| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: SOS die GVU hat zugeschlagenWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
25.01.2013, 14:15
| #16 |
| /// Winkelfunktion /// TB-Süch-Tiger™   |  SOS die GVU hat zugeschlagen Uh ja, verbieten und sperren, nein das wird niemals kontraproduktiv sein, weil Verbote/Sperren ja niemals verlockend sind sie zu umgehen  Sprich mit deinem Sohn darüber, klär ihn auf - man kann solche Dinge und bestimmte Teile der Erziehung nicht an eine Software delegieren!  Ebensowenig wirst du ihn in unserer heutigen Welt nicht zu 100% vor Pornografie abschirmen können. Wenn er das bei dirnicht darf bekommt er seine Pornos eben üver Kumpel aus der Schule, fertig. Also sprich mit ihm und klar ihn auf 
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
25.01.2013, 14:38
| #17 |
 | SOS die GVU hat zugeschlagen Ja werde ich auf jedenfall machen!
__________________So was muß ich jetzt noch tun oder is nu alles vom PC weg? |
|
25.01.2013, 15:36
| #18 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen Bitte nun Logs mit GMER (<<< klick für Anleitung) und aswMBR (Anleitung etwas weiter unten) erstellen und posten.
__________________GMER stürzt häufiger ab, wenn das Tool auch beim zweiten Mal nicht will, lass es einfach weg und führ nur aswMBR aus. aswMBR-Download => aswMBR.exe - speichere die Datei auf deinem Desktop.
Noch ein Hinweis: Sollte aswMBR abstürzen und es kommt eine Meldung wie "aswMBR.exe funktioniert nicht mehr, dann mach Folgendes: Starte aswMBR neu, wähle unten links im Drop-Down-Menü (unten links im Fenster von aswMBR) bei "AV scan" (none) aus und klick nochmal auf den Scan-Button.
__________________ |
|
25.01.2013, 16:21
| #19 |
| | SOS die GVU hat zugeschlagenCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-25 15:44:42
-----------------------------
15:44:42.156 OS Version: Windows x64 6.1.7601 Service Pack 1
15:44:42.156 Number of processors: 2 586 0x170A
15:44:42.156 ComputerName: UDO-PC UserName: Udo
15:44:43.935 Initialize success
15:46:39.078 AVAST engine defs: 13012500
16:06:32.869 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
16:06:32.869 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
16:06:33.025 Disk 0 MBR read error 0
16:06:33.025 Disk 0 MBR scan
16:06:33.056 Disk 0 unknown MBR code
16:06:33.056 MBR BIOS signature not found 0
16:06:33.103 Disk 0 scanning C:\Windows\system32\drivers
16:06:42.635 Service scanning
16:06:57.736 Modules scanning
16:06:57.736 Disk 0 trace - called modules:
16:06:57.736 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
16:06:57.751 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdc060]
16:06:57.751 3 CLASSPNP.SYS[fffff8800199943f] -> nt!IofCallDriver -> [0xfffffa80048407a0]
16:06:57.751 5 ACPI.sys[fffff88000f847a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa8004840060]
16:06:59.623 AVAST engine scan C:\Windows
16:07:02.447 AVAST engine scan C:\Windows\system32
16:11:00.628 AVAST engine scan C:\Windows\system32\drivers
16:11:12.811 AVAST engine scan C:\Users\Udo
16:13:31.776 AVAST engine scan C:\ProgramData
16:14:16.548 Scan finished successfully
16:19:46.504 Disk 0 MBR has been saved successfully to "C:\Users\Udo\Desktop\MBR.dat"
16:19:46.504 The log file has been saved successfully to "C:\Users\Udo\Desktop\aswMBR.txt"
Code:
ATTFilter GMER 2.0.18444 - hxxp://www.gmer.net
Rootkit scan 2013-01-25 16:20:38
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.80.0 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Udo\AppData\Local\Temp\pftdapow.sys
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2492] 000000007335e2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2580] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2584] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2588] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2592] 00000000713d4e00
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3684] 0000000074488d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3688] 0000000074488fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3692] 00000000744888f0
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3852:2112] 000007fefbcf2a7c
Thread C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [4124:4356] 00000000735032fb
Thread C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [4124:4736] 0000000075ef50f8
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4568] 0000000067806314
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4580] 000000006780539b
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4584] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4588] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4596] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4600] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4604] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4612] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4616] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4620] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4624] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4644] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4648] 0000000077502e25
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4656] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4684] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4688] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4888] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4892] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4896] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4904] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:5116] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4120] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:3592] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:1948] 00000000735032fb
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4180] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:1692] 0000000072b527c1
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:3044] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4460] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:5048] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4960] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:2348] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:2236] 00000000715a62ee
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4012] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:3200] 000000006916c724
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:3636] 0000000077503e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:4228] 0000000077503e45
Thread C:\Program Files (x86)\Mozilla Firefox\firefox.exe [4500:2888] 00000000765cd864
Thread C:\Windows\System32\svchost.exe [4912:5092] 000007fef8649688
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:1960] 000000006610e7f5
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:4928] 000000006610e7f5
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:200] 000000006610e7f5
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:2884] 000000006bf6d9b3
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:1796] 000000006610e7f5
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:2476] 000000006bf6d9b3
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:4172] 00000000735032fb
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:4324] 00000000715a62ee
Thread C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432:2692] 000000006bf6d9b3
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624] 00000000750f0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3468] 000007fefccc0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476] 0000000071ba0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3852] 000007fef1d60000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe [4124] 0000000071ba0000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4912] 000007fefdf30000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\IncrediMail\Bin\IncMail.exe [432] 0000000071ba0000
---- EOF - GMER 2.0 ----
Hm mache GMER nochmal neu waren nich alle prog geschlossen kommt gleich nach Code:
ATTFilter GMER 2.0.18444 - GMER - Rootkit Detector and Remover
Rootkit scan 2013-01-25 16:28:33
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\00000060 WDC_WD10 rev.80.0 931,51GB
Running: gmer-2.0.18444.exe; Driver: C:\Users\Udo\AppData\Local\Temp\pftdapow.sys
---- User code sections - GMER 2.0 ----
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExW + 17 00000000761e1401 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcessModules + 17 00000000761e1419 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 17 00000000761e1431 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 42 00000000761e144a 2 bytes [1E, 76]
.text ... * 9
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!EnumDeviceDrivers + 17 00000000761e14dd 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameA + 17 00000000761e14f5 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSetEx + 17 00000000761e150d 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetDeviceDriverBaseNameW + 17 00000000761e1525 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameW + 17 00000000761e153d 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!EnumProcesses + 17 00000000761e1555 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessMemoryInfo + 17 00000000761e156d 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetPerformanceInfo + 17 00000000761e1585 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!QueryWorkingSet + 17 00000000761e159d 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleBaseNameA + 17 00000000761e15b5 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetModuleFileNameExA + 17 00000000761e15cd 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 20 00000000761e16b2 2 bytes [1E, 76]
.text C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE[2372] C:\Windows\syswow64\PSAPI.DLL!GetProcessImageFileNameW + 31 00000000761e16bd 2 bytes [1E, 76]
---- Threads - GMER 2.0 ----
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:1644] 0000000074de7587
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:1656] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:1660] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:1772] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:1848] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2492] 000000007335e2db
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2496] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2500] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2504] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2508] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2512] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2516] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2520] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2532] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2536] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2540] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2544] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2548] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2552] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2556] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2560] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2564] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2568] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2572] 000000007358c41c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2576] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2580] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2584] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2588] 00000000713d8de0
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2592] 00000000713d4e00
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:2660] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:3672] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [1624:4992] 000000007358c59c
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3684] 0000000074488d07
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3688] 0000000074488fdc
Thread C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476:3692] 00000000744888f0
Thread C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3852:2112] 000007fefbcf2a7c
Thread C:\Windows\System32\svchost.exe [4912:5092] 000007fef8649688
---- Processes - GMER 2.0 ----
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [3364] 0000000070730000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe [3468] 000007fefccc0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [3476] 0000000071ba0000
Library ? (*** suspicious ***) @ C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe [3852] 0000000073f70000
Library ? (*** suspicious ***) @ C:\Windows\System32\svchost.exe [4912] 000007fefdf30000
---- Disk sectors - GMER 2.0 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.0 ----
Geändert von cosinus (28.01.2013 um 13:30 Uhr) Grund: CODE-Tags |
|
26.01.2013, 18:47
| #20 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen Die nächsten Logs bitte auch wie beschrieben in CODE-Tags posten! Dann bitte jetzt CF ausführen: ComboFix Ein Leitfaden und Tutorium zur Nutzung von ComboFix
Combofix darf ausschließlich ausgeführt werden, wenn ein Kompetenzler dies ausdrücklich empfohlen hat! Solltest du nach der Ausführung von Combofix Probleme beim Starten von Anwendungen haben und Meldungen erhalten wie Zitat:
 Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 09:38
| #21 |
| | SOS die GVU hat zugeschlagen Combofix Logfile: Code:
ATTFilter ComboFix 13-01-28.01 - Udo 28.01.2013 9:28.1.2 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.4095.2708 [GMT 1:00]
ausgeführt von:: c:\users\Udo\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
((((((((((((((((((((((( Dateien erstellt von 2012-12-28 bis 2013-01-28 ))))))))))))))))))))))))))))))
.
.
2013-01-28 08:33 . 2013-01-28 08:33 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-01-25 11:36 . 2013-01-25 11:36 -------- d-----w- c:\programdata\Malwarebytes
2013-01-25 08:50 . 2013-01-25 08:50 -------- d-----w- C:\_OTL
2013-01-25 08:23 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{C814C14F-4B0A-47FA-8F8B-E95463CD3768}\mpengine.dll
2013-01-09 18:22 . 2012-12-16 17:11 46080 ----a-w- c:\windows\system32\atmlib.dll
2013-01-09 18:22 . 2012-12-16 14:45 367616 ----a-w- c:\windows\system32\atmfd.dll
2013-01-09 18:22 . 2012-12-16 14:13 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2013-01-09 18:22 . 2012-12-16 14:13 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2013-01-09 16:11 . 2012-11-09 05:45 2048 ----a-w- c:\windows\system32\tzres.dll
2013-01-09 16:11 . 2012-11-09 04:42 2048 ----a-w- c:\windows\SysWow64\tzres.dll
2013-01-09 16:11 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-09 16:11 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-09 16:11 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-09 16:11 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-09 16:11 . 2012-11-02 05:59 478208 ----a-w- c:\windows\system32\dpnet.dll
2013-01-09 16:11 . 2012-11-02 05:11 376832 ----a-w- c:\windows\SysWow64\dpnet.dll
2013-01-09 16:09 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-09 16:09 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-09 16:09 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-09 16:09 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-09 16:09 . 2012-11-23 03:13 68608 ----a-w- c:\windows\system32\taskhost.exe
2013-01-09 16:09 . 2012-11-23 03:26 3149824 ----a-w- c:\windows\system32\win32k.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-17 16:25 . 2012-04-11 05:53 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-17 16:25 . 2011-05-15 18:11 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-09 15:57 . 2012-11-05 17:43 99912 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-01-09 15:57 . 2012-11-05 17:43 129216 ----a-w- c:\windows\system32\drivers\avipbb.sys
2012-12-16 16:31 . 2010-08-24 07:15 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-11-08 10:29 . 2012-11-08 10:29 1402312 ----a-w- c:\windows\SysWow64\msxml4.dll
2012-08-09 15:18 . 2012-08-09 14:35 1995061264 ----a-w- c:\program files\vc_setup_0.99.exe
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}]
2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\ConduitEngine\ConduitEngine.dll
.
[HKEY_LOCAL_MACHINE\Wow6432Node\~\Browser Helper Objects\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
2010-09-12 14:02 3863136 ----a-w- c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}"= "c:\program files (x86)\IncrediMail_MediaBar_2\tbIncr.dll" [2010-09-12 3863136]
"{30F9B915-B755-4826-820B-08FBA6BD249D}"= "c:\program files (x86)\ConduitEngine\ConduitEngine.dll" [2010-09-12 3863136]
.
[HKEY_CLASSES_ROOT\clsid\{d40b90b4-d3b1-4d6b-a5d7-dc041c1b76c0}]
.
[HKEY_CLASSES_ROOT\clsid\{30f9b915-b755-4826-820b-08fba6bd249d}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IncrediMail"="c:\program files (x86)\IncrediMail\bin\IncMail.exe" [2012-09-17 366576]
"swg"="c:\program files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-08-09 39408]
"AviraSpeedup"="c:\program files (x86)\AviraSpeedup\AviraSpeedup.exe" [2012-11-05 4856296]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-05-27 98304]
"CLMLServer"="c:\program files (x86)\CyberLink\Power2Go\CLMLSvc.exe" [2009-11-02 103720]
"avgnt"="c:\program files (x86)\Avira\AntiVir Desktop\avgnt.exe" [2013-01-09 384800]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="userinit.exe"
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\run-]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe"
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 BBSvc;Bing Bar Update Service;c:\program files (x86)\Microsoft\BingBar\BBSvc.EXE [2011-05-26 191752]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [2012-09-24 27800]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-05-27 203264]
S2 AntiVirSchedulerService;Avira Planer;c:\program files (x86)\Avira\AntiVir Desktop\sched.exe [2013-01-09 85280]
S2 BBUpdate;BBUpdate;c:\program files (x86)\Microsoft\BingBar\SeaPort.EXE [2011-03-10 249648]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TuneUp.UtilitiesSvc;TuneUp Utilities Service;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe [2011-12-14 2123584]
S3 LGBusEnum;Logitech GamePanel Virtual Bus Enumerator Driver;c:\windows\system32\drivers\LGBusEnum.sys [2009-11-23 22408]
S3 LGVirHid;Logitech Gamepanel Virtual HID Device Driver;c:\windows\system32\drivers\LGVirHid.sys [2009-11-23 16008]
S3 NxpCap64;CTX capture service;c:\windows\system32\DRIVERS\NxpCap64.sys [2010-02-04 1888864]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TuneUpUtilitiesDrv;TuneUpUtilitiesDrv;c:\program files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys [2011-12-12 11856]
S3 X10Hid;X10 Hid Device;c:\windows\System32\Drivers\x10hid.sys [2009-05-13 15896]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-01-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-11 16:25]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 14:16]
.
2013-01-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2012-08-09 14:16]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2010-04-07 10144288]
"Launch LgDeviceAgent"="c:\program files\Logitech\GamePanel Software\LgDevAgt.exe" [2010-08-03 415816]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2010-08-03 2412616]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2010-08-03 4725320]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://mystart.incredimail.com/?a=1eynPHwypKg
mLocal Page = c:\windows\SysWOW64\blank.htm
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Udo\AppData\Roaming\Mozilla\Firefox\Profiles\nif5em03.default\
FF - ExtSQL: 2012-12-05 06:36; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Udo\AppData\Roaming\Mozilla\Firefox\Profiles\nif5em03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - user.js: network.http.max-persistent-connections-per-server - 4
FF - user.js: nglayout.initialpaint.delay - 600
FF - user.js: content.notify.interval - 600000
FF - user.js: content.max.tokenizing.time - 1800000
FF - user.js: content.switch.threshold - 600000
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
SafeBoot-BsScanner
WebBrowser-{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0} - (no file)
WebBrowser-{30F9B915-B755-4826-820B-08FBA6BD249D} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_146_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_146.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-01-28 09:36:21
ComboFix-quarantined-files.txt 2013-01-28 08:36
.
Vor Suchlauf: 9 Verzeichnis(se), 883.623.550.976 Bytes frei
Nach Suchlauf: 12 Verzeichnis(se), 883.673.665.536 Bytes frei
.
- - End Of File - - 3D2FF55BA10FFFE0D0119BAE9C8DA164
So hier die gewünschten ergebnisse? Was muß ich nu machen? |
|
28.01.2013, 12:09
| #22 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen Bitte nun (im normalen Windows-Modus) dieses Tool von Kaspersky (TDSS-Killer) ausführen und das Log posten Anleitung und Downloadlink hier => http://www.trojaner-board.de/82358-t...entfernen.html Hinweis: Bitte den Virenscanner abstellen bevor du den TDSS-Killer ausführst, denn v.a. Avira meldet im TDSS-Tool oft einen Fehlalarm! Das Tool so einstellen wie unten im Bild angegeben - klick auf change parameters und setze die Haken wie im folgenden Screenshot abgebildet, Dann auf Start Scan klicken und wenn es durch ist auf den Button Report klicken um das Log anzuzeigen. Dieses bitte komplett posten. Wenn du das Log nicht findest oder den Inhalt kopieren und in dein Posting übertragen kannst, dann schau bitte direkt auf deiner Windows-Systempartition ( meistens Laufwerk C: ) nach, da speichert der TDSS-Killer seine Logs. Hinweis: Bitte nichts voreilig mit dem TDSS-Killer löschen! Falls Objekte vom TDSS-Killer bemängelt werden, alle mit der Aktion "skip" behandeln und hier nur das Log posten! 
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 12:29
| #23 |
| | SOS die GVU hat zugeschlagenCode:
ATTFilter 12:21:58.0850 3604 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35
12:21:58.0974 3604 ============================================================
12:21:58.0974 3604 Current date / time: 2013/01/28 12:21:58.0974
12:21:58.0974 3604 SystemInfo:
12:21:58.0974 3604
12:21:58.0974 3604 OS Version: 6.1.7601 ServicePack: 1.0
12:21:58.0974 3604 Product type: Workstation
12:21:58.0974 3604 ComputerName: UDO-PC
12:21:58.0974 3604 UserName: Udo
12:21:58.0974 3604 Windows directory: C:\Windows
12:21:58.0974 3604 System windows directory: C:\Windows
12:21:58.0974 3604 Running under WOW64
12:21:58.0974 3604 Processor architecture: Intel x64
12:21:58.0974 3604 Number of processors: 2
12:21:58.0974 3604 Page size: 0x1000
12:21:58.0974 3604 Boot type: Normal boot
12:21:58.0974 3604 ============================================================
12:22:00.0191 3604 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
12:22:00.0191 3604 ============================================================
12:22:00.0191 3604 \Device\Harddisk0\DR0:
12:22:00.0191 3604 MBR partitions:
12:22:00.0191 3604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
12:22:00.0191 3604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x708D3800
12:22:00.0191 3604 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x70906000, BlocksNum 0x3C00000
12:22:00.0191 3604 ============================================================
12:22:00.0222 3604 C: <-> \Device\Harddisk0\DR0\Partition2
12:22:00.0254 3604 D: <-> \Device\Harddisk0\DR0\Partition3
12:22:00.0254 3604 ============================================================
12:22:00.0254 3604 Initialize success
12:22:00.0254 3604 ============================================================
12:23:41.0295 4524 ============================================================
12:23:41.0295 4524 Scan started
12:23:41.0295 4524 Mode: Manual; SigCheck; TDLFS;
12:23:41.0295 4524 ============================================================
12:23:42.0028 4524 ================ Scan system memory ========================
12:23:42.0028 4524 System memory - ok
12:23:42.0028 4524 ================ Scan services =============================
12:23:42.0278 4524 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
12:23:42.0324 4524 1394ohci - ok
12:23:42.0340 4524 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
12:23:42.0356 4524 ACPI - ok
12:23:42.0371 4524 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
12:23:42.0402 4524 AcpiPmi - ok
12:23:42.0465 4524 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
12:23:42.0480 4524 AdobeARMservice - ok
12:23:42.0558 4524 [ 424877CB9D5517F980FF7BACA2EB379D ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
12:23:42.0574 4524 AdobeFlashPlayerUpdateSvc - ok
12:23:42.0590 4524 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
12:23:42.0605 4524 adp94xx - ok
12:23:42.0636 4524 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
12:23:42.0652 4524 adpahci - ok
12:23:42.0683 4524 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
12:23:42.0683 4524 adpu320 - ok
12:23:42.0714 4524 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
12:23:42.0746 4524 AeLookupSvc - ok
12:23:42.0777 4524 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
12:23:42.0808 4524 AFD - ok
12:23:42.0824 4524 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
12:23:42.0839 4524 agp440 - ok
12:23:42.0855 4524 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
12:23:42.0870 4524 ALG - ok
12:23:42.0886 4524 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
12:23:42.0902 4524 aliide - ok
12:23:42.0933 4524 [ F687D4976EFF550FB0BE45A5CB19F18F ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
12:23:42.0948 4524 AMD External Events Utility - ok
12:23:42.0964 4524 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
12:23:42.0964 4524 amdide - ok
12:23:42.0995 4524 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
12:23:43.0011 4524 AmdK8 - ok
12:23:43.0120 4524 [ 74687C33C4AD25A975BBB1EA1E8B3884 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
12:23:43.0276 4524 amdkmdag - ok
12:23:43.0307 4524 [ C7F56ED86327A78E7F8A5CC503A98BD6 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
12:23:43.0338 4524 amdkmdap - ok
12:23:43.0354 4524 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
12:23:43.0385 4524 AmdPPM - ok
12:23:43.0401 4524 [ 6EC6D772EAE38DC17C14AED9B178D24B ] amdsata C:\Windows\system32\drivers\amdsata.sys
12:23:43.0416 4524 amdsata - ok
12:23:43.0448 4524 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
12:23:43.0463 4524 amdsbs - ok
12:23:43.0463 4524 [ 1142A21DB581A84EA5597B03A26EBAA0 ] amdxata C:\Windows\system32\drivers\amdxata.sys
12:23:43.0479 4524 amdxata - ok
12:23:43.0557 4524 [ 0FA2D8304ECA29CA0AB7E3EE50FD585A ] AntiVirSchedulerService C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe
12:23:43.0557 4524 AntiVirSchedulerService - ok
12:23:43.0604 4524 [ 5C69AAC8A59207DA9710FF2E42D6F80F ] AntiVirService C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe
12:23:43.0604 4524 AntiVirService - ok
12:23:43.0635 4524 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
12:23:43.0682 4524 AppID - ok
12:23:43.0697 4524 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
12:23:43.0728 4524 AppIDSvc - ok
12:23:43.0760 4524 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
12:23:43.0775 4524 Appinfo - ok
12:23:43.0806 4524 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys
12:23:43.0822 4524 arc - ok
12:23:43.0822 4524 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
12:23:43.0838 4524 arcsas - ok
12:23:43.0853 4524 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
12:23:43.0884 4524 AsyncMac - ok
12:23:43.0884 4524 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
12:23:43.0900 4524 atapi - ok
12:23:43.0916 4524 [ 2D648572BA9A610952FCAFBA1E119C2D ] AtiHdmiService C:\Windows\system32\drivers\AtiHdmi.sys
12:23:43.0931 4524 AtiHdmiService - ok
12:23:43.0947 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
12:23:43.0994 4524 AudioEndpointBuilder - ok
12:23:43.0994 4524 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
12:23:44.0040 4524 AudioSrv - ok
12:23:44.0072 4524 [ BFE9598EBC3934CF8D876A303849C896 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
12:23:44.0072 4524 avgntflt - ok
12:23:44.0087 4524 [ F74D86A9FB35FA5F24627B8DBBF3A9A4 ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
12:23:44.0103 4524 avipbb - ok
12:23:44.0134 4524 [ CD0E732347BF09717E0BDDC0C66699AB ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
12:23:44.0150 4524 avkmgr - ok
12:23:44.0165 4524 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
12:23:44.0243 4524 AxInstSV - ok
12:23:44.0259 4524 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys
12:23:44.0290 4524 b06bdrv - ok
12:23:44.0306 4524 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
12:23:44.0337 4524 b57nd60a - ok
12:23:44.0384 4524 [ 483F1162EEEBD10BF77FBB32DB963370 ] BBSvc C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE
12:23:44.0399 4524 BBSvc - ok
12:23:44.0430 4524 [ 78779EE07231C658B483B1F38B5088DF ] BBUpdate C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE
12:23:44.0446 4524 BBUpdate - ok
12:23:44.0462 4524 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
12:23:44.0508 4524 BDESVC - ok
12:23:44.0524 4524 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
12:23:44.0555 4524 Beep - ok
12:23:44.0586 4524 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
12:23:44.0633 4524 BFE - ok
12:23:44.0649 4524 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll
12:23:44.0696 4524 BITS - ok
12:23:44.0711 4524 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
12:23:44.0727 4524 blbdrive - ok
12:23:44.0758 4524 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
12:23:44.0774 4524 bowser - ok
12:23:44.0805 4524 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
12:23:44.0820 4524 BrFiltLo - ok
12:23:44.0820 4524 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
12:23:44.0852 4524 BrFiltUp - ok
12:23:44.0883 4524 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
12:23:44.0914 4524 BridgeMP - ok
12:23:44.0945 4524 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
12:23:44.0961 4524 Browser - ok
12:23:44.0976 4524 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
12:23:45.0023 4524 Brserid - ok
12:23:45.0039 4524 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
12:23:45.0070 4524 BrSerWdm - ok
12:23:45.0101 4524 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
12:23:45.0117 4524 BrUsbMdm - ok
12:23:45.0148 4524 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
12:23:45.0164 4524 BrUsbSer - ok
12:23:45.0195 4524 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
12:23:45.0210 4524 BTHMODEM - ok
12:23:45.0242 4524 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
12:23:45.0273 4524 bthserv - ok
12:23:45.0288 4524 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
12:23:45.0320 4524 cdfs - ok
12:23:45.0335 4524 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
12:23:45.0366 4524 cdrom - ok
12:23:45.0398 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
12:23:45.0444 4524 CertPropSvc - ok
12:23:45.0476 4524 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys
12:23:45.0491 4524 circlass - ok
12:23:45.0507 4524 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
12:23:45.0538 4524 CLFS - ok
12:23:45.0600 4524 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
12:23:45.0600 4524 clr_optimization_v2.0.50727_32 - ok
12:23:45.0632 4524 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
12:23:45.0647 4524 clr_optimization_v2.0.50727_64 - ok
12:23:45.0663 4524 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
12:23:45.0678 4524 clr_optimization_v4.0.30319_32 - ok
12:23:45.0694 4524 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
12:23:45.0710 4524 clr_optimization_v4.0.30319_64 - ok
12:23:45.0725 4524 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
12:23:45.0741 4524 CmBatt - ok
12:23:45.0756 4524 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
12:23:45.0772 4524 cmdide - ok
12:23:45.0803 4524 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
12:23:45.0834 4524 CNG - ok
12:23:45.0866 4524 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
12:23:45.0881 4524 Compbatt - ok
12:23:45.0881 4524 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
12:23:45.0912 4524 CompositeBus - ok
12:23:45.0912 4524 COMSysApp - ok
12:23:45.0944 4524 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
12:23:45.0959 4524 crcdisk - ok
12:23:45.0990 4524 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
12:23:46.0006 4524 CryptSvc - ok
12:23:46.0053 4524 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
12:23:46.0084 4524 cvhsvc - ok
12:23:46.0115 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
12:23:46.0146 4524 DcomLaunch - ok
12:23:46.0178 4524 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
12:23:46.0224 4524 defragsvc - ok
12:23:46.0240 4524 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
12:23:46.0287 4524 DfsC - ok
12:23:46.0318 4524 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
12:23:46.0365 4524 Dhcp - ok
12:23:46.0396 4524 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
12:23:46.0443 4524 discache - ok
12:23:46.0458 4524 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys
12:23:46.0474 4524 Disk - ok
12:23:46.0490 4524 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
12:23:46.0505 4524 Dnscache - ok
12:23:46.0536 4524 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
12:23:46.0568 4524 dot3svc - ok
12:23:46.0583 4524 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
12:23:46.0614 4524 DPS - ok
12:23:46.0630 4524 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
12:23:46.0661 4524 drmkaud - ok
12:23:46.0708 4524 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
12:23:46.0724 4524 DXGKrnl - ok
12:23:46.0755 4524 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
12:23:46.0786 4524 EapHost - ok
12:23:46.0848 4524 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys
12:23:46.0926 4524 ebdrv - ok
12:23:46.0958 4524 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
12:23:46.0973 4524 EFS - ok
12:23:47.0020 4524 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
12:23:47.0067 4524 ehRecvr - ok
12:23:47.0098 4524 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
12:23:47.0129 4524 ehSched - ok
12:23:47.0176 4524 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
12:23:47.0192 4524 elxstor - ok
12:23:47.0238 4524 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
12:23:47.0301 4524 ErrDev - ok
12:23:47.0332 4524 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
12:23:47.0363 4524 EventSystem - ok
12:23:47.0379 4524 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
12:23:47.0426 4524 exfat - ok
12:23:47.0441 4524 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
12:23:47.0472 4524 fastfat - ok
12:23:47.0504 4524 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
12:23:47.0550 4524 Fax - ok
12:23:47.0582 4524 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
12:23:47.0597 4524 fdc - ok
12:23:47.0613 4524 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
12:23:47.0644 4524 fdPHost - ok
12:23:47.0675 4524 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
12:23:47.0706 4524 FDResPub - ok
12:23:47.0706 4524 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
12:23:47.0722 4524 FileInfo - ok
12:23:47.0738 4524 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
12:23:47.0784 4524 Filetrace - ok
12:23:47.0800 4524 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
12:23:47.0816 4524 flpydisk - ok
12:23:47.0831 4524 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
12:23:47.0847 4524 FltMgr - ok
12:23:47.0878 4524 [ B4447F606BB19FD8AD0BAFB59B90F5D9 ] FontCache C:\Windows\system32\FntCache.dll
12:23:47.0940 4524 FontCache - ok
12:23:47.0987 4524 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
12:23:47.0987 4524 FontCache3.0.0.0 - ok
12:23:48.0003 4524 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
12:23:48.0003 4524 FsDepends - ok
12:23:48.0034 4524 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
12:23:48.0050 4524 Fs_Rec - ok
12:23:48.0050 4524 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
12:23:48.0065 4524 fvevol - ok
12:23:48.0081 4524 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
12:23:48.0096 4524 gagp30kx - ok
12:23:48.0112 4524 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
12:23:48.0159 4524 gpsvc - ok
12:23:48.0206 4524 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:23:48.0221 4524 gupdate - ok
12:23:48.0221 4524 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
12:23:48.0237 4524 gupdatem - ok
12:23:48.0268 4524 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
12:23:48.0268 4524 gusvc - ok
12:23:48.0299 4524 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
12:23:48.0330 4524 hcw85cir - ok
12:23:48.0346 4524 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
12:23:48.0377 4524 HdAudAddService - ok
12:23:48.0393 4524 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
12:23:48.0424 4524 HDAudBus - ok
12:23:48.0440 4524 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
12:23:48.0471 4524 HidBatt - ok
12:23:48.0502 4524 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
12:23:48.0533 4524 HidBth - ok
12:23:48.0549 4524 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
12:23:48.0580 4524 HidIr - ok
12:23:48.0596 4524 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
12:23:48.0642 4524 hidserv - ok
12:23:48.0658 4524 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
12:23:48.0689 4524 HidUsb - ok
12:23:48.0720 4524 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
12:23:48.0752 4524 hkmsvc - ok
12:23:48.0783 4524 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
12:23:48.0830 4524 HomeGroupListener - ok
12:23:48.0845 4524 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
12:23:48.0861 4524 HomeGroupProvider - ok
12:23:48.0876 4524 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
12:23:48.0892 4524 HpSAMD - ok
12:23:48.0908 4524 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
12:23:48.0954 4524 HTTP - ok
12:23:48.0970 4524 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
12:23:48.0986 4524 hwpolicy - ok
12:23:49.0001 4524 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
12:23:49.0017 4524 i8042prt - ok
12:23:49.0032 4524 [ 3DF4395A7CF8B7A72A5F4606366B8C2D ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
12:23:49.0064 4524 iaStorV - ok
12:23:49.0079 4524 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
12:23:49.0110 4524 idsvc - ok
12:23:49.0126 4524 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
12:23:49.0142 4524 iirsp - ok
12:23:49.0173 4524 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
12:23:49.0220 4524 IKEEXT - ok
12:23:49.0282 4524 [ 0ADF714079AE174A39D69036143E4C50 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
12:23:49.0360 4524 IntcAzAudAddService - ok
12:23:49.0360 4524 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
12:23:49.0376 4524 intelide - ok
12:23:49.0391 4524 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
12:23:49.0422 4524 intelppm - ok
12:23:49.0454 4524 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
12:23:49.0500 4524 IPBusEnum - ok
12:23:49.0516 4524 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
12:23:49.0563 4524 IpFilterDriver - ok
12:23:49.0594 4524 [ A34A587FFFD45FA649FBA6D03784D257 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
12:23:49.0625 4524 iphlpsvc - ok
12:23:49.0656 4524 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
12:23:49.0656 4524 IPMIDRV - ok
12:23:49.0688 4524 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
12:23:49.0734 4524 IPNAT - ok
12:23:49.0750 4524 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
12:23:49.0766 4524 IRENUM - ok
12:23:49.0766 4524 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
12:23:49.0781 4524 isapnp - ok
12:23:49.0797 4524 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
12:23:49.0812 4524 iScsiPrt - ok
12:23:49.0828 4524 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
12:23:49.0828 4524 kbdclass - ok
12:23:49.0844 4524 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
12:23:49.0859 4524 kbdhid - ok
12:23:49.0875 4524 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
12:23:49.0890 4524 KeyIso - ok
12:23:49.0906 4524 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
12:23:49.0906 4524 KSecDD - ok
12:23:49.0937 4524 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
12:23:49.0937 4524 KSecPkg - ok
12:23:49.0953 4524 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
12:23:49.0984 4524 ksthunk - ok
12:23:50.0015 4524 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
12:23:50.0046 4524 KtmRm - ok
12:23:50.0062 4524 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
12:23:50.0109 4524 LanmanServer - ok
12:23:50.0109 4524 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
12:23:50.0140 4524 LanmanWorkstation - ok
12:23:50.0171 4524 [ FA529FB35694C24BF98A9EF67C1CD9D0 ] LGBusEnum C:\Windows\system32\drivers\LGBusEnum.sys
12:23:50.0187 4524 LGBusEnum - ok
12:23:50.0187 4524 [ 94B29CE153765E768F004FB3440BE2B0 ] LGVirHid C:\Windows\system32\drivers\LGVirHid.sys
12:23:50.0202 4524 LGVirHid - ok
12:23:50.0218 4524 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
12:23:50.0249 4524 lltdio - ok
12:23:50.0265 4524 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
12:23:50.0296 4524 lltdsvc - ok
12:23:50.0312 4524 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
12:23:50.0358 4524 lmhosts - ok
12:23:50.0390 4524 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
12:23:50.0405 4524 LSI_FC - ok
12:23:50.0421 4524 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
12:23:50.0436 4524 LSI_SAS - ok
12:23:50.0436 4524 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
12:23:50.0452 4524 LSI_SAS2 - ok
12:23:50.0468 4524 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
12:23:50.0483 4524 LSI_SCSI - ok
12:23:50.0483 4524 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
12:23:50.0514 4524 luafv - ok
12:23:50.0546 4524 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
12:23:50.0561 4524 Mcx2Svc - ok
12:23:50.0592 4524 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
12:23:50.0608 4524 megasas - ok
12:23:50.0624 4524 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
12:23:50.0639 4524 MegaSR - ok
12:23:50.0655 4524 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
12:23:50.0686 4524 MMCSS - ok
12:23:50.0686 4524 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
12:23:50.0733 4524 Modem - ok
12:23:50.0748 4524 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
12:23:50.0764 4524 monitor - ok
12:23:50.0795 4524 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
12:23:50.0795 4524 mouclass - ok
12:23:50.0811 4524 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
12:23:50.0826 4524 mouhid - ok
12:23:50.0858 4524 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
12:23:50.0873 4524 mountmgr - ok
12:23:50.0904 4524 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
12:23:50.0904 4524 MozillaMaintenance - ok
12:23:50.0920 4524 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
12:23:50.0936 4524 mpio - ok
12:23:50.0951 4524 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
12:23:50.0982 4524 mpsdrv - ok
12:23:51.0014 4524 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
12:23:51.0076 4524 MpsSvc - ok
12:23:51.0092 4524 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
12:23:51.0107 4524 MRxDAV - ok
12:23:51.0123 4524 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
12:23:51.0123 4524 mrxsmb - ok
12:23:51.0138 4524 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
12:23:51.0170 4524 mrxsmb10 - ok
12:23:51.0185 4524 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
12:23:51.0201 4524 mrxsmb20 - ok
12:23:51.0232 4524 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
12:23:51.0248 4524 msahci - ok
12:23:51.0279 4524 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
12:23:51.0294 4524 msdsm - ok
12:23:51.0310 4524 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
12:23:51.0326 4524 MSDTC - ok
12:23:51.0326 4524 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
12:23:51.0372 4524 Msfs - ok
12:23:51.0404 4524 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
12:23:51.0435 4524 mshidkmdf - ok
12:23:51.0435 4524 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
12:23:51.0450 4524 msisadrv - ok
12:23:51.0466 4524 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
12:23:51.0513 4524 MSiSCSI - ok
12:23:51.0513 4524 msiserver - ok
12:23:51.0528 4524 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
12:23:51.0575 4524 MSKSSRV - ok
12:23:51.0591 4524 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
12:23:51.0622 4524 MSPCLOCK - ok
12:23:51.0638 4524 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
12:23:51.0669 4524 MSPQM - ok
12:23:51.0700 4524 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
12:23:51.0716 4524 MsRPC - ok
12:23:51.0747 4524 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
12:23:51.0747 4524 mssmbios - ok
12:23:51.0762 4524 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
12:23:51.0794 4524 MSTEE - ok
12:23:51.0825 4524 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
12:23:51.0840 4524 MTConfig - ok
12:23:51.0872 4524 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
12:23:51.0872 4524 Mup - ok
12:23:51.0903 4524 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
12:23:51.0950 4524 napagent - ok
12:23:51.0981 4524 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
12:23:52.0012 4524 NativeWifiP - ok
12:23:52.0043 4524 [ 79B47FD40D9A817E932F9D26FAC0A81C ] NDIS C:\Windows\system32\drivers\ndis.sys
12:23:52.0074 4524 NDIS - ok
12:23:52.0090 4524 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
12:23:52.0137 4524 NdisCap - ok
12:23:52.0152 4524 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
12:23:52.0184 4524 NdisTapi - ok
12:23:52.0215 4524 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
12:23:52.0246 4524 Ndisuio - ok
12:23:52.0262 4524 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
12:23:52.0293 4524 NdisWan - ok
12:23:52.0324 4524 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
12:23:52.0355 4524 NDProxy - ok
12:23:52.0355 4524 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
12:23:52.0386 4524 NetBIOS - ok
12:23:52.0402 4524 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
12:23:52.0433 4524 NetBT - ok
12:23:52.0433 4524 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
12:23:52.0449 4524 Netlogon - ok
12:23:52.0480 4524 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
12:23:52.0527 4524 Netman - ok
12:23:52.0542 4524 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
12:23:52.0574 4524 netprofm - ok
12:23:52.0589 4524 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
12:23:52.0605 4524 NetTcpPortSharing - ok
12:23:52.0620 4524 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
12:23:52.0636 4524 nfrd960 - ok
12:23:52.0652 4524 [ 1EE99A89CC788ADA662441D1E9830529 ] NlaSvc C:\Windows\System32\nlasvc.dll
12:23:52.0683 4524 NlaSvc - ok
12:23:52.0698 4524 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
12:23:52.0730 4524 Npfs - ok
12:23:52.0730 4524 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
12:23:52.0761 4524 nsi - ok
12:23:52.0776 4524 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
12:23:52.0808 4524 nsiproxy - ok
12:23:52.0839 4524 [ 05D78AA5CB5F3F5C31160BDB955D0B7C ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
12:23:52.0886 4524 Ntfs - ok
12:23:52.0901 4524 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
12:23:52.0932 4524 Null - ok
12:23:52.0948 4524 [ A85B4F2EF3A7304A5399EF0526423040 ] NVENETFD C:\Windows\system32\DRIVERS\nvm62x64.sys
12:23:52.0964 4524 NVENETFD - ok
12:23:52.0995 4524 [ 909EEDCBD365BB81027D8E742E6B3416 ] NVNET C:\Windows\system32\DRIVERS\nvmf6264.sys
12:23:53.0010 4524 NVNET - ok
12:23:53.0026 4524 [ 5D9FD91F3D38DC9DA01E3CB5FA89CD48 ] nvraid C:\Windows\system32\drivers\nvraid.sys
12:23:53.0042 4524 nvraid - ok
12:23:53.0057 4524 [ E58D81FB8616D0CB55C1E36AA0B213C9 ] nvsmu C:\Windows\system32\DRIVERS\nvsmu.sys
12:23:53.0057 4524 nvsmu - ok
12:23:53.0073 4524 [ F7CD50FE7139F07E77DA8AC8033D1832 ] nvstor C:\Windows\system32\drivers\nvstor.sys
12:23:53.0088 4524 nvstor - ok
12:23:53.0104 4524 [ 1E45F96342429D63DC30E0D9117DA3D8 ] nvstor64 C:\Windows\system32\DRIVERS\nvstor64.sys
12:23:53.0104 4524 nvstor64 - ok
12:23:53.0120 4524 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
12:23:53.0135 4524 nv_agp - ok
12:23:53.0182 4524 [ C64097401081D5D641924E8B96332F75 ] NxpCap64 C:\Windows\system32\DRIVERS\NxpCap64.sys
12:23:53.0244 4524 NxpCap64 - ok
12:23:53.0260 4524 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
12:23:53.0307 4524 ohci1394 - ok
12:23:53.0338 4524 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
12:23:53.0338 4524 ose - ok
12:23:53.0447 4524 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
12:23:53.0572 4524 osppsvc - ok
12:23:53.0603 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
12:23:53.0634 4524 p2pimsvc - ok
12:23:53.0650 4524 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
12:23:53.0666 4524 p2psvc - ok
12:23:53.0681 4524 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
12:23:53.0712 4524 Parport - ok
12:23:53.0728 4524 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
12:23:53.0744 4524 partmgr - ok
12:23:53.0759 4524 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
12:23:53.0806 4524 PcaSvc - ok
12:23:53.0806 4524 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
12:23:53.0822 4524 pci - ok
12:23:53.0822 4524 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
12:23:53.0837 4524 pciide - ok
12:23:53.0853 4524 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
12:23:53.0868 4524 pcmcia - ok
12:23:53.0884 4524 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
12:23:53.0884 4524 pcw - ok
12:23:53.0915 4524 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
12:23:53.0962 4524 PEAUTH - ok
12:23:54.0024 4524 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
12:23:54.0056 4524 PerfHost - ok
12:23:54.0118 4524 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
12:23:54.0180 4524 pla - ok
12:23:54.0196 4524 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
12:23:54.0243 4524 PlugPlay - ok
12:23:54.0243 4524 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
12:23:54.0274 4524 PNRPAutoReg - ok
12:23:54.0290 4524 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
12:23:54.0305 4524 PNRPsvc - ok
12:23:54.0336 4524 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
12:23:54.0368 4524 PolicyAgent - ok
12:23:54.0399 4524 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
12:23:54.0446 4524 Power - ok
12:23:54.0477 4524 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
12:23:54.0524 4524 PptpMiniport - ok
12:23:54.0539 4524 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys
12:23:54.0555 4524 Processor - ok
12:23:54.0570 4524 [ 5C78838B4D166D1A27DB3A8A820C799A ] ProfSvc C:\Windows\system32\profsvc.dll
12:23:54.0617 4524 ProfSvc - ok
12:23:54.0633 4524 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
12:23:54.0633 4524 ProtectedStorage - ok
12:23:54.0664 4524 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
12:23:54.0695 4524 Psched - ok
12:23:54.0758 4524 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
12:23:54.0789 4524 ql2300 - ok
12:23:54.0820 4524 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
12:23:54.0820 4524 ql40xx - ok
12:23:54.0851 4524 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
12:23:54.0867 4524 QWAVE - ok
12:23:54.0882 4524 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
12:23:54.0898 4524 QWAVEdrv - ok
12:23:54.0914 4524 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
12:23:54.0960 4524 RasAcd - ok
12:23:54.0992 4524 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
12:23:55.0023 4524 RasAgileVpn - ok
12:23:55.0038 4524 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
12:23:55.0085 4524 RasAuto - ok
12:23:55.0116 4524 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
12:23:55.0148 4524 Rasl2tp - ok
12:23:55.0179 4524 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
12:23:55.0226 4524 RasMan - ok
12:23:55.0241 4524 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
12:23:55.0272 4524 RasPppoe - ok
12:23:55.0288 4524 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
12:23:55.0319 4524 RasSstp - ok
12:23:55.0335 4524 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
12:23:55.0366 4524 rdbss - ok
12:23:55.0382 4524 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
12:23:55.0428 4524 rdpbus - ok
12:23:55.0428 4524 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
12:23:55.0460 4524 RDPCDD - ok
12:23:55.0475 4524 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
12:23:55.0506 4524 RDPENCDD - ok
12:23:55.0522 4524 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
12:23:55.0553 4524 RDPREFMP - ok
12:23:55.0584 4524 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
12:23:55.0631 4524 RDPWD - ok
12:23:55.0662 4524 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
12:23:55.0678 4524 rdyboost - ok
12:23:55.0694 4524 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
12:23:55.0725 4524 RemoteAccess - ok
12:23:55.0740 4524 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
12:23:55.0772 4524 RemoteRegistry - ok
12:23:55.0787 4524 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
12:23:55.0818 4524 RpcEptMapper - ok
12:23:55.0834 4524 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
12:23:55.0850 4524 RpcLocator - ok
12:23:55.0881 4524 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
12:23:55.0912 4524 RpcSs - ok
12:23:55.0928 4524 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
12:23:55.0959 4524 rspndr - ok
12:23:55.0974 4524 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
12:23:55.0990 4524 SamSs - ok
12:23:56.0021 4524 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
12:23:56.0021 4524 sbp2port - ok
12:23:56.0052 4524 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
12:23:56.0099 4524 SCardSvr - ok
12:23:56.0130 4524 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
12:23:56.0162 4524 scfilter - ok
12:23:56.0193 4524 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
12:23:56.0224 4524 Schedule - ok
12:23:56.0255 4524 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
12:23:56.0286 4524 SCPolicySvc - ok
12:23:56.0318 4524 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
12:23:56.0349 4524 SDRSVC - ok
12:23:56.0364 4524 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
12:23:56.0411 4524 secdrv - ok
12:23:56.0442 4524 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
12:23:56.0474 4524 seclogon - ok
12:23:56.0489 4524 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll
12:23:56.0520 4524 SENS - ok
12:23:56.0536 4524 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
12:23:56.0552 4524 SensrSvc - ok
12:23:56.0567 4524 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
12:23:56.0583 4524 Serenum - ok
12:23:56.0614 4524 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
12:23:56.0630 4524 Serial - ok
12:23:56.0645 4524 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
12:23:56.0676 4524 sermouse - ok
12:23:56.0708 4524 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
12:23:56.0754 4524 SessionEnv - ok
12:23:56.0770 4524 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
12:23:56.0801 4524 sffdisk - ok
12:23:56.0817 4524 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
12:23:56.0832 4524 sffp_mmc - ok
12:23:56.0848 4524 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
12:23:56.0879 4524 sffp_sd - ok
12:23:56.0895 4524 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
12:23:56.0910 4524 sfloppy - ok
12:23:56.0942 4524 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys
12:23:56.0973 4524 Sftfs - ok
12:23:57.0020 4524 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
12:23:57.0035 4524 sftlist - ok
12:23:57.0066 4524 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys
12:23:57.0082 4524 Sftplay - ok
12:23:57.0129 4524 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys
12:23:57.0129 4524 Sftredir - ok
12:23:57.0144 4524 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys
12:23:57.0160 4524 Sftvol - ok
12:23:57.0176 4524 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
12:23:57.0176 4524 sftvsa - ok
12:23:57.0222 4524 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
12:23:57.0254 4524 SharedAccess - ok
12:23:57.0316 4524 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
12:23:57.0363 4524 ShellHWDetection - ok
12:23:57.0394 4524 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
12:23:57.0410 4524 SiSRaid2 - ok
12:23:57.0441 4524 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
12:23:57.0441 4524 SiSRaid4 - ok
12:23:57.0456 4524 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
12:23:57.0488 4524 Smb - ok
12:23:57.0519 4524 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
12:23:57.0534 4524 SNMPTRAP - ok
12:23:57.0550 4524 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
12:23:57.0550 4524 spldr - ok
12:23:57.0581 4524 [ B96C17B5DC1424D56EEA3A99E97428CD ] Spooler C:\Windows\System32\spoolsv.exe
12:23:57.0612 4524 Spooler - ok
12:23:57.0675 4524 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
12:23:57.0784 4524 sppsvc - ok
12:23:57.0800 4524 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
12:23:57.0831 4524 sppuinotify - ok
12:23:57.0846 4524 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
12:23:57.0862 4524 srv - ok
12:23:57.0878 4524 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
12:23:57.0893 4524 srv2 - ok
12:23:57.0893 4524 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
12:23:57.0909 4524 srvnet - ok
12:23:57.0924 4524 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
12:23:57.0956 4524 SSDPSRV - ok
12:23:57.0971 4524 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
12:23:58.0018 4524 SstpSvc - ok
12:23:58.0034 4524 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
12:23:58.0049 4524 stexstor - ok
12:23:58.0065 4524 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
12:23:58.0096 4524 stisvc - ok
12:23:58.0112 4524 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
12:23:58.0112 4524 swenum - ok
12:23:58.0127 4524 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
12:23:58.0190 4524 swprv - ok
12:23:58.0236 4524 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
12:23:58.0299 4524 SysMain - ok
12:23:58.0314 4524 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
12:23:58.0330 4524 TabletInputService - ok
12:23:58.0361 4524 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
12:23:58.0392 4524 TapiSrv - ok
12:23:58.0408 4524 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
12:23:58.0455 4524 TBS - ok
12:23:58.0502 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] Tcpip C:\Windows\system32\drivers\tcpip.sys
12:23:58.0548 4524 Tcpip - ok
12:23:58.0580 4524 [ F782CAD3CEDBB3F9FFE3BF2775D92DDC ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
12:23:58.0611 4524 TCPIP6 - ok
12:23:58.0642 4524 [ DF687E3D8836BFB04FCC0615BF15A519 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
12:23:58.0689 4524 tcpipreg - ok
12:23:58.0704 4524 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
12:23:58.0751 4524 TDPIPE - ok
12:23:58.0767 4524 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
12:23:58.0798 4524 TDTCP - ok
12:23:58.0814 4524 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
12:23:58.0845 4524 tdx - ok
12:23:58.0860 4524 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
12:23:58.0860 4524 TermDD - ok
12:23:58.0892 4524 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
12:23:58.0923 4524 TermService - ok
12:23:58.0938 4524 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
12:23:58.0954 4524 Themes - ok
12:23:58.0985 4524 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
12:23:59.0016 4524 THREADORDER - ok
12:23:59.0016 4524 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
12:23:59.0063 4524 TrkWks - ok
12:23:59.0110 4524 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
12:23:59.0157 4524 TrustedInstaller - ok
12:23:59.0188 4524 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
12:23:59.0219 4524 tssecsrv - ok
12:23:59.0235 4524 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
12:23:59.0266 4524 TsUsbFlt - ok
12:23:59.0328 4524 [ 6DC7B7342148636C6751D9F7B8AAEA91 ] TuneUp.UtilitiesSvc C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe
12:23:59.0406 4524 TuneUp.UtilitiesSvc - ok
12:23:59.0422 4524 [ DCC94C51D27C7EC0DADECA8F64C94FCF ] TuneUpUtilitiesDrv C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys
12:23:59.0422 4524 TuneUpUtilitiesDrv - ok
12:23:59.0438 4524 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
12:23:59.0484 4524 tunnel - ok
12:23:59.0500 4524 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
12:23:59.0516 4524 uagp35 - ok
12:23:59.0531 4524 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
12:23:59.0578 4524 udfs - ok
12:23:59.0594 4524 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
12:23:59.0609 4524 UI0Detect - ok
12:23:59.0625 4524 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
12:23:59.0640 4524 uliagpkx - ok
12:23:59.0656 4524 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
12:23:59.0672 4524 umbus - ok
12:23:59.0703 4524 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
12:23:59.0718 4524 UmPass - ok
12:23:59.0750 4524 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
12:23:59.0781 4524 upnphost - ok
12:23:59.0796 4524 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
12:23:59.0828 4524 usbaudio - ok
12:23:59.0843 4524 [ 481DFF26B4DCA8F4CBAC1F7DCE1D6829 ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
12:23:59.0874 4524 usbccgp - ok
12:23:59.0890 4524 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
12:23:59.0921 4524 usbcir - ok
12:23:59.0937 4524 [ 74EE782B1D9C241EFE425565854C661C ] usbehci C:\Windows\system32\drivers\usbehci.sys
12:23:59.0937 4524 usbehci - ok
12:23:59.0952 4524 [ DC96BD9CCB8403251BCF25047573558E ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
12:23:59.0968 4524 usbhub - ok
12:23:59.0984 4524 [ 58E546BBAF87664FC57E0F6081E4F609 ] usbohci C:\Windows\system32\drivers\usbohci.sys
12:23:59.0999 4524 usbohci - ok
12:24:00.0030 4524 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
12:24:00.0062 4524 usbprint - ok
12:24:00.0062 4524 [ D76510CFA0FC09023077F22C2F979D86 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
12:24:00.0077 4524 USBSTOR - ok
12:24:00.0093 4524 [ 81FB2216D3A60D1284455D511797DB3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
12:24:00.0108 4524 usbuhci - ok
12:24:00.0124 4524 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
12:24:00.0171 4524 UxSms - ok
12:24:00.0202 4524 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
12:24:00.0202 4524 VaultSvc - ok
12:24:00.0218 4524 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
12:24:00.0218 4524 vdrvroot - ok
12:24:00.0249 4524 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
12:24:00.0296 4524 vds - ok
12:24:00.0327 4524 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
12:24:00.0327 4524 vga - ok
12:24:00.0358 4524 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
12:24:00.0389 4524 VgaSave - ok
12:24:00.0405 4524 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
12:24:00.0420 4524 vhdmp - ok
12:24:00.0436 4524 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
12:24:00.0452 4524 viaide - ok
12:24:00.0452 4524 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
12:24:00.0467 4524 volmgr - ok
12:24:00.0483 4524 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
12:24:00.0498 4524 volmgrx - ok
12:24:00.0514 4524 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
12:24:00.0530 4524 volsnap - ok
12:24:00.0561 4524 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
12:24:00.0561 4524 vsmraid - ok
12:24:00.0623 4524 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
12:24:00.0701 4524 VSS - ok
12:24:00.0717 4524 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
12:24:00.0732 4524 vwifibus - ok
12:24:00.0748 4524 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
12:24:00.0795 4524 W32Time - ok
12:24:00.0810 4524 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
12:24:00.0826 4524 WacomPen - ok
12:24:00.0826 4524 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
12:24:00.0873 4524 WANARP - ok
12:24:00.0873 4524 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
12:24:00.0904 4524 Wanarpv6 - ok
12:24:00.0935 4524 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
12:24:00.0998 4524 wbengine - ok
12:24:01.0013 4524 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
12:24:01.0044 4524 WbioSrvc - ok
12:24:01.0060 4524 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
12:24:01.0091 4524 wcncsvc - ok
12:24:01.0122 4524 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
12:24:01.0154 4524 WcsPlugInService - ok
12:24:01.0185 4524 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys
12:24:01.0200 4524 Wd - ok
12:24:01.0216 4524 [ 441BD2D7B4F98134C3A4F9FA570FD250 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
12:24:01.0247 4524 Wdf01000 - ok
12:24:01.0247 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
12:24:01.0294 4524 WdiServiceHost - ok
12:24:01.0294 4524 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
12:24:01.0325 4524 WdiSystemHost - ok
12:24:01.0341 4524 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
12:24:01.0356 4524 WebClient - ok
12:24:01.0388 4524 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
12:24:01.0434 4524 Wecsvc - ok
12:24:01.0450 4524 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
12:24:01.0481 4524 wercplsupport - ok
12:24:01.0497 4524 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
12:24:01.0528 4524 WerSvc - ok
12:24:01.0528 4524 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
12:24:01.0559 4524 WfpLwf - ok
12:24:01.0559 4524 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
12:24:01.0575 4524 WIMMount - ok
12:24:01.0606 4524 WinDefend - ok
12:24:01.0606 4524 WinHttpAutoProxySvc - ok
12:24:01.0653 4524 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
12:24:01.0700 4524 Winmgmt - ok
12:24:01.0746 4524 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
12:24:01.0824 4524 WinRM - ok
12:24:01.0871 4524 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
12:24:01.0902 4524 Wlansvc - ok
12:24:01.0934 4524 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
12:24:01.0949 4524 WmiAcpi - ok
12:24:01.0965 4524 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
12:24:01.0980 4524 wmiApSrv - ok
12:24:01.0996 4524 WMPNetworkSvc - ok
12:24:02.0012 4524 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
12:24:02.0027 4524 WPCSvc - ok
12:24:02.0043 4524 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
12:24:02.0058 4524 WPDBusEnum - ok
12:24:02.0058 4524 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
12:24:02.0090 4524 ws2ifsl - ok
12:24:02.0105 4524 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
12:24:02.0136 4524 wscsvc - ok
12:24:02.0136 4524 WSearch - ok
12:24:02.0214 4524 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
12:24:02.0277 4524 wuauserv - ok
12:24:02.0308 4524 [ D3381DC54C34D79B22CEE0D65BA91B7C ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
12:24:02.0324 4524 WudfPf - ok
12:24:02.0355 4524 [ CF8D590BE3373029D57AF80914190682 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
12:24:02.0386 4524 WUDFRd - ok
12:24:02.0402 4524 [ 7A95C95B6C4CF292D689106BCAE49543 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
12:24:02.0433 4524 wudfsvc - ok
12:24:02.0448 4524 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
12:24:02.0480 4524 WwanSvc - ok
12:24:02.0495 4524 [ BAA813A76F5DB6CC3C2CEAB7D82B6972 ] X10Hid C:\Windows\System32\Drivers\x10hid.sys
12:24:02.0495 4524 X10Hid - ok
12:24:02.0526 4524 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe
12:24:02.0542 4524 x10nets ( UnsignedFile.Multi.Generic ) - warning
12:24:02.0542 4524 x10nets - detected UnsignedFile.Multi.Generic (1)
12:24:02.0573 4524 [ A4B2A8751A8F96134BE6063B8A759116 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys
12:24:02.0573 4524 XUIF - ok
12:24:02.0589 4524 ================ Scan global ===============================
12:24:02.0620 4524 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
12:24:02.0651 4524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:24:02.0667 4524 [ 72CC564BBC70DE268784BCE91EB8A28F ] C:\Windows\system32\winsrv.dll
12:24:02.0682 4524 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
12:24:02.0714 4524 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
12:24:02.0714 4524 [Global] - ok
12:24:02.0714 4524 ================ Scan MBR ==================================
12:24:02.0729 4524 [ 8BCB23B30DB1819E7D8DDAE01AEBB583 ] \Device\Harddisk0\DR0
12:24:05.0163 4524 \Device\Harddisk0\DR0 - ok
12:24:05.0163 4524 ================ Scan VBR ==================================
12:24:05.0163 4524 [ 0242C63D772F3B981B24DDDB40594608 ] \Device\Harddisk0\DR0\Partition1
12:24:05.0163 4524 \Device\Harddisk0\DR0\Partition1 - ok
12:24:05.0194 4524 [ 5205CA6F14762842451807952FC4FE3F ] \Device\Harddisk0\DR0\Partition2
12:24:05.0194 4524 \Device\Harddisk0\DR0\Partition2 - ok
12:24:05.0210 4524 [ D8DF7AD2DEE88795C71C59457A97B218 ] \Device\Harddisk0\DR0\Partition3
12:24:05.0210 4524 \Device\Harddisk0\DR0\Partition3 - ok
12:24:05.0210 4524 ============================================================
12:24:05.0210 4524 Scan finished
12:24:05.0210 4524 ============================================================
12:24:05.0225 1372 Detected object count: 1
12:24:05.0225 1372 Actual detected object count: 1
12:24:33.0087 1372 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user
12:24:33.0087 1372 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip
12:24:48.0266 4368 Deinitialize success
Geändert von cosinus (28.01.2013 um 13:28 Uhr) Grund: CODE-Tags |
|
28.01.2013, 13:27
| #24 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen Die Logs sollen doch in CODE-Tags! Bitte korrigieren! Edit: ich mach es mal für dich, bitte das Log nicht nochmal posten! Code:
ATTFilter 16:06:33.056 Disk 0 unknown MBR code
Hinweis: Mach bitte NICHT den MBR-Fix, wenn du noch andere Betriebssysteme wie zB Ubuntu installiert hast, ein MBR-Fix mit Windows-Tools macht ein parallel installiertes (Dualboot) Linux unbootbar. Mach den Fix auch dann nicht, wenn du zB mit TrueCrypt oder anderen Verschlüsselungsprogrammen eine Vollverschlüsselung der Windowspartition bzw. gesamten Festplatte hast Starte nach der Datensicherung aswmbr erneut und klick auf den Button FIXMBR. Hinweis: Bitte den Virenscanner abstellen bevor du aswMBR ausführst, denn v.a. Avira meldet darin oft einen Fehalalrm! Anschließend Windows neu starten und ein neues Log mit aswMBR machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 15:09
| #25 |
| | SOS die GVU hat zugeschlagenCode:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software
Run date: 2013-01-28 13:51:30
-----------------------------
13:51:30.383 OS Version: Windows x64 6.1.7601 Service Pack 1
13:51:30.383 Number of processors: 2 586 0x170A
13:51:30.383 ComputerName: UDO-PC UserName: Udo
13:51:31.522 Initialize success
13:53:26.634 AVAST engine defs: 13012800
13:54:54.260 Verifying
13:55:04.743 Disk 0 Windows 601 MBR fixed successfully
13:55:23.104 Verifying
13:55:33.135 Disk 0 Windows 601 MBR fixed successfully
13:56:42.009 Verifying
13:56:52.024 Disk 0 Windows 601 MBR fixed successfully
14:07:30.095 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\00000060
14:07:30.111 Disk 0 Vendor: WDC_WD10 80.0 Size: 953869MB BusType: 3
14:07:30.111 Disk 0 MBR read successfully
14:07:30.111 Disk 0 MBR scan
14:07:30.111 Disk 0 Windows 7 default MBR code
14:07:30.111 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048
14:07:30.142 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 922023 MB offset 206848
14:07:30.158 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 1888509952
14:07:30.189 Disk 0 Partition 4 00 12 Compaq diag NTFS 1024 MB offset 1951424512
14:07:30.236 Disk 0 scanning C:\Windows\system32\drivers
14:07:36.444 Service scanning
14:07:49.361 Modules scanning
14:07:49.361 Disk 0 trace - called modules:
14:07:49.377 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll nvstor64.sys
14:07:49.377 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa8004bdc060]
14:07:49.377 3 CLASSPNP.SYS[fffff8800198043f] -> nt!IofCallDriver -> [0xfffffa80047fd430]
14:07:49.392 5 ACPI.sys[fffff88000f347a1] -> nt!IofCallDriver -> \Device\00000060[0xfffffa80047fe060]
14:07:50.906 AVAST engine scan C:\Windows
14:07:53.136 AVAST engine scan C:\Windows\system32
14:10:09.699 AVAST engine scan C:\Windows\system32\drivers
14:10:18.216 AVAST engine scan C:\Users\Udo
14:11:54.016 AVAST engine scan C:\ProgramData
14:12:25.107 Scan finished successfully
15:05:47.756 Disk 0 MBR has been saved successfully to "C:\Users\Udo\Desktop\MBR.dat"
15:05:47.756 The log file has been saved successfully to "C:\Users\Udo\Desktop\aswMBR.txt"
|
|
28.01.2013, 16:14
| #26 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen adwCleaner - Toolbars und ungewollte Start-/Suchseiten aufspüren Downloade Dir bitte AdwCleaner auf deinen Desktop. Falls der adwCleaner schon mal in der runtergeladen wurde, bitte die alte adwcleaner.exe löschen und neu runterladen!!
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 16:27
| #27 |
| | SOS die GVU hat zugeschlagenCode:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 16:25:59 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Udo - UDO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Udo\Desktop\adwcleaner.exe
# Option [Suche]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gefunden : C:\Users\Public\Desktop\eBay.lnk
Ordner Gefunden : C:\Program Files (x86)\Conduit
Ordner Gefunden : C:\Program Files (x86)\ConduitEngine
Ordner Gefunden : C:\Program Files (x86)\IncrediMail_MediaBar_2
Ordner Gefunden : C:\Program Files (x86)\IncrediMail_MediaBar_2
Ordner Gefunden : C:\Users\Udo\AppData\LocalLow\Conduit
Ordner Gefunden : C:\Users\Udo\AppData\LocalLow\ConduitEngine
Ordner Gefunden : C:\Users\Udo\AppData\LocalLow\IncrediMail_MediaBar_2
Ordner Gefunden : C:\Users\Udo\AppData\LocalLow\IncrediMail_MediaBar_2
***** [Registrierungsdatenbank] *****
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gefunden : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gefunden : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gefunden : HKCU\Software\IM
Schlüssel Gefunden : HKCU\Software\ImInstaller
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gefunden : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gefunden : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gefunden : HKLM\Software\Conduit
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\conduitEngine
Schlüssel Gefunden : HKLM\Software\ImInstaller
Schlüssel Gefunden : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gefunden : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gefunden : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FCAF4A1-A505-4CDD-B3F2-21C3F5256B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCAF4A1-A505-4CDD-B3F2-21C3F5256B52}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E2A46D6-87F9-4D56-AF6C-637A1C96632E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77BEE577-D4B3-4951-9AA0-5D6E1B410E4E}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Schlüssel Gefunden : HKLM\SOFTWARE\Software
Schlüssel Gefunden : HKU\S-1-5-21-2226419558-887761062-1785046523-1000\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gefunden : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gefunden : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gefunden : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Udo\AppData\Roaming\Mozilla\Firefox\Profiles\nif5em03.default\prefs.js
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Udo\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6065 octets] - [28/01/2013 16:25:59]
########## EOF - C:\AdwCleaner[R1].txt - [6125 octets] ##########
|
|
28.01.2013, 16:46
| #28 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.01.2013, 17:07
| #29 |
| | SOS die GVU hat zugeschlagenCode:
ATTFilter # AdwCleaner v2.109 - Datei am 28/01/2013 um 16:49:37 erstellt
# Aktualisiert am 26/01/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Udo - UDO-PC
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Udo\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Public\Desktop\eBay.lnk
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ConduitEngine
Ordner Gelöscht : C:\Program Files (x86)\IncrediMail_MediaBar_2
Ordner Gelöscht : C:\Users\Udo\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Udo\AppData\LocalLow\ConduitEngine
Ordner Gelöscht : C:\Users\Udo\AppData\LocalLow\IncrediMail_MediaBar_2
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Conduit
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\conduitEngine
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Toolbar
Schlüssel Gelöscht : HKCU\Software\IM
Schlüssel Gelöscht : HKCU\Software\ImInstaller
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{CFF4DB9B-135F-47C0-9269-B4C6572FD61A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2724386
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\conduitEngine
Schlüssel Gelöscht : HKLM\Software\ImInstaller
Schlüssel Gelöscht : HKLM\Software\IncrediMail_MediaBar_2
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{4FCAF4A1-A505-4CDD-B3F2-21C3F5256B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{4FCAF4A1-A505-4CDD-B3F2-21C3F5256B52}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{0E2A46D6-87F9-4D56-AF6C-637A1C96632E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{77BEE577-D4B3-4951-9AA0-5D6E1B410E4E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{30F9B915-B755-4826-820B-08FBA6BD249D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\conduitEngine
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\IncrediMail_MediaBar_2 Toolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{30F9B915-B755-4826-820B-08FBA6BD249D}]
Wert Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar [{D40B90B4-D3B1-4D6B-A5D7-DC041C1B76C0}]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16457
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v18.0.1 (de)
Datei : C:\Users\Udo\AppData\Roaming\Mozilla\Firefox\Profiles\nif5em03.default\prefs.js
C:\Users\Udo\AppData\Roaming\Mozilla\Firefox\Profiles\nif5em03.default\user.js ... Gelöscht !
[OK] Die Datei ist sauber.
-\\ Google Chrome v [Version kann nicht ermittelt werden]
Datei : C:\Users\Udo\AppData\Local\Google\Chrome\User Data\Default\Preferences
[OK] Die Datei ist sauber.
*************************
AdwCleaner[R1].txt - [6190 octets] - [28/01/2013 16:25:59]
AdwCleaner[S1].txt - [4832 octets] - [28/01/2013 16:49:37]
########## EOF - C:\AdwCleaner[S1].txt - [4892 octets] ##########
Code:
ATTFilter OTL logfile created on: 1/28/2013 4:57:24 PM - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Udo\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.90% Memory free 8.00 Gb Paging File | 6.52 Gb Available in Paging File | 81.57% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 900.41 Gb Total Space | 822.27 Gb Free Space | 91.32% Space Free | Partition Type: NTFS Drive D: | 30.00 Gb Total Space | 5.78 Gb Free Space | 19.27% Space Free | Partition Type: NTFS Computer Name: UDO-PC | User Name: Udo | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Udo\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) PRC - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe () PRC - C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Program Files (x86)\CyberLink\Power2Go\CLMediaLibrary.dll () MOD - C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\G15_TeamSpeak.exe () MOD - C:\Program Files (x86)\Schmads Inc\G15_TeamSpeak\TSRemote.dll () ========== Services (SafeList) ========== SRV:64bit: - (AMD External Events Utility) -- C:\Windows\SysNative\atiesrxx.exe (AMD) SRV:64bit: - (WinDefend) -- C:\Program Files\Windows Defender\mpsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AntiVirSchedulerService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (TuneUp.UtilitiesSvc) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesService64.exe (TuneUp Software) SRV - (sftvsa) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe (Microsoft Corporation) SRV - (sftlist) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe (Microsoft Corporation) SRV - (BBSvc) -- C:\Program Files (x86)\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Program Files (x86)\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) SRV - (x10nets) -- C:\PROGRA~2\COMMON~1\X10\Common\x10nets.exe (X10) ========== Driver Services (SafeList) ========== DRV:64bit: - (avipbb) -- C:\Windows\SysNative\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avgntflt) -- C:\Windows\SysNative\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (avkmgr) -- C:\Windows\SysNative\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (Sftvol) -- C:\Windows\SysNative\drivers\Sftvollh.sys (Microsoft Corporation) DRV:64bit: - (Sftplay) -- C:\Windows\SysNative\drivers\Sftplaylh.sys (Microsoft Corporation) DRV:64bit: - (Sftredir) -- C:\Windows\SysNative\drivers\Sftredirlh.sys (Microsoft Corporation) DRV:64bit: - (Sftfs) -- C:\Windows\SysNative\drivers\Sftfslh.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\drivers\atikmdag.sys (ATI Technologies Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (AtiHdmiService) -- C:\Windows\SysNative\drivers\AtiHdmi.sys (ATI Technologies, Inc.) DRV:64bit: - (NxpCap64) -- C:\Windows\SysNative\drivers\NxpCap64.sys (NXP Semiconductors Germany GmbH) DRV:64bit: - (LGVirHid) -- C:\Windows\SysNative\drivers\LGVirHid.sys (Logitech Inc.) DRV:64bit: - (LGBusEnum) -- C:\Windows\SysNative\drivers\LGBusEnum.sys (Logitech Inc.) DRV:64bit: - (NVNET) -- C:\Windows\SysNative\drivers\nvmf6264.sys (NVIDIA Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (NVENETFD) -- C:\Windows\SysNative\drivers\nvm62x64.sys (NVIDIA Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV:64bit: - (XUIF) -- C:\Windows\SysNative\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV:64bit: - (X10Hid) -- C:\Windows\SysNative\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (TuneUpUtilitiesDrv) -- C:\Program Files (x86)\TuneUp Utilities 2012\TuneUpUtilitiesDriver64.sys (TuneUp Software) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://www.medion.com [binary data] IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://mystart.incredimail.com/?a=1eynPHwypKg IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\SearchScopes\{6780F056-1EA9-49FC-84D7-0DBD1FD251A8}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7GGNI_deDE496 IE - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.7.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.9.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8117.0416: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/24 18:00:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013/01/24 18:00:20 | 000,000,000 | ---D | M] [2012/04/11 13:45:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Udo\AppData\Roaming\mozilla\Extensions [2012/12/05 06:36:34 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Udo\AppData\Roaming\mozilla\Firefox\Profiles\nif5em03.default\extensions [2012/12/05 06:36:34 | 000,804,627 | ---- | M] () (No name found) -- C:\Users\Udo\AppData\Roaming\mozilla\firefox\profiles\nif5em03.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013/01/24 18:00:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013/01/24 18:00:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012/11/29 10:19:31 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012/11/29 10:19:31 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012/11/29 10:19:31 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012/11/29 10:19:32 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012/11/29 10:19:31 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012/11/29 10:19:31 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com/ CHR - default_search_provider: MyStart Suche (Enabled) CHR - default_search_provider: search_url = hxxp://mystart.incredimail.com/?loc=Chrome_Default_FS&search={searchTerms} CHR - default_search_provider: suggest_url = CHR - homepage: hxxp://www.google.com/ CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\PepperFlash\pepflashplayer.dll CHR - plugin: Chrome Remote Desktop Viewer (Enabled) = internal-remoting-viewer CHR - plugin: Native Client (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\ppGoogleNaClPluginChrome.dll CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files (x86)\Google\Chrome\Application\22.0.1229.95\pdf.dll CHR - plugin: Adobe Acrobat (Enabled) = C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll CHR - plugin: Microsoft Office 2010 (Enabled) = C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL CHR - plugin: Google Update (Enabled) = C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll CHR - plugin: Java(TM) Platform SE 7 U7 (Enabled) = C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll CHR - plugin: Java Deployment Toolkit 7.0.70.11 (Enabled) = C:\Windows\SysWOW64\npDeployJava1.dll CHR - plugin: Pando Web Plugin (Enabled) = C:\Program Files (x86)\Pando Networks\Media Booster\npPandoWebPlugin.dll CHR - plugin: Windows Live\u00AE Photo Gallery (Enabled) = C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll CHR - Extension: YouTube = C:\Users\Udo\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo\4.2.5_0\ CHR - Extension: Google-Suche = C:\Users\Udo\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\Udo\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009/06/10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O3:64bit: - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O4:64bit: - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [Launch LgDeviceAgent] C:\Program Files\Logitech\GamePanel Software\LgDevAgt.exe (Logitech Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [CLMLServer] C:\Program Files (x86)\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKU\S-1-5-21-2226419558-887761062-1785046523-1000..\Run: [AviraSpeedup] C:\Program Files (x86)\AviraSpeedup\AviraSpeedup.exe (Avira) O4 - HKU\S-1-5-21-2226419558-887761062-1785046523-1000..\Run: [IncrediMail] C:\Program Files (x86)\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-2226419558-887761062-1785046523-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9:64bit: - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O9:64bit: - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-31/4 File not found O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8F143972-5E34-40FD-9CCE-DAC4F09AE116}: DhcpNameServer = 192.168.178.1 O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\PROGRA~2\WIC4A1~1\MESSEN~1\MSGRAP~1.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013/01/28 12:26:33 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013/01/28 12:21:07 | 002,213,976 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Udo\Desktop\tdsskiller.exe [2013/01/28 09:36:23 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013/01/28 09:24:18 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013/01/28 09:24:18 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013/01/28 09:24:18 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013/01/28 09:24:13 | 000,000,000 | ---D | C] -- C:\Qoobox [2013/01/28 09:23:55 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013/01/28 09:22:09 | 005,028,179 | R--- | C] (Swearware) -- C:\Users\Udo\Desktop\ComboFix.exe [2013/01/25 15:41:33 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Users\Udo\Desktop\aswMBR.exe [2013/01/25 12:36:48 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013/01/25 12:36:15 | 000,000,000 | ---D | C] -- C:\Users\Udo\Desktop\mbar [2013/01/25 09:50:54 | 000,000,000 | ---D | C] -- C:\_OTL [2013/01/24 18:00:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013/01/24 17:19:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Udo\Desktop\OTL.exe [2013/01/09 19:23:12 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieui.dll [2013/01/09 19:23:12 | 000,096,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mshtmled.dll [2013/01/09 19:23:12 | 000,073,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mshtmled.dll [2013/01/09 19:23:11 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\inetcpl.cpl [2013/01/09 19:23:11 | 000,248,320 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieui.dll [2013/01/09 19:23:11 | 000,237,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\url.dll [2013/01/09 19:23:11 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\url.dll [2013/01/09 19:23:11 | 000,173,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ieUnatt.exe [2013/01/09 19:23:11 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ieUnatt.exe [2013/01/09 19:23:10 | 002,312,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013/01/09 19:23:10 | 001,494,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\inetcpl.cpl [2013/01/09 19:23:10 | 000,729,088 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013/01/09 19:23:08 | 000,816,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013/01/09 19:23:08 | 000,717,824 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013/01/09 19:23:08 | 000,599,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\vbscript.dll [2013/01/09 19:22:49 | 000,367,616 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysNative\atmfd.dll [2013/01/09 19:22:49 | 000,295,424 | ---- | C] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\atmfd.dll [2013/01/09 19:22:49 | 000,046,080 | ---- | C] (Adobe Systems) -- C:\Windows\SysNative\atmlib.dll [2013/01/09 19:22:49 | 000,034,304 | ---- | C] (Adobe Systems) -- C:\Windows\SysWow64\atmlib.dll [2013/01/09 17:11:05 | 000,478,208 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\dpnet.dll [2013/01/09 17:11:04 | 000,376,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\dpnet.dll [2013/01/09 17:10:23 | 001,161,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\kernel32.dll [2013/01/09 17:10:23 | 000,424,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\KernelBase.dll [2013/01/09 17:10:23 | 000,338,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\conhost.exe [2013/01/09 17:10:23 | 000,215,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\winsrv.dll [2013/01/09 17:10:22 | 000,362,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64win.dll [2013/01/09 17:10:22 | 000,243,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64.dll [2013/01/09 17:10:22 | 000,025,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\setup16.exe [2013/01/09 17:10:22 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ntvdm64.dll [2013/01/09 17:10:22 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ntvdm64.dll [2013/01/09 17:10:22 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wow64cpu.dll [2013/01/09 17:10:22 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wow32.dll [2013/01/09 17:10:21 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\instnm.exe [2013/01/09 17:10:21 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-security-base-l1-1-0.dll [2013/01/09 17:10:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-file-l1-1-0.dll [2013/01/09 17:10:21 | 000,005,120 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-file-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processthreads-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-sysinfo-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-synch-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 17:10:21 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localregistry-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-processenvironment-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-namedpipe-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-misc-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-memory-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-libraryloader-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-util-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-string-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-string-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-profile-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-io-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-io-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-interlocked-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-handle-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-fibers-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-errorhandling-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-delayload-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-debug-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 17:10:21 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-datetime-l1-1-0.dll [2013/01/09 17:10:20 | 000,006,144 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-security-base-l1-1-0.dll [2013/01/09 17:10:20 | 000,004,608 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-threadpool-l1-1-0.dll [2013/01/09 17:10:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 17:10:20 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-localization-l1-1-0.dll [2013/01/09 17:10:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-xstate-l1-1-0.dll [2013/01/09 17:10:20 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll [2013/01/09 17:10:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-util-l1-1-0.dll [2013/01/09 17:10:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\api-ms-win-core-console-l1-1-0.dll [2013/01/09 17:10:20 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\SysNative\api-ms-win-core-console-l1-1-0.dll [2013/01/09 17:10:19 | 000,002,048 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\user.exe [2013/01/09 17:09:54 | 000,750,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013/01/09 17:09:54 | 000,492,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\win32spl.dll [2013/01/09 17:09:39 | 000,307,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncrypt.dll [2013/01/09 17:09:18 | 000,068,608 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskhost.exe [2012/08/09 15:35:18 | 1995,061,264 | ---- | C] (IGG,Inc. ) -- C:\Program Files\vc_setup_0.99.exe ========== Files - Modified Within 30 Days ========== [2013/01/28 16:58:40 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013/01/28 16:58:40 | 000,009,888 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013/01/28 16:52:35 | 000,001,100 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013/01/28 16:50:57 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013/01/28 16:50:50 | 3220,676,608 | -HS- | M] () -- C:\hiberfil.sys [2013/01/28 16:31:00 | 000,001,104 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013/01/28 16:25:01 | 000,580,235 | ---- | M] () -- C:\Users\Udo\Desktop\adwcleaner.exe [2013/01/28 16:25:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013/01/28 12:30:18 | 001,500,254 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013/01/28 12:30:18 | 000,654,594 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013/01/28 12:30:18 | 000,616,476 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013/01/28 12:30:18 | 000,130,208 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013/01/28 12:30:18 | 000,106,598 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013/01/28 12:21:11 | 002,213,976 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Udo\Desktop\tdsskiller.exe [2013/01/28 09:22:33 | 005,028,179 | R--- | M] (Swearware) -- C:\Users\Udo\Desktop\ComboFix.exe [2013/01/25 15:42:38 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Users\Udo\Desktop\aswMBR.exe [2013/01/25 15:40:21 | 000,365,568 | ---- | M] () -- C:\Users\Udo\Desktop\gmer-2.0.18444.exe [2013/01/24 17:19:13 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Udo\Desktop\OTL.exe [2013/01/24 14:27:42 | 000,292,872 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013/01/17 17:25:38 | 000,697,864 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013/01/17 17:25:38 | 000,074,248 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013/01/09 16:57:54 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013/01/09 16:57:54 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys ========== Files Created - No Company Name ========== [2013/01/28 16:24:55 | 000,580,235 | ---- | C] () -- C:\Users\Udo\Desktop\adwcleaner.exe [2013/01/28 09:24:18 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013/01/28 09:24:18 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013/01/28 09:24:18 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013/01/28 09:24:18 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013/01/28 09:24:18 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013/01/25 15:40:19 | 000,365,568 | ---- | C] () -- C:\Users\Udo\Desktop\gmer-2.0.18444.exe [2013/01/17 17:19:15 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2012/02/10 10:48:38 | 001,526,060 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI ========== ZeroAccess Check ========== [2009/07/14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012/06/09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012/06/09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009/07/14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010/11/20 13:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009/07/14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Code:
ATTFilter OTL Extras logfile created on: 1/28/2013 4:57:24 PM - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Udo\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000409 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
4.00 Gb Total Physical Memory | 2.60 Gb Available Physical Memory | 64.90% Memory free
8.00 Gb Paging File | 6.52 Gb Available in Paging File | 81.57% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 900.41 Gb Total Space | 822.27 Gb Free Space | 91.32% Space Free | Partition Type: NTFS
Drive D: | 30.00 Gb Total Space | 5.78 Gb Free Space | 19.27% Space Free | Partition Type: NTFS
Computer Name: UDO-PC | User Name: Udo | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-2226419558-887761062-1785046523-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{07259244-151C-49E8-AD13-D29865E5480C}" = rport=445 | protocol=6 | dir=out | app=system |
"{14F10176-F3D9-4F8A-AC09-BF0FE0EED2BC}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{1EE770F1-B131-4664-959D-A51F50E89D13}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{29F70549-BD28-4CAC-85F5-1738FDBAC0D0}" = rport=138 | protocol=17 | dir=out | app=system |
"{2C2D4EEC-E4E3-44E3-BDD6-F79D091F7E04}" = lport=2869 | protocol=6 | dir=in | app=system |
"{306DEC72-30B9-4B46-AD52-26E72B61B237}" = lport=445 | protocol=6 | dir=in | app=system |
"{37AE4CBA-967F-4883-9AF0-319B788B7EDE}" = lport=137 | protocol=17 | dir=in | app=system |
"{3DE02BA8-1606-499B-9D1B-9FDCEA88F933}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=svchost.exe |
"{41E700B1-6A39-4E82-AF0C-0630958B41FE}" = rport=10243 | protocol=6 | dir=out | app=system |
"{465BFE48-FF7D-4F26-ACA8-91987DAD6BAF}" = lport=10243 | protocol=6 | dir=in | app=system |
"{646D6271-7B7B-4060-BC9C-AFEAFA6D1CD2}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{725D7D74-2D83-444F-ABD0-7E13870AD695}" = lport=2869 | protocol=6 | dir=in | app=system |
"{7A7691F6-AF7F-4E4B-85E9-A27088BB83AF}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{7A94FA96-9ED8-4291-A8B5-E0FFA0DA318C}" = lport=138 | protocol=17 | dir=in | app=system |
"{7D3C243E-E903-4DDD-AAA2-AFF84436760A}" = rport=137 | protocol=17 | dir=out | app=system |
"{8846701D-8FE9-48C8-ACB7-665E27780A74}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{9E2E413A-90F4-49F7-B183-BCDB28E76902}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{B3EA60B4-13FC-43E2-9DC1-FAEDD798BF91}" = lport=139 | protocol=6 | dir=in | app=system |
"{C14F1988-11DC-448F-8322-880287353FB0}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{C8C2961C-DC9C-479D-9661-D052CC533703}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{CD50EE1F-241B-4580-82EC-3A3DFFD6F9FC}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D23FB340-469B-4DE8-BB05-52551ED6916A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{D53D12E7-F015-4323-8DE4-A6EEE878995F}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{DAE79156-38F4-4EB6-943F-AB017855F938}" = rport=139 | protocol=6 | dir=out | app=system |
"{F1AA42CC-93B7-4355-958B-BF97D7940818}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{05931155-87AF-4D84-B00D-F4EE73A5BE70}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{05DB1B63-8BE9-49F4-A48F-7AE145CF8ADC}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{07834901-74A1-4EB6-9989-D1CB4C201882}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1E330A9D-96F9-4B22-AE06-38094689C3D2}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1EDF39BF-3DAB-479A-AF2D-88F7D83236A5}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{2FC642C6-5ED2-4B22-BF85-D0269EA12342}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{40AA82EA-5804-49F9-9619-DEF3D78F3241}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{4121B883-F26F-447B-8472-16C4F4A9BD4A}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{426E1418-5A5C-42D9-A4AB-FA06FCAA62EF}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{59AD39D3-60C3-4045-9B84-4917A5E7D1FB}" = dir=in | app=c:\program files (x86)\windows live\messenger\wlcsdk.exe |
"{6625D360-BCC2-434C-9BDD-AAD6056950B8}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{78DFF8E6-3653-44B4-B609-8F53E5DED20B}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{843F8735-86F9-4E2D-BF56-5D2058E1A5F4}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{85F56FE6-D9F8-440E-BDB6-09089CAF3193}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{ABB99D85-6046-444F-A74E-6D86057AA497}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{AE170259-8522-422E-98E2-D3AC7DF16240}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{B095E400-96A3-4D47-B376-81EBC6A4970B}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{C9A6023E-2A61-47C4-A653-BB0BD297380C}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{CC618074-2B13-480C-BB7B-9C37182248F1}" = dir=in | app=c:\program files (x86)\windows live\messenger\msnmsgr.exe |
"{CD61E1E6-70AB-4D36-BE79-39A282C63F06}" = dir=in | app=c:\program files (x86)\windows live\sync\windowslivesync.exe |
"{D4906808-FE94-490B-9F5D-535A2D875809}" = protocol=6 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{D87C1F91-D082-4E57-AD49-3AF0E36F814B}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{E9963566-B008-42FE-BD86-6186E6EE742E}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F20658D8-43B2-43F8-8257-EA6D39D61429}" = dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{F408BEDD-823F-4F4D-9F14-8CF1BFD369D0}" = protocol=17 | dir=in | app=c:\program files (x86)\pando networks\media booster\pmb.exe |
"{FC970ADA-3E79-487A-8161-CBE5E4E521C4}" = protocol=6 | dir=out | app=system |
"{FEB36418-2751-47AA-A7EB-5C03E2ECD00C}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{00AFEB29-BB0C-4CD9-B024-40F4FE25350E}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=6 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"TCP Query User{845B43DB-31D7-4E6F-AEE4-1A0430605184}C:\games\world_of_tanks\wotlauncher.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"TCP Query User{9F4D68A3-47C8-4598-9BFF-7DDF20964DFB}C:\games\world_of_tanks\worldoftanks.exe" = protocol=6 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
"UDP Query User{4D500A4F-48D2-4F0E-B284-792F0A54818F}C:\games\world_of_tanks\wotlauncher.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\wotlauncher.exe |
"UDP Query User{9C48B44D-C3CF-45A7-821F-FF4014276CAF}C:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe" = protocol=17 | dir=in | app=c:\program files (x86)\gomez\gomezpeer\agents\gozilla\runtime\gozilla.exe |
"UDP Query User{B019A4C3-B4FC-4938-BD80-9495B87CA554}C:\games\world_of_tanks\worldoftanks.exe" = protocol=17 | dir=in | app=c:\games\world_of_tanks\worldoftanks.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{4140EA03-7C3F-063D-B437-ADE98B912CF9}" = ATI Catalyst Install Manager
"{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148
"{584337C8-6ACB-86E1-C148-B45D2984278C}" = ccc-utility64
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{8220EEFE-38CD-377E-8595-13398D740ACE}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
"{8338783A-0968-3B85-AFC7-BAAE0A63DC50}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570
"{90140000-006D-0407-1000-0000000FF1CE}" = Microsoft Office Klick-und-Los 2010
"{95120000-00B9-0409-1000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1E85B9A-AFAD-4D38-AF01-6B020DD5213A}" = Logitech GamePanel Software 3.06.109
"{B6E3757B-5E77-3915-866A-CCFC4B8D194C}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x64 8.0.50727.4053
"{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}" = PlayReady PC Runtime amd64
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"NVIDIA Drivers" = NVIDIA Drivers
"TeamSpeak 3 Client" = TeamSpeak 3 Client
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{093561FF-BC54-CD42-77BD-4885F16C60B7}" = CCC Help Danish
"{0EFDE8F4-691D-4CB0-B4C1-0BD63B0907FF}" = IncrediMail
"{1111706F-666A-4037-7777-211328764D10}" = JavaFX 2.1.1
"{1650594B-3979-48DB-B8F2-4634CAA872A3}_is1" = Bounty Bay Online
"{17D39326-BF2B-FCE9-DE84-58EE76F945CD}" = CCC Help French
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1EAC1D02-C6AC-4FA6-9A44-96258C37C812}_is1" = World of Tanks v.0.6.7
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83217007FF}" = Java 7 Update 9
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{32364CEA-7855-4A3C-B674-53D8E9B97936}" = TuneUp Utilities 2012
"{3F7A9E82-5A85-4119-A8A5-7D840A0F76DC}" = Photo Notifier and Animation Creator
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"{4286716B-1287-48E7-9078-3DC8248DBA96}" = OpenOffice.org 3.3
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A4940D6-418E-867B-F214-2B0C58E7961D}" = CCC Help Swedish
"{52B97218-98CB-4B8B-9283-D213C85E1AA4}" = Windows Live Anmelde-Assistent
"{586509F0-350D-48B5-B763-9CC2F8D96C4C}" = Windows Live Sync
"{701BDB1B-8D00-8C67-6F64-BDD3B58EC827}" = CCC Help Norwegian
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{850C7BD3-9F3F-46AD-9396-E7985B38C55E}" = Windows Live Fotogalerie
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90140011-0066-0407-0000-0000000FF1CE}" = Microsoft Office Starter 2010 - Deutsch
"{95140000-0070-0000-0000-0000000FF1CE}" = Microsoft Office 2010
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A7496F46-78AE-4DB2-BCF5-95F210FA6F96}" = Windows Live Movie Maker
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{AED2DD42-9853-407E-A6BC-8A1D6B715909}" = Windows Live Messenger
"{B355AD55-ED88-4A46-015D-51AAD00EB57D}" = CCC Help Japanese
"{B95FB6E3-8373-52BC-C824-8DDB1D6DD049}" = CCC Help Dutch
"{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU]
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{C09C15F5-DDB7-3820-CF1A-798051174EC7}" = CCC Help Italian
"{C2214950-8342-4878-1286-31D0F07FDC34}" = Catalyst Control Center Localization All
"{C39F6C00-142E-48AC-633F-15E6AA7E24D8}" = Catalyst Control Center Graphics Previews Vista
"{C47D990B-5D5C-B6A6-A04D-676379D39170}" = CCC Help English
"{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail
"{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"{C7105B49-9E6E-C93C-74E6-858B0863F604}" = Catalyst Control Center InstallProxy
"{CAFA57E8-8927-4912-AFCF-B0AA3837E989}" = Windows Live Essentials
"{CE026CFE-73FE-4FED-9D5F-2C8D4DB512B0}" = TuneUp Utilities Language Pack (de-DE)
"{D2041A37-5FEC-49F0-AE5C-3F2FFDFAA4F4}" = Windows Live Call
"{D7C7EA35-4C51-F874-3AB7-95DC40DDA494}" = CCC Help German
"{D81845B4-5239-AD56-39A5-9FCFE528330F}" = ccc-core-static
"{DFD284CD-501F-B36C-67D9-05D4D7D590AB}" = CCC Help Spanish
"{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer
"{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"{EAC1A606-1D31-AC37-90DD-5684A6E7D2E8}" = CCC Help Finnish
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6A6DFF9-F71C-4BA6-B437-F18872866D3D}" = Bing Bar
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"AviraSpeedup" = Avira System Speedup
"G15_TeamSpeak" = G15_TeamSpeak (NSIS)
"GomezPEER" = GomezPEER
"IncrediMail" = IncrediMail 2.0
"InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go
"InstallShield_{AB770FDE-8087-4C98-9A85-BD64262C104C}" = Medion Home Cinema
"InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint
"InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Office14.Click2Run" = Microsoft Office Klick-und-Los 2010
"Photo Notifier and Animation Creator" = Photo Notifier and Animation Creator
"Teamspeak 2 RC2_is1" = TeamSpeak 2 RC2
"TuneUp Utilities 2012" = TuneUp Utilities 2012
"Voyage Century Online_is1" = Voyage Century Online
"WinLiveSuite_Wave3" = Windows Live Essentials
"X10Hardware" = X10 Hardware(TM)
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 1/24/2013 5:19:05 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/24/2013 5:19:36 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 1/24/2013 5:27:52 AM | Computer Name = Udo-PC | Source = System Restore | ID = 8206
Description =
Error - 1/25/2013 4:17:33 AM | Computer Name = Udo-PC | Source = CVHSVC | ID = 100
Description = Nur zur Information. Die Aktion kann nicht abgeschlossen werden. Versuchen
Sie es erneut. Wenden Sie sich bei Fortbestehen des Problems an den Microsoft-Produktsupport.
Error - 1/25/2013 6:43:59 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/25/2013 6:45:34 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 1/28/2013 5:02:04 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\Program Files
(x86)\Common Files\Adobe AIR\Versions\1.0\Adobe AIR.dll". Fehler in Manifest- oder
Richtliniendatei "c:\Program Files (x86)\Common Files\Adobe AIR\Versions\1.0\Adobe
AIR.dll" in Zeile 3. Der Wert "MAJOR_VERSION.MINOR_VERSION.BUILD_NUMBER_MAJOR.BUILD_NUMBER_MINOR"
des "version"-Attributs im assemblyIdentity-Element ist ungültig.
Error - 1/28/2013 5:02:15 AM | Computer Name = Udo-PC | Source = SideBySide | ID = 16842787
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files
(x86)\windows live\photo gallery\MovieMaker.Exe". Fehler in Manifest- oder Richtliniendatei
"c:\program files (x86)\windows live\photo gallery\WLMFDS.DLL" in Zeile 8. Die
im Manifest gefundene Komponenten-ID stimmt nicht mit der ID der angeforderten Komponente
überein. Verweis: WLMFDS,processorArchitecture="AMD64",type="win32",version="1.0.0.1".
Definition:
WLMFDS,processorArchitecture="x86",type="win32",version="1.0.0.1". Verwenden Sie
das Programm "sxstrace.exe" für eine detaillierte Diagnose.
Error - 1/28/2013 7:27:49 AM | Computer Name = Udo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.3.9.5233, Zeitstempel:
0x5016b829 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e0037 ID des fehlerhaften Prozesses:
0xfac Startzeit der fehlerhaften Anwendung: 0x01cdfd4a58ca69c0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: bebc7ed0-693d-11e2-bfa6-406186f2cb54
Error - 1/28/2013 11:54:06 AM | Computer Name = Udo-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: ImApp.exe, Version: 6.3.9.5233, Zeitstempel:
0x5016b829 Name des fehlerhaften Moduls: unknown, Version: 0.0.0.0, Zeitstempel:
0x00000000 Ausnahmecode: 0xc0000005 Fehleroffset: 0x002e0034 ID des fehlerhaften Prozesses:
0x119c Startzeit der fehlerhaften Anwendung: 0x01cdfd6f911322c0 Pfad der fehlerhaften
Anwendung: C:\Program Files (x86)\IncrediMail\Bin\ImApp.exe Pfad des fehlerhaften
Moduls: unknown Berichtskennung: f14d2320-6962-11e2-951a-406186f2cb54
[ System Events ]
Error - 1/25/2013 6:02:10 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:02:10 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:07:10 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:07:10 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:07:10 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:09:16 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:09:16 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/25/2013 6:09:16 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7001
Description = Der Dienst "Computerbrowser" ist vom Dienst "Server" abhängig, der
aufgrund folgenden Fehlers nicht gestartet wurde: %%1068
Error - 1/28/2013 4:31:30 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
Error - 1/28/2013 4:33:25 AM | Computer Name = Udo-PC | Source = Service Control Manager | ID = 7030
Description = Der Dienst "PEVSystemStart" ist als interaktiver Dienst gekennzeichnet.
Das System wurde jedoch so konfiguriert, dass interaktive Dienste nicht möglich
sind. Der Dienst wird möglicherweise nicht richtig funktionieren.
< End of report >
|
|
28.01.2013, 17:11
| #30 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | SOS die GVU hat zugeschlagen Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu SOS die GVU hat zugeschlagen |
| angebliche, angeblichen, besuch, besucher, eigendlich, garnicht, gesperrt, liebe, lieben, lustig, morgen, natürlich, pc ist gesperrt, problem, verliere, verlieren, würde |
Linear-Darstellung
