33.0434 0564 CmBatt - ok
18:30:33.0455 0564 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
18:30:33.0457 0564 cmdide - ok
18:30:33.0501 0564 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys
18:30:33.0509 0564 CNG - ok
18:30:33.0526 0564 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
18:30:33.0527 0564 Compbatt - ok
18:30:33.0554 0564 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
18:30:33.0556 0564 CompositeBus - ok
18:30:33.0567 0564 COMSysApp - ok
18:30:33.0599 0564 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
18:30:33.0601 0564 crcdisk - ok
18:30:33.0658 0564 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
18:30:33.0662 0564 CryptSvc - ok
18:30:33.0703 0564 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
18:30:33.0724 0564 DcomLaunch - ok
18:30:33.0755 0564 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
18:30:33.0760 0564 defragsvc - ok
18:30:33.0775 0564 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
18:30:33.0777 0564 DfsC - ok
18:30:33.0803 0564 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
18:30:33.0808 0564 Dhcp - ok
18:30:33.0830 0564 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
18:30:33.0832 0564 discache - ok
18:30:33.0865 0564 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\drivers\disk.sys
18:30:33.0867 0564 Disk - ok
18:30:33.0904 0564 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
18:30:33.0908 0564 Dnscache - ok
18:30:33.0927 0564 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
18:30:33.0932 0564 dot3svc - ok
18:30:33.0949 0564 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
18:30:33.0954 0564 DPS - ok
18:30:33.0990 0564 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
18:30:33.0992 0564 drmkaud - ok
18:30:34.0023 0564 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
18:30:34.0045 0564 DXGKrnl - ok
18:30:34.0107 0564 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
18:30:34.0110 0564 EapHost - ok
18:30:34.0206 0564 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\drivers\evbdx.sys
18:30:34.0283 0564 ebdrv - ok
18:30:34.0319 0564 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
18:30:34.0321 0564 EFS - ok
18:30:34.0373 0564 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
18:30:34.0393 0564 ehRecvr - ok
18:30:34.0406 0564 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
18:30:34.0409 0564 ehSched - ok
18:30:34.0438 0564 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\drivers\elxstor.sys
18:30:34.0445 0564 elxstor - ok
18:30:34.0462 0564 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
18:30:34.0464 0564 ErrDev - ok
18:30:34.0506 0564 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
18:30:34.0511 0564 EventSystem - ok
18:30:34.0532 0564 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
18:30:34.0535 0564 exfat - ok
18:30:34.0563 0564 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
18:30:34.0566 0564 fastfat - ok
18:30:34.0603 0564 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
18:30:34.0621 0564 Fax - ok
18:30:34.0638 0564 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\drivers\fdc.sys
18:30:34.0639 0564 fdc - ok
18:30:34.0652 0564 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
18:30:34.0654 0564 fdPHost - ok
18:30:34.0670 0564 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
18:30:34.0672 0564 FDResPub - ok
18:30:34.0692 0564 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
18:30:34.0693 0564 FileInfo - ok
18:30:34.0712 0564 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
18:30:34.0713 0564 Filetrace - ok
18:30:34.0732 0564 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
18:30:34.0733 0564 flpydisk - ok
18:30:34.0758 0564 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
18:30:34.0760 0564 FltMgr - ok
18:30:34.0803 0564 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll
18:30:34.0825 0564 FontCache - ok
18:30:34.0876 0564 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
18:30:34.0879 0564 FontCache3.0.0.0 - ok
18:30:34.0896 0564 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
18:30:34.0899 0564 FsDepends - ok
18:30:34.0924 0564 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
18:30:34.0925 0564 Fs_Rec - ok
18:30:34.0971 0564 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
18:30:34.0976 0564 fvevol - ok
18:30:35.0004 0564 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
18:30:35.0008 0564 gagp30kx - ok
18:30:35.0047 0564 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
18:30:35.0065 0564 gpsvc - ok
18:30:35.0159 0564 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
18:30:35.0162 0564 gupdate - ok
18:30:35.0170 0564 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
18:30:35.0172 0564 gupdatem - ok
18:30:35.0184 0564 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
18:30:35.0186 0564 hcw85cir - ok
18:30:35.0239 0564 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
18:30:35.0246 0564 HdAudAddService - ok
18:30:35.0285 0564 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
18:30:35.0287 0564 HDAudBus - ok
18:30:35.0305 0564 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
18:30:35.0307 0564 HidBatt - ok
18:30:35.0322 0564 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\drivers\hidbth.sys
18:30:35.0324 0564 HidBth - ok
18:30:35.0363 0564 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
18:30:35.0364 0564 HidIr - ok
18:30:35.0385 0564 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
18:30:35.0387 0564 hidserv - ok
18:30:35.0416 0564 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
18:30:35.0418 0564 HidUsb - ok
18:30:35.0448 0564 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
18:30:35.0451 0564 hkmsvc - ok
18:30:35.0472 0564 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
18:30:35.0477 0564 HomeGroupListener - ok
18:30:35.0503 0564 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
18:30:35.0508 0564 HomeGroupProvider - ok
18:30:35.0535 0564 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
18:30:35.0537 0564 HpSAMD - ok
18:30:35.0567 0564 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
18:30:35.0574 0564 HTTP - ok
18:30:35.0583 0564 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
18:30:35.0584 0564 hwpolicy - ok
18:30:35.0604 0564 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
18:30:35.0688 0564 i8042prt - ok
18:30:35.0721 0564 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
18:30:35.0726 0564 iaStorV - ok
18:30:35.0787 0564 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
18:30:35.0808 0564 idsvc - ok
18:30:35.0830 0564 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\drivers\iirsp.sys
18:30:35.0832 0564 iirsp - ok
18:30:35.0890 0564 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
18:30:35.0914 0564 IKEEXT - ok
18:30:35.0926 0564 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
18:30:35.0928 0564 intelide - ok
18:30:35.0963 0564 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
18:30:35.0964 0564 intelppm - ok
18:30:35.0984 0564 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
18:30:35.0987 0564 IPBusEnum - ok
18:30:35.0998 0564 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
18:30:36.0000 0564 IpFilterDriver - ok
18:30:36.0039 0564 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
18:30:36.0062 0564 iphlpsvc - ok
18:30:36.0085 0564 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
18:30:36.0088 0564 IPMIDRV - ok
18:30:36.0104 0564 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
18:30:36.0107 0564 IPNAT - ok
18:30:36.0123 0564 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
18:30:36.0126 0564 IRENUM - ok
18:30:36.0145 0564 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
18:30:36.0148 0564 isapnp - ok
18:30:36.0179 0564 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
18:30:36.0183 0564 iScsiPrt - ok
18:30:36.0203 0564 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
18:30:36.0204 0564 kbdclass - ok
18:30:36.0238 0564 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
18:30:36.0239 0564 kbdhid - ok
18:30:36.0254 0564 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
18:30:36.0255 0564 KeyIso - ok
18:30:36.0280 0564 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
18:30:36.0281 0564 KSecDD - ok
18:30:36.0299 0564 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
18:30:36.0301 0564 KSecPkg - ok
18:30:36.0329 0564 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
18:30:36.0335 0564 KtmRm - ok
18:30:36.0370 0564 [ F7CDABA15C7E853F0A11AF6D77FCA990 ] L1E C:\Windows\system32\DRIVERS\L1E62x86.sys
18:30:36.0372 0564 L1E - ok
18:30:36.0399 0564 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
18:30:36.0404 0564 LanmanServer - ok
18:30:36.0429 0564 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
18:30:36.0433 0564 LanmanWorkstation - ok
18:30:36.0483 0564 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
18:30:36.0486 0564 lltdio - ok
18:30:36.0523 0564 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
18:30:36.0530 0564 lltdsvc - ok
18:30:36.0550 0564 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
18:30:36.0554 0564 lmhosts - ok
18:30:36.0577 0564 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
18:30:36.0581 0564 LSI_FC - ok
18:30:36.0603 0564 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
18:30:36.0606 0564 LSI_SAS - ok
18:30:36.0625 0564 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
18:30:36.0628 0564 LSI_SAS2 - ok
18:30:36.0643 0564 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
18:30:36.0647 0564 LSI_SCSI - ok
18:30:36.0669 0564 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
18:30:36.0671 0564 luafv - ok
18:30:36.0696 0564 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
18:30:36.0699 0564 Mcx2Svc - ok
18:30:36.0713 0564 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\drivers\megasas.sys
18:30:36.0714 0564 megasas - ok
18:30:36.0740 0564 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
18:30:36.0745 0564 MegaSR - ok
18:30:36.0765 0564 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
18:30:36.0768 0564 MMCSS - ok
18:30:36.0787 0564 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
18:30:36.0787 0564 Modem - ok
18:30:36.0807 0564 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
18:30:36.0807 0564 monitor - ok
18:30:36.0826 0564 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
18:30:36.0828 0564 mouclass - ok
18:30:36.0857 0564 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
18:30:36.0858 0564 mouhid - ok
18:30:36.0872 0564 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
18:30:36.0874 0564 mountmgr - ok
18:30:36.0918 0564 [ EE728AF83850DDAD9A3FCAC0AAB3AD97 ] MpFilter C:\Windows\system32\DRIVERS\MpFilter.sys
18:30:36.0922 0564 MpFilter - ok
18:30:36.0938 0564 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
18:30:36.0941 0564 mpio - ok
18:30:37.0067 0564 [ A69630D039C38018689190234F866D77 ] MpKsle962762e c:\ProgramData\Microsoft\Microsoft Antimalware\Definition Updates\{308F624C-B386-40CD-89A3-540FC45C73D7}\MpKsle962762e.sys
18:30:37.0069 0564 MpKsle962762e - ok
18:30:37.0083 0564 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
18:30:37.0086 0564 mpsdrv - ok
18:30:37.0123 0564 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
18:30:37.0147 0564 MpsSvc - ok
18:30:37.0194 0564 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
18:30:37.0198 0564 MRxDAV - ok
18:30:37.0239 0564 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
18:30:37.0242 0564 mrxsmb - ok
18:30:37.0267 0564 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
18:30:37.0273 0564 mrxsmb10 - ok
18:30:37.0296 0564 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
18:30:37.0299 0564 mrxsmb20 - ok
18:30:37.0314 0564 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
18:30:37.0315 0564 msahci - ok
18:30:37.0338 0564 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
18:30:37.0341 0564 msdsm - ok
18:30:37.0371 0564 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
18:30:37.0375 0564 MSDTC - ok
18:30:37.0402 0564 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
18:30:37.0403 0564 Msfs - ok
18:30:37.0413 0564 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
18:30:37.0414 0564 mshidkmdf - ok
18:30:37.0430 0564 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
18:30:37.0431 0564 msisadrv - ok
18:30:37.0470 0564 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
18:30:37.0473 0564 MSiSCSI - ok
18:30:37.0482 0564 msiserver - ok
18:30:37.0501 0564 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
18:30:37.0503 0564 MSKSSRV - ok
18:30:37.0533 0564 [ E077FCA2A7E79FB9BF67D3E30B5CE593 ] MsMpSvc c:\Program Files\Microsoft Security Client\MsMpEng.exe
18:30:37.0533 0564 MsMpSvc - ok
18:30:37.0544 0564 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
18:30:37.0545 0564 MSPCLOCK - ok
18:30:37.0558 0564 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
18:30:37.0560 0564 MSPQM - ok
18:30:37.0575 0564 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
18:30:37.0578 0564 MsRPC - ok
18:30:37.0598 0564 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
18:30:37.0598 0564 mssmbios - ok
18:30:37.0604 0564 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
18:30:37.0607 0564 MSTEE - ok
18:30:37.0637 0564 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
18:30:37.0639 0564 MTConfig - ok
18:30:37.0657 0564 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
18:30:37.0658 0564 Mup - ok
18:30:37.0696 0564 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
18:30:37.0703 0564 napagent - ok
18:30:37.0739 0564 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
18:30:37.0743 0564 NativeWifiP - ok
18:30:37.0779 0564 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
18:30:37.0795 0564 NDIS - ok
18:30:37.0811 0564 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
18:30:37.0812 0564 NdisCap - ok
18:30:37.0834 0564 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
18:30:37.0835 0564 NdisTapi - ok
18:30:37.0848 0564 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
18:30:37.0849 0564 Ndisuio - ok
18:30:37.0868 0564 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
18:30:37.0871 0564 NdisWan - ok
18:30:37.0886 0564 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
18:30:37.0887 0564 NDProxy - ok
18:30:37.0905 0564 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
18:30:37.0906 0564 NetBIOS - ok
18:30:37.0928 0564 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
18:30:37.0932 0564 NetBT - ok
18:30:37.0944 0564 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
18:30:37.0945 0564 Netlogon - ok
18:30:37.0995 0564 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
18:30:38.0001 0564 Netman - ok
18:30:38.0038 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetMsmqActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:38.0040 0564 NetMsmqActivator - ok
18:30:38.0045 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetPipeActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:38.0047 0564 NetPipeActivator - ok
18:30:38.0074 0564 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
18:30:38.0081 0564 netprofm - ok
18:30:38.0087 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpActivator C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:38.0089 0564 NetTcpActivator - ok
18:30:38.0095 0564 [ D22CD77D4F0D63D1169BB35911BFF12D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
18:30:38.0097 0564 NetTcpPortSharing - ok
18:30:38.0122 0564 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
18:30:38.0124 0564 nfrd960 - ok
18:30:38.0157 0564 [ 2CD24A6AF497D0E9B9BF3DA924ED05E6 ] NisDrv C:\Windows\system32\DRIVERS\NisDrvWFP.sys
18:30:38.0160 0564 NisDrv - ok
18:30:38.0177 0564 [ 3B846434055F80D9E89D0742F3ADAD34 ] NisSrv c:\Program Files\Microsoft Security Client\NisSrv.exe
18:30:38.0181 0564 NisSrv - ok
18:30:38.0215 0564 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
18:30:38.0220 0564 NlaSvc - ok
18:30:38.0234 0564 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
18:30:38.0235 0564 Npfs - ok
18:30:38.0256 0564 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
18:30:38.0259 0564 nsi - ok
18:30:38.0276 0564 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
18:30:38.0277 0564 nsiproxy - ok
18:30:38.0326 0564 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
18:30:38.0361 0564 Ntfs - ok
18:30:38.0379 0564 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
18:30:38.0380 0564 Null - ok
18:30:38.0648 0564 [ 9A55250A7EDC9EA12DC3495F5E9F8703 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
18:30:38.0898 0564 nvlddmkm - ok
18:30:38.0924 0564 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
18:30:38.0927 0564 nvraid - ok
18:30:38.0942 0564 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
18:30:38.0945 0564 nvstor - ok
18:30:38.0981 0564 [ A52F94B75368B0C22A4E38334E2EFB4B ] nvsvc C:\Windows\system32\nvvsvc.exe
18:30:38.0987 0564 nvsvc - ok
18:30:39.0007 0564 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
18:30:39.0010 0564 nv_agp - ok
18:30:39.0043 0564 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
18:30:39.0045 0564 ohci1394 - ok
18:30:39.0129 0564 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
18:30:39.0131 0564 ose - ok
18:30:39.0309 0564 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
18:30:39.0435 0564 osppsvc - ok
18:30:39.0480 0564 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
18:30:39.0487 0564 p2pimsvc - ok
18:30:39.0510 0564 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
18:30:39.0529 0564 p2psvc - ok
18:30:39.0552 0564 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\drivers\parport.sys
18:30:39.0554 0564 Parport - ok
18:30:39.0587 0564 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
18:30:39.0588 0564 partmgr - ok
18:30:39.0606 0564 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\drivers\parvdm.sys
18:30:39.0608 0564 Parvdm - ok
18:30:39.0622 0564 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
18:30:39.0626 0564 PcaSvc - ok
18:30:39.0637 0564 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
18:30:39.0639 0564 pci - ok
18:30:39.0655 0564 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
18:30:39.0657 0564 pciide - ok
18:30:39.0671 0564 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
18:30:39.0674 0564 pcmcia - ok
18:30:39.0691 0564 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
18:30:39.0692 0564 pcw - ok
18:30:39.0777 0564 [ 98655F862BB07CFB1CCC9262DA621AE1 ] PDF Architect Helper Service C:\Program Files\PDF Architect\HelperService.exe
18:30:39.0816 0564 PDF Architect Helper Service - ok
18:30:39.0852 0564 [ 73406F96E946F2B38615375269EF286F ] PDF Architect Service C:\Program Files\PDF Architect\ConversionService.exe
18:30:39.0881 0564 PDF Architect Service - ok
18:30:39.0929 0564 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
18:30:39.0946 0564 PEAUTH - ok
18:30:40.0015 0564 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
18:30:40.0068 0564 pla - ok
18:30:40.0105 0564 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
18:30:40.0112 0564 PlugPlay - ok
18:30:40.0124 0564 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
18:30:40.0127 0564 PNRPAutoReg - ok
18:30:40.0147 0564 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
18:30:40.0151 0564 PNRPsvc - ok
18:30:40.0185 0564 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
18:30:40.0192 0564 PolicyAgent - ok
18:30:40.0222 0564 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
18:30:40.0226 0564 Power - ok
18:30:40.0260 0564 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
18:30:40.0262 0564 PptpMiniport - ok
18:30:40.0279 0564 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\drivers\processr.sys
18:30:40.0281 0564 Processor - ok
18:30:40.0314 0564 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
18:30:40.0318 0564 ProfSvc - ok
18:30:40.0334 0564 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
18:30:40.0336 0564 ProtectedStorage - ok
18:30:40.0366 0564 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
18:30:40.0368 0564 Psched - ok
18:30:40.0412 0564 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
18:30:40.0446 0564 ql2300 - ok
18:30:40.0491 0564 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
18:30:40.0494 0564 ql40xx - ok
18:30:40.0531 0564 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
18:30:40.0536 0564 QWAVE - ok
18:30:40.0557 0564 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
18:30:40.0559 0564 QWAVEdrv - ok
18:30:40.0576 0564 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
18:30:40.0577 0564 RasAcd - ok
18:30:40.0596 0564 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
18:30:40.0597 0564 RasAgileVpn - ok
18:30:40.0616 0564 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
18:30:40.0619 0564 RasAuto - ok
18:30:40.0635 0564 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
18:30:40.0637 0564 Rasl2tp - ok
18:30:40.0663 0564 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
18:30:40.0669 0564 RasMan - ok
18:30:40.0684 0564 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
18:30:40.0686 0564 RasPppoe - ok
18:30:40.0696 0564 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
18:30:40.0698 0564 RasSstp - ok
18:30:40.0715 0564 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
18:30:40.0719 0564 rdbss - ok
18:30:40.0729 0564 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\drivers\rdpbus.sys
18:30:40.0731 0564 rdpbus - ok
18:30:40.0746 0564 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
18:30:40.0747 0564 RDPCDD - ok
18:30:40.0777 0564 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
18:30:40.0779 0564 RDPENCDD - ok
18:30:40.0790 0564 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
18:30:40.0791 0564 RDPREFMP - ok
18:30:40.0831 0564 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
18:30:40.0832 0564 RdpVideoMiniport - ok
18:30:40.0872 0564 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
18:30:40.0878 0564 RDPWD - ok
18:30:40.0913 0564 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
18:30:40.0917 0564 rdyboost - ok
18:30:40.0953 0564 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
18:30:40.0956 0564 RemoteAccess - ok
18:30:40.0974 0564 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
18:30:40.0979 0564 RemoteRegistry - ok
18:30:41.0008 0564 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
18:30:41.0011 0564 RpcEptMapper - ok
18:30:41.0044 0564 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
18:30:41.0046 0564 RpcLocator - ok
18:30:41.0073 0564 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
18:30:41.0078 0564 RpcSs - ok
18:30:41.0120 0564 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
18:30:41.0122 0564 rspndr - ok
18:30:41.0134 0564 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
18:30:41.0136 0564 SamSs - ok
18:30:41.0165 0564 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
18:30:41.0167 0564 sbp2port - ok
18:30:41.0189 0564 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
18:30:41.0193 0564 SCardSvr - ok
18:30:41.0203 0564 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
18:30:41.0205 0564 scfilter - ok
18:30:41.0239 0564 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
18:30:41.0262 0564 Schedule - ok
18:30:41.0287 0564 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
18:30:41.0288 0564 SCPolicySvc - ok
18:30:41.0304 0564 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
18:30:41.0308 0564 SDRSVC - ok
18:30:41.0345 0564 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
18:30:41.0347 0564 secdrv - ok
18:30:41.0361 0564 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
18:30:41.0365 0564 seclogon - ok
18:30:41.0393 0564 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
18:30:41.0397 0564 SENS - ok
18:30:41.0425 0564 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
18:30:41.0428 0564 SensrSvc - ok
18:30:41.0443 0564 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\drivers\serenum.sys
18:30:41.0444 0564 Serenum - ok
18:30:41.0459 0564 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\drivers\serial.sys
18:30:41.0462 0564 Serial - ok
18:30:41.0478 0564 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\drivers\sermouse.sys
18:30:41.0480 0564 sermouse - ok
18:30:41.0518 0564 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
18:30:41.0522 0564 SessionEnv - ok
18:30:41.0538 0564 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
18:30:41.0539 0564 sffdisk - ok
18:30:41.0545 0564 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
18:30:41.0546 0564 sffp_mmc - ok
18:30:41.0568 0564 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
18:30:41.0570 0564 sffp_sd - ok
18:30:41.0584 0564 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
18:30:41.0585 0564 sfloppy - ok
18:30:41.0618 0564 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
18:30:41.0623 0564 SharedAccess - ok
18:30:41.0646 0564 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
18:30:41.0653 0564 ShellHWDetection - ok
18:30:41.0676 0564 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
18:30:41.0678 0564 sisagp - ok
18:30:41.0705 0564 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
18:30:41.0707 0564 SiSRaid2 - ok
18:30:41.0722 0564 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
18:30:41.0724 0564 SiSRaid4 - ok
18:30:41.0847 0564 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe
18:30:41.0939 0564 Skype C2C Service - ok
18:30:41.0954 0564 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
18:30:41.0956 0564 SkypeUpdate - ok
18:30:41.0983 0564 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
18:30:41.0986 0564 Smb - ok
18:30:42.0039 0564 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
18:30:42.0044 0564 SNMPTRAP - ok
18:30:42.0079 0564 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
18:30:42.0080 0564 spldr - ok
18:30:42.0129 0564 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
18:30:42.0149 0564 Spooler - ok
18:30:42.0248 0564 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
18:30:42.0342 0564 sppsvc - ok
18:30:42.0355 0564 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
18:30:42.0358 0564 sppuinotify - ok
18:30:42.0397 0564 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
18:30:42.0404 0564 srv - ok
18:30:42.0424 0564 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
18:30:42.0428 0564 srv2 - ok
18:30:42.0465 0564 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
18:30:42.0469 0564 SrvHsfHDA - ok
18:30:42.0498 0564 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
18:30:42.0521 0564 SrvHsfV92 - ok
18:30:42.0543 0564 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
18:30:42.0562 0564 SrvHsfWinac - ok
18:30:42.0583 0564 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
18:30:42.0585 0564 srvnet - ok
18:30:42.0619 0564 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
18:30:42.0624 0564 SSDPSRV - ok
18:30:42.0639 0564 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
18:30:42.0643 0564 SstpSvc - ok
18:30:42.0663 0564 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\drivers\stexstor.sys
18:30:42.0664 0564 stexstor - ok
18:30:42.0708 0564 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
18:30:42.0726 0564 StiSvc - ok
18:30:42.0759 0564 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
18:30:42.0761 0564 swenum - ok
18:30:42.0783 0564 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
18:30:42.0790 0564 swprv - ok
18:30:42.0833 0564 [ 4C9BB4B3B9EAC26211484C30B914C6DC ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
18:30:42.0836 0564 SynTP - ok
18:30:42.0873 0564 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
18:30:42.0912 0564 SysMain - ok
18:30:42.0936 0564 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
18:30:42.0939 0564 TabletInputService - ok
18:30:42.0962 0564 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
18:30:42.0968 0564 TapiSrv - ok
18:30:42.0981 0564 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
18:30:42.0984 0564 TBS - ok
18:30:43.0042 0564 [ E23A56F843E2AEBBB209D0ACCA73C640 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
18:30:43.0088 0564 Tcpip - ok
18:30:43.0155 0564 [ E23A56F843E2AEBBB209D0ACCA73C640 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
18:30:43.0167 0564 TCPIP6 - ok
18:30:43.0183 0564 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
18:30:43.0184 0564 tcpipreg - ok
18:30:43.0207 0564 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
18:30:43.0209 0564 TDPIPE - ok
18:30:43.0237 0564 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
18:30:43.0238 0564 TDTCP - ok
18:30:43.0255 0564 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
18:30:43.0256 0564 tdx - ok
18:30:43.0263 0564 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
18:30:43.0265 0564 TermDD - ok
18:30:43.0305 0564 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
18:30:43.0322 0564 TermService - ok
18:30:43.0335 0564 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
18:30:43.0338 0564 Themes - ok
18:30:43.0348 0564 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
18:30:43.0350 0564 THREADORDER - ok
18:30:43.0379 0564 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
18:30:43.0383 0564 TrkWks - ok
18:30:43.0430 0564 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
18:30:43.0434 0564 TrustedInstaller - ok
18:30:43.0468 0564 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
18:30:43.0469 0564 tssecsrv - ok
18:30:43.0496 0564 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
18:30:43.0497 0564 TsUsbFlt - ok
18:30:43.0521 0564 [ 57C527AF84748B5C2F5178C499C0B81F ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
18:30:43.0523 0564 TsUsbGD - ok
18:30:43.0553 0564 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
18:30:43.0556 0564 tunnel - ok
18:30:43.0578 0564 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\drivers\uagp35.sys
18:30:43.0582 0564 uagp35 - ok
18:30:43.0603 0564 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
18:30:43.0609 0564 udfs - ok
18:30:43.0642 0564 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
18:30:43.0646 0564 UI0Detect - ok
18:30:43.0657 0564 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
18:30:43.0660 0564 uliagpkx - ok
18:30:43.0683 0564 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
18:30:43.0685 0564 umbus - ok
18:30:43.0703 0564 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\drivers\umpass.sys
18:30:43.0705 0564 UmPass - ok
18:30:43.0732 0564 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
18:30:43.0738 0564 upnphost - ok
18:30:43.0766 0564 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
18:30:43.0768 0564 usbccgp - ok
18:30:43.0785 0564 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
18:30:43.0787 0564 usbcir - ok
18:30:43.0805 0564 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
18:30:43.0843 0564 usbehci - ok
18:30:43.0870 0564 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
18:30:43.0903 0564 usbhub - ok
18:30:43.0921 0564 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
18:30:43.0923 0564 usbohci - ok
18:30:43.0932 0564 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\drivers\usbprint.sys
18:30:43.0934 0564 usbprint - ok
18:30:43.0952 0564 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
18:30:43.0993 0564 USBSTOR - ok
18:30:44.0008 0564 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
18:30:44.0041 0564 usbuhci - ok
18:30:44.0077 0564 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\system32\Drivers\usbvideo.sys
18:30:44.0080 0564 usbvideo - ok
18:30:44.0112 0564 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
18:30:44.0116 0564 UxSms - ok
18:30:44.0126 0564 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
18:30:44.0128 0564 VaultSvc - ok
18:30:44.0165 0564 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
18:30:44.0167 0564 vdrvroot - ok
18:30:44.0196 0564 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
18:30:44.0217 0564 vds - ok
18:30:44.0231 0564 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
18:30:44.0233 0564 vga - ok
18:30:44.0243 0564 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
18:30:44.0245 0564 VgaSave - ok
18:30:44.0259 0564 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
18:30:44.0263 0564 vhdmp - ok
18:30:44.0288 0564 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
18:30:44.0289 0564 viaagp - ok
18:30:44.0299 0564 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\drivers\viac7.sys
18:30:44.0301 0564 ViaC7 - ok
18:30:44.0312 0564 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
18:30:44.0314 0564 viaide - ok
18:30:44.0324 0564 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
18:30:44.0326 0564 volmgr - ok
18:30:44.0348 0564 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
18:30:44.0353 0564 volmgrx - ok
18:30:44.0369 0564 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
18:30:44.0373 0564 volsnap - ok
18:30:44.0398 0564 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
18:30:44.0401 0564 vsmraid - ok
18:30:44.0455 0564 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
18:30:44.0490 0564 VSS - ok
18:30:44.0510 0564 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
18:30:44.0511 0564 vwifibus - ok
18:30:44.0527 0564 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
18:30:44.0529 0564 vwififlt - ok
18:30:44.0545 0564 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
18:30:44.0552 0564 W32Time - ok
18:30:44.0569 0564 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\drivers\wacompen.sys
18:30:44.0571 0564 WacomPen - ok
18:30:44.0603 0564 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
18:30:44.0605 0564 WANARP - ok
18:30:44.0610 0564 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
18:30:44.0611 0564 Wanarpv6 - ok
18:30:44.0696 0564 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
18:30:44.0743 0564 WatAdminSvc - ok
18:30:44.0785 0564 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
18:30:44.0819 0564 wbengine - ok
18:30:44.0835 0564 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
18:30:44.0840 0564 WbioSrvc - ok
18:30:44.0858 0564 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
18:30:44.0864 0564 wcncsvc - ok
18:30:44.0884 0564 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
18:30:44.0888 0564 WcsPlugInService - ok
18:30:44.0914 0564 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\drivers\wd.sys
18:30:44.0915 0564 Wd - ok
18:30:44.0953 0564 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
18:30:44.0960 0564 Wdf01000 - ok
18:30:44.0982 0564 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
18:30:44.0986 0564 WdiServiceHost - ok
18:30:44.0991 0564 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
18:30:44.0994 0564 WdiSystemHost - ok
18:30:45.0010 0564 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
18:30:45.0016 0564 WebClient - ok
18:30:45.0045 0564 [ F56A25B240391620B6E31ACF656F2018 ] Wecsvc C:\Windows\system32\wecsvc.dll
18:30:45.0051 0564 Wecsvc - ok
18:30:45.0061 0564 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
18:30:45.0065 0564 wercplsupport - ok
18:30:45.0089 0564 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
18:30:45.0093 0564 WerSvc - ok
18:30:45.0121 0564 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
18:30:45.0123 0564 WfpLwf - ok
18:30:45.0130 0564 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
18:30:45.0132 0564 WIMMount - ok
18:30:45.0165 0564 [ 3FA87D56769838AAC82FAFC3E78FC732 ] winbondcir C:\Windows\system32\DRIVERS\winbondcir.sys
18:30:45.0167 0564 winbondcir - ok
18:30:45.0216 0564 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
18:30:45.0238 0564 WinDefend - ok
18:30:45.0254 0564 WinHttpAutoProxySvc - ok
18:30:45.0309 0564 [ 320B13F43726EB73B2D7AE8869AFAACE ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
18:30:45.0313 0564 Winmgmt - ok
18:30:45.0403 0564 [ 895AD0D039FAAE12D4C25E028051344C ] WinRM C:\Windows\system32\WsmSvc.dll
18:30:45.0463 0564 WinRM - ok
18:30:45.0521 0564 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
18:30:45.0543 0564 Wlansvc - ok
18:30:45.0561 0564 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\DRIVERS\wmiacpi.sys
18:30:45.0561 0564 WmiAcpi - ok
18:30:45.0583 0564 [ A1BCA34F741D285E8A7CD3F3E734BBBD ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
18:30:45.0586 0564 wmiApSrv - ok
18:30:45.0676 0564 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
18:30:45.0712 0564 WMPNetworkSvc - ok
18:30:45.0735 0564 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
18:30:45.0739 0564 WPCSvc - ok
18:30:45.0759 0564 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
18:30:45.0763 0564 WPDBusEnum - ok
18:30:45.0796 0564 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
18:30:45.0798 0564 ws2ifsl - ok
18:30:45.0812 0564 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
18:30:45.0816 0564 wscsvc - ok
18:30:45.0821 0564 WSearch - ok
18:30:45.0901 0564 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
18:30:45.0961 0564 wuauserv - ok
18:30:45.0991 0564 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
18:30:45.0993 0564 WudfPf - ok
18:30:46.0028 0564 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
18:30:46.0031 0564 WUDFRd - ok
18:30:46.0071 0564 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
18:30:46.0075 0564 wudfsvc - ok
18:30:46.0113 0564 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
18:30:46.0122 0564 WwanSvc - ok
18:30:46.0148 0564 ================ Scan global ===============================
18:30:46.0172 0564 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
18:30:46.0204 0564 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
18:30:46.0226 0564 [ D70FE45855CAD4C0C6B1C1426ABDEBA9 ] C:\Windows\system32\winsrv.dll
18:30:46.0254 0564 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
18:30:46.0280 0564 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
18:30:46.0287 0564 [Global] - ok
18:30:46.0287 0564 ================ Scan MBR ==================================
18:30:46.0302 0564 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
18:30:46.0579 0564 \Device\Harddisk0\DR0 - ok
18:30:46.0580 0564 ================ Scan VBR ==================================
18:30:46.0584 0564 [ 65B0718618C279B9EF758948F63837F1 ] \Device\Harddisk0\DR0\Partition1
18:30:46.0587 0564 \Device\Harddisk0\DR0\Partition1 - ok
18:30:46.0610 0564 [ B00A87122D96BA7E85B998EFE722CD01 ] \Device\Harddisk0\DR0\Partition2
18:30:46.0612 0564 \Device\Harddisk0\DR0\Partition2 - ok
18:30:46.0612 0564 ============================================================
18:30:46.0612 0564 Scan finished
18:30:46.0612 0564 ============================================================
18:30:46.0626 2020 Detected object count: 0
18:30:46.0626 2020 Actual detected object count: 0

scheiße -_-

wollte die seite nicht zu müllen...

Alt 21.01.2013, 18:56   #10
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


so passts.
combofix:
Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!
Es sollte nie auf eigene Initiative hin ausgeführt werden! Eine falsche Benutzung kann ernsthafte Computerprobleme nach sich
ziehen und eine Bereinigung der Infektion noch erschweren.
Downloade dir bitte Combofix von einem dieser Downloadspiegel

Link 1
Link 2


WICHTIG - Speichere Combofix auf deinem Desktop
  • Deaktiviere bitte all deine Anti Viren sowie Anti Malware/Spyware Scanner. Diese können Combofix bei der Arbeit stören.
Starte die Combofix.exe und folge den Anweisungen auf dem Bildschirm.

Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort.


Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten
Zitat:
Es wurde versucht, einen Registrierungsschlüssel einem ungültigen Vorgang zu unterziehen, der zum Löschen markiert wurde.
starte den Rechner einfach neu. Dies sollte das Problem beheben.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 19:40   #11
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


Combofix Logfile:
Code:
ATTFilter
ComboFix 13-01-21.04 - Kevin Jähnigen 21.01.2013  19:12:20.1.2 - x86
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.49.1031.18.3037.1555 [GMT 1:00]
ausgeführt von:: c:\users\Kevin Jõhnigen\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B140BF4E-23BB-4198-90AB-A51A4C60A69C}
SP: Microsoft Security Essentials *Disabled/Updated* {0A215EAA-0581-4E16-AA1B-9E6837E7EC21}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((   Dateien erstellt von 2012-12-21 bis 2013-01-21  ))))))))))))))))))))))))))))))
.
.
2013-01-21 18:19 . 2013-01-21 18:19	--------	d-----w-	c:\users\Default\AppData\Local\temp
2013-01-21 18:00 . 2007-12-06 12:40	761856	----a-w-	c:\windows\system32\athr.sys
2013-01-21 17:30 . 2013-01-21 17:30	29904	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{308F624C-B386-40CD-89A3-540FC45C73D7}\MpKsle962762e.sys
2013-01-21 16:33 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{308F624C-B386-40CD-89A3-540FC45C73D7}\mpengine.dll
2013-01-16 21:31 . 2013-01-16 21:31	--------	d-----w-	c:\program files\Synaptics
2013-01-16 21:22 . 2013-01-16 21:22	--------	d-----w-	c:\programdata\Atheros
2013-01-16 20:59 . 2013-01-16 21:10	--------	d-----w-	c:\program files\Intel
2013-01-16 20:59 . 2008-06-04 13:55	53248	----a-w-	c:\windows\system32\CSVer.dll
2013-01-16 20:49 . 2013-01-21 18:00	--------	d--h--w-	c:\program files\InstallShield Installation Information
2013-01-16 20:49 . 2013-01-16 20:49	--------	d-----w-	c:\windows\BUVC_AP
2013-01-16 20:49 . 2013-01-16 20:49	--------	d-----w-	c:\users\Kevin Jähnigen\AppData\Roaming\InstallShield
2013-01-16 19:52 . 2013-01-08 04:57	6991832	----a-w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2013-01-15 20:09 . 2013-01-15 20:09	--------	d-----w-	c:\program files\Trend Micro
2013-01-15 19:52 . 2013-01-15 19:52	--------	d-----w-	c:\program files\Enigma Software Group
2013-01-15 19:52 . 2013-01-15 19:52	--------	d-----w-	c:\users\Kevin Jähnigen\AppData\Roaming\Macromedia
2013-01-15 19:51 . 2013-01-15 20:08	--------	d-----w-	c:\windows\DDABC66756B3412282B02F5782EA2F9A.TMP
2013-01-15 19:51 . 2013-01-15 19:51	--------	d-----w-	c:\program files\Common Files\Wise Installation Wizard
2013-01-15 05:25 . 2013-01-15 05:25	--------	d-----w-	c:\users\Kevin Jähnigen\Local Settings
2013-01-15 05:25 . 2013-01-15 05:25	--------	d-----w-	c:\program files\7-Zip
2013-01-15 05:25 . 2013-01-15 05:25	--------	d-----w-	c:\program files\PricePeep
2013-01-15 05:25 . 2013-01-15 05:25	--------	d-----w-	c:\program files\Perion
2013-01-15 05:25 . 2011-05-13 23:17	632656	----a-w-	c:\windows\system32\msvcr80.dll
2013-01-15 05:25 . 2011-05-13 23:17	479232	----a-w-	c:\windows\system32\msvcm80.dll
2013-01-15 05:25 . 2011-05-13 23:17	554832	----a-w-	c:\windows\system32\msvcp80.dll
2013-01-14 20:39 . 2013-01-14 20:39	--------	d-----w-	c:\programdata\Uniblue
2013-01-14 20:39 . 2013-01-14 20:39	--------	d-----w-	c:\users\Kevin Jähnigen\AppData\Roaming\Uniblue
2013-01-14 20:39 . 2013-01-14 20:39	--------	d-----w-	c:\program files\Uniblue
2013-01-11 20:49 . 2013-01-14 18:36	--------	d-----w-	c:\program files\Common Files\DVDVideoSoft
2013-01-11 20:49 . 2013-01-14 18:35	--------	d-----w-	c:\program files\DVDVideoSoft
2013-01-09 16:32 . 2012-11-22 04:45	626688	----a-w-	c:\windows\system32\usp10.dll
2013-01-09 16:32 . 2012-11-23 02:56	2345984	----a-w-	c:\windows\system32\win32k.sys
2013-01-09 16:32 . 2012-11-09 04:43	492032	----a-w-	c:\windows\system32\win32spl.dll
2013-01-09 16:32 . 2012-11-01 04:47	1389568	----a-w-	c:\windows\system32\msxml6.dll
2013-01-01 14:11 . 2013-01-01 16:00	--------	d-----w-	c:\users\Kevin Jähnigen\AppData\Roaming\vlc
2013-01-01 14:10 . 2013-01-01 14:10	--------	d-----w-	c:\program files\VideoLAN
.
.
.
((((((((((((((((((((((((((((((((((((   Find3M Bericht   ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2012-12-16 14:13 . 2012-12-21 05:45	295424	----a-w-	c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 05:45	34304	----a-w-	c:\windows\system32\atmlib.dll
2012-12-13 05:46 . 2012-12-13 05:46	74752	----a-w-	c:\windows\system32\RegisterIEPKEYs.exe
2012-12-13 05:46 . 2012-12-13 05:46	161792	----a-w-	c:\windows\system32\msls31.dll
2012-12-13 05:46 . 2012-12-13 05:46	1129472	----a-w-	c:\windows\system32\wininet.dll
2012-12-13 05:46 . 2012-12-13 05:46	86528	----a-w-	c:\windows\system32\iesysprep.dll
2012-12-13 05:46 . 2012-12-13 05:46	76800	----a-w-	c:\windows\system32\SetIEInstalledDate.exe
2012-12-13 05:46 . 2012-12-13 05:46	63488	----a-w-	c:\windows\system32\tdc.ocx
2012-12-13 05:46 . 2012-12-13 05:46	48640	----a-w-	c:\windows\system32\mshtmler.dll
2012-12-13 05:46 . 2012-12-13 05:46	110592	----a-w-	c:\windows\system32\IEAdvpack.dll
2012-12-13 05:46 . 2012-12-13 05:46	74752	----a-w-	c:\windows\system32\iesetup.dll
2012-12-13 05:46 . 2012-12-13 05:46	367104	----a-w-	c:\windows\system32\html.iec
2012-12-13 05:46 . 2012-12-13 05:46	420864	----a-w-	c:\windows\system32\vbscript.dll
2012-12-13 05:46 . 2012-12-13 05:46	23552	----a-w-	c:\windows\system32\licmgr10.dll
2012-12-13 05:46 . 2012-12-13 05:46	152064	----a-w-	c:\windows\system32\wextract.exe
2012-12-13 05:46 . 2012-12-13 05:46	150528	----a-w-	c:\windows\system32\iexpress.exe
2012-12-13 05:46 . 2012-12-13 05:46	1427968	----a-w-	c:\windows\system32\inetcpl.cpl
2012-12-13 05:46 . 2012-12-13 05:46	35840	----a-w-	c:\windows\system32\imgutil.dll
2012-12-13 05:46 . 2012-12-13 05:46	2382848	----a-w-	c:\windows\system32\mshtml.tlb
2012-12-13 05:46 . 2012-12-13 05:46	1800704	----a-w-	c:\windows\system32\jscript9.dll
2012-12-13 05:46 . 2012-12-13 05:46	142848	----a-w-	c:\windows\system32\ieUnatt.exe
2012-12-13 05:46 . 2012-12-13 05:46	11776	----a-w-	c:\windows\system32\mshta.exe
2012-12-13 05:46 . 2012-12-13 05:46	101888	----a-w-	c:\windows\system32\admparse.dll
2012-12-11 19:47 . 2012-12-11 19:47	93672	----a-w-	c:\windows\system32\WindowsAccessBridge.dll
2012-12-11 19:47 . 2012-12-11 19:48	821736	----a-w-	c:\windows\system32\npDeployJava1.dll
2012-12-11 19:47 . 2012-12-11 19:48	746984	----a-w-	c:\windows\system32\deployJava1.dll
2012-12-10 20:35 . 2012-12-10 20:35	740840	------w-	c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{3BD8FBF9-B459-4F4F-AA7B-E9A141198330}\gapaengine.dll
2012-11-19 00:04 . 2012-12-10 19:26	6812136	----a-w-	c:\programdata\Microsoft\Windows Defender\Definition Updates\{066AB948-CABA-4969-89FC-0E0F9CAF8A92}\mpengine.dll
2012-11-09 04:42 . 2012-12-12 05:39	2048	----a-w-	c:\windows\system32\tzres.dll
2012-11-02 05:11 . 2012-12-12 05:49	376832	----a-w-	c:\windows\system32\dpnet.dll
2012-10-28 17:32 . 2012-12-10 19:51	88576	----a-w-	c:\windows\system32\pdfcmon.dll
.
.
((((((((((((((((((((((((((((   Autostartpunkte der Registrierung   ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{92EF2EAD-A7CE-4424-B0DB-499CF856608E}]
2013-01-10 14:59	581984	----a-w-	c:\program files\Evernote\Evernote\EvernoteIE.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Kevin Jähnigen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Kevin Jähnigen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32	129272	----a-w-	c:\users\Kevin Jähnigen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2012-11-09 17877168]
"DriverScanner"="c:\program files\Uniblue\DriverScanner\launcher.exe" [2012-07-10 338848]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2012-09-12 947176]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-07-28 13797920]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-04-25 1049896]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys [x]
R3 NisSrv;Microsoft-Netzwerkinspektion;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 MpKsle962762e;MpKsle962762e;c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{308F624C-B386-40CD-89A3-540FC45C73D7}\MpKsle962762e.sys [x]
S2 PDF Architect Helper Service;PDF Architect Helper Service;c:\program files\PDF Architect\HelperService.exe [x]
S2 PDF Architect Service;PDF Architect Service;c:\program files\PDF Architect\ConversionService.exe [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 winbondcir;Winbond IR Transceiver;c:\windows\system32\DRIVERS\winbondcir.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 84746736
*NewlyCreated* - MPKSLE962762E
*Deregistered* - 84746736
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
GPSvcGroup	REG_MULTI_SZ   	GPSvc
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2013-01-15 19:41	1606760	----a-w-	c:\program files\Google\Chrome\Application\24.0.1312.52\Installer\setup.exe
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-21 c:\windows\Tasks\DriverScanner.job
- c:\program files\Uniblue\DriverScanner\dsmonitor.exe [2013-01-14 11:51]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-15 19:40]
.
2013-01-21 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2013-01-15 19:40]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/
IE: An OneNote s&enden - c:\progra~1\MICROS~3\Office14\ONBttnIE.dll/105
IE: Free YouTube Download - c:\users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm
IE: Free YouTube to MP3 Converter - c:\users\Kevin Jähnigen\AppData\Roaming\DVDVideoSoftIEHelpers\freeyoutubetomp3converter.htm
IE: Nach Microsoft E&xcel exportieren - c:\progra~1\MICROS~3\Office14\EXCEL.EXE/3000
IE: Neue Notiz - c:\program files\Evernote\Evernote\\EvernoteIERes\NewNote.html
IE: Zu Evernote 4 hinzufügen - c:\program files\Evernote\Evernote\\EvernoteIERes\Clip.html
TCP: DhcpNameServer = 192.168.1.1
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-373262585-2872000785-740813200-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-373262585-2872000785-740813200-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(4368)
c:\users\Kevin Jähnigen\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-01-21  19:25:50
ComboFix-quarantined-files.txt  2013-01-21 18:25
.
Vor Suchlauf: 18 Verzeichnis(se), 93.923.446.784 Bytes frei
Nach Suchlauf: 24 Verzeichnis(se), 94.451.171.328 Bytes frei
.
- - End Of File - - 2B38BD6A1E0BC08A404766D8F0F956A7
--- --- ---
Alt 21.01.2013, 19:43   #12
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


hi,
malwarebytes:
Downloade Dir bitte Malwarebytes
  • Installiere
    das Programm in den vorgegebenen Pfad.
    Vista und Win7 User mit Rechtsklick "als Administrator starten"
  • Starte Malwarebytes, klicke auf Aktualisierung --> Suche
    nach Aktualisierung
  • Wenn das Update beendet wurde, aktiviere vollständiger Scan durchführen und drücke auf Scannen.
  • Wenn der Scan beendet
    ist, klicke auf Ergebnisse anzeigen.
  • Versichere Dich, dass alle Funde markiert sind und drücke Entferne Auswahl.
  • Poste
    das Logfile, welches sich in Notepad öffnet, hier in den Thread.
  • Nachträglich kannst du den Bericht unter "Log Dateien" finden.
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 19:46   #13
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


falscher log gepostet

Alt 21.01.2013, 19:54   #14
markusg
/// Malware-holic
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


bin wie fern ist doch combofix
__________________
-Verdächtige mails bitte an uns zur Analyse weiterleiten:
markusg.trojaner-board@web.de
Weiterleiten
Anleitung:
http://markusg.trojaner-board.de
Mails bitte vorerst nach obiger Anleitung an
markusg.trojaner-board@web.de
Weiterleiten
Wenn Ihr uns unterstützen möchtet

Alt 21.01.2013, 21:14   #15
jonborno
 
MY start Incredibar auf google chrome - Standard

MY start Incredibar auf google chrome


Malwarebytes Anti-Malware (Test) 1.70.0.1100
Malwarebytes : Free Anti-Malware download

Datenbank Version: v2013.01.21.07

Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Kevin Jähnigen :: KEVINJÄHNIGEN [Administrator]

Schutz: Aktiviert

21.01.2013 19:53:27
mbam-log-2013-01-21 (19-53-27).txt

Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|)
Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM
Deaktivierte Suchlaufeinstellungen: P2P
Durchsuchte Objekte: 314119
Laufzeit: 1 Stunde(n), 17 Minute(n), 59 Sekunde(n)

Infizierte Speicherprozesse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Speichermodule: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungsschlüssel: 0
(Keine bösartigen Objekte gefunden)

Infizierte Registrierungswerte: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateiobjekte der Registrierung: 0
(Keine bösartigen Objekte gefunden)

Infizierte Verzeichnisse: 0
(Keine bösartigen Objekte gefunden)

Infizierte Dateien: 0
(Keine bösartigen Objekte gefunden)

(Ende)

Antwort
Seite 1 von 2 1 2

Themen zu MY start Incredibar auf google chrome
acrobat update, adobe, bho, c:\windows\system32\cmd.exe, converter, download, driverscanner, enigma, explorer, google, hijack, hijackthis, internet, internet explorer, log-file, micro, microsoft, mp3, neue, nvidia, object, pdf, plug-in, rundll, security, senden, software, system, windows


« neuester Bundestrojaner 30.1.2013 | Relevant Knowledge und Market Score gefunden bei Malwarebytes Quick-Scan »


Ähnliche Themen: MY start Incredibar auf google chrome


  1. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Log-Analyse und Auswertung - 25.08.2015 (1)
  2. Google chrome stürtzt ab und Fehlermeldung beim Start "SecurityUtility.dll"
    Alles rund um Windows - 25.08.2015 (1)
  3. Kaum mache ich Google Chrome an sagt Avast ich hätte Virenseiten am start
    Plagegeister aller Art und deren Bekämpfung - 28.06.2015 (20)
  4. Google Chrome - öffnet eine andere Seite beim Starten von Google Chrome (Win7)
    Plagegeister aller Art und deren Bekämpfung - 19.01.2015 (29)
  5. Computer wird beim Start von Google Chrome extrem langsam
    Plagegeister aller Art und deren Bekämpfung - 13.06.2014 (11)
  6. kurz nach google chrome start funktioniert Internetverbindung teilweise nicht mehr
    Plagegeister aller Art und deren Bekämpfung - 18.02.2014 (6)
  7. Google Chrome ist abgestherzt...Meldung erscheint bei jedem Browser Start
    Log-Analyse und Auswertung - 29.01.2014 (19)
  8. bei jedem start von google chrome erscheint trojaner
    Plagegeister aller Art und deren Bekämpfung - 02.12.2013 (6)
  9. newtab incredibar in Google-Chrome
    Log-Analyse und Auswertung - 16.04.2013 (5)
  10. my start by incredibar bei neuem Tap in Chrome
    Plagegeister aller Art und deren Bekämpfung - 26.03.2013 (3)
  11. My Start Incredibar bei Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 18.03.2013 (20)
  12. Programme und Spiele crashen direkt nach Start.- Google chrome lädt keine Internet Seiten.
    Alles rund um Windows - 10.03.2013 (0)
  13. Incredibar bei google chrome nicht löschbar
    Plagegeister aller Art und deren Bekämpfung - 08.01.2013 (2)
  14. Startfenster.com bei Start von Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 29.11.2012 (9)
  15. Mystart incredibar verschwindet nicht aus Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 07.11.2012 (17)
  16. MY start incredibar entfernen durch Downloads auf Google startseite
    Log-Analyse und Auswertung - 13.10.2012 (2)
  17. mystart.incredibar infiziert mit Google Chrome
    Plagegeister aller Art und deren Bekämpfung - 02.10.2012 (38)
Anleitungen und Tipps

- Für alle Hilfesuchenden! Was beachten?

- Anleitung: MyStartSearch.com entfernen

- Anleitung: WebSearches löschen

- Hilfe: iStartSurf entfernen – so gehts!

- Anleitung: Omiga Plus richtig entfernen

- Browser Viren entfernen


Zum Thema MY start Incredibar auf google chrome - servus miteinander! bin kein profi was software technisch da so abgeht, habe mich aber ein wenig eingelesen und so eine "LOG-FILE" mir durch TredSecure erstellen lassen. So wie ich das - MY start Incredibar auf google chrome...
Archiv
Du betrachtest: MY start Incredibar auf google chrome auf Trojaner-Board

Search Engine Optimization by vBSEO ©2011, Crawlability, Inc.

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131