| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: fb downloader search geht nicht mehr wegWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
04.02.2013, 10:31
| #1 |
 |  fb downloader search geht nicht mehr weg hallo hilfreiches trojaner-board-team bei mir hat sich der "fb downloader search" festgesetzt. mein freund hatte etwas über softonic geladen. hab es leider nicht mitbekommen, jetzt hab ich den salat. habe gelesen das viele solch ein problem haben und es für jeden eine individuelle lösung gibt. also jedes mal wenn ich firefox starte wird statt meiner startseite "fb downloader search" angezeigt das deinstallieren hat nichts gebracht. firefox Neuinstallation hat nix gebracht ich hoffe ihr könnt mir helfen.  |
|
04.02.2013, 10:37
| #2 |
| /// Malware-holic   | fb downloader search geht nicht mehr weg hi
__________________warum muss man dienste wie softonic nutzen? die hersteller haben doch eigene Download Angebote... Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
04.02.2013, 11:03
| #3 |
| | fb downloader search geht nicht mehr weg ja ich weiss das, er nicht -.-
__________________-OTL.txt-OTL Logfile: Code:
ATTFilter OTL logfile created on: 04.02.2013 10:48:38 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sandra\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 68,46% Memory free 7,73 Gb Paging File | 6,35 Gb Available in Paging File | 82,13% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 931,41 Gb Total Space | 641,54 Gb Free Space | 68,88% Space Free | Partition Type: NTFS Drive E: | 931,51 Gb Total Space | 48,32 Gb Free Space | 5,19% Space Free | Partition Type: NTFS Drive H: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.04 10:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe PRC - [2013.01.11 06:42:22 | 000,100,864 | ---- | M] (Freemake) -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe PRC - [2013.01.07 12:03:32 | 000,446,648 | ---- | M] (Sony) -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe PRC - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2012.12.11 03:52:44 | 003,147,384 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgui.exe PRC - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe PRC - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe PRC - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe PRC - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe PRC - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe PRC - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe PRC - [2009.09.30 20:01:32 | 002,320,920 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.09.30 20:01:30 | 000,268,824 | R--- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2003.06.28 22:55:36 | 000,208,896 | ---- | M] (ACD Systems, Ltd.) -- C:\Program Files (x86)\ACD Systems\DevDetect\DevDetect.exe ========== Modules (No Company Name) ========== MOD - [2012.11.27 15:13:40 | 000,585,728 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PhoneUpdate.dll MOD - [2012.11.07 16:25:36 | 000,204,288 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\MExplorer.dll MOD - [2012.04.30 10:57:42 | 000,067,072 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanionInfo.exe MOD - [2012.04.30 10:57:42 | 000,039,936 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\TMonitorAPI.dll MOD - [2011.07.07 14:54:36 | 000,233,984 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\Report.dll MOD - [2010.01.11 15:44:54 | 000,053,248 | ---- | M] () -- C:\Program Files (x86)\Sony\Sony PC Companion\VObject.dll ========== Services (SafeList) ========== SRV - [2013.01.16 21:09:27 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.01.11 06:42:22 | 000,100,864 | ---- | M] (Freemake) [Auto | Running] -- C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe -- (Freemake Improver) SRV - [2012.12.18 20:08:28 | 000,065,192 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2012.12.10 11:11:44 | 001,342,024 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgfws.exe -- (avgfws) SRV - [2012.11.15 23:34:30 | 005,814,904 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe -- (AVGIDSAgent) SRV - [2012.10.22 13:05:08 | 000,196,664 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe -- (avgwd) SRV - [2012.10.02 23:21:00 | 001,258,856 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe -- (nvUpdatusService) SRV - [2012.10.02 13:15:38 | 000,382,824 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe -- (Stereo Service) SRV - [2012.01.18 13:38:28 | 000,155,320 | ---- | M] (Avanquest Software) [On_Demand | Stopped] -- C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe -- (Sony PC Companion) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2009.09.30 20:01:32 | 002,320,920 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.09.30 20:01:30 | 000,268,824 | R--- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.09.20 11:55:20 | 001,037,824 | ---- | M] (Hewlett-Packard Co.) [Auto | Running] -- C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL -- (HPSLPSVC) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.01.26 14:23:23 | 000,283,200 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2012.11.15 23:33:24 | 000,111,968 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgmfx64.sys -- (Avgmfx64) DRV:64bit: - [2012.10.22 13:02:44 | 000,154,464 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgidsdrivera.sys -- (AVGIDSDriver) DRV:64bit: - [2012.10.15 03:48:50 | 000,063,328 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgidsha.sys -- (AVGIDSHA) DRV:64bit: - [2012.10.02 03:30:38 | 000,185,696 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgldx64.sys -- (Avgldx64) DRV:64bit: - [2012.09.21 03:46:04 | 000,200,032 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgtdia.sys -- (Avgtdia) DRV:64bit: - [2012.09.21 03:46:00 | 000,225,120 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\avgloga.sys -- (Avgloga) DRV:64bit: - [2012.09.14 03:05:18 | 000,040,800 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\Windows\SysNative\drivers\avgrkx64.sys -- (Avgrkx64) DRV:64bit: - [2012.09.04 10:39:32 | 000,050,296 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avgfwd6a.sys -- (Avgfwfd) DRV:64bit: - [2012.07.03 16:25:16 | 000,189,288 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2012.03.01 07:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 05:33:36 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 03:07:06 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2009.09.23 17:11:04 | 000,283,824 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.09.17 12:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = Google IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = Search the web IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = MSN Deutschland: Hotmail, Skype Download und Messenger sowie Nachrichten, Unterhaltung, Video, Sport, Lifestyle, Finanzen, Auto uvm. bei MSN IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 8D E5 0D 1E 39 E1 CD 01 [binary data] IE - HKCU\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Search" FF - prefs.js..browser.search.defaulturl: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - prefs.js..browser.search.selectedEngine: "Search" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21" FF - prefs.js..extensions.enabledAddons: %7B0b457cAA-602d-484a-8fe7-c1d894a011ba%7D:0.98.28 FF - prefs.js..extensions.enabledAddons: ich%40maltegoetz.de:1.4.6 FF - prefs.js..extensions.enabledAddons: facebookBlocker%40webgraph.com:1.2.4 FF - prefs.js..extensions.enabledAddons: adblockpopups%40jessehakanen.net:0.6 FF - prefs.js..extensions.enabledAddons: toolbar%40gmx.net:2.4 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.1 FF - prefs.js..keyword.URL: "hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=" FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_146.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_146.dll () FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.11.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVision: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\@nvidia.com/3DVisionStreaming: C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll (NVIDIA Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 12:01:56 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.02 10:52:24 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2012.12.24 12:01:56 | 000,000,000 | ---D | M] [2013.02.02 10:52:33 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Extensions [2013.02.02 11:54:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\rv7ycn0q.default\extensions [2013.02.02 10:58:45 | 000,000,000 | ---D | M] (FireShot) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba} [2013.02.02 10:58:45 | 000,000,000 | ---D | M] (ProxTube - Unblock YouTube) -- C:\Users\Sandra\AppData\Roaming\mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\ich@maltegoetz.de [2013.02.02 10:58:45 | 000,130,828 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\extensions\adblockpopups@jessehakanen.net.xpi [2013.02.02 10:56:08 | 000,123,385 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\extensions\elemhidehelper@adblockplus.org.xpi [2013.02.02 10:58:45 | 000,027,215 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\extensions\facebookBlocker@webgraph.com.xpi [2013.02.02 11:54:27 | 000,492,222 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\extensions\toolbar@gmx.net.xpi [2013.02.02 10:55:57 | 000,817,973 | ---- | M] () (No name found) -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2013.02.02 11:54:30 | 000,000,911 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\11-suche.xml [2013.02.02 11:54:30 | 000,002,273 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\englische-ergebnisse.xml [2013.02.02 11:54:30 | 000,010,563 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\gmx-suche.xml [2013.02.02 11:54:30 | 000,002,432 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\lastminute.xml [2013.02.03 15:28:37 | 000,002,412 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\search.xml [2013.02.02 11:54:30 | 000,005,545 | ---- | M] () -- C:\Users\Sandra\AppData\Roaming\mozilla\firefox\profiles\rv7ycn0q.default\searchplugins\webde-suche.xml [2013.02.02 10:52:24 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.01.16 21:10:14 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.01.17 01:11:04 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.01.17 01:11:04 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.01.17 01:11:04 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.12.23 22:03:51 | 000,002,046 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\fcmdSrchddr.xml [2013.01.17 01:11:04 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.01.17 01:11:04 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.01.17 01:11:04 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: http:\/\/wisersearch.com\/?channel=sfde300 CHR - default_search_provider: Search (Enabled) CHR - default_search_provider: search_url = http:\/\/wisersearch.com\/search.php?channel=sfde300&q={searchTerms} CHR - default_search_provider: suggest_url = null, CHR - Extension: SaveByclick = C:\Users\Sandra\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpcpcennplomaebhkmngbjbcnknlknfd\1\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [Camera Detector] C:\PROGRA~2\ACDSYS~1\DEVDET~1\DEVDET~1.EXE -autorun File not found O4 - HKCU..\Run: [DAEMON Tools Lite] C:\Program Files (x86)\DAEMON Tools Lite\DTLite.exe (DT Soft Ltd) O4 - HKCU..\Run: [SCheck] C:\Users\Sandra\AppData\Roaming\SCheck\SCheck.exe () O4 - HKCU..\Run: [Sony PC Companion] C:\Program Files (x86)\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - HKCU..\Run: [SSync] C:\Users\Sandra\AppData\Roaming\SSync\SSync.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft &Excel exportieren - res://C:\PROGRA~2\MICROS~1\OFFICE11\EXCEL.EXE/3000 File not found O9 - Extra Button: Recherchieren - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\OFFICE11\REFIEBAR.DLL (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{F557005D-0FBE-45A4-AA11-B897B06D8C59}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\10\OWC10.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18:64bit: - Protocol\Filter\text/xml - No CLSID value found O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2007.07.31 17:49:15 | 000,000,040 | R--- | M] () - H:\AutoRun.inf -- [ UDF ] O33 - MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\Shell - "" = AutoRun O33 - MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\Shell\AutoRun\command - "" = H:\Start.exe -- [2008.07.28 16:13:02 | 004,605,696 | R--- | M] (digital publishing AG) O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.04 10:45:21 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2013.02.03 20:59:28 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Malwarebytes [2013.02.03 20:59:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.02.02 10:52:29 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Mozilla [2013.02.02 10:52:26 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Maintenance Service [2013.02.02 09:46:11 | 000,000,000 | ---D | C] -- C:\_OTL [2013.02.01 09:38:20 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\apps [2013.02.01 09:37:39 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\228656-670537-whatsapp.apk [2013.02.01 09:11:19 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG [2013.01.30 18:20:22 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\sortierte [2013.01.30 12:52:33 | 000,000,000 | ---D | C] -- C:\ProgramData\TEMP [2013.01.29 19:16:37 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Convar [2013.01.29 19:16:37 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Convar [2013.01.29 19:09:17 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\ShadowExplorer.com - About [2013.01.29 18:44:55 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\SSync [2013.01.29 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\SCheck [2013.01.29 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\PiccShare [2013.01.29 18:44:54 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Common [2013.01.29 18:35:08 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Notepad++ [2013.01.29 15:03:12 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Recover [2013.01.27 22:32:34 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\Neuer Ordner [2013.01.27 22:08:47 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\ich [2013.01.26 14:24:07 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DAEMON Tools Lite [2013.01.26 14:23:23 | 000,283,200 | ---- | C] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.01.26 14:23:18 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite [2013.01.26 14:23:17 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\DAEMON Tools Lite [2013.01.26 14:22:05 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Lite [2013.01.26 14:14:33 | 000,000,000 | ---D | C] -- C:\ProgramData\DAEMON Tools Net [2013.01.26 13:57:46 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\ProtectDisc [2013.01.22 17:32:55 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\stellen [2013.01.21 17:10:39 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\PhotoScape [2013.01.21 17:10:36 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PhotoScape [2013.01.21 17:10:31 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PhotoScape [2013.01.20 11:37:53 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.01.17 08:25:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony [2013.01.17 08:25:12 | 000,000,000 | ---D | C] -- C:\ProgramData\Sony [2013.01.17 08:25:12 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sony [2013.01.16 10:13:54 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.01.16 10:13:39 | 000,000,000 | ---D | C] -- C:\JRT [2013.01.13 11:27:24 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\FireShot [2013.01.12 15:00:01 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\für schatz [2013.01.12 14:35:11 | 000,000,000 | ---D | C] -- C:\ProgramData\FLEXnet [2013.01.12 13:13:48 | 000,000,000 | ---D | C] -- C:\ProgramData\cerasus.media [2013.01.12 13:13:47 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\cerasus.media [2013.01.12 13:00:37 | 000,000,000 | ---D | C] -- C:\ProgramData\PDF Architect [2013.01.12 11:45:36 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake [2013.01.12 11:45:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Freemake [2013.01.12 11:40:22 | 000,000,000 | ---D | C] -- C:\Users\Sandra\AppData\Local\Freemake [2013.01.12 11:39:33 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Documents\Freemake [2013.01.12 11:39:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake [2013.01.12 11:39:30 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Freemake [2013.01.06 20:04:45 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\100_FUJI [2013.01.05 15:41:46 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Desktop\MUSIK [2013.01.05 12:10:26 | 000,000,000 | ---D | C] -- C:\Users\Sandra\Application Data [1 C:\Users\Sandra\Desktop\*.tmp files -> C:\Users\Sandra\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.04 10:45:21 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Sandra\Desktop\OTL.exe [2013.02.04 09:54:43 | 001,498,506 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.04 09:54:43 | 000,653,928 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.04 09:54:43 | 000,615,810 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.04 09:54:43 | 000,129,800 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.04 09:54:43 | 000,106,190 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.04 09:32:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:32:58 | 000,015,792 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.04 09:25:48 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.04 09:25:47 | 3113,558,016 | -HS- | M] () -- C:\hiberfil.sys [2013.02.01 09:11:19 | 000,000,981 | ---- | M] () -- C:\Users\Public\Desktop\AVG 2013.lnk [2013.01.28 21:02:10 | 000,814,615 | ---- | M] () -- C:\Users\Sandra\Desktop\DSC01150.JPG [2013.01.28 12:05:32 | 000,690,188 | ---- | M] () -- C:\Users\Sandra\Desktop\IMG_9414_0027.jpg [2013.01.27 13:26:36 | 000,004,096 | ---- | M] () -- C:\Users\Public\Documents\00000BAD.LCS [2013.01.26 14:24:35 | 000,001,950 | ---- | M] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.01.26 14:23:23 | 000,283,200 | ---- | M] (DT Soft Ltd) -- C:\Windows\SysNative\drivers\dtsoftbus01.sys [2013.01.21 17:12:20 | 000,072,125 | ---- | M] () -- C:\Users\Sandra\Desktop\kleid.jpg [2013.01.21 17:10:36 | 000,001,031 | ---- | M] () -- C:\Users\Sandra\Desktop\PhotoScape.lnk [2013.01.21 08:09:00 | 000,044,136 | ---- | M] () -- C:\Users\Sandra\AppData\Local\ext_piccshare_uninst.exe [2013.01.13 10:55:52 | 002,289,632 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.12 11:45:36 | 000,001,320 | ---- | M] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2013.01.08 14:59:21 | 000,005,120 | ---- | M] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [1 C:\Users\Sandra\Desktop\*.tmp files -> C:\Users\Sandra\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.02 10:52:27 | 000,001,159 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk [2013.01.28 21:04:24 | 000,814,615 | ---- | C] () -- C:\Users\Sandra\Desktop\DSC01150.JPG [2013.01.28 17:08:02 | 000,690,188 | ---- | C] () -- C:\Users\Sandra\Desktop\IMG_9414_0027.jpg [2013.01.26 14:24:34 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\DAEMON Tools Lite.lnk [2013.01.26 13:57:48 | 000,004,096 | ---- | C] () -- C:\Users\Public\Documents\00000BAD.LCS [2013.01.21 17:12:20 | 000,072,125 | ---- | C] () -- C:\Users\Sandra\Desktop\kleid.jpg [2013.01.21 17:10:36 | 000,001,031 | ---- | C] () -- C:\Users\Sandra\Desktop\PhotoScape.lnk [2013.01.21 08:09:00 | 000,044,136 | ---- | C] () -- C:\Users\Sandra\AppData\Local\ext_piccshare_uninst.exe [2013.01.12 11:39:32 | 000,001,320 | ---- | C] () -- C:\Users\Public\Desktop\Freemake Video Converter.lnk [2013.01.04 10:56:41 | 000,000,400 | ---- | C] () -- C:\Windows\ODBC.INI [2013.01.03 15:57:04 | 000,005,120 | ---- | C] () -- C:\Users\Sandra\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2012.12.27 14:54:55 | 000,034,308 | ---- | C] () -- C:\Windows\SysWow64\BASSMOD.dll [2012.12.24 11:58:55 | 000,245,261 | ---- | C] () -- C:\Windows\hpoins19.dat [2012.12.24 11:58:55 | 000,013,898 | ---- | C] () -- C:\Windows\hpomdl19.dat ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 04:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2013.02.03 20:24:20 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ACD Systems [2013.01.04 11:13:53 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\APP_NAME_NON_STRING [2012.12.29 10:17:29 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\AVG2013 [2013.01.12 13:15:03 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\cerasus.media [2013.01.29 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Common [2013.01.26 14:25:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\DAEMON Tools Lite [2013.01.13 11:27:24 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\FireShot [2013.02.02 09:20:55 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\Notepad++ [2012.12.27 15:21:09 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\OpenOffice.org [2013.01.04 11:20:22 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PDF Architect [2013.01.21 17:12:26 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PhotoScape [2013.01.29 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\PiccShare [2013.01.26 13:57:46 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ProtectDisc [2013.01.29 18:44:54 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SCheck [2013.01.29 18:44:55 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\SSync [2012.12.29 10:10:06 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\TuneUp Software [2013.01.29 19:09:17 | 000,000,000 | ---D | M] -- C:\Users\Sandra\AppData\Roaming\ShadowExplorer.com - About ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.12.29 10:09:35 | 000,000,000 | -H-D | M] -- C:\$AVG [2012.12.13 12:43:41 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.02.02 09:27:06 | 000,000,000 | -H-D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2012.12.13 12:43:23 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.12.13 14:43:36 | 000,000,000 | ---D | M] -- C:\Intel [2013.01.16 10:13:39 | 000,000,000 | ---D | M] -- C:\JRT [2012.12.13 15:17:28 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.12.13 14:36:17 | 000,000,000 | ---D | M] -- C:\OEM [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2013.02.02 09:21:47 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.03 21:44:39 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.03 20:59:07 | 000,000,000 | -H-D | M] -- C:\ProgramData [2012.12.13 12:43:23 | 000,000,000 | -HSD | M] -- C:\Programme [2012.12.13 12:43:23 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.04 10:50:01 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2012.12.13 15:19:02 | 000,000,000 | R--D | M] -- C:\Users [2013.01.26 14:18:44 | 000,000,000 | ---D | M] -- C:\Windows [2013.02.02 09:46:11 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > [2013.01.21 08:09:00 | 000,044,136 | ---- | M] () -- C:\Users\Sandra\AppData\Local\ext_piccshare_uninst.exe < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 04:16:54 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,016,758 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 04:17:10 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.20 05:24:46 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 05:33:40 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 05:27:24 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 04:20:30 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 05:33:50 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 04:21:06 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 05:27:26 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 04:08:58 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 05:27:28 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 04:17:50 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 05:25:26 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 05:25:32 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2013.02.04 10:49:45 | 002,097,152 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT [2013.02.04 10:49:45 | 000,262,144 | -HS- | M] () -- C:\Users\Sandra\ntuser.dat.LOG1 [2012.12.13 12:43:32 | 000,000,000 | -HS- | M] () -- C:\Users\Sandra\ntuser.dat.LOG2 [2012.12.13 14:46:56 | 000,065,536 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.12.13 14:46:56 | 000,524,288 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.12.13 14:46:56 | 000,524,288 | -HS- | M] () -- C:\Users\Sandra\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.12.13 12:43:32 | 000,000,020 | -HS- | M] () -- C:\Users\Sandra\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < End of report > -extra.txt-OTL EXTRAS Logfile: Code:
ATTFilter OTL Extras logfile created on: 04.02.2013 10:48:38 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Sandra\Desktop
64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
3,87 Gb Total Physical Memory | 2,65 Gb Available Physical Memory | 68,46% Memory free
7,73 Gb Paging File | 6,35 Gb Available in Paging File | 82,13% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 931,41 Gb Total Space | 641,54 Gb Free Space | 68,88% Space Free | Partition Type: NTFS
Drive E: | 931,51 Gb Total Space | 48,32 Gb Free Space | 5,19% Space Free | Partition Type: NTFS
Drive H: | 2,85 Gb Total Space | 0,00 Gb Free Space | 0,00% Space Free | Partition Type: UDF
Computer Name: SANDRA-PC | User Name: Sandra | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [ACDBrowse] -- "C:\Program Files (x86)\ACD Systems\ACDSee\5.0\ACDSee5.exe" "%1" (ACD Systems Ltd.)
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" (VideoLAN)
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" (VideoLAN)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = 28 4D B2 76 41 04 CA 01 [binary data]
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{09685801-F2ED-4A37-AC4C-DF8450C5F002}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{11D2A5B7-86F5-4026-B6F1-CA655ABD1082}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{2C474C30-D569-475F-9F4F-8CCD8FA35882}" = lport=445 | protocol=6 | dir=in | app=system |
"{324E4A9F-B067-4691-9425-DFD98A8DC9CF}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{4B9A0A8D-8563-4FD2-9A7E-5D2BEE46E06C}" = rport=445 | protocol=6 | dir=out | app=system |
"{4BA9E889-8292-4EE4-BACA-AD8500AD6232}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{4EA07D21-3F24-4A53-ADFA-DB0E9DE496A2}" = lport=2869 | protocol=6 | dir=in | app=system |
"{55F424C7-A18F-4FF3-8EE6-DFA1441FDEFE}" = rport=138 | protocol=17 | dir=out | app=system |
"{617A489F-C53A-42A2-A6E9-78C9AFD6E3DE}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{641B87B9-CAAA-471E-BACE-3ABBF1339794}" = lport=137 | protocol=17 | dir=in | app=system |
"{717BDE84-24AE-4F58-9EFE-A0F5E9CB553B}" = rport=137 | protocol=17 | dir=out | app=system |
"{7432AA0F-778A-4A35-B181-EB40DD0179D2}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{74489A37-F698-4203-BA15-4878C97FBD39}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8747FF8C-AC71-4565-81F7-8D922DEA22CB}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{8818C13E-5DF3-4D96-A2FE-B570C7A0E04F}" = lport=139 | protocol=6 | dir=in | app=system |
"{CF9AFEF2-A7D8-41FD-A427-519256FAE6D0}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{D2B98CF8-D112-45B1-B6BF-BD4BB9C1C476}" = lport=10243 | protocol=6 | dir=in | app=system |
"{DAD897C6-ACAE-4539-A2EC-0E75D2BAE84A}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{DBFAE116-9D1B-4D11-9BD2-3B769F311C77}" = rport=10243 | protocol=6 | dir=out | app=system |
"{E7C0C23A-9DBD-4A76-8F35-FB62A120475A}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{E863437B-F890-4B3E-969D-4B100FDF46B5}" = lport=138 | protocol=17 | dir=in | app=system |
"{F6CF5D62-6141-404F-B459-C4E4316BEE6A}" = rport=139 | protocol=6 | dir=out | app=system |
"{FB5BA2C6-0E97-479C-B691-F86CDC1FB803}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{04790242-C8AB-403D-AC30-1AFD1AD146D9}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{058697FC-F807-493B-9EEB-9640800AB4B2}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{0F7699D2-C1EC-487F-843E-6E06054990DA}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{1667D0B0-0D2C-455F-A037-1C3246BA69CB}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{1825923B-9502-40B2-982D-65CDA9B75538}" = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{1D3A270F-8811-42C1-A24D-BFA5D263DEE2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpzwiz01.exe |
"{1DAA3C73-3230-4342-A9C4-E7F38F4DAAB9}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{1FFED65C-C503-4470-99B6-0AF40CFB7B35}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{25512715-62B0-424C-B72B-82C9EDB60D8E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgh.exe |
"{28822242-9D5A-4415-870B-0BE5D59B24F8}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqtra08.exe |
"{2E075C94-1F87-4A9F-A14D-367BFA0587FD}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{334567F3-3635-4289-8CAD-A3A0A9E7A6F7}" = protocol=6 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{4AFD26F3-4DE7-485C-A984-648D04A97081}" = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{4CC3123E-657B-4AFC-8407-F99B89EF9960}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqusgm.exe |
"{4CD6D6EE-8D4F-40BC-B1CA-C927CEF66DF2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxs08.exe |
"{4E2AAD6E-9F86-43A0-B2D6-90EF1A3CCF17}" = protocol=17 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{50B9C537-E06A-4E6C-8C94-E4697624A20F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
"{52CFF323-F9E1-4080-8E78-7B6B4897E9D1}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposfx08.exe |
"{5795B6FE-1E61-45C6-BDCC-A813B8ADAA67}" = protocol=6 | dir=in | app=c:\program files (x86)\sweetim\communicator\sweetpacksupdatemanager.exe |
"{62B1FBCF-73D2-4B06-9D7D-3FBB21BC7621}" = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
"{66FE176B-0CF2-4C4C-907B-B2B6B6892352}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{675366EE-A29C-4E83-8394-5C770E161696}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{67F62910-334A-4E59-BA5A-0354DF018D4C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hposid01.exe |
"{6A2FC205-C947-4F57-9049-21657DA6B9DF}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqfxt08.exe |
"{6B5CDCFD-5028-42FC-94DC-2CB44886814B}" = protocol=17 | dir=in | app=c:\windows\syswow64\msiexec.exe |
"{6C546D69-51FD-4A13-846F-FA36C2080139}" = dir=in | app=c:\program files (x86)\hp\digital imaging\smart web printing\smartwebprintexe.exe |
"{6D5EE106-643E-4BAE-857B-29E3B05E955A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqkygrp.exe |
"{6FF77410-0D84-4691-891E-0B9688EAD223}" = dir=in | app=c:\program files (x86)\hp\hp software update\hpwucli.exe |
"{72E7B9F6-9916-4087-9649-118B2D94F2A5}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqcopy2.exe |
"{7AFCA617-F46A-4372-9D21-F68B77A3C46D}" = dir=in | app=c:\program files (x86)\common files\hp\digital imaging\bin\hpqphotocrm.exe |
"{822AE4E1-B4D4-4925-8DFF-A5D31727D080}" = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{88AAB507-4766-4C56-9C48-4E6E8C2E360E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpiscnapp.exe |
"{8FC11FCD-9347-474C-8BAB-6B6C51BE1B33}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpoews01.exe |
"{921C308A-A6EC-4F8E-8F45-E6C6DB1E409F}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
"{938D990B-0C0C-42C8-BCFA-F3A5D92B26AC}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgplgtupl.exe |
"{961AB149-0145-4802-B682-B2DCC6AE2E4A}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{9D55D918-5B24-47BB-8C81-F93F03C98425}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{A3743E44-DBFF-4D78-95AB-7462A60B3E06}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{AA99960E-B0C4-43EA-A71E-576FC746C7E6}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{B33FABCA-37F0-4FCC-A035-1E61999B6634}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
"{B5AE7E2A-0334-4DAE-951E-21C5371211C6}" = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
"{B68F49B0-837D-4E85-9C4A-ED1CD8F1841E}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqste08.exe |
"{B6A8D895-ED9D-49B1-9548-65178608C788}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{B8BBD494-F106-4750-ACE8-981968CE882A}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqsudi.exe |
"{BC0B0EEC-68B7-4EED-BDE6-CD46045E64DD}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{BDDE526B-C538-4B94-A7A9-FA11EA871CA7}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpfccopy.exe |
"{BE8DC128-D64C-4378-BA3E-E230E5F2CB8D}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BEFBE218-2785-4808-B2AC-7ECCD744C268}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpse.exe |
"{C5D07F48-FCED-4103-8D1D-929A7B28C427}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{C5D71222-3968-497E-BA60-78FEE59BDD01}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqpsapp.exe |
"{C7BC8087-A3D4-4C03-89B1-8BD9C02E9303}" = protocol=6 | dir=out | app=system |
"{CA3C9192-9229-492A-B047-0D185678E2A2}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqnrs08.exe |
"{D1E0D9D4-F6AD-4684-A00A-E036307AF06D}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpofxm08.exe |
"{D4633DA6-30F1-4A0B-951E-1ACC331845D3}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{F9E125B8-7D81-4FA8-B324-B2BE3A91ED2C}" = dir=in | app=c:\program files (x86)\hp\digital imaging\bin\hpqgpc01.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{058EB68D-8F07-4E07-BD3B-B97D18E092F0}" = AVG 2013
"{05EFBF37-0E52-4579-875C-7EEF0DFB4FCB}" = Network64
"{0E3DAF3D-FF69-345A-A99E-1FED304CA083}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"{21B133D6-5979-47F0-BE1C-F6A6B304693F}" = Visual Studio 2010 x64 Redistributables
"{502275B0-3DA3-44D8-8702-066525CAAE98}" = AVG 2013
"{55D55008-E5F6-47D6-B16F-B2A40D4D145F}" = 64 Bit HP CIO Components Installer
"{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}" = Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision" = NVIDIA 3D Vision Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Systemsteuerung 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Grafiktreiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB" = NVIDIA 3D Vision Controller-Treiber 306.97
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX" = NVIDIA PhysX-Systemsoftware 9.12.0604
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update" = NVIDIA Update 1.10.8
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver" = NVIDIA HD-Audiotreiber 1.3.18.0
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update" = NVIDIA Update Components
"{B61ED343-0B14-4241-999C-490CB1A20DA4}" = HP Photosmart Officejet and Deskjet All-In-One Driver Software 13.0 Rel. B
"{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4}" = Microsoft .NET Framework 4 Client Profile
"AVG" = AVG 2013
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Photosmart Essential" = HP Photosmart Essential 3.5
"HP Smart Web Printing" = HP Smart Web Printing 4.51
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"HPOCR" = OCR Software by I.R.I.S. 13.0
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"PROSet" = Intel(R) Network Connections Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"VLC media player" = VLC media player 2.0.4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D}" = PDFCreator
"{0EF5BEA9-B9D3-46d7-8958-FB69A0BAEACC}" = Status
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{104066F4-5897-4067-85D3-4C88B67CCF75}" = AIO_Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1EC71BFB-01A3-4239-B6AF-B1AE656B15C0}" = TrayApp
"{26A24AE4-039D-4CA4-87B4-2F83217009FF}" = Java 7 Update 11
"{2E87F4AB-99BF-421C-AF7B-365A9C08549A}" = F300
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{2FDD750F-49B7-40C1-9D5E-D2955BC0E2D8}" = NVIDIA PhysX
"{2FF8C687-DB7D-4adc-A5DC-57983EC25046}" = DeviceDiscovery
"{3C92B2E6-380D-4fef-B4DF-4A3B4B669771}" = Copy
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{440B915A-0C85-45DB-92AE-75AE14704A64}" = Fax
"{4908C75E-E5E2-43F7-B1DF-023CBA831031}" = Nero 7 Premium
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{4E7C28C7-D5DA-4E9F-A1CA-60490B54AE35}" = UnloadSupport
"{5E6D6161-5509-4f55-9372-1E01792F843A}" = F300_Help
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components
"{681B698F-C997-42C3-B184-B489C6CA24C9}" = HPPhotoSmartDiscLabelContent1
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{90110407-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9B362566-EC1B-4700-BB9C-EC661BDE2175}" = DocProc
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{9F6B13E2-B93F-4203-9BD4-5DC18C9F9DEB}" = AIO_CDB_Software
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.01) - Deutsch
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{CAE4213F-F797-439D-BD9E-79B71D115BE3}" = HPPhotoGadget
"{D79113E7-274C-470B-BD46-01B10219DF6A}" = HPPhotosmartEssential
"{DC635845-46D3-404B-BCB1-FC4A91091AFA}" = SmartWebPrinting
"{E7112940-5F8E-4918-B9FE-251F2F8DC81F}" = AIO_CDB_ProductContext
"{E71F9BC8-A396-4284-8A27-3FCB63147970}" = ACDSee for PENTAX
"{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.136
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F6AC5364-2FB7-437a-811A-D645F22AA6AC}" = F300Trb
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"DAEMON Tools Lite" = DAEMON Tools Lite
"Freemake Video Converter_is1" = Freemake Video Converter Version 3.2.1
"JDownloader" = JDownloader
"Mozilla Firefox 18.0.1 (x86 de)" = Mozilla Firefox 18.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"NVIDIAStereo" = NVIDIA Stereoscopic 3D Driver
"PhotoScape" = PhotoScape
"Sweetpacks Bundle Uninstaller" = Sweetpacks Bundle Uninstaller
"WinRAR archiver" = WinRAR
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 31.01.2013 04:52:38 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xdf4 Startzeit der fehlerhaften Anwendung: 0x01cdff9050a86b18 Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: 8fe76d65-6b83-11e2-943c-90fba62e9fbb
Error - 31.01.2013 04:52:38 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xe00 Startzeit der fehlerhaften Anwendung: 0x01cdff9050b1f099 Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: 8fe79475-6b83-11e2-943c-90fba62e9fbb
Error - 31.01.2013 07:08:35 | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.02.2013 04:04:14 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xe68 Startzeit der fehlerhaften Anwendung: 0x01ce0052b77189a6 Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: f797234d-6c45-11e2-8f06-90fba62e9fbb
Error - 01.02.2013 04:04:14 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xe60 Startzeit der fehlerhaften Anwendung: 0x01ce0052b77189a6 Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: f7974a5d-6c45-11e2-8f06-90fba62e9fbb
Error - 01.02.2013 04:52:28 | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_magic-partition-recovery.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 01.02.2013 04:52:28 | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_getdataback.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
Error - 02.02.2013 04:10:08 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xf20 Startzeit der fehlerhaften Anwendung: 0x01ce011cb61f809f Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: f4d1e2de-6d0f-11e2-a604-90fba62e9fbb
Error - 02.02.2013 04:10:08 | Computer Name = Sandra-PC | Source = Application Error | ID = 1000
Description = Name der fehlerhaften Anwendung: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Name des fehlerhaften Moduls: tbhcn.exe, Version: 1.0.0.5, Zeitstempel:
0x50f25761 Ausnahmecode: 0x40000015 Fehleroffset: 0x0007a2fd ID des fehlerhaften Prozesses:
0xf4c Startzeit der fehlerhaften Anwendung: 0x01ce011cb6244360 Pfad der fehlerhaften
Anwendung: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Pfad des fehlerhaften
Moduls: C:\ProgramData\GinyasBrowserCompanion\tbhcn.exe Berichtskennung: f4d209ee-6d0f-11e2-a604-90fba62e9fbb
Error - 02.02.2013 05:08:34 | Computer Name = Sandra-PC | Source = SideBySide | ID = 16842832
Description = Fehler beim Generieren des Aktivierungskontexts für "C:\Users\Sandra\Downloads\SoftonicDownloader_fuer_pandora-recovery.exe".
Fehler in Manifest- oder Richtliniendatei "" in Zeile . Eine für die Anwendung erforderliche
Komponentenversion steht in Konflikt mit einer anderen, bereits aktiven Komponentenversion.
In
Konflikt stehende Komponenten:. Komponente 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2.manifest.
Komponente
2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac.manifest.
[ System Events ]
Error - 04.02.2013 04:51:49 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:50 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:50 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:51 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:51 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:54 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:55 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:55 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:56 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
Error - 04.02.2013 04:51:56 | Computer Name = Sandra-PC | Source = Disk | ID = 262155
Description = Der Treiber hat einen Controllerfehler auf \Device\Harddisk3\DR3 gefunden.
< End of report >
|
|
04.02.2013, 11:59
| #4 |
| /// Malware-holic | fb downloader search geht nicht mehr weg hi dieses script sowie evtl. folgende scripts sind nur für den jeweiligen user. wenn ihr probleme habt, eröffnet eigene topics und wartet auf, für euch angepasste scripts. • Starte bitte die OTL.exe • Kopiere nun das Folgende in die Textbox. Code:
ATTFilter :OTL
O33 - MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\Shell - "" = AutoRun
O33 - MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\Shell\AutoRun\command - "" = H:\Start.exe -- [2008.07.28 16:13:02 | 004,605,696 | R--- | M] (digital
publishing AG)
:Files
:Commands
[EMPTYFLASH]
[emptytemp]
• Schliesse bitte nun alle Programme. • Klicke nun bitte auf den Fix Button. • OTL kann gegebenfalls einen Neustart verlangen. Bitte dies zulassen. • Nach dem Neustart findest Du ein Textdokument, dessen inhalt in deiner nächsten antwort hier reinkopieren.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 12:16
| #5 |
| | fb downloader search geht nicht mehr weg All processes killed ========== OTL ========== Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{cb1c823f-6794-11e2-ab47-90fba62e9fbb}\ not found. File move failed. H:\Start.exe scheduled to be moved on reboot. ========== COMMANDS ========== [EMPTYFLASH] User: All Users User: Default User: Default User User: Public User: Sandra ->Flash cache emptied: 5157 bytes User: UpdatusUser Total Flash Files Cleaned = 0,00 mb [EMPTYTEMP] User: All Users User: Default ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes User: Public User: Sandra ->Temp folder emptied: 3070547 bytes ->Temporary Internet Files folder emptied: 21799383 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 357645101 bytes ->Flash cache emptied: 0 bytes User: UpdatusUser ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes %systemroot%\System32 (64bit) .tmp files removed: 0 bytes %systemroot%\System32\drivers .tmp files removed: 0 bytes Windows Temp folder emptied: 52154 bytes %systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 0 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 365,00 mb OTL by OldTimer - Version 3.2.69.0 log created on 02042013_121151 Files\Folders moved on Reboot... File\Folder H:\Start.exe not found! C:\Users\Sandra\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully. PendingFileRenameOperations files... Registry entries deleted on Reboot... |
|
04.02.2013, 12:30
| #6 |
| /// Malware-holic | fb downloader search geht nicht mehr weg hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ --> fb downloader search geht nicht mehr weg |
|
04.02.2013, 12:42
| #7 |
| | fb downloader search geht nicht mehr weg 12:38:53.0684 3108 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 12:38:54.0224 3108 ============================================================ 12:38:54.0224 3108 Current date / time: 2013/02/04 12:38:54.0224 12:38:54.0224 3108 SystemInfo: 12:38:54.0224 3108 12:38:54.0224 3108 OS Version: 6.1.7601 ServicePack: 1.0 12:38:54.0224 3108 Product type: Workstation 12:38:54.0224 3108 ComputerName: SANDRA-PC 12:38:54.0224 3108 UserName: Sandra 12:38:54.0224 3108 Windows directory: C:\Windows 12:38:54.0224 3108 System windows directory: C:\Windows 12:38:54.0224 3108 Running under WOW64 12:38:54.0224 3108 Processor architecture: Intel x64 12:38:54.0224 3108 Number of processors: 4 12:38:54.0224 3108 Page size: 0x1000 12:38:54.0224 3108 Boot type: Normal boot 12:38:54.0224 3108 ============================================================ 12:38:55.0054 3108 Drive \Device\Harddisk0\DR0 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 12:38:55.0064 3108 Drive \Device\Harddisk1\DR1 - Size: 0xE8E0DB6000 (931.51 Gb), SectorSize: 0x200, Cylinders: 0x1DB01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W' 12:38:55.0084 3108 ============================================================ 12:38:55.0084 3108 \Device\Harddisk0\DR0: 12:38:55.0084 3108 MBR partitions: 12:38:55.0084 3108 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 12:38:55.0084 3108 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x746D3800 12:38:55.0084 3108 \Device\Harddisk1\DR1: 12:38:55.0094 3108 MBR partitions: 12:38:55.0094 3108 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x74705800 12:38:55.0094 3108 ============================================================ 12:38:55.0104 3108 C: <-> \Device\Harddisk0\DR0\Partition2 12:38:55.0134 3108 E: <-> \Device\Harddisk1\DR1\Partition1 12:38:55.0134 3108 ============================================================ 12:38:55.0134 3108 Initialize success 12:38:55.0134 3108 ============================================================ 12:39:30.0668 5628 ============================================================ 12:39:30.0668 5628 Scan started 12:39:30.0668 5628 Mode: Manual; SigCheck; TDLFS; 12:39:30.0668 5628 ============================================================ 12:39:31.0588 5628 ================ Scan system memory ======================== 12:39:31.0588 5628 System memory - ok 12:39:31.0588 5628 ================ Scan services ============================= 12:39:31.0748 5628 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 12:39:31.0818 5628 1394ohci - ok 12:39:32.0028 5628 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 12:39:32.0058 5628 ACPI - ok 12:39:32.0068 5628 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 12:39:32.0128 5628 AcpiPmi - ok 12:39:32.0238 5628 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 12:39:32.0268 5628 AdobeARMservice - ok 12:39:32.0298 5628 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 12:39:32.0318 5628 adp94xx - ok 12:39:32.0328 5628 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 12:39:32.0338 5628 adpahci - ok 12:39:32.0348 5628 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 12:39:32.0358 5628 adpu320 - ok 12:39:32.0378 5628 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 12:39:32.0508 5628 AeLookupSvc - ok 12:39:32.0548 5628 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 12:39:32.0578 5628 AFD - ok 12:39:32.0608 5628 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 12:39:32.0618 5628 agp440 - ok 12:39:32.0638 5628 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 12:39:32.0678 5628 ALG - ok 12:39:32.0698 5628 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 12:39:32.0708 5628 aliide - ok 12:39:32.0718 5628 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 12:39:32.0728 5628 amdide - ok 12:39:32.0758 5628 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 12:39:32.0798 5628 AmdK8 - ok 12:39:32.0798 5628 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 12:39:32.0828 5628 AmdPPM - ok 12:39:32.0858 5628 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 12:39:32.0868 5628 amdsata - ok 12:39:32.0888 5628 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 12:39:32.0898 5628 amdsbs - ok 12:39:32.0908 5628 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 12:39:32.0918 5628 amdxata - ok 12:39:32.0958 5628 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 12:39:33.0028 5628 AppID - ok 12:39:33.0048 5628 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 12:39:33.0168 5628 AppIDSvc - ok 12:39:33.0178 5628 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 12:39:33.0218 5628 Appinfo - ok 12:39:33.0248 5628 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 12:39:33.0268 5628 arc - ok 12:39:33.0308 5628 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 12:39:33.0318 5628 arcsas - ok 12:39:33.0338 5628 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 12:39:33.0388 5628 AsyncMac - ok 12:39:33.0408 5628 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 12:39:33.0418 5628 atapi - ok 12:39:33.0458 5628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 12:39:33.0508 5628 AudioEndpointBuilder - ok 12:39:33.0508 5628 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 12:39:33.0548 5628 AudioSrv - ok 12:39:33.0578 5628 [ 3D1FFAA3358CA0D8A298DEA8BECFC468 ] Avgfwfd C:\Windows\system32\DRIVERS\avgfwd6a.sys 12:39:33.0588 5628 Avgfwfd - ok 12:39:33.0658 5628 [ D0BE22C910E46550C6308D50DDA76B94 ] avgfws C:\Program Files (x86)\AVG\AVG2013\avgfws.exe 12:39:33.0708 5628 avgfws - ok 12:39:33.0828 5628 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe 12:39:33.0908 5628 AVGIDSAgent - ok 12:39:33.0958 5628 [ 388056EBD5FE6718FE669078DBE37897 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys 12:39:33.0968 5628 AVGIDSDriver - ok 12:39:33.0998 5628 [ 550E981747D6A6C55078C77346FFC2C6 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys 12:39:34.0008 5628 AVGIDSHA - ok 12:39:34.0038 5628 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys 12:39:34.0058 5628 Avgldx64 - ok 12:39:34.0098 5628 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys 12:39:34.0118 5628 Avgloga - ok 12:39:34.0118 5628 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys 12:39:34.0128 5628 Avgmfx64 - ok 12:39:34.0148 5628 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys 12:39:34.0158 5628 Avgrkx64 - ok 12:39:34.0168 5628 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys 12:39:34.0188 5628 Avgtdia - ok 12:39:34.0208 5628 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe 12:39:34.0218 5628 avgwd - ok 12:39:34.0248 5628 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 12:39:34.0298 5628 AxInstSV - ok 12:39:34.0328 5628 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 12:39:34.0358 5628 b06bdrv - ok 12:39:34.0378 5628 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 12:39:34.0418 5628 b57nd60a - ok 12:39:34.0458 5628 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 12:39:34.0488 5628 BDESVC - ok 12:39:34.0498 5628 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 12:39:34.0548 5628 Beep - ok 12:39:34.0588 5628 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 12:39:34.0638 5628 BFE - ok 12:39:34.0668 5628 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll 12:39:34.0728 5628 BITS - ok 12:39:34.0738 5628 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 12:39:34.0758 5628 blbdrive - ok 12:39:34.0778 5628 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 12:39:34.0808 5628 bowser - ok 12:39:34.0838 5628 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 12:39:34.0878 5628 BrFiltLo - ok 12:39:34.0888 5628 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 12:39:34.0918 5628 BrFiltUp - ok 12:39:34.0928 5628 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 12:39:34.0958 5628 Browser - ok 12:39:34.0968 5628 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 12:39:35.0008 5628 Brserid - ok 12:39:35.0008 5628 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 12:39:35.0048 5628 BrSerWdm - ok 12:39:35.0068 5628 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 12:39:35.0098 5628 BrUsbMdm - ok 12:39:35.0108 5628 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 12:39:35.0128 5628 BrUsbSer - ok 12:39:35.0128 5628 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 12:39:35.0148 5628 BTHMODEM - ok 12:39:35.0178 5628 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 12:39:35.0228 5628 bthserv - ok 12:39:35.0238 5628 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 12:39:35.0278 5628 cdfs - ok 12:39:35.0328 5628 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 12:39:35.0348 5628 cdrom - ok 12:39:35.0378 5628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 12:39:35.0428 5628 CertPropSvc - ok 12:39:35.0448 5628 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 12:39:35.0468 5628 circlass - ok 12:39:35.0478 5628 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 12:39:35.0498 5628 CLFS - ok 12:39:35.0538 5628 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 12:39:35.0548 5628 clr_optimization_v2.0.50727_32 - ok 12:39:35.0568 5628 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 12:39:35.0578 5628 clr_optimization_v2.0.50727_64 - ok 12:39:35.0658 5628 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 12:39:35.0668 5628 clr_optimization_v4.0.30319_32 - ok 12:39:35.0698 5628 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 12:39:35.0708 5628 clr_optimization_v4.0.30319_64 - ok 12:39:35.0728 5628 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 12:39:35.0758 5628 CmBatt - ok 12:39:35.0768 5628 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 12:39:35.0778 5628 cmdide - ok 12:39:35.0808 5628 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 12:39:35.0818 5628 CNG - ok 12:39:35.0838 5628 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 12:39:35.0848 5628 Compbatt - ok 12:39:35.0888 5628 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 12:39:35.0908 5628 CompositeBus - ok 12:39:35.0918 5628 COMSysApp - ok 12:39:35.0928 5628 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 12:39:35.0938 5628 crcdisk - ok 12:39:35.0978 5628 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 12:39:35.0998 5628 CryptSvc - ok 12:39:36.0028 5628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 12:39:36.0078 5628 DcomLaunch - ok 12:39:36.0098 5628 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 12:39:36.0138 5628 defragsvc - ok 12:39:36.0158 5628 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 12:39:36.0208 5628 DfsC - ok 12:39:36.0238 5628 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 12:39:36.0268 5628 Dhcp - ok 12:39:36.0298 5628 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 12:39:36.0328 5628 discache - ok 12:39:36.0338 5628 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 12:39:36.0348 5628 Disk - ok 12:39:36.0378 5628 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 12:39:36.0418 5628 Dnscache - ok 12:39:36.0448 5628 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 12:39:36.0488 5628 dot3svc - ok 12:39:36.0528 5628 [ B42ED0320C6E41102FDE0005154849BB ] Dot4 C:\Windows\system32\DRIVERS\Dot4.sys 12:39:36.0568 5628 Dot4 - ok 12:39:36.0578 5628 [ E9F5969233C5D89F3C35E3A66A52A361 ] Dot4Print C:\Windows\system32\DRIVERS\Dot4Prt.sys 12:39:36.0598 5628 Dot4Print - ok 12:39:36.0598 5628 [ FD05A02B0370BC3000F402E543CA5814 ] dot4usb C:\Windows\system32\DRIVERS\dot4usb.sys 12:39:36.0618 5628 dot4usb - ok 12:39:36.0648 5628 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 12:39:36.0688 5628 DPS - ok 12:39:36.0708 5628 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 12:39:36.0728 5628 drmkaud - ok 12:39:36.0758 5628 [ 46571ED73AE84469DCA53081D33CF3C8 ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 12:39:36.0788 5628 dtsoftbus01 - ok 12:39:36.0828 5628 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 12:39:36.0868 5628 DXGKrnl - ok 12:39:36.0888 5628 [ 52A482DC61F24B498C8268866B90BB44 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys 12:39:36.0898 5628 e1kexpress - ok 12:39:36.0918 5628 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 12:39:36.0958 5628 EapHost - ok 12:39:37.0008 5628 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 12:39:37.0078 5628 ebdrv - ok 12:39:37.0108 5628 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 12:39:37.0148 5628 EFS - ok 12:39:37.0188 5628 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 12:39:37.0218 5628 ehRecvr - ok 12:39:37.0248 5628 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 12:39:37.0278 5628 ehSched - ok 12:39:37.0308 5628 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 12:39:37.0328 5628 elxstor - ok 12:39:37.0358 5628 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 12:39:37.0378 5628 ErrDev - ok 12:39:37.0408 5628 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 12:39:37.0448 5628 EventSystem - ok 12:39:37.0458 5628 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 12:39:37.0498 5628 exfat - ok 12:39:37.0508 5628 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 12:39:37.0538 5628 fastfat - ok 12:39:37.0578 5628 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 12:39:37.0608 5628 Fax - ok 12:39:37.0618 5628 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 12:39:37.0628 5628 fdc - ok 12:39:37.0648 5628 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 12:39:37.0678 5628 fdPHost - ok 12:39:37.0688 5628 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 12:39:37.0728 5628 FDResPub - ok 12:39:37.0738 5628 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 12:39:37.0748 5628 FileInfo - ok 12:39:37.0758 5628 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 12:39:37.0808 5628 Filetrace - ok 12:39:37.0818 5628 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 12:39:37.0828 5628 flpydisk - ok 12:39:37.0868 5628 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 12:39:37.0878 5628 FltMgr - ok 12:39:37.0918 5628 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 12:39:37.0968 5628 FontCache - ok 12:39:38.0008 5628 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 12:39:38.0018 5628 FontCache3.0.0.0 - ok 12:39:38.0088 5628 [ 028C74A5CE10345A868AE96EABFBDDF9 ] Freemake Improver C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe 12:39:38.0088 5628 Freemake Improver ( UnsignedFile.Multi.Generic ) - warning 12:39:38.0088 5628 Freemake Improver - detected UnsignedFile.Multi.Generic (1) 12:39:38.0148 5628 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 12:39:38.0168 5628 FsDepends - ok 12:39:38.0208 5628 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 12:39:38.0218 5628 Fs_Rec - ok 12:39:38.0298 5628 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 12:39:38.0328 5628 fvevol - ok 12:39:38.0338 5628 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 12:39:38.0358 5628 gagp30kx - ok 12:39:38.0388 5628 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 12:39:38.0448 5628 gpsvc - ok 12:39:38.0468 5628 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 12:39:38.0498 5628 hcw85cir - ok 12:39:38.0548 5628 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 12:39:38.0598 5628 HdAudAddService - ok 12:39:38.0628 5628 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 12:39:38.0658 5628 HDAudBus - ok 12:39:38.0678 5628 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 12:39:38.0688 5628 HECIx64 - ok 12:39:38.0708 5628 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 12:39:38.0728 5628 HidBatt - ok 12:39:38.0728 5628 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 12:39:38.0758 5628 HidBth - ok 12:39:38.0768 5628 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 12:39:38.0788 5628 HidIr - ok 12:39:38.0808 5628 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll 12:39:38.0848 5628 hidserv - ok 12:39:38.0888 5628 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\drivers\hidusb.sys 12:39:38.0928 5628 HidUsb - ok 12:39:38.0958 5628 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 12:39:39.0018 5628 hkmsvc - ok 12:39:39.0048 5628 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 12:39:39.0078 5628 HomeGroupListener - ok 12:39:39.0098 5628 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 12:39:39.0118 5628 HomeGroupProvider - ok 12:39:39.0178 5628 [ 1DAE5C46D42B02A6D5862E1482EFB390 ] hpqcxs08 C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcxs08.dll 12:39:39.0198 5628 hpqcxs08 ( UnsignedFile.Multi.Generic ) - warning 12:39:39.0198 5628 hpqcxs08 - detected UnsignedFile.Multi.Generic (1) 12:39:39.0228 5628 [ 99E8EEF42FE2F4AF29B08C3355DD7685 ] hpqddsvc C:\Program Files (x86)\HP\Digital Imaging\bin\hpqddsvc.dll 12:39:39.0238 5628 hpqddsvc ( UnsignedFile.Multi.Generic ) - warning 12:39:39.0238 5628 hpqddsvc - detected UnsignedFile.Multi.Generic (1) 12:39:39.0258 5628 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 12:39:39.0278 5628 HpSAMD - ok 12:39:39.0298 5628 [ 7F57926169C1B8ABA9274EA7D4B70F18 ] HPSLPSVC C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL 12:39:39.0318 5628 HPSLPSVC ( UnsignedFile.Multi.Generic ) - warning 12:39:39.0318 5628 HPSLPSVC - detected UnsignedFile.Multi.Generic (1) 12:39:39.0358 5628 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 12:39:39.0418 5628 HTTP - ok 12:39:39.0428 5628 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 12:39:39.0438 5628 hwpolicy - ok 12:39:39.0468 5628 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 12:39:39.0478 5628 i8042prt - ok 12:39:39.0518 5628 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 12:39:39.0538 5628 iaStorV - ok 12:39:39.0578 5628 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 12:39:39.0598 5628 idsvc - ok 12:39:39.0618 5628 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 12:39:39.0628 5628 iirsp - ok 12:39:39.0668 5628 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 12:39:39.0718 5628 IKEEXT - ok 12:39:39.0758 5628 [ D2356EBE25781B2FB61687E4D07ED188 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys 12:39:39.0798 5628 IntcAzAudAddService - ok 12:39:39.0828 5628 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 12:39:39.0838 5628 intelide - ok 12:39:39.0858 5628 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 12:39:39.0888 5628 intelppm - ok 12:39:39.0918 5628 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 12:39:39.0968 5628 IPBusEnum - ok 12:39:39.0998 5628 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 12:39:40.0048 5628 IpFilterDriver - ok 12:39:40.0078 5628 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 12:39:40.0098 5628 iphlpsvc - ok 12:39:40.0108 5628 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 12:39:40.0128 5628 IPMIDRV - ok 12:39:40.0138 5628 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 12:39:40.0178 5628 IPNAT - ok 12:39:40.0208 5628 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 12:39:40.0248 5628 IRENUM - ok 12:39:40.0278 5628 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 12:39:40.0298 5628 isapnp - ok 12:39:40.0328 5628 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 12:39:40.0348 5628 iScsiPrt - ok 12:39:40.0368 5628 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 12:39:40.0378 5628 kbdclass - ok 12:39:40.0398 5628 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 12:39:40.0418 5628 kbdhid - ok 12:39:40.0428 5628 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 12:39:40.0438 5628 KeyIso - ok 12:39:40.0458 5628 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 12:39:40.0478 5628 KSecDD - ok 12:39:40.0488 5628 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 12:39:40.0498 5628 KSecPkg - ok 12:39:40.0518 5628 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 12:39:40.0568 5628 ksthunk - ok 12:39:40.0588 5628 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 12:39:40.0638 5628 KtmRm - ok 12:39:40.0668 5628 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll 12:39:40.0718 5628 LanmanServer - ok 12:39:40.0738 5628 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 12:39:40.0788 5628 LanmanWorkstation - ok 12:39:40.0818 5628 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 12:39:40.0858 5628 lltdio - ok 12:39:40.0878 5628 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 12:39:40.0928 5628 lltdsvc - ok 12:39:40.0928 5628 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 12:39:40.0978 5628 lmhosts - ok 12:39:41.0018 5628 [ 7485FBCEF9136F530953575E2977859D ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 12:39:41.0028 5628 LMS - ok 12:39:41.0038 5628 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 12:39:41.0058 5628 LSI_FC - ok 12:39:41.0058 5628 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 12:39:41.0078 5628 LSI_SAS - ok 12:39:41.0088 5628 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 12:39:41.0098 5628 LSI_SAS2 - ok 12:39:41.0108 5628 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 12:39:41.0118 5628 LSI_SCSI - ok 12:39:41.0138 5628 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 12:39:41.0188 5628 luafv - ok 12:39:41.0208 5628 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 12:39:41.0238 5628 Mcx2Svc - ok 12:39:41.0258 5628 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 12:39:41.0268 5628 megasas - ok 12:39:41.0278 5628 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 12:39:41.0298 5628 MegaSR - ok 12:39:41.0328 5628 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 12:39:41.0368 5628 MMCSS - ok 12:39:41.0388 5628 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 12:39:41.0438 5628 Modem - ok 12:39:41.0448 5628 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 12:39:41.0478 5628 monitor - ok 12:39:41.0498 5628 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\drivers\mouclass.sys 12:39:41.0508 5628 mouclass - ok 12:39:41.0528 5628 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 12:39:41.0548 5628 mouhid - ok 12:39:41.0578 5628 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 12:39:41.0588 5628 mountmgr - ok 12:39:41.0628 5628 [ 9C3758018DED02F4AE53CCA1C5F084A2 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 12:39:41.0648 5628 MozillaMaintenance - ok 12:39:41.0678 5628 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 12:39:41.0688 5628 mpio - ok 12:39:41.0698 5628 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 12:39:41.0728 5628 mpsdrv - ok 12:39:41.0758 5628 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 12:39:41.0808 5628 MpsSvc - ok 12:39:41.0828 5628 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 12:39:41.0858 5628 MRxDAV - ok 12:39:41.0888 5628 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 12:39:41.0928 5628 mrxsmb - ok 12:39:41.0938 5628 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 12:39:41.0968 5628 mrxsmb10 - ok 12:39:41.0978 5628 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 12:39:41.0988 5628 mrxsmb20 - ok 12:39:42.0018 5628 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 12:39:42.0038 5628 msahci - ok 12:39:42.0048 5628 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 12:39:42.0058 5628 msdsm - ok 12:39:42.0078 5628 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 12:39:42.0098 5628 MSDTC - ok 12:39:42.0128 5628 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 12:39:42.0168 5628 Msfs - ok 12:39:42.0178 5628 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 12:39:42.0228 5628 mshidkmdf - ok 12:39:42.0238 5628 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 12:39:42.0248 5628 msisadrv - ok 12:39:42.0278 5628 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 12:39:42.0318 5628 MSiSCSI - ok 12:39:42.0318 5628 msiserver - ok 12:39:42.0328 5628 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 12:39:42.0378 5628 MSKSSRV - ok 12:39:42.0388 5628 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 12:39:42.0428 5628 MSPCLOCK - ok 12:39:42.0438 5628 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 12:39:42.0478 5628 MSPQM - ok 12:39:42.0498 5628 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 12:39:42.0518 5628 MsRPC - ok 12:39:42.0528 5628 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 12:39:42.0538 5628 mssmbios - ok 12:39:42.0548 5628 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 12:39:42.0598 5628 MSTEE - ok 12:39:42.0608 5628 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 12:39:42.0638 5628 MTConfig - ok 12:39:42.0658 5628 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 12:39:42.0668 5628 Mup - ok 12:39:42.0698 5628 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 12:39:42.0748 5628 napagent - ok 12:39:42.0778 5628 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 12:39:42.0818 5628 NativeWifiP - ok 12:39:43.0008 5628 [ 87A00FAEDD703D8D2BDCB29CE5EEEA6B ] NBService C:\Program Files (x86)\Nero\Nero 7\Nero BackItUp\NBService.exe 12:39:43.0028 5628 NBService ( UnsignedFile.Multi.Generic ) - warning 12:39:43.0028 5628 NBService - detected UnsignedFile.Multi.Generic (1) 12:39:43.0048 5628 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 12:39:43.0078 5628 NDIS - ok 12:39:43.0098 5628 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 12:39:43.0138 5628 NdisCap - ok 12:39:43.0148 5628 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 12:39:43.0198 5628 NdisTapi - ok 12:39:43.0218 5628 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 12:39:43.0258 5628 Ndisuio - ok 12:39:43.0278 5628 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 12:39:43.0318 5628 NdisWan - ok 12:39:43.0348 5628 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 12:39:43.0388 5628 NDProxy - ok 12:39:43.0428 5628 [ D5AC41AE382738483FAFFBD7E373D49A ] Net Driver HPZ12 C:\Windows\system32\HPZinw12.dll 12:39:43.0428 5628 Net Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 12:39:43.0438 5628 Net Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 12:39:43.0458 5628 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 12:39:43.0508 5628 NetBIOS - ok 12:39:43.0548 5628 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 12:39:43.0588 5628 NetBT - ok 12:39:43.0598 5628 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 12:39:43.0608 5628 Netlogon - ok 12:39:43.0628 5628 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 12:39:43.0688 5628 Netman - ok 12:39:43.0788 5628 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 12:39:43.0838 5628 netprofm - ok 12:39:43.0848 5628 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 12:39:43.0858 5628 NetTcpPortSharing - ok 12:39:43.0868 5628 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 12:39:43.0888 5628 nfrd960 - ok 12:39:43.0908 5628 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 12:39:43.0928 5628 NlaSvc - ok 12:39:43.0948 5628 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 12:39:43.0988 5628 Npfs - ok 12:39:44.0008 5628 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 12:39:44.0048 5628 nsi - ok 12:39:44.0068 5628 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 12:39:44.0118 5628 nsiproxy - ok 12:39:44.0168 5628 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 12:39:44.0208 5628 Ntfs - ok 12:39:44.0218 5628 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 12:39:44.0268 5628 Null - ok 12:39:44.0378 5628 [ 1F07B814C0BB5AABA703ABFF1F31F2E8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys 12:39:44.0388 5628 NVHDA - ok 12:39:44.0558 5628 [ 5104BAC2DA2A5BDD86AC6B0708B00F06 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys 12:39:44.0818 5628 nvlddmkm - ok 12:39:44.0868 5628 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 12:39:44.0878 5628 nvraid - ok 12:39:44.0888 5628 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 12:39:44.0908 5628 nvstor - ok 12:39:44.0948 5628 [ DDFAFCE89A5C93D04712B86F94E9FCBA ] nvsvc C:\Windows\system32\nvvsvc.exe 12:39:44.0968 5628 nvsvc - ok 12:39:45.0028 5628 [ 84E035225474E48CD3A6A3CE52332095 ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe 12:39:45.0058 5628 nvUpdatusService - ok 12:39:45.0078 5628 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 12:39:45.0098 5628 nv_agp - ok 12:39:45.0138 5628 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 12:39:45.0148 5628 ohci1394 - ok 12:39:45.0198 5628 [ 7A56CF3E3F12E8AF599963B16F50FB6A ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 12:39:45.0208 5628 ose - ok 12:39:45.0238 5628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 12:39:45.0268 5628 p2pimsvc - ok 12:39:45.0488 5628 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 12:39:45.0518 5628 p2psvc - ok 12:39:45.0538 5628 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 12:39:45.0548 5628 Parport - ok 12:39:45.0568 5628 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 12:39:45.0588 5628 partmgr - ok 12:39:45.0608 5628 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 12:39:45.0658 5628 PcaSvc - ok 12:39:45.0668 5628 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 12:39:45.0688 5628 pci - ok 12:39:45.0708 5628 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 12:39:45.0728 5628 pciide - ok 12:39:45.0728 5628 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 12:39:45.0748 5628 pcmcia - ok 12:39:45.0758 5628 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 12:39:45.0778 5628 pcw - ok 12:39:45.0788 5628 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 12:39:45.0838 5628 PEAUTH - ok 12:39:45.0928 5628 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 12:39:45.0968 5628 PerfHost - ok 12:39:46.0138 5628 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 12:39:46.0218 5628 pla - ok 12:39:46.0258 5628 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 12:39:46.0278 5628 PlugPlay - ok 12:39:46.0308 5628 [ 37F6046CDC630442D7DC087501FF6FC6 ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll 12:39:46.0318 5628 Pml Driver HPZ12 ( UnsignedFile.Multi.Generic ) - warning 12:39:46.0318 5628 Pml Driver HPZ12 - detected UnsignedFile.Multi.Generic (1) 12:39:46.0338 5628 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 12:39:46.0368 5628 PNRPAutoReg - ok 12:39:46.0478 5628 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 12:39:46.0488 5628 PNRPsvc - ok 12:39:46.0518 5628 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 12:39:46.0568 5628 PolicyAgent - ok 12:39:46.0588 5628 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 12:39:46.0628 5628 Power - ok 12:39:46.0658 5628 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 12:39:46.0698 5628 PptpMiniport - ok 12:39:46.0708 5628 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 12:39:46.0738 5628 Processor - ok 12:39:46.0768 5628 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 12:39:46.0788 5628 ProfSvc - ok 12:39:46.0798 5628 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 12:39:46.0808 5628 ProtectedStorage - ok 12:39:46.0818 5628 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 12:39:46.0858 5628 Psched - ok 12:39:46.0888 5628 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 12:39:46.0928 5628 ql2300 - ok 12:39:46.0938 5628 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 12:39:46.0948 5628 ql40xx - ok 12:39:46.0968 5628 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 12:39:46.0988 5628 QWAVE - ok 12:39:46.0998 5628 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 12:39:47.0018 5628 QWAVEdrv - ok 12:39:47.0018 5628 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 12:39:47.0078 5628 RasAcd - ok 12:39:47.0098 5628 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 12:39:47.0138 5628 RasAgileVpn - ok 12:39:47.0148 5628 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 12:39:47.0188 5628 RasAuto - ok 12:39:47.0218 5628 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 12:39:47.0258 5628 Rasl2tp - ok 12:39:47.0268 5628 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 12:39:47.0318 5628 RasMan - ok 12:39:47.0328 5628 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 12:39:47.0368 5628 RasPppoe - ok 12:39:47.0388 5628 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 12:39:47.0438 5628 RasSstp - ok 12:39:47.0448 5628 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 12:39:47.0488 5628 rdbss - ok 12:39:47.0498 5628 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 12:39:47.0508 5628 rdpbus - ok 12:39:47.0518 5628 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 12:39:47.0548 5628 RDPCDD - ok 12:39:47.0568 5628 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 12:39:47.0608 5628 RDPENCDD - ok 12:39:47.0618 5628 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 12:39:47.0658 5628 RDPREFMP - ok 12:39:47.0678 5628 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 12:39:47.0698 5628 RDPWD - ok 12:39:47.0728 5628 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 12:39:47.0738 5628 rdyboost - ok 12:39:47.0758 5628 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 12:39:47.0808 5628 RemoteAccess - ok 12:39:47.0818 5628 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 12:39:47.0868 5628 RemoteRegistry - ok 12:39:47.0898 5628 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 12:39:47.0938 5628 RpcEptMapper - ok 12:39:47.0948 5628 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 12:39:47.0978 5628 RpcLocator - ok 12:39:48.0008 5628 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 12:39:48.0048 5628 RpcSs - ok 12:39:48.0078 5628 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 12:39:48.0118 5628 rspndr - ok 12:39:48.0138 5628 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 12:39:48.0148 5628 SamSs - ok 12:39:48.0168 5628 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 12:39:48.0188 5628 sbp2port - ok 12:39:48.0208 5628 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 12:39:48.0258 5628 SCardSvr - ok 12:39:48.0288 5628 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 12:39:48.0338 5628 scfilter - ok 12:39:48.0388 5628 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 12:39:48.0438 5628 Schedule - ok 12:39:48.0468 5628 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 12:39:48.0498 5628 SCPolicySvc - ok 12:39:48.0538 5628 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 12:39:48.0568 5628 SDRSVC - ok 12:39:48.0588 5628 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 12:39:48.0628 5628 secdrv - ok 12:39:48.0628 5628 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 12:39:48.0668 5628 seclogon - ok 12:39:48.0688 5628 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll 12:39:48.0718 5628 SENS - ok 12:39:48.0728 5628 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 12:39:48.0748 5628 SensrSvc - ok 12:39:48.0758 5628 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 12:39:48.0778 5628 Serenum - ok 12:39:48.0788 5628 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 12:39:48.0818 5628 Serial - ok 12:39:48.0838 5628 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 12:39:48.0848 5628 sermouse - ok 12:39:48.0868 5628 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 12:39:48.0918 5628 SessionEnv - ok 12:39:48.0938 5628 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 12:39:48.0958 5628 sffdisk - ok 12:39:48.0968 5628 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 12:39:48.0988 5628 sffp_mmc - ok 12:39:48.0998 5628 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 12:39:49.0018 5628 sffp_sd - ok 12:39:49.0028 5628 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 12:39:49.0038 5628 sfloppy - ok 12:39:49.0058 5628 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 12:39:49.0108 5628 SharedAccess - ok 12:39:49.0138 5628 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 12:39:49.0168 5628 ShellHWDetection - ok 12:39:49.0178 5628 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 12:39:49.0188 5628 SiSRaid2 - ok 12:39:49.0198 5628 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 12:39:49.0208 5628 SiSRaid4 - ok 12:39:49.0218 5628 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 12:39:49.0248 5628 Smb - ok 12:39:49.0288 5628 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 12:39:49.0298 5628 SNMPTRAP - ok 12:39:49.0358 5628 [ 5177D14A78E60FD61DCFC6B388E7E971 ] Sony PC Companion C:\Program Files (x86)\Sony\Sony PC Companion\PCCService.exe 12:39:49.0378 5628 Sony PC Companion - ok 12:39:49.0388 5628 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 12:39:49.0408 5628 spldr - ok 12:39:49.0418 5628 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 12:39:49.0448 5628 Spooler - ok 12:39:49.0508 5628 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 12:39:49.0598 5628 sppsvc - ok 12:39:49.0618 5628 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 12:39:49.0658 5628 sppuinotify - ok 12:39:49.0688 5628 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 12:39:49.0708 5628 srv - ok 12:39:49.0718 5628 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 12:39:49.0748 5628 srv2 - ok 12:39:49.0778 5628 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 12:39:49.0798 5628 srvnet - ok 12:39:49.0828 5628 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 12:39:49.0868 5628 SSDPSRV - ok 12:39:49.0888 5628 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 12:39:49.0918 5628 SstpSvc - ok 12:39:49.0988 5628 [ F0359F7CE712D69ACEF0886BDB4792ED ] Stereo Service C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe 12:39:50.0018 5628 Stereo Service - ok 12:39:50.0038 5628 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 12:39:50.0058 5628 stexstor - ok 12:39:50.0088 5628 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 12:39:50.0118 5628 stisvc - ok 12:39:50.0148 5628 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 12:39:50.0158 5628 swenum - ok 12:39:50.0178 5628 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 12:39:50.0228 5628 swprv - ok 12:39:50.0378 5628 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 12:39:50.0438 5628 SysMain - ok 12:39:50.0468 5628 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 12:39:50.0478 5628 TabletInputService - ok 12:39:50.0508 5628 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 12:39:50.0548 5628 TapiSrv - ok 12:39:50.0568 5628 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 12:39:50.0608 5628 TBS - ok 12:39:50.0668 5628 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 12:39:50.0718 5628 Tcpip - ok 12:39:50.0738 5628 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 12:39:50.0778 5628 TCPIP6 - ok 12:39:50.0788 5628 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 12:39:50.0798 5628 tcpipreg - ok 12:39:50.0818 5628 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 12:39:50.0838 5628 TDPIPE - ok 12:39:50.0858 5628 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 12:39:50.0888 5628 TDTCP - ok 12:39:50.0918 5628 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 12:39:50.0958 5628 tdx - ok 12:39:50.0978 5628 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 12:39:50.0988 5628 TermDD - ok 12:39:51.0018 5628 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 12:39:51.0058 5628 TermService - ok 12:39:51.0068 5628 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 12:39:51.0088 5628 Themes - ok 12:39:51.0098 5628 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 12:39:51.0138 5628 THREADORDER - ok 12:39:51.0148 5628 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 12:39:51.0188 5628 TrkWks - ok 12:39:51.0228 5628 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 12:39:51.0298 5628 TrustedInstaller - ok 12:39:51.0338 5628 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 12:39:51.0368 5628 tssecsrv - ok 12:39:51.0378 5628 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 12:39:51.0408 5628 TsUsbFlt - ok 12:39:51.0428 5628 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 12:39:51.0468 5628 tunnel - ok 12:39:51.0488 5628 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 12:39:51.0498 5628 uagp35 - ok 12:39:51.0518 5628 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 12:39:51.0558 5628 udfs - ok 12:39:51.0568 5628 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 12:39:51.0598 5628 UI0Detect - ok 12:39:51.0618 5628 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 12:39:51.0628 5628 uliagpkx - ok 12:39:51.0648 5628 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys 12:39:51.0668 5628 umbus - ok 12:39:51.0668 5628 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 12:39:51.0678 5628 UmPass - ok 12:39:51.0728 5628 [ 765F2DD351BA064F657751D8D75E58C0 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 12:39:51.0768 5628 UNS - ok 12:39:51.0778 5628 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 12:39:51.0818 5628 upnphost - ok 12:39:51.0848 5628 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 12:39:51.0888 5628 usbccgp - ok 12:39:51.0918 5628 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 12:39:51.0938 5628 usbcir - ok 12:39:51.0948 5628 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 12:39:51.0968 5628 usbehci - ok 12:39:51.0988 5628 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 12:39:52.0008 5628 usbhub - ok 12:39:52.0018 5628 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 12:39:52.0038 5628 usbohci - ok 12:39:52.0058 5628 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 12:39:52.0088 5628 usbprint - ok 12:39:52.0108 5628 [ AAA2513C8AED8B54B189FD0C6B1634C0 ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 12:39:52.0128 5628 usbscan - ok 12:39:52.0148 5628 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 12:39:52.0168 5628 USBSTOR - ok 12:39:52.0198 5628 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 12:39:52.0228 5628 usbuhci - ok 12:39:52.0248 5628 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 12:39:52.0288 5628 UxSms - ok 12:39:52.0298 5628 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 12:39:52.0308 5628 VaultSvc - ok 12:39:52.0328 5628 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 12:39:52.0328 5628 vdrvroot - ok 12:39:52.0358 5628 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 12:39:52.0398 5628 vds - ok 12:39:52.0418 5628 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 12:39:52.0428 5628 vga - ok 12:39:52.0438 5628 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 12:39:52.0478 5628 VgaSave - ok 12:39:52.0508 5628 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 12:39:52.0518 5628 vhdmp - ok 12:39:52.0548 5628 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 12:39:52.0558 5628 viaide - ok 12:39:52.0568 5628 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 12:39:52.0578 5628 volmgr - ok 12:39:52.0588 5628 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 12:39:52.0608 5628 volmgrx - ok 12:39:52.0618 5628 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 12:39:52.0628 5628 volsnap - ok 12:39:52.0658 5628 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 12:39:52.0668 5628 vsmraid - ok 12:39:52.0708 5628 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 12:39:52.0778 5628 VSS - ok 12:39:52.0778 5628 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 12:39:52.0808 5628 vwifibus - ok 12:39:52.0828 5628 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 12:39:52.0858 5628 W32Time - ok 12:39:52.0878 5628 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 12:39:52.0898 5628 WacomPen - ok 12:39:52.0938 5628 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 12:39:52.0988 5628 WANARP - ok 12:39:52.0988 5628 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 12:39:53.0018 5628 Wanarpv6 - ok 12:39:53.0058 5628 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 12:39:53.0108 5628 wbengine - ok 12:39:53.0128 5628 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 12:39:53.0148 5628 WbioSrvc - ok 12:39:53.0178 5628 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 12:39:53.0208 5628 wcncsvc - ok 12:39:53.0218 5628 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 12:39:53.0238 5628 WcsPlugInService - ok 12:39:53.0248 5628 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 12:39:53.0258 5628 Wd - ok 12:39:53.0288 5628 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 12:39:53.0308 5628 Wdf01000 - ok 12:39:53.0318 5628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 12:39:53.0368 5628 WdiServiceHost - ok 12:39:53.0368 5628 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 12:39:53.0388 5628 WdiSystemHost - ok 12:39:53.0408 5628 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 12:39:53.0438 5628 WebClient - ok 12:39:53.0458 5628 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 12:39:53.0508 5628 Wecsvc - ok 12:39:53.0518 5628 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 12:39:53.0548 5628 wercplsupport - ok 12:39:53.0568 5628 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 12:39:53.0608 5628 WerSvc - ok 12:39:53.0628 5628 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 12:39:53.0658 5628 WfpLwf - ok 12:39:53.0668 5628 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 12:39:53.0678 5628 WIMMount - ok 12:39:53.0698 5628 WinDefend - ok 12:39:53.0698 5628 WinHttpAutoProxySvc - ok 12:39:53.0738 5628 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 12:39:53.0768 5628 Winmgmt - ok 12:39:53.0818 5628 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 12:39:53.0878 5628 WinRM - ok 12:39:53.0918 5628 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 12:39:53.0948 5628 WinUsb - ok 12:39:53.0978 5628 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 12:39:54.0008 5628 Wlansvc - ok 12:39:54.0038 5628 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 12:39:54.0048 5628 WmiAcpi - ok 12:39:54.0068 5628 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 12:39:54.0098 5628 wmiApSrv - ok 12:39:54.0118 5628 WMPNetworkSvc - ok 12:39:54.0128 5628 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 12:39:54.0138 5628 WPCSvc - ok 12:39:54.0158 5628 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 12:39:54.0178 5628 WPDBusEnum - ok 12:39:54.0198 5628 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 12:39:54.0228 5628 ws2ifsl - ok 12:39:54.0248 5628 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll 12:39:54.0268 5628 wscsvc - ok 12:39:54.0268 5628 WSearch - ok 12:39:54.0328 5628 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 12:39:54.0378 5628 wuauserv - ok 12:39:54.0418 5628 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 12:39:54.0438 5628 WudfPf - ok 12:39:54.0448 5628 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 12:39:54.0468 5628 WUDFRd - ok 12:39:54.0478 5628 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 12:39:54.0498 5628 wudfsvc - ok 12:39:54.0508 5628 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 12:39:54.0528 5628 WwanSvc - ok 12:39:54.0538 5628 ================ Scan global =============================== 12:39:54.0558 5628 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 12:39:54.0588 5628 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 12:39:54.0588 5628 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 12:39:54.0608 5628 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 12:39:54.0628 5628 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 12:39:54.0628 5628 [Global] - ok 12:39:54.0628 5628 ================ Scan MBR ================================== 12:39:54.0638 5628 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 12:39:55.0518 5628 \Device\Harddisk0\DR0 - ok 12:39:55.0528 5628 ================ Scan VBR ================================== 12:39:55.0528 5628 [ 6E2F5B87E2D7BAC8C492D4E853012CC0 ] \Device\Harddisk0\DR0\Partition1 12:39:55.0528 5628 \Device\Harddisk0\DR0\Partition1 - ok 12:39:55.0548 5628 [ 90DDC3347BE25F915323A988A73BD476 ] \Device\Harddisk0\DR0\Partition2 12:39:55.0558 5628 \Device\Harddisk0\DR0\Partition2 - ok 12:39:55.0558 5628 ============================================================ 12:39:55.0558 5628 Scan finished 12:39:55.0558 5628 ============================================================ 12:39:55.0568 5620 Detected object count: 7 12:39:55.0568 5620 Actual detected object count: 7 |
|
04.02.2013, 16:17
| #8 | |
| /// Malware-holic | fb downloader search geht nicht mehr weg hi combofix: Combofix darf ausschließlich ausgeführt werden, wenn dies von einem Team Mitglied angewiesen wurde!Downloade dir bitte Combofix von einem dieser Downloadspiegel Link 1 Link 2 WICHTIG - Speichere Combofix auf deinem Desktop
Wenn Combofix fertig ist, wird es eine Logfile erstellen. Bitte poste die C:\Combofix.txt in deiner nächsten Antwort. Hinweis: Solltest du nach dem Neustart folgende Fehlermeldung erhalten Zitat:
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 16:31
| #9 |
| | fb downloader search geht nicht mehr weg Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - Sandra 04.02.2013 16:24:43.1.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.1547 [GMT 1:00]
ausgeführt von:: c:\users\Sandra\Desktop\ComboFix.exe
AV: AVG Internet Security 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
FW: AVG Internet Security 2013 *Enabled* {36AFA1E1-4CDC-7EF8-11EE-C77C3581ABA2}
SP: AVG Internet Security 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Sandra\AppData\Local\ext_piccshare_uninst.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-04 bis 2013-02-04 ))))))))))))))))))))))))))))))
.
.
2013-02-04 15:27 . 2013-02-04 15:27 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-04 15:27 . 2013-02-04 15:27 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-03 19:59 . 2013-02-03 19:59 -------- d-----w- c:\users\Sandra\AppData\Roaming\Malwarebytes
2013-02-03 19:59 . 2013-02-03 19:59 -------- d-----w- c:\programdata\Malwarebytes
2013-02-02 09:52 . 2013-02-02 09:52 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service
2013-02-02 08:46 . 2013-02-02 08:46 -------- d-----w- C:\_OTL
2013-01-29 18:16 . 2013-01-29 18:16 -------- d-----w- c:\program files (x86)\Convar
2013-01-29 18:09 . 2013-01-29 18:09 -------- d-----w- c:\users\Sandra\AppData\Roaming\www.shadowexplorer.com
2013-01-29 17:44 . 2013-01-29 17:44 -------- d-----w- c:\users\Sandra\AppData\Roaming\SSync
2013-01-29 17:44 . 2013-01-29 17:44 -------- d-----w- c:\users\Sandra\AppData\Roaming\SCheck
2013-01-29 17:44 . 2013-01-29 17:44 -------- d-----w- c:\users\Sandra\AppData\Roaming\PiccShare
2013-01-29 17:44 . 2013-01-29 17:44 -------- d-----w- c:\users\Sandra\AppData\Roaming\Common
2013-01-29 17:35 . 2013-02-02 08:20 -------- d-----w- c:\users\Sandra\AppData\Roaming\Notepad++
2013-01-28 08:17 . 2013-01-12 02:30 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-26 13:23 . 2013-01-26 13:23 283200 ----a-w- c:\windows\system32\drivers\dtsoftbus01.sys
2013-01-26 13:23 . 2013-01-26 13:25 -------- d-----w- c:\users\Sandra\AppData\Roaming\DAEMON Tools Lite
2013-01-26 13:23 . 2013-01-26 13:23 -------- d-----w- c:\program files (x86)\DAEMON Tools Lite
2013-01-26 13:22 . 2013-01-26 13:25 -------- d-----w- c:\programdata\DAEMON Tools Lite
2013-01-26 13:14 . 2013-01-26 13:14 -------- d-----w- c:\programdata\DAEMON Tools Net
2013-01-26 12:57 . 2013-01-26 12:57 -------- d-----w- c:\users\Sandra\AppData\Roaming\ProtectDisc
2013-01-21 16:10 . 2013-01-21 16:12 -------- d-----w- c:\users\Sandra\AppData\Roaming\PhotoScape
2013-01-21 16:10 . 2013-01-21 16:10 -------- d-----w- c:\program files (x86)\PhotoScape
2013-01-17 07:25 . 2013-01-17 07:25 -------- d-----w- c:\programdata\Sony
2013-01-17 07:25 . 2013-01-17 07:25 -------- d-----w- c:\program files (x86)\Sony
2013-01-16 09:13 . 2013-01-16 09:13 -------- d-----w- c:\windows\ERUNT
2013-01-16 09:13 . 2013-01-16 09:13 -------- d-----w- C:\JRT
2013-01-13 10:27 . 2013-01-13 10:27 -------- d-----w- c:\users\Sandra\AppData\Roaming\FireShot
2013-01-12 13:35 . 2013-01-12 13:35 -------- d-----w- c:\programdata\FLEXnet
2013-01-12 12:13 . 2013-01-12 12:13 -------- d-----w- c:\programdata\cerasus.media
2013-01-12 12:13 . 2013-01-12 12:15 -------- d-----w- c:\users\Sandra\AppData\Roaming\cerasus.media
2013-01-12 12:00 . 2013-01-12 12:00 -------- d-----w- c:\programdata\PDF Architect
2013-01-12 10:45 . 2013-01-12 10:45 -------- d-----w- c:\programdata\Freemake
2013-01-12 10:40 . 2013-01-12 10:40 -------- d-----w- c:\users\Sandra\AppData\Local\Freemake
2013-01-12 10:39 . 2013-01-12 10:39 -------- d-----w- c:\program files (x86)\Freemake
2013-01-10 18:29 . 2013-01-10 18:29 -------- d-----w- c:\users\Default\AppData\Roaming\TuneUp Software
2013-01-09 11:31 . 2012-11-30 05:38 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-14 09:09 . 2012-12-13 13:53 74248 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-01-14 09:09 . 2012-12-13 13:53 697864 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-01-09 17:53 . 2012-12-13 15:33 67599240 ----a-w- c:\windows\system32\MRT.exe
2012-12-16 17:11 . 2012-12-23 18:15 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-23 18:15 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-23 18:15 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-23 18:15 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-13 15:28 . 2012-12-13 15:28 74752 ----a-w- c:\windows\SysWow64\RegisterIEPKEYs.exe
2012-12-13 15:28 . 2012-12-13 15:28 161792 ----a-w- c:\windows\SysWow64\msls31.dll
2012-12-13 15:28 . 2012-12-13 15:28 1129472 ----a-w- c:\windows\SysWow64\wininet.dll
2012-12-13 15:28 . 2012-12-13 15:28 96768 ----a-w- c:\windows\system32\mshtmled.dll
2012-12-13 15:28 . 2012-12-13 15:28 91648 ----a-w- c:\windows\system32\SetIEInstalledDate.exe
2012-12-13 15:28 . 2012-12-13 15:28 89088 ----a-w- c:\windows\system32\RegisterIEPKEYs.exe
2012-12-13 15:28 . 2012-12-13 15:28 89088 ----a-w- c:\windows\system32\ie4uinit.exe
2012-12-13 15:28 . 2012-12-13 15:28 86528 ----a-w- c:\windows\SysWow64\iesysprep.dll
2012-12-13 15:28 . 2012-12-13 15:28 85504 ----a-w- c:\windows\system32\jsproxy.dll
2012-12-13 15:28 . 2012-12-13 15:28 85504 ----a-w- c:\windows\system32\iesetup.dll
2012-12-13 15:28 . 2012-12-13 15:28 82432 ----a-w- c:\windows\system32\icardie.dll
2012-12-13 15:28 . 2012-12-13 15:28 816640 ----a-w- c:\windows\system32\jscript.dll
2012-12-13 15:28 . 2012-12-13 15:28 76800 ----a-w- c:\windows\SysWow64\SetIEInstalledDate.exe
2012-12-13 15:28 . 2012-12-13 15:28 76800 ----a-w- c:\windows\system32\tdc.ocx
2012-12-13 15:28 . 2012-12-13 15:28 74752 ----a-w- c:\windows\SysWow64\iesetup.dll
2012-12-13 15:28 . 2012-12-13 15:28 729088 ----a-w- c:\windows\system32\msfeeds.dll
2012-12-13 15:28 . 2012-12-13 15:28 65024 ----a-w- c:\windows\system32\pngfilt.dll
2012-12-13 15:28 . 2012-12-13 15:28 63488 ----a-w- c:\windows\SysWow64\tdc.ocx
2012-12-13 15:28 . 2012-12-13 15:28 599040 ----a-w- c:\windows\system32\vbscript.dll
2012-12-13 15:28 . 2012-12-13 15:28 55296 ----a-w- c:\windows\system32\msfeedsbs.dll
2012-12-13 15:28 . 2012-12-13 15:28 534528 ----a-w- c:\windows\system32\ieapfltr.dll
2012-12-13 15:28 . 2012-12-13 15:28 49664 ----a-w- c:\windows\system32\imgutil.dll
2012-12-13 15:28 . 2012-12-13 15:28 48640 ----a-w- c:\windows\SysWow64\mshtmler.dll
2012-12-13 15:28 . 2012-12-13 15:28 48640 ----a-w- c:\windows\system32\mshtmler.dll
2012-12-13 15:28 . 2012-12-13 15:28 452608 ----a-w- c:\windows\system32\dxtmsft.dll
2012-12-13 15:28 . 2012-12-13 15:28 448512 ----a-w- c:\windows\system32\html.iec
2012-12-13 15:28 . 2012-12-13 15:28 420864 ----a-w- c:\windows\SysWow64\vbscript.dll
2012-12-13 15:28 . 2012-12-13 15:28 403248 ----a-w- c:\windows\system32\iedkcs32.dll
2012-12-13 15:28 . 2012-12-13 15:28 39936 ----a-w- c:\windows\system32\iernonce.dll
2012-12-13 15:28 . 2012-12-13 15:28 3695416 ----a-w- c:\windows\system32\ieapfltr.dat
2012-12-13 15:28 . 2012-12-13 15:28 367104 ----a-w- c:\windows\SysWow64\html.iec
2012-12-13 15:28 . 2012-12-13 15:28 35840 ----a-w- c:\windows\SysWow64\imgutil.dll
2012-12-13 15:28 . 2012-12-13 15:28 30720 ----a-w- c:\windows\system32\licmgr10.dll
2012-12-13 15:28 . 2012-12-13 15:28 282112 ----a-w- c:\windows\system32\dxtrans.dll
2012-12-13 15:28 . 2012-12-13 15:28 267776 ----a-w- c:\windows\system32\ieaksie.dll
2012-12-13 15:28 . 2012-12-13 15:28 249344 ----a-w- c:\windows\system32\webcheck.dll
2012-12-13 15:28 . 2012-12-13 15:28 248320 ----a-w- c:\windows\system32\ieui.dll
2012-12-13 15:28 . 2012-12-13 15:28 2382848 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-12-13 15:28 . 2012-12-13 15:28 2382848 ----a-w- c:\windows\system32\mshtml.tlb
2012-12-13 15:28 . 2012-12-13 15:28 237056 ----a-w- c:\windows\system32\url.dll
2012-12-13 15:28 . 2012-12-13 15:28 23552 ----a-w- c:\windows\SysWow64\licmgr10.dll
2012-12-13 15:28 . 2012-12-13 15:28 2312704 ----a-w- c:\windows\system32\jscript9.dll
2012-12-13 15:28 . 2012-12-13 15:28 222208 ----a-w- c:\windows\system32\msls31.dll
2012-12-13 15:28 . 2012-12-13 15:28 2144768 ----a-w- c:\windows\system32\iertutil.dll
2012-12-13 15:28 . 2012-12-13 15:28 197120 ----a-w- c:\windows\system32\msrating.dll
2012-12-13 15:28 . 2012-12-13 15:28 1800704 ----a-w- c:\windows\SysWow64\jscript9.dll
2012-12-13 15:28 . 2012-12-13 15:28 17811968 ----a-w- c:\windows\system32\mshtml.dll
2012-12-13 15:28 . 2012-12-13 15:28 173056 ----a-w- c:\windows\system32\ieUnatt.exe
2012-12-13 15:28 . 2012-12-13 15:28 165888 ----a-w- c:\windows\system32\iexpress.exe
2012-12-13 15:28 . 2012-12-13 15:28 163840 ----a-w- c:\windows\system32\ieakui.dll
2012-12-13 15:28 . 2012-12-13 15:28 160256 ----a-w- c:\windows\system32\wextract.exe
2012-12-13 15:28 . 2012-12-13 15:28 160256 ----a-w- c:\windows\system32\ieakeng.dll
2012-12-13 15:28 . 2012-12-13 15:28 152064 ----a-w- c:\windows\SysWow64\wextract.exe
2012-12-13 15:28 . 2012-12-13 15:28 150528 ----a-w- c:\windows\SysWow64\iexpress.exe
2012-12-13 15:28 . 2012-12-13 15:28 149504 ----a-w- c:\windows\system32\occache.dll
2012-12-13 15:28 . 2012-12-13 15:28 1494528 ----a-w- c:\windows\system32\inetcpl.cpl
2012-12-13 15:28 . 2012-12-13 15:28 145920 ----a-w- c:\windows\system32\iepeers.dll
2012-12-13 15:28 . 2012-12-13 15:28 142848 ----a-w- c:\windows\SysWow64\ieUnatt.exe
2012-12-13 15:28 . 2012-12-13 15:28 1427968 ----a-w- c:\windows\SysWow64\inetcpl.cpl
2012-12-13 15:28 . 2012-12-13 15:28 1392128 ----a-w- c:\windows\system32\wininet.dll
2012-12-13 15:28 . 2012-12-13 15:28 135168 ----a-w- c:\windows\system32\IEAdvpack.dll
2012-12-13 15:28 . 2012-12-13 15:28 1346048 ----a-w- c:\windows\system32\urlmon.dll
2012-12-13 15:28 . 2012-12-13 15:28 12288 ----a-w- c:\windows\system32\mshta.exe
2012-12-13 15:28 . 2012-12-13 15:28 11776 ----a-w- c:\windows\SysWow64\mshta.exe
2012-12-13 15:28 . 2012-12-13 15:28 114176 ----a-w- c:\windows\system32\admparse.dll
2012-12-13 15:28 . 2012-12-13 15:28 111616 ----a-w- c:\windows\system32\iesysprep.dll
2012-12-13 15:28 . 2012-12-13 15:28 110592 ----a-w- c:\windows\SysWow64\IEAdvpack.dll
2012-12-13 15:28 . 2012-12-13 15:28 10925568 ----a-w- c:\windows\system32\ieframe.dll
2012-12-13 15:28 . 2012-12-13 15:28 10752 ----a-w- c:\windows\system32\msfeedssync.exe
2012-12-13 15:28 . 2012-12-13 15:28 103936 ----a-w- c:\windows\system32\inseng.dll
2012-12-13 15:28 . 2012-12-13 15:28 101888 ----a-w- c:\windows\SysWow64\admparse.dll
2012-12-13 14:49 . 2009-07-14 02:36 175616 ----a-w- c:\windows\system32\msclmd.dll
2012-12-13 14:49 . 2009-07-14 02:36 152576 ----a-w- c:\windows\SysWow64\msclmd.dll
2012-12-13 13:57 . 2012-12-13 13:57 821736 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2012-12-13 13:57 . 2012-12-13 13:57 746984 ----a-w- c:\windows\SysWow64\deployJava1.dll
2012-11-30 04:45 . 2013-01-09 11:32 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-19 00:01 . 2012-12-13 14:06 9125352 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{1BB82B38-871E-44A1-9089-6E440E6824E4}\mpengine.dll
2012-11-15 22:33 . 2012-11-15 22:33 111968 ----a-w- c:\windows\system32\drivers\avgmfx64.sys
2012-11-09 05:45 . 2012-12-13 15:20 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 15:20 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sony PC Companion"="c:\program files (x86)\Sony\Sony PC Companion\PCCompanion.exe" [2013-01-07 446648]
"DAEMON Tools Lite"="c:\program files (x86)\DAEMON Tools Lite\DTLite.exe" [2012-11-06 3673728]
"SCheck"="c:\users\Sandra\AppData\Roaming\SCheck\SCheck.exe" [2012-12-19 41984]
"SSync"="c:\users\Sandra\AppData\Roaming\SSync\SSync.exe" [2012-12-19 41984]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"HP Software Update"="c:\program files (x86)\HP\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"hpqSRMon"="c:\program files (x86)\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-07-22 150528]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files (x86)\HP\Digital Imaging\bin\hpqtra08.exe [2009-9-20 270336]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 Freemake Improver;Freemake Improver;c:\programdata\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [2013-01-11 100864]
R3 Sony PC Companion;Sony PC Companion;c:\program files (x86)\Sony\Sony PC Companion\PCCService.exe [2012-01-18 155320]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-10-15 63328]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 Avgfwfd;AVG network filter service;c:\windows\system32\DRIVERS\avgfwd6a.sys [2012-09-04 50296]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-10-22 154464]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2013-01-26 283200]
S2 avgfws;AVG Firewall;c:\program files (x86)\AVG\AVG2013\avgfws.exe [2012-12-10 1342024]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2012-10-02 382824]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2009-09-30 2320920]
S3 e1kexpress;Intel(R) PRO/1000 PCI Express Network Connection Driver K;c:\windows\system32\DRIVERS\e1k62x64.sys [2009-09-23 283824]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 93453608
*Deregistered* - 93453608
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RtHDVCpl"="c:\program files\Realtek\Audio\HDA\RAVCpl64.exe" [2009-09-02 8098848]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://wisersearch.com/?channel=sfde300
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
mSearchAssistant = hxxp://www.google.com
IE: Nach Microsoft &Excel exportieren - c:\progra~2\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.2.1
FF - ProfilePath - c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - prefs.js: browser.startup.homepage - hxxp://search.fbdownloader.com/?channel=sfde203fbdgy21
FF - prefs.js: keyword.URL - hxxp://search.fbdownloader.com/search.php?channel=sfde203fbdgy21&q=
FF - ExtSQL: 2012-12-24 12:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF - ExtSQL: 2013-02-02 10:55; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-02 10:56; elemhidehelper@adblockplus.org; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\elemhidehelper@adblockplus.org.xpi
FF - ExtSQL: 2013-02-02 10:58; {0b457cAA-602d-484a-8fe7-c1d894a011ba}; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\{0b457cAA-602d-484a-8fe7-c1d894a011ba}
FF - ExtSQL: 2013-02-02 10:58; ich@maltegoetz.de; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\ich@maltegoetz.de
FF - ExtSQL: 2013-02-02 10:58; facebookBlocker@webgraph.com; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\facebookBlocker@webgraph.com.xpi
FF - ExtSQL: 2013-02-02 10:58; adblockpopups@jessehakanen.net; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\adblockpopups@jessehakanen.net.xpi
FF - ExtSQL: 2013-02-02 11:54; toolbar@gmx.net; c:\users\Sandra\AppData\Roaming\Mozilla\Firefox\Profiles\rv7ycn0q.default\extensions\toolbar@gmx.net.xpi
FF - ExtSQL: !HIDDEN! 2012-12-24 12:01; smartwebprinting@hp.com; c:\program files (x86)\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
AddRemove-Sweetpacks Bundle Uninstaller - c:\program files (x86)\sweetpacks bundle uninstaller\uninstaller.exe
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\LocalSystem\Components\P¯4*]
"7040110900063D11C8EF10054038389C"="C?\\Windows\\SysWOW64\\FM20ENU.DLL"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-04 16:29:30
ComboFix-quarantined-files.txt 2013-02-04 15:29
.
Vor Suchlauf: 11 Verzeichnis(se), 683.652.521.984 Bytes frei
Nach Suchlauf: 16 Verzeichnis(se), 683.260.760.064 Bytes frei
.
- - End Of File - - 210DD2E8CA8AF3E4A791CB59FEE002E9
|
|
04.02.2013, 16:33
| #10 |
| /// Malware-holic | fb downloader search geht nicht mehr weg öffne bitte Malwarebytes, Logdateien, poste Berichte mit Funden
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 16:38
| #11 |
| | fb downloader search geht nicht mehr weg dieses log ist aufgegangen...war es das falsche? oder hab ich was falsch gemacht? |
|
04.02.2013, 16:45
| #12 |
| /// Malware-holic | fb downloader search geht nicht mehr weg ich möchte das du Malwarebytes öffnest, Logdateien, und Berichte mit Ergebnissen postest :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 16:56
| #13 |
| | fb downloader search geht nicht mehr weg >< ach du meinst das programm malewarebytes oder? bin bischen blond grade^^ |
|
04.02.2013, 16:59
| #14 |
| /// Malware-holic | fb downloader search geht nicht mehr weg ja, steht doch da :-)
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
04.02.2013, 17:06
| #15 |
| | fb downloader search geht nicht mehr weg 2013/02/03 20:59:34 +0100 SANDRA-PC Sandra MESSAGE Executing scheduled update: Daily 2013/02/03 20:59:37 +0100 SANDRA-PC Sandra MESSAGE Starting protection 2013/02/03 20:59:37 +0100 SANDRA-PC Sandra MESSAGE Protection started successfully 2013/02/03 20:59:37 +0100 SANDRA-PC Sandra MESSAGE Starting IP protection 2013/02/03 20:59:39 +0100 SANDRA-PC Sandra MESSAGE IP Protection started successfully 2013/02/03 20:59:47 +0100 SANDRA-PC Sandra MESSAGE Starting database refresh 2013/02/03 20:59:47 +0100 SANDRA-PC Sandra MESSAGE Scheduled update executed successfully: database updated from version v2012.12.14.11 to version v2013.02.03.09 2013/02/03 20:59:47 +0100 SANDRA-PC Sandra MESSAGE Stopping IP protection 2013/02/03 20:59:48 +0100 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully 2013/02/03 20:59:50 +0100 SANDRA-PC Sandra MESSAGE Database refreshed successfully 2013/02/03 20:59:50 +0100 SANDRA-PC Sandra MESSAGE Starting IP protection 2013/02/03 20:59:54 +0100 SANDRA-PC Sandra MESSAGE IP Protection started successfully 2013/02/03 20:59:56 +0100 SANDRA-PC Sandra MESSAGE Starting database refresh 2013/02/03 20:59:56 +0100 SANDRA-PC Sandra MESSAGE Stopping IP protection 2013/02/03 20:59:56 +0100 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully 2013/02/03 20:59:59 +0100 SANDRA-PC Sandra MESSAGE Database refreshed successfully 2013/02/03 20:59:59 +0100 SANDRA-PC Sandra MESSAGE Starting IP protection 2013/02/03 21:00:03 +0100 SANDRA-PC Sandra MESSAGE IP Protection started successfully 2013/02/03 21:07:03 +0100 SANDRA-PC Sandra IP-BLOCK 178.17.163.114 (Type: outgoing, Port: 57431, Process: firefox.exe) 2013/02/03 21:07:04 +0100 SANDRA-PC Sandra IP-BLOCK 178.17.163.114 (Type: outgoing, Port: 57432, Process: firefox.exe) 2013/02/03 21:30:54 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58496, Process: firefox.exe) 2013/02/03 21:30:54 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58497, Process: firefox.exe) 2013/02/03 21:31:02 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58502, Process: firefox.exe) 2013/02/03 21:31:02 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58503, Process: firefox.exe) 2013/02/03 21:31:35 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58523, Process: firefox.exe) 2013/02/03 21:31:35 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58524, Process: firefox.exe) 2013/02/03 21:31:35 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58527, Process: firefox.exe) 2013/02/03 21:31:35 +0100 SANDRA-PC Sandra IP-BLOCK 109.163.227.208 (Type: outgoing, Port: 58528, Process: firefox.exe) 2013/02/03 21:44:33 +0100 SANDRA-PC Sandra MESSAGE Stopping IP protection 2013/02/03 21:44:33 +0100 SANDRA-PC Sandra MESSAGE IP Protection stopped successfully 2013/02/03 21:44:38 +0100 SANDRA-PC Sandra MESSAGE Protection stopped das war beides dort drinnen |
|
| Themen zu fb downloader search geht nicht mehr weg |
| deinstalliere, deinstallieren, downloader, firefox, freund, geht nicht, geht nicht mehr, hoffe, individuelle, loader, lösung, neuinstallation, nicht mehr, nichts, problem, search, seite, softonic, starte, startseite, troja |
Linear-Darstellung
