| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
06.02.2013, 12:22
| #1 |
 |  Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? Hallo, Folgendes ist passiert: Obwohl ich eine lizensierte Version von Avast! besitze hat sich wohl ein Wurm eingeschlichen und Avast! lahmgelegt. Es ist komplett deaktiviert und lässt sich nciht mehr aktivieren. Auch das erneute Einfügen der Lizenzdatei gelingt MEldung: RPC-Fehler Ich habe bereits in Foren gelesen, dass RPC-Fehler durch Blast-Würmer verursacht werden können und ich habe bereits Malware bytes durchlaufen lassen. Es wuden infizierte Dateien gefunden, darunter Adware.Yontoo Ich hänge den Malware Bericht an und bitte um Anweisung, um diesen Virus bzw. Wurm zu entfernen. Vielen Dank schon mal im Voraus! |
|
06.02.2013, 12:24
| #2 |
| /// Malware-holic   | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? hi
__________________Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ |
|
06.02.2013, 12:57
| #3 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? OTL Logfile:
__________________Code:
ATTFilter OTL logfile created on: 06.02.2013 12:31:44 - Run 3 OTL by OldTimer - Version 3.2.31.0 Folder = C:\Users\Maze\Desktop 64bit- Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,87 Gb Total Physical Memory | 2,55 Gb Available Physical Memory | 66,01% Memory free 7,73 Gb Paging File | 6,19 Gb Available in Paging File | 80,03% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 148,81 Gb Total Space | 51,08 Gb Free Space | 34,32% Space Free | Partition Type: NTFS Drive D: | 148,88 Gb Total Space | 40,39 Gb Free Space | 27,13% Space Free | Partition Type: NTFS Computer Name: MAZE-TOSH | User Name: Maze | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2012.10.30 23:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastUI.exe PRC - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\AvastSvc.exe PRC - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) -- C:\Programme\AVAST Software\Avast\afwServ.exe PRC - [2012.02.12 19:33:20 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Users\Maze\Desktop\OTL.exe PRC - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe PRC - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe PRC - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe PRC - [2011.07.27 21:41:08 | 000,397,992 | ---- | M] ({StringFileInfo_CompanyName}) -- C:\Program Files (x86)\Ask.com\Updater\Updater.exe PRC - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe PRC - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe PRC - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2010.02.22 12:23:50 | 000,304,496 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\NDSTray.exe PRC - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe PRC - [2009.07.28 19:26:42 | 000,062,848 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSwMgr.exe PRC - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe PRC - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe ========== Modules (No Company Name) ========== MOD - [2012.02.20 20:29:04 | 000,087,912 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll MOD - [2012.02.20 20:28:42 | 001,242,472 | ---- | M] () -- C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll MOD - [2011.07.29 00:09:42 | 000,096,112 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll MOD - [2011.07.29 00:08:12 | 001,259,376 | ---- | M] () -- C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe ========== Win32 Services (SafeList) ========== SRV:64bit: - [2012.10.30 23:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus) SRV:64bit: - [2012.10.30 23:50:56 | 000,133,912 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\afwServ.exe -- (avast! Firewall) SRV:64bit: - [2010.04.26 21:49:36 | 000,202,752 | ---- | M] (AMD) [Auto | Running] -- C:\Windows\SysNative\atiesrxx.exe -- (AMD External Events Utility) SRV:64bit: - [2010.03.17 15:00:44 | 000,258,928 | ---- | M] (TOSHIBA Corporation) [On_Demand | Stopped] -- C:\Program Files\TOSHIBA\TECO\TecoService.exe -- (TOSHIBA eco Utility Service) SRV:64bit: - [2010.02.23 16:57:42 | 000,835,952 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe -- (TPCHSrv) SRV:64bit: - [2010.02.05 16:44:48 | 000,137,560 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe -- (TOSHIBA HDD SSD Alert Service) SRV:64bit: - [2009.11.05 21:05:28 | 000,489,312 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe -- (TosCoSrv) SRV:64bit: - [2009.07.28 13:48:06 | 000,140,632 | ---- | M] (TOSHIBA Corporation) [Auto | Running] -- C:\Windows\SysNative\TODDSrv.exe -- (TODDSrv) SRV - [2013.02.06 11:49:20 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2012.12.21 11:44:44 | 001,948,160 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe -- (SystemStoreService) SRV - [2012.11.14 21:00:13 | 005,663,232 | ---- | M] () [Auto | Stopped] -- C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe -- (SelfUpdateService) SRV - [2011.10.01 08:30:22 | 000,219,496 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa) SRV - [2011.10.01 08:30:18 | 000,508,776 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist) SRV - [2011.06.06 11:55:28 | 000,064,952 | ---- | M] (Adobe Systems Incorporated) [Auto | Running] -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe -- (AdobeARMservice) SRV - [2010.07.01 09:59:02 | 000,051,576 | ---- | M] (TOSHIBA Corporation) [On_Demand | Running] -- C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe -- (TMachInfo) SRV - [2010.03.18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.11 13:06:06 | 000,193,824 | ---- | M] (Protexis Inc.) [Auto | Running] -- C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2) SRV - [2010.03.03 13:42:02 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) Intel(R) SRV - [2010.03.03 13:41:58 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) Intel(R) SRV - [2010.02.19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard) SRV - [2010.02.11 01:40:12 | 000,124,368 | ---- | M] (Toshiba Europe GmbH) [Disabled | Stopped] -- C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe -- (TemproMonitoringService) Notebook Performance Tuning Service (TEMPRO) SRV - [2010.01.28 15:44:40 | 000,249,200 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe -- (cfWiMAXService) SRV - [2010.01.15 13:08:38 | 000,935,208 | ---- | M] (Nero AG) [Auto | Running] -- c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0) SRV - [2009.08.24 15:51:46 | 000,185,640 | ---- | M] (TeamViewer GmbH) [On_Demand | Stopped] -- C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe -- (TeamViewer4) SRV - [2009.06.10 22:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.03.10 17:51:20 | 000,046,448 | ---- | M] (TOSHIBA CORPORATION) [Auto | Running] -- C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe -- (ConfigFree Service) SRV - [2008.04.07 09:17:30 | 000,430,592 | ---- | M] (Nokia.) [On_Demand | Stopped] -- C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer) SRV - [2007.01.04 18:48:50 | 000,112,152 | ---- | M] (InterVideo) [Auto | Running] -- C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe -- (IviRegMgr) ========== Driver Services (SafeList) ========== DRV:64bit: - [2012.10.30 23:51:56 | 000,059,728 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswTdi.sys -- (aswTdi) DRV:64bit: - [2012.10.30 23:51:55 | 000,984,144 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\Windows\SysNative\drivers\aswSnx.sys -- (aswSnx) DRV:64bit: - [2012.10.30 23:51:55 | 000,370,288 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswSP.sys -- (aswSP) DRV:64bit: - [2012.10.30 23:51:55 | 000,262,656 | ---- | M] (AVAST Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis2.sys -- (aswNdis2) DRV:64bit: - [2012.10.30 23:51:55 | 000,071,600 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswMonFlt.sys -- (aswMonFlt) DRV:64bit: - [2012.10.30 23:51:55 | 000,021,136 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswKbd.sys -- (aswKbd) DRV:64bit: - [2012.10.30 23:51:53 | 000,132,864 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswFW.sys -- (aswFW) DRV:64bit: - [2012.10.30 23:51:53 | 000,025,232 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\Windows\SysNative\drivers\aswFsBlk.sys -- (aswFsBlk) DRV:64bit: - [2012.10.15 17:59:28 | 000,054,072 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\aswRdr2.sys -- (aswRdr) DRV:64bit: - [2012.08.21 12:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.07.09 12:42:54 | 000,052,736 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.02.18 22:46:07 | 000,027,176 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggsemc.sys -- (ggsemc) DRV:64bit: - [2012.02.18 22:46:07 | 000,013,352 | ---- | M] (Sony Ericsson Mobile Communications) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ggflt.sys -- (ggflt) DRV:64bit: - [2011.11.28 18:26:19 | 000,012,368 | ---- | M] (ALWIL Software) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\aswNdis.sys -- (aswNdis) DRV:64bit: - [2011.10.01 08:30:22 | 000,022,376 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftvollh.sys -- (Sftvol) DRV:64bit: - [2011.10.01 08:30:18 | 000,268,648 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftplaylh.sys -- (Sftplay) DRV:64bit: - [2011.10.01 08:30:18 | 000,025,960 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftredirlh.sys -- (Sftredir) DRV:64bit: - [2011.10.01 08:30:10 | 000,764,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Sftfslh.sys -- (Sftfs) DRV:64bit: - [2011.08.02 15:38:44 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2011.03.11 07:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 07:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2011.03.04 09:03:22 | 000,254,528 | ---- | M] (DT Soft Ltd) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\dtsoftbus01.sys -- (dtsoftbus01) DRV:64bit: - [2010.11.20 14:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 12:07:05 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2010.11.20 11:43:57 | 000,032,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbser.sys -- (usbser) DRV:64bit: - [2010.04.27 03:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (atikmdag) DRV:64bit: - [2010.04.27 03:56:34 | 006,659,072 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmdag.sys -- (amdkmdag) DRV:64bit: - [2010.04.27 00:23:08 | 001,103,904 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\rtl8192se.sys -- (rtl8192se) DRV:64bit: - [2010.04.26 21:17:26 | 000,195,584 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\atikmpag.sys -- (amdkmdap) DRV:64bit: - [2010.03.31 13:50:16 | 000,724,536 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDRT64.sys -- (CnxtHdAudService) DRV:64bit: - [2010.03.10 17:51:32 | 000,316,464 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2010.03.05 10:11:30 | 000,720,952 | ---- | M] (Conexant Systems Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\CHDMI64.sys -- (CnxtHdmiAudService) DRV:64bit: - [2010.02.22 17:03:42 | 000,075,304 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\L1C62x64.sys -- (L1C) DRV:64bit: - [2010.02.10 14:02:00 | 000,158,720 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2010.02.01 10:29:48 | 000,232,992 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\RtsUStor.sys -- (RSUSBSTOR) DRV:64bit: - [2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2009.11.05 13:51:10 | 000,368,832 | ---- | M] (AfaTech ) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\AF15BDA.sys -- (AF15BDA) Cinergy T USB XE (MKII) DRV:64bit: - [2009.09.17 11:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) Intel(R) DRV:64bit: - [2009.08.26 11:33:00 | 000,031,744 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optovcm.sys -- (optovcm) DRV:64bit: - [2009.08.26 11:33:00 | 000,022,656 | ---- | M] (OPTO ELECTRONICS CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\optousb.sys -- (optousb) DRV:64bit: - [2009.08.13 22:10:18 | 000,073,984 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\xusb21.sys -- (xusb21) DRV:64bit: - [2009.07.30 18:22:04 | 000,027,784 | ---- | M] (TOSHIBA Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tdcmdpst.sys -- (tdcmdpst) DRV:64bit: - [2009.07.14 15:31:18 | 000,026,840 | ---- | M] (TOSHIBA Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\TVALZ_O.SYS -- (TVALZ) DRV:64bit: - [2009.07.14 02:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.14 02:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.14 02:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.07 07:51:42 | 000,009,216 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\FwLnk.sys -- (FwLnk) DRV:64bit: - [2009.06.29 17:00:50 | 000,132,608 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbnet.sys -- (ewusbnet) DRV:64bit: - [2009.06.29 17:00:50 | 000,116,096 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbfake.sys -- (hwusbfake) DRV:64bit: - [2009.06.22 16:06:38 | 000,035,008 | ---- | M] (TOSHIBA Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\PGEffect.sys -- (PGEffect) DRV:64bit: - [2009.06.19 18:15:22 | 000,014,472 | ---- | M] (TOSHIBA Corporation) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\TVALZFL.sys -- (TVALZFL) DRV:64bit: - [2009.06.10 22:01:06 | 001,146,880 | ---- | M] (LSI Corp) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\agrsm64.sys -- (AgereSoftModem) DRV:64bit: - [2009.06.10 21:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 21:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 21:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 21:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.04.09 12:38:24 | 000,116,864 | ---- | M] (Huawei Technologies Co., Ltd.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\ewusbmdm.sys -- (hwdatacard) DRV:64bit: - [2007.09.17 15:53:34 | 000,029,184 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\pccsmcfdx64.sys -- (pccsmcfd) DRV:64bit: - [2007.04.17 10:51:50 | 000,014,112 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\regi.sys -- (regi) DRV - [2009.07.14 02:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) DRV - [2009.03.31 09:39:36 | 000,016,392 | ---- | M] (Teruten Inc) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\TFsExDisk.Sys -- (TFsExDisk) DRV - [2007.04.17 19:09:28 | 000,011,032 | ---- | M] (InterVideo) [Kernel | Auto | Running] -- C:\Windows\SysWOW64\drivers\regi.sys -- (regi) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.facebook.com/ IE - HKCU\..\URLSearchHook: - No CLSID value found IE - HKCU\..\URLSearchHook: {c840e246-6b95-475e-9bd7-caa1c7eca9f2} - No CLSID value found IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_3_300_262.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_3_300_262.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files (x86)\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC) FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33: C:\Windows\SysWOW64\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files (x86)\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~4\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: C:\Program Files (x86)\DivX\DivX Plus Web Player\firefox\DivXHTML5 [2012.06.23 11:01:45 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\wrc@avast.com: C:\Program Files\AVAST Software\Avast\WebRep\FF [2012.11.21 11:20:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 11:49:20 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 11:49:18 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.06 11:49:20 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.06 11:49:18 | 000,000,000 | ---D | M] [2012.08.06 19:20:14 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maze\AppData\Roaming\mozilla\Extensions [2013.02.01 20:41:36 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Maze\AppData\Roaming\mozilla\Firefox\Profiles\19fss6mu.default\extensions [2013.02.06 11:49:18 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\Mozilla Firefox\extensions [2013.02.06 11:49:18 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files (x86)\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} [2012.11.21 11:20:50 | 000,000,000 | ---D | M] (avast! WebRep) -- C:\PROGRAM FILES\AVAST SOFTWARE\AVAST\WEBREP\FF () (No name found) -- C:\USERS\MAZE\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\19FSS6MU.DEFAULT\EXTENSIONS\{7DF87622-0565-4B6D-B160-75A339BC64CB}.XPI [2013.02.06 11:49:20 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.02.15 14:48:02 | 000,378,880 | ---- | M] (InfiniAd GmbH) -- C:\Program Files (x86)\mozilla firefox\plugins\npmieze.dll [2012.07.14 01:45:08 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2011.07.03 13:45:57 | 000,002,423 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\babylon.xml [2012.09.08 16:36:00 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.07.14 01:45:08 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.07.14 01:45:08 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.14 01:45:08 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.14 01:45:07 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.02.12 21:11:32 | 000,000,027 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2:64bit: - BHO: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O2:64bit: - BHO: (Windows Live ID Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - C:\Program Files (x86)\DivX\DivX Plus Web Player\ie\DivXHTML5\DivXHTML5.dll (DivX, LLC) O2 - BHO: (no name) - {58307a99-7813-45f1-ac6c-06ff1617a20d} - No CLSID value found. O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O2 - BHO: (TOSHIBA Media Controller Plug-in) - {F3C88694-EFFA-4d78-B409-54B7B2535B14} - C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll (<TOSHIBA>) O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Yontoo LLC) O3:64bit: - HKLM\..\Toolbar: (avast! WebRep) - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - C:\Programme\AVAST Software\Avast\aswWebRepIE64.dll (AVAST Software) O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Programme\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (loadtbs) - {DFEFCDEE-CF1A-4FC8-88AD-129872198372} - C:\Users\Maze\AppData\Roaming\loadtbs\toolbar.dll (InfiniAd GmbH) O3 - HKLM\..\Toolbar: (no name) - Locked - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - No CLSID value found. O3 - HKCU\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files (x86)\Ask.com\GenericAskToolbar.dll (Ask) O4:64bit: - HKLM..\Run: [00TCrdMain] C:\Programme\TOSHIBA\FlashCards\TCrdMain.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated) O4:64bit: - HKLM..\Run: [cAudioFilterAgent] C:\Programme\CONEXANT\cAudioFilterAgent\cAudioFilterAgent64.exe (Conexant Systems, Inc.) O4:64bit: - HKLM..\Run: [HSON] C:\Programme\TOSHIBA\TBS\HSON.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmartAudio] C:\Program Files\CONEXANT\SAII\SAIICpl.exe () O4:64bit: - HKLM..\Run: [SmartFaceVWatcher] C:\Programme\TOSHIBA\SmartFaceV\SmartFaceVWatcher.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [SmoothView] C:\Programme\TOSHIBA\SmoothView\SmoothView.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Teco] C:\Program Files\TOSHIBA\TECO\Teco.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [Toshiba Registration] C:\Programme\TOSHIBA\Registration\ToshibaReminder.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [Toshiba TEMPRO] C:\Program Files (x86)\Toshiba TEMPRO\TemproTray.exe (Toshiba Europe GmbH) O4:64bit: - HKLM..\Run: [TosNC] C:\Programme\TOSHIBA\BulletinBoard\TosNcCore.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosReelTimeMonitor] C:\Programme\TOSHIBA\ReelTime\TosReelTimeMonitor.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosSENotify] C:\Programme\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosVolRegulator] C:\Programme\TOSHIBA\TosVolRegulator\TosVolRegulator.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TosWaitSrv] C:\Programme\TOSHIBA\TPHM\TosWaitSrv.exe (TOSHIBA Corporation) O4:64bit: - HKLM..\Run: [TPwrMain] C:\Programme\TOSHIBA\Power Saver\TPwrMain.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ApnUpdater] C:\Program Files (x86)\Ask.com\Updater\Updater.exe ({StringFileInfo_CompanyName}) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software) O4 - HKLM..\Run: [CorelDRAW Graphics Suite 11b] C:\Program Files (x86)\Corel\Corel Graphics 11\Register\registration.exe (Corel Corporation) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [NBAgent] c:\Program Files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe (Nero AG) O4 - HKLM..\Run: [StartCCC] C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe (Advanced Micro Devices, Inc.) O4 - HKLM..\Run: [SwitchBoard] C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated) O4 - HKLM..\Run: [ToshibaServiceStation] C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe (TOSHIBA Corporation) O4 - HKLM..\Run: [TWebCamera] C:\Program Files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe (TOSHIBA CORPORATION.) O4 - HKCU..\Run: [BlosonAddonUpdater] C:\Users\Maze\AppData\Roaming\Bloson\BlosonAddonUpdater.exe (VSH Solutions) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra Button: ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O9 - Extra 'Tools' menuitem : ICQ7.4 - {73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - C:\Program Files (x86)\ICQ7.4\ICQ.exe (ICQ, LLC.) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000005 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000006 [] - C:\Programme\Common Files\Microsoft Shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3B4F0C42-2FCF-4E09-98F4-E070F960A1F8}: DhcpNameServer = 139.7.30.126 139.7.30.125 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{6648F8AB-BC54-4BD0-801C-FC8A7DD9EF38}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84138B3F-1EBE-4B6F-8B53-6CF0A41F80A8}: DhcpNameServer = 193.189.244.225 193.189.244.206 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\livecall - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\msnim - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\Program Files (x86)\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files (x86)\Common Files\Skype\Skype4COM.dll (Skype Technologies) O20:64bit: - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\SysNative\SystemPropertiesPerformance.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: VMApplet - (/pagefile) - File not found O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) -C:\Windows\SysWOW64\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (/pagefile) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = ComFile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - ActiveX:64bit: >{D6650514-E1E0-46B1-9512-63063248A6CF} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Microsoft VM ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Webordner ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker 2.6 ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.06 12:06:33 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.02.06 12:06:32 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.02.06 12:06:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.02.06 12:06:21 | 000,000,000 | ---D | C] -- C:\Users\Maze\AppData\Local\Programs [2013.02.06 11:49:18 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.06 11:19:24 | 000,000,000 | ---D | C] -- C:\Users\Maze\AppData\Local\Nero_AG [2013.02.05 17:19:29 | 000,000,000 | ---D | C] -- C:\Users\Maze\Desktop\Bewerbung [2013.02.05 14:11:21 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.02.05 14:11:20 | 000,000,000 | R--D | C] -- C:\Program Files (x86)\Skype [2013.02.05 14:11:20 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [2013.01.30 20:13:28 | 000,000,000 | ---D | C] -- C:\Users\Maze\AppData\Roaming\MAGIX [2013.01.30 20:09:15 | 000,000,000 | ---D | C] -- C:\Users\Maze\AppData\Local\Xara [2013.01.30 20:09:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAGIX [2013.01.30 20:04:18 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MAGIX Services [2013.01.30 20:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\MAGIX Services [2013.01.30 20:04:14 | 000,000,000 | ---D | C] -- C:\ProgramData\MAGIX [2013.01.30 20:04:14 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\MAGIX [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maze\Desktop\*.tmp files -> C:\Users\Maze\Desktop\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.06 12:06:33 | 000,001,076 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.06 12:04:11 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 12:04:11 | 000,016,080 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.06 12:01:26 | 002,286,856 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.06 12:01:26 | 001,111,702 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.06 12:01:26 | 000,653,976 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.06 12:01:26 | 000,578,506 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.06 12:01:26 | 000,005,430 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.06 11:56:16 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.06 11:56:10 | 3113,361,408 | -HS- | M] () -- C:\hiberfil.sys [2013.02.05 18:33:29 | 000,094,851 | ---- | M] () -- C:\Users\Maze\Desktop\street player bang.wav.asd [2013.02.05 18:32:46 | 007,876,512 | ---- | M] () -- C:\Users\Maze\Desktop\street player bang.wav [2013.02.05 17:16:06 | 038,118,984 | ---- | M] () -- C:\Users\Maze\Desktop\let me down sicherererer.wav [2013.02.05 16:05:20 | 058,212,044 | ---- | M] () -- C:\Users\Maze\Desktop\groove on maybe final.wav [2013.02.05 14:59:21 | 023,629,440 | ---- | M] () -- C:\Users\Maze\Desktop\funky house 2013.wav [2013.02.05 14:11:21 | 000,002,515 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.01.31 10:42:19 | 004,921,640 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.30 20:47:45 | 000,098,954 | ---- | M] () -- C:\Users\Maze\Desktop\Expresso.mxm [2013.01.30 20:09:16 | 000,120,200 | ---- | M] () -- C:\Windows\SysWow64\DLLDEV32i.dll [2013.01.14 21:29:05 | 071,171,196 | ---- | M] () -- C:\Users\Maze\Desktop\Mad Man Maze - Ibiza Vibes (re-edit).wav [2013.01.14 20:38:07 | 003,621,773 | ---- | M] () -- C:\Users\Maze\Desktop\Titanium - David Guetta ft. Sia.mp3 [2013.01.14 20:29:52 | 003,855,412 | ---- | M] () -- C:\Users\Maze\Desktop\lights.mp3 [4 C:\Windows\SysWow64\*.tmp files -> C:\Windows\SysWow64\*.tmp -> ] [1 C:\Users\Maze\Desktop\*.tmp files -> C:\Users\Maze\Desktop\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.06 12:06:33 | 000,001,076 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.02.05 18:36:04 | 008,128,556 | ---- | C] () -- C:\Users\Maze\Desktop\neuer street player.wav [2013.02.05 18:33:29 | 000,094,851 | ---- | C] () -- C:\Users\Maze\Desktop\street player bang.wav.asd [2013.02.05 18:32:46 | 007,876,512 | ---- | C] () -- C:\Users\Maze\Desktop\street player bang.wav [2013.02.05 17:23:01 | 058,724,176 | ---- | C] () -- C:\Users\Maze\Desktop\let me down sicherererer alt.wav [2013.02.05 17:16:05 | 038,118,984 | ---- | C] () -- C:\Users\Maze\Desktop\let me down sicherererer.wav [2013.02.05 16:05:20 | 058,212,044 | ---- | C] () -- C:\Users\Maze\Desktop\groove on maybe final.wav [2013.02.05 14:11:21 | 000,002,515 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.05 01:06:28 | 023,629,440 | ---- | C] () -- C:\Users\Maze\Desktop\funky house 2013.wav [2013.01.30 20:47:45 | 000,098,954 | ---- | C] () -- C:\Users\Maze\Desktop\Expresso.mxm [2013.01.14 20:38:02 | 003,621,773 | ---- | C] () -- C:\Users\Maze\Desktop\Titanium - David Guetta ft. Sia.mp3 [2013.01.14 20:29:47 | 003,855,412 | ---- | C] () -- C:\Users\Maze\Desktop\lights.mp3 [2012.04.06 20:10:55 | 000,000,017 | ---- | C] () -- C:\Windows\SysWow64\shortcut_ex.dat [2012.02.26 18:03:21 | 000,000,425 | ---- | C] () -- C:\Windows\BRWMARK.INI [2012.02.26 18:03:21 | 000,000,027 | ---- | C] () -- C:\Windows\BRPP2KA.INI [2012.02.12 21:02:55 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2012.02.12 21:02:55 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2012.02.12 21:02:55 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2012.02.12 21:02:55 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2012.02.12 21:02:55 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2011.11.09 20:34:29 | 000,000,040 | -HS- | C] () -- C:\ProgramData\.zreglib [2011.11.07 20:13:58 | 000,000,952 | -HS- | C] () -- C:\ProgramData\KGyGaAvL.sys [2011.09.03 21:20:57 | 000,484,352 | ---- | C] () -- C:\Windows\SysWow64\lame_enc.dll [2011.06.13 19:59:52 | 000,020,480 | ---- | C] () -- C:\Users\Maze\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2011.05.28 18:53:26 | 000,000,403 | ---- | C] () -- C:\Windows\ODBC.INI [2011.04.09 22:29:08 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat [2011.03.20 16:56:59 | 000,002,240 | ---- | C] () -- C:\Windows\LENDIG.sys [2011.02.20 17:48:38 | 001,526,948 | ---- | C] () -- C:\Windows\SysWow64\PerfStringBackup.INI [2010.10.06 15:59:15 | 000,000,000 | ---- | C] () -- C:\Windows\NDSTray.INI [2010.10.06 15:50:09 | 000,451,072 | ---- | C] () -- C:\Windows\SysWow64\ISSRemoveSP.exe [2010.06.28 11:32:06 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2010.06.28 11:29:32 | 000,002,012 | ---- | C] () -- C:\Windows\SysWow64\atipblag.dat [2009.07.14 06:38:36 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2009.07.14 03:35:51 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2009.07.14 03:34:42 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2009.07.14 01:10:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2009.07.14 00:42:10 | 000,064,000 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2009.07.13 22:03:59 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2009.06.10 22:26:10 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat [2007.10.25 17:26:10 | 000,005,632 | ---- | C] () -- C:\Windows\SysWow64\drivers\StarOpen.sys [2007.04.27 10:43:58 | 000,120,200 | ---- | C] () -- C:\Windows\SysWow64\DLLDEV32i.dll [1999.01.22 18:46:58 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\MSRTEDIT.DLL [1997.06.14 12:56:08 | 000,056,832 | ---- | C] () -- C:\Windows\SysWow64\iyvu9_32.dll ========== LOP Check ========== [2012.05.11 21:51:22 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Ableton [2011.07.17 22:11:16 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\BitTorrent [2011.07.17 22:11:49 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\BitZipper [2013.01.21 17:51:24 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Bloson [2012.04.28 08:38:07 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\DAEMON Tools Lite [2011.04.02 21:46:55 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Frau-Mann BT [2011.09.03 21:21:05 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\FreeAudioPack [2011.10.14 21:06:29 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\GrabPro [2013.01.23 18:54:30 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\ICQ [2011.02.19 20:26:06 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\iZotope [2012.01.08 16:09:09 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Jens Lorek [2012.04.08 22:09:48 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\loadtbs [2013.01.30 20:13:31 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\MAGIX [2011.10.14 21:06:26 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\OpenCandy [2012.02.15 21:01:28 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Opera [2012.01.28 15:56:30 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Orbit [2012.02.23 20:39:22 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\PC Suite [2011.10.14 21:06:33 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\ProgSense [2012.07.07 19:16:02 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\redsn0w [2012.02.24 15:52:13 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Samsung [2011.04.09 23:57:03 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\SecondLife [2013.02.04 21:31:45 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\SoftGrid Client [2011.03.13 16:05:03 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Sony [2013.01.29 20:14:09 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\TeamViewer [2011.10.09 17:38:42 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Toshiba [2011.02.20 17:49:19 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\TP [2011.03.24 20:26:18 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\TubeBox [2012.06.20 07:19:31 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\TuneUpMedia [2011.04.02 21:34:37 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\UDC Profiles [2011.07.28 11:24:37 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\Vodafone [2011.04.02 06:19:55 | 000,000,000 | ---D | M] -- C:\Users\Maze\AppData\Roaming\WinBatch [2013.02.01 19:03:49 | 000,032,640 | ---- | M] () -- C:\Windows\Tasks\SCHEDLGU.TXT ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.02.13 19:52:33 | 000,000,000 | -HSD | M] -- C:\$RECYCLE.BIN [2012.01.11 18:18:52 | 000,000,000 | ---D | M] -- C:\430022fc8616fadb34e3f0d6 [2011.02.23 15:25:55 | 000,000,000 | ---D | M] -- C:\ac56eac78a37335c8722cc7046 [2013.02.05 14:11:25 | 000,000,000 | ---D | M] -- C:\Config.Msi [2009.07.14 06:08:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings [2011.02.19 19:28:55 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2012.01.28 15:55:24 | 000,000,000 | ---D | M] -- C:\downloads [2010.10.06 15:37:42 | 000,000,000 | ---D | M] -- C:\Intel [2012.07.07 19:14:15 | 000,000,000 | ---D | M] -- C:\JailbreAk [2011.02.20 17:55:51 | 000,000,000 | RH-D | M] -- C:\MSOCache [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.09.28 20:59:22 | 000,000,000 | ---D | M] -- C:\pes [2012.10.03 16:41:40 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.06 12:06:32 | 000,000,000 | ---D | M] -- C:\Program Files (x86) [2013.01.30 20:04:14 | 000,000,000 | ---D | M] -- C:\ProgramData [2011.02.19 19:28:55 | 000,000,000 | -HSD | M] -- C:\Programme [2012.02.12 21:13:47 | 000,000,000 | ---D | M] -- C:\Qoobox [2013.02.06 12:35:29 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2011.02.19 19:45:33 | 000,000,000 | ---D | M] -- C:\Toshiba [2011.04.20 05:15:18 | 000,000,000 | ---D | M] -- C:\Trilogy Data [2011.02.19 19:29:07 | 000,000,000 | R--D | M] -- C:\Users [2013.02.06 11:56:09 | 000,000,000 | ---D | M] -- C:\Windows [2012.08.04 11:15:04 | 000,000,000 | ---D | M] -- C:\YOD [2012.02.12 20:37:06 | 000,000,000 | ---D | M] -- C:\_OTL < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.20 13:16:53 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7600.16385_none_1607dee2d861e021\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\ERDNT\cache64\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7600.16385_none_392d19c13b3ad543\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\ERDNT\cache86\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\ERDNT\cache64\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 07:23:14 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=0862495E0C825893DB75EF44FAEA8E93 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_adc24107935a7e25\explorer.exe [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2009.07.14 02:14:20 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=15BC38A7492BEFE831966ADB477CF76F -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_b7fe430bc7ce3761\explorer.exe [2011.02.26 06:51:13 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=255CF508D7CFB10E0794D6AC93280BD8 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_b8ce9756e0b786a4\explorer.exe [2009.10.31 06:45:39 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=2626FC9755BE22F805D3CFA0CE3EE727 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_b819b343c7ba6202\explorer.exe [2011.02.26 06:33:07 | 002,614,784 | ---- | M] (Microsoft Corporation) MD5=2AF58D15EDC06EC6FDACCE1F19482BBF -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16768_none_b816eb59c7bb4020\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\ERDNT\cache86\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.20 13:17:09 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2009.08.03 07:19:07 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=700073016DAC1C3D2E7E2CE4223334B6 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_ae84b558ac4eb41c\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2009.10.31 07:34:59 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=9AAAEC8DAC27AA17B053E6352AD233AE -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16450_none_adc508f19359a007\explorer.exe [2009.08.03 06:49:47 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=9FF6C4C91A3711C0A3B18F87B08B518D -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20500_none_b8d95faae0af7617\explorer.exe [2010.11.20 14:24:45 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe [2009.10.31 07:38:38 | 002,870,272 | ---- | M] (Microsoft Corporation) MD5=B8EC4BD49CE8F6FC457721BFC210B67F -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_ae46d6aeac7ca7c7\explorer.exe [2009.08.03 06:35:50 | 002,613,248 | ---- | M] (Microsoft Corporation) MD5=B95EEB0F4E5EFBF1038A35B3351CF047 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_b853c407c78e3ba9\explorer.exe [2009.07.14 02:39:10 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=C235A51CB740E45FFA0EBFB9BAFCDA64 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16385_none_ada998b9936d7566\explorer.exe [2009.10.31 07:00:51 | 002,614,272 | ---- | M] (Microsoft Corporation) MD5=C76153C7ECA00FA852BB0C193378F917 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20563_none_b89b8100e0dd69c2\explorer.exe [2011.02.26 07:26:45 | 002,870,784 | ---- | M] (Microsoft Corporation) MD5=E38899074D4951D31B4040E994DD7C8D -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.20910_none_ae79ed04ac56c4a9\explorer.exe [2009.08.03 07:17:37 | 002,868,224 | ---- | M] (Microsoft Corporation) MD5=F170B4A061C9E026437B193B4D571799 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7600.16404_none_adff19b5932d79ae\explorer.exe < MD5 for: IASTOR.SYS > [2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\drivers\iaStor.sys [2010.01.15 11:22:08 | 000,538,136 | ---- | M] (Intel Corporation) MD5=85977CD13FC16069CE0AF7943A811775 -- C:\Windows\SysNative\DriverStore\FileRepository\iaahci.inf_amd64_neutral_5d42c6448888c5bd\iaStor.sys < MD5 for: IASTORV.SYS > [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.20 14:33:38 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys [2011.03.11 07:23:00 | 000,410,496 | ---- | M] (Intel Corporation) MD5=B75E45C564E944A2657167D197AB29DA -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16778_none_0b141c81a16e25e6\iaStorV.sys [2011.03.11 07:25:49 | 000,410,496 | ---- | M] (Intel Corporation) MD5=BFDC9D75698800CFE4D1698BF2750EA2 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.20921_none_0bccc8c8ba6985c1\iaStorV.sys [2009.07.14 02:48:04 | 000,410,688 | ---- | M] (Intel Corporation) MD5=D83EFB6FD45DF9D55E9A1AFC63640D50 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7600.16385_none_0b06441fa1790136\iaStorV.sys < MD5 for: NETLOGON.DLL > [2009.07.14 02:41:52 | 000,692,736 | ---- | M] (Microsoft Corporation) MD5=956D030D375F207B22FB111E06EF9C35 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_59aca8ea51aaeefe\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\ERDNT\cache64\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.20 14:27:22 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\ERDNT\cache86\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.20 13:20:28 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll [2009.07.14 02:16:02 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=EAA75D9000B71F10EEC04D2AE6C60E81 -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7600.16385_none_6401533c860bb0f9\netlogon.dll < MD5 for: NVSTOR.SYS > [2009.07.14 02:45:45 | 000,167,488 | ---- | M] (NVIDIA Corporation) MD5=477DC4D6DEB99BE37084C9AC6D013DA1 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16385_none_95cfb4ced8afab0e\nvstor.sys [2011.03.11 07:23:06 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=6C1D5F70E7A6A3FD1C90D840EDC048B9 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.16778_none_95dd8d30d8a4cfbe\nvstor.sys [2011.03.11 07:25:53 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=AE274836BA56518E279087363A781214 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7600.20921_none_96963977f1a02f99\nvstor.sys [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.20 14:33:48 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2009.07.14 02:16:13 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=26073302DAEA83CC5B944C546D6B47D2 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9e577e55272d37b4\scecli.dll [2009.07.14 02:41:53 | 000,232,448 | ---- | M] (Microsoft Corporation) MD5=398712DDDAEFB85EDF61DF6A07B65C79 -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7600.16385_none_9402d402f2cc75b9\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\ERDNT\cache86\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.20 13:21:04 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\ERDNT\cache64\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.20 14:27:25 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\ERDNT\cache86\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.20 13:08:57 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2009.07.14 02:41:56 | 001,008,640 | ---- | M] (Microsoft Corporation) MD5=72D7B3EA16946E8F0CF7458150031CC6 -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_292d5de8870d85d9\user32.dll [2009.07.14 02:11:24 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=E8B0FFC209E504CB7E79FC24E6C085F0 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7600.16385_none_3382083abb6e47d4\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\ERDNT\cache64\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.20 14:27:27 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\ERDNT\cache86\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.20 13:17:48 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2009.07.14 02:14:43 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=6DE80F60D7DE9CE6B8C2DDFDF79EF175 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_dbff103933038d7c\userinit.exe [2009.07.14 02:39:48 | 000,030,208 | ---- | M] (Microsoft Corporation) MD5=6F8F1376A13114CC10C0E69274F5A4DE -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7600.16385_none_381dabbceb60feb2\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\ERDNT\cache64\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.20 14:25:24 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\ERDNT\cache64\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.20 14:25:30 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2009.07.14 02:39:52 | 000,389,120 | ---- | M] (Microsoft Corporation) MD5=132328DF455B0028F13BF0ABEE51A63A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16385_none_cbb7f2bdeea2829c\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe [2009.10.28 08:01:57 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=A93D41A4D4B0D91C072D11DD8AF266DE -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.20560_none_cc522fd507b468f8\winlogon.exe [2009.10.28 07:24:40 | 000,389,632 | ---- | M] (Microsoft Corporation) MD5=DA3E2A6FA9660CC75B471530CE88453A -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7600.16447_none_cbe534e7ee8042ad\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > [4 C:\Windows\system32\*.tmp files -> C:\Windows\system32\*.tmp -> ] < %USERPROFILE%\*.* > [2011.09.13 14:25:46 | 000,019,142 | ---- | M] () -- C:\Users\Maze\AVSCAN-20110913-132059-168E718F.LOG [2013.02.06 12:51:02 | 004,718,592 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT [2013.02.06 12:51:02 | 000,262,144 | -HS- | M] () -- C:\Users\Maze\ntuser.dat.LOG1 [2011.02.19 19:29:12 | 000,000,000 | -HS- | M] () -- C:\Users\Maze\ntuser.dat.LOG2 [2011.02.19 21:54:07 | 000,065,536 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2011.02.19 21:54:07 | 000,524,288 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2011.02.19 21:54:07 | 000,524,288 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2011.02.24 18:05:29 | 000,065,536 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{31993c68-4020-11e0-acdc-00266c85a4cc}.TM.blf [2011.02.24 18:05:29 | 000,524,288 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{31993c68-4020-11e0-acdc-00266c85a4cc}.TMContainer00000000000000000001.regtrans-ms [2011.02.24 18:05:29 | 000,524,288 | -HS- | M] () -- C:\Users\Maze\NTUSER.DAT{31993c68-4020-11e0-acdc-00266c85a4cc}.TMContainer00000000000000000002.regtrans-ms [2011.02.19 19:29:12 | 000,000,020 | -HS- | M] () -- C:\Users\Maze\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > ========== Alternate Data Streams ========== @Alternate Data Stream - 105 bytes -> C:\ProgramData\TEMP:5C321E34 < End of report > Haber keine EXTRA.txt. Datei gefunden |
|
06.02.2013, 13:02
| #4 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? hi download tdss killer: http://www.trojaner-board.de/82358-t...entfernen.html Klicke auf Change parameters • Setze die Haken bei Verify driver digital signatures und Detect TDLFS file system • Klick auf OK und anschließend auf Start scan - bei funden erst mal immer skip wählen, log posten c: öffnen, tdsskiller-datum-version.txt öffnen, Inhalt posten
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 13:10
| #5 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? 13:06:57.0597 5188 TDSS rootkit removing tool 2.8.15.0 Oct 31 2012 21:47:35 13:06:57.0722 5188 ============================================================ 13:06:57.0722 5188 Current date / time: 2013/02/06 13:06:57.0722 13:06:57.0722 5188 SystemInfo: 13:06:57.0722 5188 13:06:57.0722 5188 OS Version: 6.1.7601 ServicePack: 1.0 13:06:57.0722 5188 Product type: Workstation 13:06:57.0722 5188 ComputerName: MAZE-TOSH 13:06:57.0722 5188 UserName: Maze 13:06:57.0722 5188 Windows directory: C:\Windows 13:06:57.0722 5188 System windows directory: C:\Windows 13:06:57.0722 5188 Running under WOW64 13:06:57.0722 5188 Processor architecture: Intel x64 13:06:57.0722 5188 Number of processors: 4 13:06:57.0722 5188 Page size: 0x1000 13:06:57.0722 5188 Boot type: Normal boot 13:06:57.0722 5188 ============================================================ 13:06:58.0143 5188 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040 13:06:58.0159 5188 ============================================================ 13:06:58.0159 5188 \Device\Harddisk0\DR0: 13:06:58.0159 5188 MBR partitions: 13:06:58.0159 5188 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0xC8800, BlocksNum 0x129A1000 13:06:58.0159 5188 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x12A69800, BlocksNum 0x129C4AB0 13:06:58.0159 5188 ============================================================ 13:06:58.0175 5188 C: <-> \Device\Harddisk0\DR0\Partition1 13:06:58.0221 5188 D: <-> \Device\Harddisk0\DR0\Partition2 13:06:58.0221 5188 ============================================================ 13:06:58.0221 5188 Initialize success 13:06:58.0221 5188 ============================================================ 13:07:35.0100 5840 ============================================================ 13:07:35.0100 5840 Scan started 13:07:35.0100 5840 Mode: Manual; SigCheck; TDLFS; 13:07:35.0100 5840 ============================================================ 13:07:35.0630 5840 ================ Scan system memory ======================== 13:07:35.0630 5840 System memory - ok 13:07:35.0630 5840 ================ Scan services ============================= 13:07:35.0786 5840 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 13:07:35.0895 5840 1394ohci - ok 13:07:35.0942 5840 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys 13:07:35.0958 5840 ACPI - ok 13:07:36.0005 5840 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 13:07:36.0067 5840 AcpiPmi - ok 13:07:36.0192 5840 [ 11A52CF7B265631DEEB24C6149309EFF ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe 13:07:36.0223 5840 AdobeARMservice - ok 13:07:36.0285 5840 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 13:07:36.0317 5840 adp94xx - ok 13:07:36.0332 5840 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 13:07:36.0363 5840 adpahci - ok 13:07:36.0379 5840 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 13:07:36.0395 5840 adpu320 - ok 13:07:36.0426 5840 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 13:07:36.0566 5840 AeLookupSvc - ok 13:07:36.0597 5840 [ 4C9CD7370DA679CD54039179133C1631 ] AF15BDA C:\Windows\system32\DRIVERS\AF15BDA.sys 13:07:36.0644 5840 AF15BDA - ok 13:07:36.0707 5840 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys 13:07:36.0785 5840 AFD - ok 13:07:36.0847 5840 [ 98022774D9930ECBB292E70DB7601DF6 ] AgereSoftModem C:\Windows\system32\DRIVERS\agrsm64.sys 13:07:36.0894 5840 AgereSoftModem - ok 13:07:36.0941 5840 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys 13:07:36.0956 5840 agp440 - ok 13:07:36.0987 5840 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe 13:07:37.0034 5840 ALG - ok 13:07:37.0081 5840 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys 13:07:37.0112 5840 aliide - ok 13:07:37.0143 5840 [ 61A18BCAF557CD6614309E4978B81056 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 13:07:37.0221 5840 AMD External Events Utility - ok 13:07:37.0268 5840 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys 13:07:37.0284 5840 amdide - ok 13:07:37.0331 5840 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 13:07:37.0409 5840 AmdK8 - ok 13:07:37.0533 5840 [ F05B22CE901FC26AE55A1A27AA674D96 ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:07:37.0736 5840 amdkmdag - ok 13:07:37.0783 5840 [ ED25D58581B5A28593C277F482FCCD62 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys 13:07:37.0814 5840 amdkmdap - ok 13:07:37.0845 5840 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 13:07:37.0877 5840 AmdPPM - ok 13:07:37.0908 5840 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys 13:07:37.0923 5840 amdsata - ok 13:07:37.0970 5840 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 13:07:37.0986 5840 amdsbs - ok 13:07:38.0017 5840 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys 13:07:38.0033 5840 amdxata - ok 13:07:38.0064 5840 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys 13:07:38.0251 5840 AppID - ok 13:07:38.0267 5840 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll 13:07:38.0313 5840 AppIDSvc - ok 13:07:38.0376 5840 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll 13:07:38.0423 5840 Appinfo - ok 13:07:38.0501 5840 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 13:07:38.0532 5840 Apple Mobile Device - ok 13:07:38.0594 5840 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\DRIVERS\arc.sys 13:07:38.0610 5840 arc - ok 13:07:38.0625 5840 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 13:07:38.0641 5840 arcsas - ok 13:07:38.0672 5840 [ 4FCAEF0C5BE7629AEB878998E0FE959B ] aswFsBlk C:\Windows\system32\drivers\aswFsBlk.sys 13:07:38.0688 5840 aswFsBlk - ok 13:07:38.0750 5840 [ 9FFC732E12FF53E05FE9E02C8C00CE87 ] aswFW C:\Windows\system32\drivers\aswFW.sys 13:07:38.0781 5840 aswFW - ok 13:07:38.0844 5840 [ 6B91E6D483AADB3FC4E13E2355200611 ] aswKbd C:\Windows\system32\drivers\aswKbd.sys 13:07:38.0859 5840 aswKbd - ok 13:07:38.0922 5840 [ B50CDD87772D6A11CB90924AAD399DF8 ] aswMonFlt C:\Windows\system32\drivers\aswMonFlt.sys 13:07:38.0937 5840 aswMonFlt - ok 13:07:38.0953 5840 [ 518B8D447A1975AB46DA093A2E743256 ] aswNdis C:\Windows\system32\DRIVERS\aswNdis.sys 13:07:38.0969 5840 aswNdis - ok 13:07:38.0984 5840 [ 5A832BBB1B563B6B3FDA46239B630037 ] aswNdis2 C:\Windows\system32\drivers\aswNdis2.sys 13:07:39.0000 5840 aswNdis2 - ok 13:07:39.0031 5840 [ 57768C7DB4681F2510F247F82EF31D4F ] aswRdr C:\Windows\System32\Drivers\aswrdr2.sys 13:07:39.0047 5840 aswRdr - ok 13:07:39.0093 5840 [ E71D826A1F3CE9C9DE3E77F2D02AFFBF ] aswSnx C:\Windows\system32\drivers\aswSnx.sys 13:07:39.0125 5840 aswSnx - ok 13:07:39.0171 5840 [ 538A32E2C99BF073D4CA76C30BEDAA60 ] aswSP C:\Windows\system32\drivers\aswSP.sys 13:07:39.0203 5840 aswSP - ok 13:07:39.0249 5840 [ 6EDC79D73745FD44C41B55B2D13D0B70 ] aswTdi C:\Windows\system32\drivers\aswTdi.sys 13:07:39.0265 5840 aswTdi - ok 13:07:39.0296 5840 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 13:07:39.0359 5840 AsyncMac - ok 13:07:39.0421 5840 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys 13:07:39.0437 5840 atapi - ok 13:07:39.0608 5840 [ F05B22CE901FC26AE55A1A27AA674D96 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 13:07:39.0686 5840 atikmdag - ok 13:07:39.0749 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 13:07:39.0858 5840 AudioEndpointBuilder - ok 13:07:39.0889 5840 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll 13:07:39.0920 5840 AudioSrv - ok 13:07:39.0983 5840 [ 8FA553E9AE69808D99C164733A0F9590 ] avast! Antivirus C:\Program Files\AVAST Software\Avast\AvastSvc.exe 13:07:40.0014 5840 avast! Antivirus - ok 13:07:40.0045 5840 [ BC0E07A768A0A14C48E3CE1875F2C377 ] avast! Firewall C:\Program Files\AVAST Software\Avast\afwServ.exe 13:07:40.0061 5840 avast! Firewall - ok 13:07:40.0092 5840 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll 13:07:40.0154 5840 AxInstSV - ok 13:07:40.0201 5840 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\DRIVERS\bxvbda.sys 13:07:40.0248 5840 b06bdrv - ok 13:07:40.0295 5840 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys 13:07:40.0341 5840 b57nd60a - ok 13:07:40.0404 5840 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll 13:07:40.0435 5840 BDESVC - ok 13:07:40.0482 5840 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys 13:07:40.0544 5840 Beep - ok 13:07:40.0622 5840 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll 13:07:40.0685 5840 BFE - ok 13:07:40.0716 5840 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\system32\qmgr.dll 13:07:40.0825 5840 BITS - ok 13:07:40.0856 5840 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 13:07:40.0887 5840 blbdrive - ok 13:07:40.0997 5840 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 13:07:41.0028 5840 Bonjour Service - ok 13:07:41.0059 5840 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 13:07:41.0121 5840 bowser - ok 13:07:41.0153 5840 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 13:07:41.0246 5840 BrFiltLo - ok 13:07:41.0277 5840 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 13:07:41.0293 5840 BrFiltUp - ok 13:07:41.0324 5840 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 13:07:41.0387 5840 BridgeMP - ok 13:07:41.0418 5840 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll 13:07:41.0449 5840 Browser - ok 13:07:41.0480 5840 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys 13:07:41.0511 5840 Brserid - ok 13:07:41.0543 5840 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 13:07:41.0574 5840 BrSerWdm - ok 13:07:41.0589 5840 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 13:07:41.0667 5840 BrUsbMdm - ok 13:07:41.0667 5840 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 13:07:41.0714 5840 BrUsbSer - ok 13:07:41.0730 5840 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 13:07:41.0761 5840 BTHMODEM - ok 13:07:41.0792 5840 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll 13:07:41.0839 5840 bthserv - ok 13:07:41.0886 5840 catchme - ok 13:07:41.0917 5840 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 13:07:41.0979 5840 cdfs - ok 13:07:42.0042 5840 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 13:07:42.0089 5840 cdrom - ok 13:07:42.0135 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll 13:07:42.0229 5840 CertPropSvc - ok 13:07:42.0323 5840 [ 41E7C4FA6491747402CFCA77CC1C7AAB ] cfWiMAXService C:\Program Files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe 13:07:42.0338 5840 cfWiMAXService - ok 13:07:42.0385 5840 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\DRIVERS\circlass.sys 13:07:42.0432 5840 circlass - ok 13:07:42.0463 5840 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys 13:07:42.0494 5840 CLFS - ok 13:07:42.0572 5840 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 13:07:42.0572 5840 clr_optimization_v2.0.50727_32 - ok 13:07:42.0650 5840 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe 13:07:42.0650 5840 clr_optimization_v2.0.50727_64 - ok 13:07:42.0744 5840 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 13:07:42.0744 5840 clr_optimization_v4.0.30319_32 - ok 13:07:42.0775 5840 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe 13:07:42.0791 5840 clr_optimization_v4.0.30319_64 - ok 13:07:42.0822 5840 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 13:07:42.0853 5840 CmBatt - ok 13:07:42.0884 5840 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys 13:07:42.0900 5840 cmdide - ok 13:07:42.0947 5840 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys 13:07:42.0978 5840 CNG - ok 13:07:43.0040 5840 [ 25C58EE97BE0416A373E3E4F855206B5 ] CnxtHdAudService C:\Windows\system32\drivers\CHDRT64.sys 13:07:43.0071 5840 CnxtHdAudService - ok 13:07:43.0103 5840 [ 89C99AB4AE9535F727791592D84D4821 ] CnxtHdmiAudService C:\Windows\system32\drivers\CHDMI64.sys 13:07:43.0118 5840 CnxtHdmiAudService - ok 13:07:43.0165 5840 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 13:07:43.0181 5840 Compbatt - ok 13:07:43.0227 5840 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 13:07:43.0259 5840 CompositeBus - ok 13:07:43.0290 5840 COMSysApp - ok 13:07:43.0321 5840 [ CAB0EEAF5295FC96DDD3E19DCE27E131 ] ConfigFree Service C:\Program Files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe 13:07:43.0337 5840 ConfigFree Service - ok 13:07:43.0352 5840 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 13:07:43.0368 5840 crcdisk - ok 13:07:43.0430 5840 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll 13:07:43.0477 5840 CryptSvc - ok 13:07:43.0571 5840 [ 72794D112CBAFF3BC0C29BF7350D4741 ] cvhsvc C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE 13:07:43.0602 5840 cvhsvc - ok 13:07:43.0664 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll 13:07:43.0711 5840 DcomLaunch - ok 13:07:43.0758 5840 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll 13:07:43.0805 5840 defragsvc - ok 13:07:43.0851 5840 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 13:07:43.0914 5840 DfsC - ok 13:07:43.0945 5840 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll 13:07:44.0007 5840 Dhcp - ok 13:07:44.0039 5840 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys 13:07:44.0101 5840 discache - ok 13:07:44.0148 5840 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\DRIVERS\disk.sys 13:07:44.0163 5840 Disk - ok 13:07:44.0210 5840 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll 13:07:44.0241 5840 Dnscache - ok 13:07:44.0288 5840 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll 13:07:44.0366 5840 dot3svc - ok 13:07:44.0397 5840 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll 13:07:44.0475 5840 DPS - ok 13:07:44.0507 5840 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 13:07:44.0553 5840 drmkaud - ok 13:07:44.0600 5840 [ FB9BEF3401EE5ECC2603311B9C64F44A ] dtsoftbus01 C:\Windows\system32\DRIVERS\dtsoftbus01.sys 13:07:44.0631 5840 dtsoftbus01 - ok 13:07:44.0694 5840 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 13:07:44.0741 5840 DXGKrnl - ok 13:07:44.0772 5840 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll 13:07:44.0834 5840 EapHost - ok 13:07:44.0912 5840 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\DRIVERS\evbda.sys 13:07:45.0037 5840 ebdrv - ok 13:07:45.0084 5840 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe 13:07:45.0115 5840 EFS - ok 13:07:45.0209 5840 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 13:07:45.0271 5840 ehRecvr - ok 13:07:45.0302 5840 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe 13:07:45.0333 5840 ehSched - ok 13:07:45.0396 5840 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 13:07:45.0427 5840 elxstor - ok 13:07:45.0443 5840 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys 13:07:45.0474 5840 ErrDev - ok 13:07:45.0505 5840 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll 13:07:45.0552 5840 EventSystem - ok 13:07:45.0599 5840 [ 251AF86E0A4DDF3A6B181ED5103B06B1 ] ewusbnet C:\Windows\system32\DRIVERS\ewusbnet.sys 13:07:45.0630 5840 ewusbnet - ok 13:07:45.0661 5840 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys 13:07:45.0739 5840 exfat - ok 13:07:45.0770 5840 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys 13:07:45.0833 5840 fastfat - ok 13:07:45.0895 5840 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe 13:07:45.0942 5840 Fax - ok 13:07:45.0973 5840 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys 13:07:45.0989 5840 fdc - ok 13:07:46.0020 5840 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll 13:07:46.0082 5840 fdPHost - ok 13:07:46.0098 5840 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll 13:07:46.0145 5840 FDResPub - ok 13:07:46.0160 5840 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 13:07:46.0176 5840 FileInfo - ok 13:07:46.0191 5840 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 13:07:46.0285 5840 Filetrace - ok 13:07:46.0301 5840 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 13:07:46.0316 5840 flpydisk - ok 13:07:46.0363 5840 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 13:07:46.0379 5840 FltMgr - ok 13:07:46.0425 5840 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll 13:07:46.0472 5840 FontCache - ok 13:07:46.0519 5840 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe 13:07:46.0535 5840 FontCache3.0.0.0 - ok 13:07:46.0550 5840 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 13:07:46.0566 5840 FsDepends - ok 13:07:46.0613 5840 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 13:07:46.0628 5840 Fs_Rec - ok 13:07:46.0675 5840 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 13:07:46.0691 5840 fvevol - ok 13:07:46.0737 5840 [ 60ACB128E64C35C2B4E4AAB1B0A5C293 ] FwLnk C:\Windows\system32\DRIVERS\FwLnk.sys 13:07:46.0769 5840 FwLnk - ok 13:07:46.0800 5840 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 13:07:46.0815 5840 gagp30kx - ok 13:07:46.0878 5840 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys 13:07:46.0893 5840 GEARAspiWDM - ok 13:07:46.0956 5840 [ A4198F2BD8AA592CB90476277A81B5E1 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 13:07:46.0971 5840 ggflt - ok 13:07:46.0987 5840 [ D266350BDAAB9EB6C1AEC370EEAAFF3A ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 13:07:47.0003 5840 ggsemc - ok 13:07:47.0065 5840 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll 13:07:47.0159 5840 gpsvc - ok 13:07:47.0174 5840 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 13:07:47.0205 5840 hcw85cir - ok 13:07:47.0283 5840 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 13:07:47.0315 5840 HdAudAddService - ok 13:07:47.0377 5840 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 13:07:47.0408 5840 HDAudBus - ok 13:07:47.0439 5840 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys 13:07:47.0455 5840 HECIx64 - ok 13:07:47.0486 5840 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 13:07:47.0533 5840 HidBatt - ok 13:07:47.0549 5840 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 13:07:47.0580 5840 HidBth - ok 13:07:47.0611 5840 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 13:07:47.0642 5840 HidIr - ok 13:07:47.0673 5840 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll 13:07:47.0720 5840 hidserv - ok 13:07:47.0783 5840 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 13:07:47.0814 5840 HidUsb - ok 13:07:47.0861 5840 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll 13:07:47.0923 5840 hkmsvc - ok 13:07:47.0954 5840 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll 13:07:47.0985 5840 HomeGroupListener - ok 13:07:48.0017 5840 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 13:07:48.0048 5840 HomeGroupProvider - ok 13:07:48.0095 5840 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 13:07:48.0126 5840 HpSAMD - ok 13:07:48.0173 5840 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys 13:07:48.0235 5840 HTTP - ok 13:07:48.0282 5840 [ 4B5C07DB91A0099272FAAE732E1152BD ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 13:07:48.0313 5840 hwdatacard - ok 13:07:48.0344 5840 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 13:07:48.0360 5840 hwpolicy - ok 13:07:48.0407 5840 [ 9C13A2691AC410CC7469F298684DCA5D ] hwusbfake C:\Windows\system32\DRIVERS\ewusbfake.sys 13:07:48.0453 5840 hwusbfake - ok 13:07:48.0500 5840 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 13:07:48.0516 5840 i8042prt - ok 13:07:48.0563 5840 [ 85977CD13FC16069CE0AF7943A811775 ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 13:07:48.0594 5840 iaStor - ok 13:07:48.0641 5840 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 13:07:48.0656 5840 iaStorV - ok 13:07:48.0734 5840 [ 6F95324909B502E2651442C1548AB12F ] IDriverT C:\Program Files (x86)\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe 13:07:48.0766 5840 IDriverT ( UnsignedFile.Multi.Generic ) - warning 13:07:48.0766 5840 IDriverT - detected UnsignedFile.Multi.Generic (1) 13:07:48.0828 5840 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe 13:07:48.0875 5840 idsvc - ok 13:07:48.0906 5840 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 13:07:48.0922 5840 iirsp - ok 13:07:48.0968 5840 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll 13:07:49.0046 5840 IKEEXT - ok 13:07:49.0078 5840 [ 4B6363CD4610BB848531BB260B15DFCC ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 13:07:49.0124 5840 Impcd - ok 13:07:49.0156 5840 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys 13:07:49.0171 5840 intelide - ok 13:07:49.0218 5840 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 13:07:49.0249 5840 intelppm - ok 13:07:49.0296 5840 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll 13:07:49.0358 5840 IPBusEnum - ok 13:07:49.0390 5840 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 13:07:49.0436 5840 IpFilterDriver - ok 13:07:49.0499 5840 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 13:07:49.0546 5840 iphlpsvc - ok 13:07:49.0577 5840 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 13:07:49.0608 5840 IPMIDRV - ok 13:07:49.0624 5840 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys 13:07:49.0686 5840 IPNAT - ok 13:07:49.0748 5840 [ 6E50CFA46527B39015B750AAD161C5CC ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 13:07:49.0780 5840 iPod Service - ok 13:07:49.0811 5840 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys 13:07:49.0889 5840 IRENUM - ok 13:07:49.0920 5840 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys 13:07:49.0936 5840 isapnp - ok 13:07:49.0967 5840 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 13:07:49.0982 5840 iScsiPrt - ok 13:07:50.0029 5840 [ 213822072085B5BBAD9AF30AB577D817 ] IviRegMgr C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe 13:07:50.0029 5840 IviRegMgr - ok 13:07:50.0060 5840 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 13:07:50.0060 5840 kbdclass - ok 13:07:50.0107 5840 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 13:07:50.0154 5840 kbdhid - ok 13:07:50.0185 5840 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe 13:07:50.0201 5840 KeyIso - ok 13:07:50.0232 5840 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 13:07:50.0248 5840 KSecDD - ok 13:07:50.0279 5840 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 13:07:50.0310 5840 KSecPkg - ok 13:07:50.0341 5840 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys 13:07:50.0404 5840 ksthunk - ok 13:07:50.0450 5840 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll 13:07:50.0497 5840 KtmRm - ok 13:07:50.0544 5840 [ 55480B9C63F3F91A8EBBADCBF28FE581 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys 13:07:50.0544 5840 L1C - ok 13:07:50.0591 5840 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll 13:07:50.0669 5840 LanmanServer - ok 13:07:50.0700 5840 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 13:07:50.0762 5840 LanmanWorkstation - ok 13:07:50.0794 5840 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 13:07:50.0856 5840 lltdio - ok 13:07:50.0887 5840 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll 13:07:50.0950 5840 lltdsvc - ok 13:07:50.0965 5840 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll 13:07:51.0012 5840 lmhosts - ok 13:07:51.0090 5840 [ 23DE5B62B0445A6F874BE633C95B483E ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 13:07:51.0106 5840 LMS - ok 13:07:51.0137 5840 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 13:07:51.0152 5840 LSI_FC - ok 13:07:51.0152 5840 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 13:07:51.0168 5840 LSI_SAS - ok 13:07:51.0184 5840 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 13:07:51.0199 5840 LSI_SAS2 - ok 13:07:51.0215 5840 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 13:07:51.0230 5840 LSI_SCSI - ok 13:07:51.0262 5840 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys 13:07:51.0324 5840 luafv - ok 13:07:51.0355 5840 massfilter - ok 13:07:51.0433 5840 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 13:07:51.0480 5840 Mcx2Svc - ok 13:07:51.0511 5840 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 13:07:51.0527 5840 megasas - ok 13:07:51.0558 5840 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 13:07:51.0574 5840 MegaSR - ok 13:07:51.0605 5840 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll 13:07:51.0667 5840 MMCSS - ok 13:07:51.0698 5840 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys 13:07:51.0761 5840 Modem - ok 13:07:51.0792 5840 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys 13:07:51.0823 5840 monitor - ok 13:07:51.0839 5840 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys 13:07:51.0854 5840 mouclass - ok 13:07:51.0901 5840 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 13:07:51.0932 5840 mouhid - ok 13:07:51.0979 5840 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 13:07:51.0995 5840 mountmgr - ok 13:07:52.0073 5840 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe 13:07:52.0088 5840 MozillaMaintenance - ok 13:07:52.0120 5840 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys 13:07:52.0135 5840 mpio - ok 13:07:52.0166 5840 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 13:07:52.0198 5840 mpsdrv - ok 13:07:52.0244 5840 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll 13:07:52.0307 5840 MpsSvc - ok 13:07:52.0338 5840 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 13:07:52.0385 5840 MRxDAV - ok 13:07:52.0416 5840 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 13:07:52.0478 5840 mrxsmb - ok 13:07:52.0510 5840 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 13:07:52.0541 5840 mrxsmb10 - ok 13:07:52.0572 5840 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 13:07:52.0572 5840 mrxsmb20 - ok 13:07:52.0603 5840 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys 13:07:52.0634 5840 msahci - ok 13:07:52.0666 5840 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys 13:07:52.0697 5840 msdsm - ok 13:07:52.0712 5840 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe 13:07:52.0744 5840 MSDTC - ok 13:07:52.0790 5840 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys 13:07:52.0837 5840 Msfs - ok 13:07:52.0853 5840 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 13:07:52.0915 5840 mshidkmdf - ok 13:07:52.0946 5840 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 13:07:52.0962 5840 msisadrv - ok 13:07:52.0993 5840 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 13:07:53.0056 5840 MSiSCSI - ok 13:07:53.0071 5840 msiserver - ok 13:07:53.0118 5840 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 13:07:53.0196 5840 MSKSSRV - ok 13:07:53.0227 5840 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 13:07:53.0321 5840 MSPCLOCK - ok 13:07:53.0352 5840 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 13:07:53.0414 5840 MSPQM - ok 13:07:53.0446 5840 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 13:07:53.0477 5840 MsRPC - ok 13:07:53.0524 5840 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 13:07:53.0539 5840 mssmbios - ok 13:07:53.0586 5840 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 13:07:53.0648 5840 MSTEE - ok 13:07:53.0664 5840 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 13:07:53.0680 5840 MTConfig - ok 13:07:53.0711 5840 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys 13:07:53.0726 5840 Mup - ok 13:07:53.0758 5840 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll 13:07:53.0804 5840 napagent - ok 13:07:53.0851 5840 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 13:07:53.0914 5840 NativeWifiP - ok 13:07:53.0976 5840 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys 13:07:54.0023 5840 NDIS - ok 13:07:54.0070 5840 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 13:07:54.0148 5840 NdisCap - ok 13:07:54.0179 5840 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 13:07:54.0226 5840 NdisTapi - ok 13:07:54.0272 5840 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 13:07:54.0350 5840 Ndisuio - ok 13:07:54.0382 5840 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 13:07:54.0428 5840 NdisWan - ok 13:07:54.0460 5840 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 13:07:54.0506 5840 NDProxy - ok 13:07:54.0600 5840 [ 7D2633295EB6FF2B938185874884059D ] Nero BackItUp Scheduler 4.0 c:\Program Files (x86)\Common Files\Nero\Nero BackItUp 4\NBService.exe 13:07:54.0631 5840 Nero BackItUp Scheduler 4.0 - ok 13:07:54.0662 5840 [ 6F4607E2333FE21E9E3FF8133A88B35B ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys 13:07:54.0694 5840 Netaapl - ok 13:07:54.0740 5840 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 13:07:54.0803 5840 NetBIOS - ok 13:07:54.0834 5840 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 13:07:54.0912 5840 NetBT - ok 13:07:54.0943 5840 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe 13:07:54.0959 5840 Netlogon - ok 13:07:54.0974 5840 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll 13:07:55.0037 5840 Netman - ok 13:07:55.0052 5840 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll 13:07:55.0115 5840 netprofm - ok 13:07:55.0130 5840 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe 13:07:55.0146 5840 NetTcpPortSharing - ok 13:07:55.0177 5840 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 13:07:55.0208 5840 nfrd960 - ok 13:07:55.0271 5840 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll 13:07:55.0318 5840 NlaSvc - ok 13:07:55.0333 5840 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys 13:07:55.0396 5840 Npfs - ok 13:07:55.0411 5840 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll 13:07:55.0458 5840 nsi - ok 13:07:55.0474 5840 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 13:07:55.0520 5840 nsiproxy - ok 13:07:55.0567 5840 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 13:07:55.0630 5840 Ntfs - ok 13:07:55.0645 5840 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys 13:07:55.0708 5840 Null - ok 13:07:55.0739 5840 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys 13:07:55.0754 5840 nvraid - ok 13:07:55.0786 5840 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys 13:07:55.0801 5840 nvstor - ok 13:07:55.0832 5840 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 13:07:55.0848 5840 nv_agp - ok 13:07:55.0864 5840 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 13:07:55.0895 5840 ohci1394 - ok 13:07:55.0957 5840 [ 84DFFAD6904D29DAA208D28C0C00A8A6 ] optousb C:\Windows\system32\DRIVERS\optousb.sys 13:07:55.0988 5840 optousb - ok 13:07:56.0020 5840 [ 1B30BF9F42D6AC7CE27B8DC83F4B5913 ] optovcm C:\Windows\system32\DRIVERS\optovcm.sys 13:07:56.0051 5840 optovcm - ok 13:07:56.0082 5840 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE 13:07:56.0098 5840 ose - ok 13:07:56.0254 5840 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 13:07:56.0410 5840 osppsvc - ok 13:07:56.0425 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 13:07:56.0456 5840 p2pimsvc - ok 13:07:56.0488 5840 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll 13:07:56.0503 5840 p2psvc - ok 13:07:56.0534 5840 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys 13:07:56.0566 5840 Parport - ok 13:07:56.0597 5840 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys 13:07:56.0612 5840 partmgr - ok 13:07:56.0644 5840 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll 13:07:56.0675 5840 PcaSvc - ok 13:07:56.0737 5840 [ 81B5E63131090879AD6EF9F32109B88D ] pccsmcfd C:\Windows\system32\DRIVERS\pccsmcfdx64.sys 13:07:56.0753 5840 pccsmcfd - ok 13:07:56.0784 5840 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys 13:07:56.0815 5840 pci - ok 13:07:56.0815 5840 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys 13:07:56.0831 5840 pciide - ok 13:07:56.0862 5840 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 13:07:56.0878 5840 pcmcia - ok 13:07:56.0893 5840 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys 13:07:56.0909 5840 pcw - ok 13:07:56.0924 5840 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys 13:07:56.0987 5840 PEAUTH - ok 13:07:57.0080 5840 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe 13:07:57.0112 5840 PerfHost - ok 13:07:57.0158 5840 [ 663962900E7FEA522126BA287715BB4A ] PGEffect C:\Windows\system32\DRIVERS\pgeffect.sys 13:07:57.0158 5840 PGEffect - ok 13:07:57.0205 5840 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll 13:07:57.0299 5840 pla - ok 13:07:57.0346 5840 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll 13:07:57.0392 5840 PlugPlay - ok 13:07:57.0424 5840 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 13:07:57.0455 5840 PNRPAutoReg - ok 13:07:57.0470 5840 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 13:07:57.0502 5840 PNRPsvc - ok 13:07:57.0533 5840 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 13:07:57.0595 5840 PolicyAgent - ok 13:07:57.0611 5840 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll 13:07:57.0658 5840 Power - ok 13:07:57.0704 5840 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 13:07:57.0782 5840 PptpMiniport - ok 13:07:57.0829 5840 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\DRIVERS\processr.sys 13:07:57.0860 5840 Processor - ok 13:07:57.0892 5840 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll 13:07:57.0923 5840 ProfSvc - ok 13:07:57.0954 5840 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe 13:07:57.0970 5840 ProtectedStorage - ok 13:07:58.0016 5840 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys 13:07:58.0063 5840 Psched - ok 13:07:58.0094 5840 [ F036CFB275D0C55F4E45FBBF5F98B3C8 ] PSI_SVC_2 C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe 13:07:58.0110 5840 PSI_SVC_2 - ok 13:07:58.0157 5840 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 13:07:58.0188 5840 ql2300 - ok 13:07:58.0219 5840 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 13:07:58.0235 5840 ql40xx - ok 13:07:58.0266 5840 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll 13:07:58.0313 5840 QWAVE - ok 13:07:58.0328 5840 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 13:07:58.0360 5840 QWAVEdrv - ok 13:07:58.0391 5840 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 13:07:58.0469 5840 RasAcd - ok 13:07:58.0500 5840 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 13:07:58.0547 5840 RasAgileVpn - ok 13:07:58.0562 5840 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll 13:07:58.0609 5840 RasAuto - ok 13:07:58.0656 5840 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 13:07:58.0734 5840 Rasl2tp - ok 13:07:58.0781 5840 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll 13:07:58.0874 5840 RasMan - ok 13:07:58.0906 5840 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 13:07:58.0952 5840 RasPppoe - ok 13:07:58.0968 5840 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 13:07:59.0015 5840 RasSstp - ok 13:07:59.0046 5840 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 13:07:59.0108 5840 rdbss - ok 13:07:59.0140 5840 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 13:07:59.0171 5840 rdpbus - ok 13:07:59.0202 5840 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 13:07:59.0249 5840 RDPCDD - ok 13:07:59.0264 5840 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 13:07:59.0327 5840 RDPENCDD - ok 13:07:59.0342 5840 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 13:07:59.0389 5840 RDPREFMP - ok 13:07:59.0405 5840 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 13:07:59.0452 5840 RDPWD - ok 13:07:59.0498 5840 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 13:07:59.0530 5840 rdyboost - ok 13:07:59.0561 5840 [ 4D9AFDDDA0EFE97CDBFD3B5FA48B05F6 ] regi C:\Windows\system32\drivers\regi.sys 13:07:59.0561 5840 regi - ok 13:07:59.0592 5840 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll 13:07:59.0654 5840 RemoteAccess - ok 13:07:59.0686 5840 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll 13:07:59.0732 5840 RemoteRegistry - ok 13:07:59.0748 5840 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 13:07:59.0810 5840 RpcEptMapper - ok 13:07:59.0842 5840 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe 13:07:59.0873 5840 RpcLocator - ok 13:07:59.0904 5840 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll 13:07:59.0966 5840 RpcSs - ok 13:07:59.0998 5840 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 13:08:00.0076 5840 rspndr - ok 13:08:00.0169 5840 [ 907C4464381B5EBDFDC60F6C7D0DEDFC ] RSUSBSTOR C:\Windows\system32\Drivers\RtsUStor.sys 13:08:00.0185 5840 RSUSBSTOR - ok 13:08:00.0263 5840 [ 7475548B0BA58EBA4D12414FC9E9DFE6 ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys 13:08:00.0310 5840 rtl8192se - ok 13:08:00.0310 5840 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe 13:08:00.0325 5840 SamSs - ok 13:08:00.0372 5840 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 13:08:00.0388 5840 sbp2port - ok 13:08:00.0419 5840 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll 13:08:00.0497 5840 SCardSvr - ok 13:08:00.0528 5840 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 13:08:00.0575 5840 scfilter - ok 13:08:00.0637 5840 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll 13:08:00.0746 5840 Schedule - ok 13:08:00.0778 5840 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll 13:08:00.0824 5840 SCPolicySvc - ok 13:08:00.0840 5840 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll 13:08:00.0871 5840 SDRSVC - ok 13:08:00.0902 5840 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys 13:08:00.0980 5840 secdrv - ok 13:08:01.0012 5840 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll 13:08:01.0090 5840 seclogon - ok 13:08:02.0104 5840 [ 69500F5EAFDE80040F8465CD6E72037E ] SelfUpdateService C:\Program Files (x86)\Freetec\SystemStore\SelfUpdate.exe 13:08:02.0790 5840 SelfUpdateService ( UnsignedFile.Multi.Generic ) - warning 13:08:02.0790 5840 SelfUpdateService - detected UnsignedFile.Multi.Generic (1) 13:08:02.0821 5840 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\system32\sens.dll 13:08:02.0868 5840 SENS - ok 13:08:02.0868 5840 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll 13:08:02.0884 5840 SensrSvc - ok 13:08:02.0915 5840 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 13:08:02.0930 5840 Serenum - ok 13:08:02.0946 5840 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys 13:08:02.0977 5840 Serial - ok 13:08:03.0008 5840 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 13:08:03.0040 5840 sermouse - ok 13:08:03.0118 5840 [ 9D38320BB32230349379DF5DDBBF7FCE ] ServiceLayer C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe 13:08:03.0133 5840 ServiceLayer ( UnsignedFile.Multi.Generic ) - warning 13:08:03.0133 5840 ServiceLayer - detected UnsignedFile.Multi.Generic (1) 13:08:03.0196 5840 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll 13:08:03.0258 5840 SessionEnv - ok 13:08:03.0305 5840 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 13:08:03.0336 5840 sffdisk - ok 13:08:03.0352 5840 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 13:08:03.0367 5840 sffp_mmc - ok 13:08:03.0383 5840 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 13:08:03.0414 5840 sffp_sd - ok 13:08:03.0445 5840 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 13:08:03.0476 5840 sfloppy - ok 13:08:03.0554 5840 [ C6CC9297BD53E5229653303E556AA539 ] Sftfs C:\Windows\system32\DRIVERS\Sftfslh.sys 13:08:03.0601 5840 Sftfs - ok 13:08:03.0679 5840 [ 13693B6354DD6E72DC5131DA7D764B90 ] sftlist C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe 13:08:03.0710 5840 sftlist - ok 13:08:03.0726 5840 [ 390AA7BC52CEE43F6790CDEA1E776703 ] Sftplay C:\Windows\system32\DRIVERS\Sftplaylh.sys 13:08:03.0742 5840 Sftplay - ok 13:08:03.0757 5840 [ 617E29A0B0A2807466560D4C4E338D3E ] Sftredir C:\Windows\system32\DRIVERS\Sftredirlh.sys 13:08:03.0773 5840 Sftredir - ok 13:08:03.0773 5840 [ 8F571F016FA1976F445147E9E6C8AE9B ] Sftvol C:\Windows\system32\DRIVERS\Sftvollh.sys 13:08:03.0788 5840 Sftvol - ok 13:08:03.0820 5840 [ C3CDDD18F43D44AB713CF8C4916F7696 ] sftvsa C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe 13:08:03.0820 5840 sftvsa - ok 13:08:03.0866 5840 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll 13:08:03.0929 5840 SharedAccess - ok 13:08:03.0960 5840 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll 13:08:04.0038 5840 ShellHWDetection - ok 13:08:04.0069 5840 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 13:08:04.0069 5840 SiSRaid2 - ok 13:08:04.0100 5840 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 13:08:04.0116 5840 SiSRaid4 - ok 13:08:04.0147 5840 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys 13:08:04.0194 5840 Smb - ok 13:08:04.0210 5840 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe 13:08:04.0241 5840 SNMPTRAP - ok 13:08:04.0256 5840 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys 13:08:04.0272 5840 spldr - ok 13:08:04.0319 5840 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe 13:08:04.0350 5840 Spooler - ok 13:08:04.0459 5840 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe 13:08:04.0615 5840 sppsvc - ok 13:08:04.0646 5840 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll 13:08:04.0693 5840 sppuinotify - ok 13:08:04.0724 5840 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys 13:08:04.0771 5840 srv - ok 13:08:04.0818 5840 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 13:08:04.0849 5840 srv2 - ok 13:08:04.0880 5840 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 13:08:04.0912 5840 srvnet - ok 13:08:04.0958 5840 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 13:08:05.0021 5840 SSDPSRV - ok 13:08:05.0036 5840 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll 13:08:05.0083 5840 SstpSvc - ok 13:08:05.0099 5840 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 13:08:05.0114 5840 stexstor - ok 13:08:05.0177 5840 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll 13:08:05.0255 5840 stisvc - ok 13:08:05.0270 5840 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys 13:08:05.0286 5840 swenum - ok 13:08:05.0411 5840 [ F577910A133A592234EBAAD3F3AFA258 ] SwitchBoard C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe 13:08:05.0442 5840 SwitchBoard ( UnsignedFile.Multi.Generic ) - warning 13:08:05.0442 5840 SwitchBoard - detected UnsignedFile.Multi.Generic (1) 13:08:05.0473 5840 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll 13:08:05.0520 5840 swprv - ok 13:08:05.0551 5840 [ 470C47DABA9CA3966F0AB3F835D7D135 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 13:08:05.0567 5840 SynTP - ok 13:08:05.0629 5840 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll 13:08:05.0707 5840 SysMain - ok 13:08:06.0050 5840 [ 7017BC8488459E3B7BE018B84285CD13 ] SystemStoreService C:\Program Files (x86)\Freetec\SystemStore\SystemStore.exe 13:08:06.0269 5840 SystemStoreService ( UnsignedFile.Multi.Generic ) - warning 13:08:06.0269 5840 SystemStoreService - detected UnsignedFile.Multi.Generic (1) 13:08:06.0284 5840 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll 13:08:06.0331 5840 TabletInputService - ok 13:08:06.0347 5840 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll 13:08:06.0409 5840 TapiSrv - ok 13:08:06.0425 5840 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll 13:08:06.0456 5840 TBS - ok 13:08:06.0534 5840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 13:08:06.0596 5840 Tcpip - ok 13:08:06.0659 5840 [ 37608401DFDB388CAF66917F6B2D6FB0 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 13:08:06.0690 5840 TCPIP6 - ok 13:08:06.0737 5840 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 13:08:06.0752 5840 tcpipreg - ok 13:08:06.0815 5840 [ FD542B661BD22FA69CA789AD0AC58C29 ] tdcmdpst C:\Windows\system32\DRIVERS\tdcmdpst.sys 13:08:06.0830 5840 tdcmdpst - ok 13:08:06.0846 5840 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 13:08:06.0893 5840 TDPIPE - ok 13:08:06.0908 5840 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 13:08:06.0940 5840 TDTCP - ok 13:08:06.0986 5840 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 13:08:07.0033 5840 tdx - ok 13:08:07.0127 5840 [ 7F46DADEDC9CDB5D2F946C50759AD0FC ] TeamViewer4 C:\Program Files (x86)\TeamViewer\Version4\TeamViewer_Service.exe 13:08:07.0142 5840 TeamViewer4 - ok 13:08:07.0205 5840 [ 1B43FDBFE5A98F6B3D90595C6B2E5277 ] TemproMonitoringService C:\Program Files (x86)\Toshiba TEMPRO\TemproSvc.exe 13:08:07.0220 5840 TemproMonitoringService - ok 13:08:07.0267 5840 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys 13:08:07.0298 5840 TermDD - ok 13:08:07.0345 5840 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll 13:08:07.0423 5840 TermService - ok 13:08:07.0470 5840 TFsExDisk - ok 13:08:07.0501 5840 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll 13:08:07.0548 5840 Themes - ok 13:08:07.0564 5840 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll 13:08:07.0610 5840 THREADORDER - ok 13:08:07.0688 5840 [ DFE9BA871B9F3DBB591BD113611CBCC0 ] TMachInfo C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe 13:08:07.0704 5840 TMachInfo - ok 13:08:07.0766 5840 [ ED32035BDFECED1AD66D459FD9CC1140 ] TODDSrv C:\Windows\system32\TODDSrv.exe 13:08:07.0798 5840 TODDSrv - ok 13:08:07.0876 5840 [ 98C864481D62F86EC8AF65BE3419A95B ] TosCoSrv C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe 13:08:07.0907 5840 TosCoSrv - ok 13:08:07.0954 5840 [ 3E6756677E16532D235C6CB20614F369 ] TOSHIBA eco Utility Service C:\Program Files\TOSHIBA\TECO\TecoService.exe 13:08:07.0969 5840 TOSHIBA eco Utility Service - ok 13:08:08.0047 5840 [ 74C2FA8C3765EE71A9C22182EC108457 ] TOSHIBA HDD SSD Alert Service C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe 13:08:08.0063 5840 TOSHIBA HDD SSD Alert Service - ok 13:08:08.0125 5840 [ 97687D094AA597DA366E1194B218CC6C ] TPCHSrv C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe 13:08:08.0156 5840 TPCHSrv - ok 13:08:08.0203 5840 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll 13:08:08.0266 5840 TrkWks - ok 13:08:08.0328 5840 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 13:08:08.0406 5840 TrustedInstaller - ok 13:08:08.0437 5840 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 13:08:08.0515 5840 tssecsrv - ok 13:08:08.0578 5840 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 13:08:08.0609 5840 TsUsbFlt - ok 13:08:08.0656 5840 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 13:08:08.0718 5840 tunnel - ok 13:08:08.0765 5840 [ 550B567F9364D8F7684C3FB3EA665A72 ] TVALZ C:\Windows\system32\DRIVERS\TVALZ_O.SYS 13:08:08.0780 5840 TVALZ - ok 13:08:08.0796 5840 [ 9C7191F4B2E49BFF47A6C1144B5923FA ] TVALZFL C:\Windows\system32\DRIVERS\TVALZFL.sys 13:08:08.0812 5840 TVALZFL - ok 13:08:08.0843 5840 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 13:08:08.0843 5840 uagp35 - ok 13:08:08.0890 5840 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys 13:08:08.0952 5840 udfs - ok 13:08:08.0983 5840 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe 13:08:08.0999 5840 UI0Detect - ok 13:08:09.0046 5840 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 13:08:09.0061 5840 uliagpkx - ok 13:08:09.0092 5840 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys 13:08:09.0108 5840 umbus - ok 13:08:09.0124 5840 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 13:08:09.0139 5840 UmPass - ok 13:08:09.0264 5840 [ CC3775100ABA633984F73DFAE1F55CAE ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 13:08:09.0326 5840 UNS - ok 13:08:09.0358 5840 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll 13:08:09.0389 5840 upnphost - ok 13:08:09.0436 5840 [ AF1B9474D67897D0C2CFF58E0ACEACCC ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys 13:08:09.0467 5840 USBAAPL64 - ok 13:08:09.0498 5840 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 13:08:09.0529 5840 usbccgp - ok 13:08:09.0576 5840 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys 13:08:09.0607 5840 usbcir - ok 13:08:09.0623 5840 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys 13:08:09.0654 5840 usbehci - ok 13:08:09.0670 5840 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 13:08:09.0701 5840 usbhub - ok 13:08:09.0748 5840 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys 13:08:09.0779 5840 usbohci - ok 13:08:09.0810 5840 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 13:08:09.0857 5840 usbprint - ok 13:08:09.0904 5840 [ 4ACEE387FA8FD39F83564FCD2FC234F2 ] usbser C:\Windows\system32\DRIVERS\usbser.sys 13:08:09.0935 5840 usbser - ok 13:08:09.0966 5840 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 13:08:09.0997 5840 USBSTOR - ok 13:08:10.0028 5840 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 13:08:10.0060 5840 usbuhci - ok 13:08:10.0122 5840 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 13:08:10.0153 5840 usbvideo - ok 13:08:10.0184 5840 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll 13:08:10.0231 5840 UxSms - ok 13:08:10.0262 5840 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe 13:08:10.0278 5840 VaultSvc - ok 13:08:10.0309 5840 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 13:08:10.0325 5840 vdrvroot - ok 13:08:10.0372 5840 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe 13:08:10.0434 5840 vds - ok 13:08:10.0481 5840 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 13:08:10.0512 5840 vga - ok 13:08:10.0528 5840 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys 13:08:10.0590 5840 VgaSave - ok 13:08:10.0621 5840 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 13:08:10.0637 5840 vhdmp - ok 13:08:10.0668 5840 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys 13:08:10.0684 5840 viaide - ok 13:08:10.0715 5840 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys 13:08:10.0730 5840 volmgr - ok 13:08:10.0762 5840 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 13:08:10.0793 5840 volmgrx - ok 13:08:10.0808 5840 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys 13:08:10.0824 5840 volsnap - ok 13:08:10.0871 5840 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 13:08:10.0886 5840 vsmraid - ok 13:08:10.0964 5840 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe 13:08:11.0074 5840 VSS - ok 13:08:11.0105 5840 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 13:08:11.0120 5840 vwifibus - ok 13:08:11.0152 5840 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 13:08:11.0167 5840 vwififlt - ok 13:08:11.0214 5840 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll 13:08:11.0276 5840 W32Time - ok 13:08:11.0308 5840 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 13:08:11.0308 5840 WacomPen - ok 13:08:11.0354 5840 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 13:08:11.0417 5840 WANARP - ok 13:08:11.0432 5840 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 13:08:11.0464 5840 Wanarpv6 - ok 13:08:11.0526 5840 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe 13:08:11.0573 5840 wbengine - ok 13:08:11.0604 5840 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 13:08:11.0620 5840 WbioSrvc - ok 13:08:11.0651 5840 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll 13:08:11.0682 5840 wcncsvc - ok 13:08:11.0682 5840 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 13:08:11.0698 5840 WcsPlugInService - ok 13:08:11.0729 5840 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\DRIVERS\wd.sys 13:08:11.0744 5840 Wd - ok 13:08:11.0791 5840 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 13:08:11.0838 5840 Wdf01000 - ok 13:08:11.0854 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll 13:08:11.0900 5840 WdiServiceHost - ok 13:08:11.0900 5840 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll 13:08:11.0932 5840 WdiSystemHost - ok 13:08:11.0963 5840 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll 13:08:12.0010 5840 WebClient - ok 13:08:12.0025 5840 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll 13:08:12.0088 5840 Wecsvc - ok 13:08:12.0103 5840 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll 13:08:12.0134 5840 wercplsupport - ok 13:08:12.0166 5840 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll 13:08:12.0212 5840 WerSvc - ok 13:08:12.0259 5840 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 13:08:12.0290 5840 WfpLwf - ok 13:08:12.0306 5840 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys 13:08:12.0322 5840 WIMMount - ok 13:08:12.0322 5840 WinDefend - ok 13:08:12.0337 5840 WinHttpAutoProxySvc - ok 13:08:12.0384 5840 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 13:08:12.0431 5840 Winmgmt - ok 13:08:12.0478 5840 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll 13:08:12.0556 5840 WinRM - ok 13:08:12.0618 5840 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 13:08:12.0665 5840 WinUsb - ok 13:08:12.0712 5840 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll 13:08:12.0774 5840 Wlansvc - ok 13:08:12.0883 5840 [ 98F138897EF4246381D197CB81846D62 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 13:08:12.0946 5840 wlidsvc - ok 13:08:12.0961 5840 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 13:08:12.0992 5840 WmiAcpi - ok 13:08:13.0039 5840 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 13:08:13.0055 5840 wmiApSrv - ok 13:08:13.0102 5840 WMPNetworkSvc - ok 13:08:13.0133 5840 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll 13:08:13.0148 5840 WPCSvc - ok 13:08:13.0180 5840 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 13:08:13.0195 5840 WPDBusEnum - ok 13:08:13.0226 5840 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 13:08:13.0273 5840 ws2ifsl - ok 13:08:13.0304 5840 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll 13:08:13.0336 5840 wscsvc - ok 13:08:13.0351 5840 WSearch - ok 13:08:13.0398 5840 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll 13:08:13.0460 5840 wuauserv - ok 13:08:13.0507 5840 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 13:08:13.0538 5840 WudfPf - ok 13:08:13.0601 5840 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 13:08:13.0648 5840 WUDFRd - ok 13:08:13.0679 5840 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 13:08:13.0710 5840 wudfsvc - ok 13:08:13.0741 5840 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll 13:08:13.0804 5840 WwanSvc - ok 13:08:13.0850 5840 [ 2EE48CFCE7CA8E0DB4C44C7476C0943B ] xusb21 C:\Windows\system32\DRIVERS\xusb21.sys 13:08:13.0882 5840 xusb21 - ok 13:08:13.0897 5840 ZTEusbmdm6k - ok 13:08:13.0913 5840 ZTEusbnmea - ok 13:08:13.0928 5840 ZTEusbser6k - ok 13:08:13.0960 5840 ================ Scan global =============================== 13:08:13.0975 5840 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll 13:08:14.0006 5840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 13:08:14.0022 5840 [ 9E479C2B605C25DA4971ABA36250FAEF ] C:\Windows\system32\winsrv.dll 13:08:14.0038 5840 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll 13:08:14.0069 5840 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe 13:08:14.0084 5840 [Global] - ok 13:08:14.0084 5840 ================ Scan MBR ================================== 13:08:14.0100 5840 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 13:08:15.0223 5840 \Device\Harddisk0\DR0 - ok 13:08:15.0239 5840 ================ Scan VBR ================================== 13:08:15.0254 5840 [ C502F4BB1CE2A15E2F3DA9B076B8C751 ] \Device\Harddisk0\DR0\Partition1 13:08:15.0254 5840 \Device\Harddisk0\DR0\Partition1 - ok 13:08:15.0286 5840 [ 8EDDCD5EF53B12440ED58D2DCABDA2AB ] \Device\Harddisk0\DR0\Partition2 13:08:15.0286 5840 \Device\Harddisk0\DR0\Partition2 - ok 13:08:15.0286 5840 ============================================================ 13:08:15.0286 5840 Scan finished 13:08:15.0286 5840 ============================================================ 13:08:15.0301 3320 Detected object count: 5 13:08:15.0301 3320 Actual detected object count: 5 13:08:33.0772 3320 IDriverT ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:33.0772 3320 IDriverT ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:33.0772 3320 SelfUpdateService ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:33.0772 3320 SelfUpdateService ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:33.0772 3320 ServiceLayer ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:33.0772 3320 ServiceLayer ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:33.0772 3320 SwitchBoard ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:33.0772 3320 SwitchBoard ( UnsignedFile.Multi.Generic ) - User select action: Skip 13:08:33.0772 3320 SystemStoreService ( UnsignedFile.Multi.Generic ) - skipped by user 13:08:33.0772 3320 SystemStoreService ( UnsignedFile.Multi.Generic ) - User select action: Skip |
|
06.02.2013, 13:36
| #6 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? hi Combofix: Scan mit Combofix
__________________ --> Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? |
|
06.02.2013, 13:55
| #7 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? Combofix Logfile: Code:
ATTFilter ComboFix 13-02-03.03 - Maze 06.02.2013 13:47:36.2.4 - x64
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3959.2111 [GMT 1:00]
ausgeführt von:: c:\users\Maze\Desktop\ComboFix.exe
AV: avast! Internet Security *Disabled/Updated* {2B2D1395-420B-D5C9-657E-930FE358FC3C}
FW: avast! Internet Security *Disabled* {131692B0-0864-D491-4E21-3A3A1D8BBB47}
SP: avast! Internet Security *Disabled/Updated* {904CF271-6431-DA47-5FCE-A87D98DFB681}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\windows\SysWow64\AF15BDAEX.dll
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-06 bis 2013-02-06 ))))))))))))))))))))))))))))))
.
.
2013-02-06 12:52 . 2013-02-06 12:52 -------- d-----w- c:\users\Public\AppData\Local\temp
2013-02-06 12:52 . 2013-02-06 12:52 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-06 11:06 . 2013-02-06 11:06 -------- d-----w- c:\program files (x86)\Malwarebytes' Anti-Malware
2013-02-06 11:06 . 2012-12-14 15:49 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-02-06 11:06 . 2013-02-06 11:06 -------- d-----w- c:\users\Maze\AppData\Local\Programs
2013-02-06 10:19 . 2013-02-06 10:19 -------- d-----w- c:\users\Maze\AppData\Local\Nero_AG
2013-02-05 13:11 . 2013-02-05 13:11 -------- d-----r- c:\program files (x86)\Skype
2013-02-05 13:11 . 2013-02-05 13:11 -------- d-----w- c:\program files (x86)\Common Files\Skype
2013-02-05 09:28 . 2013-01-08 05:32 9161176 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{09ED0C50-3073-48A1-AFDB-88D7DB732523}\mpengine.dll
2013-01-30 19:13 . 2013-01-30 19:13 -------- d-----w- c:\users\Maze\AppData\Roaming\MAGIX
2013-01-30 19:09 . 2013-01-30 19:09 -------- d-----w- c:\users\Maze\AppData\Local\Xara
2013-01-30 19:04 . 2013-01-30 19:04 -------- d-----w- c:\program files\Common Files\MAGIX Services
2013-01-30 19:04 . 2013-01-30 19:13 -------- d-----w- c:\programdata\MAGIX
2013-01-30 19:04 . 2013-01-30 19:04 -------- d-----w- c:\program files (x86)\Common Files\MAGIX Services
2013-01-30 19:04 . 2013-01-30 19:04 -------- d-----w- c:\program files (x86)\MAGIX
2013-01-24 21:32 . 2013-01-24 21:32 0 ----a-w- c:\windows\SysWow64\sho2CAF.tmp
2013-01-15 20:15 . 2013-01-04 15:53 9060864 ----a-w- c:\windows\system32\mshtml.dll
2013-01-10 16:05 . 2012-11-09 05:45 750592 ----a-w- c:\windows\system32\win32spl.dll
2013-01-10 16:05 . 2012-11-09 04:43 492032 ----a-w- c:\windows\SysWow64\win32spl.dll
2013-01-10 16:05 . 2012-11-01 05:43 2002432 ----a-w- c:\windows\system32\msxml6.dll
2013-01-10 16:05 . 2012-11-01 05:43 1882624 ----a-w- c:\windows\system32\msxml3.dll
2013-01-10 16:05 . 2012-11-01 04:47 1389568 ----a-w- c:\windows\SysWow64\msxml6.dll
2013-01-10 16:05 . 2012-11-01 04:47 1236992 ----a-w- c:\windows\SysWow64\msxml3.dll
2013-01-10 16:05 . 2012-11-20 05:48 307200 ----a-w- c:\windows\system32\ncrypt.dll
2013-01-10 16:05 . 2012-11-20 04:51 220160 ----a-w- c:\windows\SysWow64\ncrypt.dll
2013-01-10 16:05 . 2012-11-22 05:44 800768 ----a-w- c:\windows\system32\usp10.dll
2013-01-10 16:05 . 2012-11-22 04:45 626688 ----a-w- c:\windows\SysWow64\usp10.dll
2013-01-10 16:03 . 2012-11-30 05:41 424448 ----a-w- c:\windows\system32\KernelBase.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-01-30 19:09 . 2007-04-27 09:43 120200 ----a-w- c:\windows\SysWow64\DLLDEV32i.dll
2013-01-17 00:28 . 2011-03-07 05:34 273840 ------w- c:\windows\system32\MpSigStub.exe
2012-12-16 17:11 . 2012-12-21 12:14 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 12:14 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:14 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 12:14 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-11-30 04:45 . 2013-01-10 16:03 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-11-16 16:53 . 2011-11-07 19:13 952 --sha-w- c:\programdata\KGyGaAvL.sys
2012-11-12 12:28 . 2012-12-13 00:07 1638912 ----a-w- c:\windows\system32\mshtml.tlb
2012-11-12 11:52 . 2012-12-13 00:07 1638912 ----a-w- c:\windows\SysWow64\mshtml.tlb
2012-11-09 05:45 . 2012-12-13 00:09 2048 ----a-w- c:\windows\system32\tzres.dll
2012-11-09 04:42 . 2012-12-13 00:09 2048 ----a-w- c:\windows\SysWow64\tzres.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{58307a99-7813-45f1-ac6c-06ff1617a20d}]
2010-11-05 01:58 297808 ----a-w- c:\windows\System32\mscoree.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{D4027C7F-154A-4066-A1AD-4243D8127440}]
2011-07-27 20:41 1493160 ----a-w- c:\program files (x86)\Ask.com\GenericAskToolbar.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8}]
2011-05-18 21:25 194912 ------w- c:\program files (x86)\Yontoo Layers\YontooIEClient.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar]
"{D4027C7F-154A-4066-A1AD-4243D8127440}"= "c:\program files (x86)\Ask.com\GenericAskToolbar.dll" [2011-07-27 1493160]
"{DFEFCDEE-CF1A-4FC8-88AD-129872198372}"= "c:\users\Maze\AppData\Roaming\loadtbs\toolbar.dll" [2012-02-15 640000]
.
[HKEY_CLASSES_ROOT\clsid\{d4027c7f-154a-4066-a1ad-4243d8127440}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd.1]
[HKEY_CLASSES_ROOT\TypeLib\{2996F0E7-292B-4CAE-893F-47B8B1C05B56}]
[HKEY_CLASSES_ROOT\GenericAskToolbar.ToolbarWnd]
.
[HKEY_CLASSES_ROOT\clsid\{dfefcdee-cf1a-4fc8-88ad-129872198372}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BlosonAddonUpdater"="c:\users\Maze\AppData\Roaming\Bloson\BlosonAddonUpdater.exe" [2013-01-21 39424]
"Skype"="c:\program files (x86)\Skype\Phone\Skype.exe" [2013-01-08 18706176]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NBAgent"="c:\program files (x86)\Nero\Nero BackItUp & Burn\Nero BackItUp\NBAgent.exe" [2010-03-09 1086760]
"StartCCC"="c:\program files (x86)\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2010-04-26 102400]
"TWebCamera"="c:\program files (x86)\TOSHIBA\TOSHIBA Web Camera Application\TWebCamera.exe" [2010-02-23 2454840]
"ToshibaServiceStation"="c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe" [2010-07-01 1295224]
"CorelDRAW Graphics Suite 11b"="c:\program files (x86)\Corel\Corel Graphics 11\Register\registration.exe" [2005-02-17 315392]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-06-06 937920]
"ApnUpdater"="c:\program files (x86)\Ask.com\Updater\Updater.exe" [2011-07-27 397992]
"SwitchBoard"="c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]
"AdobeCS5ServiceManager"="c:\program files (x86)\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
"DivXUpdate"="c:\program files (x86)\DivX\DivX Update\DivXUpdate.exe" [2011-07-28 1259376]
"APSDaemon"="c:\program files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe" [2012-08-27 59280]
"QuickTime Task"="c:\program files (x86)\QuickTime\QTTask.exe" [2012-04-18 421888]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"iTunesHelper"="c:\program files (x86)\iTunes\iTunesHelper.exe" [2012-09-09 421776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe" [2012-12-14 512360]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"TOSHIBA Online Product Information"="c:\program files (x86)\TOSHIBA\TOSHIBA Online Product Information\topi.exe" [2010-03-03 4581280]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Microsoft Office.lnk - c:\program files (x86)\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
.
c:\users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
TRDCReminder.lnk - c:\program files (x86)\TOSHIBA\TRDCReminder\TRDCReminder.exe [2009-9-1 481184]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
"EnableLinkedConnections"= 1 (0x1)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R2 SelfUpdateService;Self Update Service;c:\program files (x86)\Freetec\SystemStore\SelfUpdate.exe -displayname Self Update Service -servicename SelfUpdateService [x]
R2 SystemStoreService;System Store Service;c:\program files (x86)\Freetec\SystemStore\SystemStore.exe -displayname System Store Service -servicename:SystemStoreService [x]
R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys [2009-06-29 132608]
R3 ggflt;SEMC USB Flash Driver Filter;c:\windows\system32\DRIVERS\ggflt.sys [2012-02-18 13352]
R3 hwusbfake;Huawei DataCard USB Fake;c:\windows\system32\DRIVERS\ewusbfake.sys [2009-06-29 116096]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 Netaapl;Apple Mobile Device Ethernet Service;c:\windows\system32\DRIVERS\netaapl64.sys [2011-08-02 22528]
R3 optousb;OPTO ELECTRONICS optousb;c:\windows\system32\DRIVERS\optousb.sys [2009-08-26 22656]
R3 optovcm;OPTO ELECTRONICS optovcm;c:\windows\system32\DRIVERS\optovcm.sys [2009-08-26 31744]
R3 RSUSBSTOR;RtsUStor.Sys Realtek USB Card Reader;c:\windows\system32\Drivers\RtsUStor.sys [2010-02-01 232992]
R3 SwitchBoard;SwitchBoard;c:\program files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [2010-02-19 517096]
R3 TeamViewer4;TeamViewer 4;c:\program files (x86)\TeamViewer\Version4\TeamViewer_Service.exe [2009-08-24 185640]
R3 TFsExDisk;TFsExDisk;c:\windows\System32\Drivers\TFsExDisk.sys [x]
R3 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;c:\program files\TOSHIBA\TECO\TecoService.exe [2010-03-17 258928]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-20 59392]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys [2012-07-09 52736]
R4 TemproMonitoringService;Notebook Performance Tuning Service (TEMPRO);c:\program files (x86)\Toshiba TEMPRO\TemproSvc.exe [2010-02-11 124368]
S0 aswNdis;avast! Firewall NDIS Filter Service;c:\windows\system32\DRIVERS\aswNdis.sys [2011-11-28 12368]
S0 aswNdis2;avast! Firewall Core Firewall Service; [x]
S1 aswFW;avast! TDI Firewall driver; [x]
S1 aswKbd;aswKbd; [x]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S1 dtsoftbus01;DAEMON Tools Virtual Bus Driver;c:\windows\system32\DRIVERS\dtsoftbus01.sys [2011-03-04 254528]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2010-04-26 202752]
S2 aswFsBlk;aswFsBlk; [x]
S2 aswMonFlt;aswMonFlt;c:\windows\system32\drivers\aswMonFlt.sys [2012-10-30 71600]
S2 avast! Firewall;avast! Firewall;c:\program files\AVAST Software\Avast\afwServ.exe [2012-10-30 133912]
S2 cfWiMAXService;ConfigFree WiMAX Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFIWmxSvcs64.exe [2010-01-28 249200]
S2 ConfigFree Service;ConfigFree Service;c:\program files (x86)\TOSHIBA\ConfigFree\CFSvcs.exe [2009-03-10 46448]
S2 cvhsvc;Client Virtualization Handler;c:\program files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE [2012-01-04 822624]
S2 regi;regi;c:\windows\system32\drivers\regi.sys [2007-04-17 14112]
S2 sftlist;Application Virtualization Client;c:\program files (x86)\Microsoft Application Virtualization Client\sftlist.exe [2011-10-01 508776]
S2 TVALZFL;TOSHIBA ACPI-Based Value Added Logical and General Purpose Device Filter Driver;c:\windows\system32\DRIVERS\TVALZFL.sys [2009-06-19 14472]
S2 UNS;Intel(R) Management & Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2010-03-03 2320920]
S3 CnxtHdmiAudService;Conexant UAA HDMI Function Driver for High Definition Audio Service;c:\windows\system32\drivers\CHDMI64.sys [2010-03-05 720952]
S3 FwLnk;FwLnk Driver;c:\windows\system32\DRIVERS\FwLnk.sys [2009-07-07 9216]
S3 HECIx64;Intel(R) Management Engine Interface;c:\windows\system32\DRIVERS\HECIx64.sys [2009-09-17 56344]
S3 Impcd;Impcd;c:\windows\system32\DRIVERS\Impcd.sys [2010-02-10 158720]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-02-22 75304]
S3 PGEffect;Pangu effect driver;c:\windows\system32\DRIVERS\pgeffect.sys [2009-06-22 35008]
S3 rtl8192se;Realtek Wireless LAN 802.11n PCI-E NIC NT Driver;c:\windows\system32\DRIVERS\rtl8192se.sys [2010-04-26 1103904]
S3 Sftfs;Sftfs;c:\windows\system32\DRIVERS\Sftfslh.sys [2011-10-01 764264]
S3 Sftplay;Sftplay;c:\windows\system32\DRIVERS\Sftplaylh.sys [2011-10-01 268648]
S3 Sftredir;Sftredir;c:\windows\system32\DRIVERS\Sftredirlh.sys [2011-10-01 25960]
S3 Sftvol;Sftvol;c:\windows\system32\DRIVERS\Sftvollh.sys [2011-10-01 22376]
S3 sftvsa;Application Virtualization Service Agent;c:\program files (x86)\Microsoft Application Virtualization Client\sftvsa.exe [2011-10-01 219496]
S3 TMachInfo;TMachInfo;c:\program files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2010-07-01 51576]
S3 TOSHIBA HDD SSD Alert Service;TOSHIBA HDD SSD Alert Service;c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe [2010-02-05 137560]
S3 TPCHSrv;TPCH Service;c:\program files\TOSHIBA\TPHM\TPCHSrv.exe [2010-02-23 835952]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 47540326
*Deregistered* - 47540326
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2012-10-30 22:50 133400 ----a-w- c:\program files\AVAST Software\Avast\ashShA64.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="c:\program files (x86)\Synaptics\SynTP\SynTPEnh.exe" [BU]
"TosSENotify"="c:\program files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe" [2010-02-05 709976]
"TosReelTimeMonitor"="c:\program files (x86)\TOSHIBA\ReelTime\TosReelTimeMonitor.exe" [BU]
"TosNC"="c:\program files (x86)\Toshiba\BulletinBoard\TosNcCore.exe" [BU]
"Toshiba TEMPRO"="c:\program files (x86)\Toshiba TEMPRO\TemproTray.exe" [2010-02-11 1050072]
"SmartAudio"="c:\program files\CONEXANT\SAII\SAIICpl.exe" [2009-11-19 307768]
"cAudioFilterAgent"="c:\program files\Conexant\cAudioFilterAgent\cAudioFilterAgent64.exe" [2010-03-22 521272]
"TPwrMain"="c:\program files (x86)\TOSHIBA\Power Saver\TPwrMain.EXE" [BU]
"HSON"="c:\program files (x86)\TOSHIBA\TBS\HSON.exe" [BU]
"SmoothView"="c:\program files (x86)\Toshiba\SmoothView\SmoothView.exe" [BU]
"00TCrdMain"="c:\program files (x86)\TOSHIBA\FlashCards\TCrdMain.exe" [BU]
"SmartFaceVWatcher"="c:\program files (x86)\Toshiba\SmartFaceV\SmartFaceVWatcher.exe" [BU]
"Teco"="c:\program files (x86)\TOSHIBA\TECO\Teco.exe" [BU]
"TosWaitSrv"="c:\program files (x86)\TOSHIBA\TPHM\TosWaitSrv.exe" [BU]
"TosVolRegulator"="c:\program files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe" [2009-11-11 24376]
"Toshiba Registration"="c:\program files\Toshiba\Registration\ToshibaReminder.exe" [2010-04-19 136136]
"AdobeAAMUpdater-1.0"="c:\program files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.facebook.com/
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local
IE: {{73C6DCFB-B606-47F3-BDFA-9A4FBF931E37} - c:\program files (x86)\ICQ7.4\ICQ.exe
TCP: DhcpNameServer = 192.168.178.1
FF - ProfilePath - c:\users\Maze\AppData\Roaming\Mozilla\Firefox\Profiles\19fss6mu.default\
FF - ExtSQL: 3982-01-06 13:19; {7df87622-0565-4b6d-b160-75a339bc64cb}; c:\users\Maze\AppData\Roaming\Mozilla\Firefox\Profiles\19fss6mu.default\extensions\{7df87622-0565-4b6d-b160-75a339bc64cb}.xpi
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
URLSearchHooks-{c840e246-6b95-475e-9bd7-caa1c7eca9f2} - (no file)
Toolbar-Locked - (no file)
AddRemove-{0886900B-B2F3-452C-B580-60F1253F7F80} - c:\programdata\{20EFD19B-675C-417B-A498-B0161D72FF88}\Controller Editor Setup PC.exe
AddRemove-{0B8565BA-BAD5-4732-B122-5FD78EFC50A9} - c:\programdata\{442B6EC3-77A0-4817-825F-67F47D7A2E54}\Service Center Setup.exe
AddRemove-{FC6AFD44-EDF9-4A03-AB9E-16A5391FE24F} - c:\programdata\{F751CA04-FB71-4EC0-ACC9-5B733D122C5E}\Maschine Setup PC.exe
.
.
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\services\SystemStoreService]
"ImagePath"="\"c:\program files (x86)\Freetec\SystemStore\SystemStore.exe\" -displayname \"System Store Service\" -servicename:SystemStoreService"
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.download\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariDownload"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (S-1-5-21-3340520605-465648005-2609745228-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (S-1-5-21-3340520605-465648005-2609745228-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.safariextz\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariExtension"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (S-1-5-21-3340520605-465648005-2609745228-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webarchive\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (S-1-5-21-3340520605-465648005-2609745228-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (S-1-5-21-3340520605-465648005-2609745228-1001)
@Denied: (2) (LocalSystem)
"Progid"="FirefoxHTML"
.
[HKEY_USERS\S-1-5-21-3340520605-465648005-2609745228-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="SafariHTML"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_2_202_233_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_2_202_233.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\McAfee]
"SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-06 13:54:45
ComboFix-quarantined-files.txt 2013-02-06 12:54
ComboFix2.txt 2012-02-12 20:13
.
Vor Suchlauf: 17 Verzeichnis(se), 55.721.771.008 Bytes frei
Nach Suchlauf: 19 Verzeichnis(se), 55.149.662.208 Bytes frei
.
- - End Of File - - 51EBAE41D09780D40BB4246A0A1974FF
|
|
06.02.2013, 14:02
| #8 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? bisher sehe ich erst mal nur adware, und das mal irgendwas bei ner Avast instalation bzw deinstalation schief gegangen ist, darum kümmern wir uns noch. malwarebytes: Downloade Dir bitte Malwarebytes
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
06.02.2013, 15:36
| #9 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.06.05 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 8.0.7601.17514 Maze :: MAZE-TOSH [Administrator] 06.02.2013 14:05:40 mbam-log-2013-02-06 (14-05-40).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|Q:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 620556 Laufzeit: 1 Stunde(n), 26 Minute(n), 35 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 8 HKCR\CLSID\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FD72061E-9FDE-484D-A58A-0BAB4151CAD8} (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCR\CLSID\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\loadtbs-2.1 (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Registrierungswerte: 1 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar|{DFEFCDEE-CF1A-4FC8-88AD-129872198372} (PUP.LoadTubes) -> Daten: -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 2 C:\Users\Maze\AppData\Roaming\loadtbs (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. Infizierte Dateien: 18 C:\Program Files (x86)\Yontoo Layers\YontooIEClient.dll (Adware.Yontoo) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Program Files (x86)\Mozilla Firefox\plugins\npmieze.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\ytdl.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. D:\Bilder\bearbeitet\FLVPlayer_v3.exe (PUP.Adware.Installcore) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\keyHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\config.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\domHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\evHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\ffmpeg.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\license.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\toolbar.dll (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\uninstall.exe (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\updateHash.txt (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.html (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com\background.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com\download.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com\fire.js (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. C:\Users\Maze\AppData\Roaming\loadtbs\chrome@loadtubes.com\manifest.json (PUP.LoadTubes) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) Geändert von Maze87 (06.02.2013 um 15:49 Uhr) |
|
06.02.2013, 20:21
| #10 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? hi lade den CCleaner standard: CCleaner Download - CCleaner 3.21.1767 falls der CCleaner bereits instaliert ist, überspringen. instalieren, öffnen, extras, liste der instalierten programme, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten. eset: ESET Online Scanner
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 10:43
| #11 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? 7-Zip 9.20 17.07.2011 (UNNÖTIG) Adobe AIR Adobe Systems Inc. 10.05.2010 1.5.3.9130 (UNBEKANNT) Adobe Community Help Adobe Systems Incorporated 11.12.2011 3.0.0.400 (UNBEKANNT) Adobe Flash Player 11 ActiveX 64-bit Adobe Systems Incorporated 13.04.2012 6,00MB 11.2.202.233 (NOTWENDIG) Adobe Flash Player 11 Plugin Adobe Systems Incorporated 21.06.2012 6,00MB 11.3.300.262 (NOTWENDIG) Adobe Media Player Adobe Systems Incorporated 11.12.2011 1.8 (NOTWENDIG) Adobe Photoshop CS5 Adobe Systems Incorporated 11.12.2011 2,53GB 12.0 (NOTWENDIG) Adobe Reader X (10.1.0) - Deutsch Adobe Systems Incorporated 21.06.2011 165MB 10.1.0 (NOTWENDIG) Apple Mobile Device Support Apple Inc. 03.10.2012 23,7MB 6.0.0.59 (NOTWENDIG) Apple Software Update Apple Inc. 28.04.2012 2,38MB 2.1.3.127 (NOTWENDIG) Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 06.10.2010 1.0.0.26 (NOTWENDIG) ATI Catalyst Install Manager ATI Technologies, Inc. 06.10.2010 22,2MB 3.0.769.0 (NOTWENDIG) Avanquest update Avanquest Software 18.02.2012 1.30 (UNBEKANNT) avast! Internet Security AVAST Software 21.11.2012 7.0.1474.0 (NOTWENDIG) Avira SearchFree Toolbar plus Web Protection Ask.com 17.10.2011 3,19MB 1.12.5.0 (UNNÖTIG) Bloson Bloson 06.01.2013 10,6MB 1.0.16 (UNBEKANNT) Bonjour Apple Inc. 28.04.2012 2,00MB 3.0.0.10 (UNNÖTIG) bx_cleansweep V2 All 2.0 Brainworx 06.03.2011 (UNNÖTIG) CCleaner Piriform 23.01.2013 3.27 (NOTWENDIG) Cinergy T USB XE (MKII) V6.09.28.05b 20.06.2012 6.09.28.05b (UNBEKANNT) Conexant Audio Driver For AMD HDMI Codec Conexant 06.10.2010 4.98.26.0 (NOTWENDIG) Conexant HD Audio Conexant 06.10.2010 4.119.0.61 (NOTWENDIG) Corel WinDVD Corel Inc. 06.10.2010 196MB 10.0.5.822 (NOTWENDIG) CorelDRAW Graphics Suite 11 Corel Corporation 25.03.2011 261MB 11 (NOTWENDIG) DAEMON Tools Lite DT Soft Ltd 04.03.2011 4.40.2.0131 (UNNÖTIG) db audioware Sidechain Compressor VST v1.1.0 03.03.2011 (UNNÖTIG) DivX-Setup DivX, LLC 23.06.2012 2.6.1.9 (UNNÖTIG) Effectrix Sugar Bytes 04.03.2011 1.0 (NOTWENDIG) FabFilter TotalBundle VST RTAS v1.3 10.07.2011 38,8MB (UNNÖTIG) FLV Player 2.0 (build 25) Martijn de Visser 16.11.2012 2.0 (build 25) (UNNÖTIG) FM PDF To JPG Converter Free 1.01 02.06.2011 7,64MB 1.0 (UNNÖTIG) FotoSketcher 2.10 David THOIRON 08.06.2011 5,21MB (UNNÖTIG) Free Mp3 Wma Converter V 2.0 Koyote Soft 03.09.2011 38,4MB 2.0.0.0 (NOTWENDIG) GEAR driver installer for AMD64 and Intel EM64T GEAR Software, Inc. 03.03.2011 236KB 2.003.1 (NOTWENDIG) GPL Ghostscript 8.71 Lite 02.04.2011 12,7MB 8.71 (UNBEKANNT) ICQ7.4 ICQ 06.03.2011 7.4 (UNNÖTIG) Intel(R) Management Engine Components Intel Corporation 06.10.2010 6.0.0.1179 (NOTWENDIG) Intel(R) Rapid Storage Technology Intel Corporation 07.02.2013 9.5.7.1002 (NOTWENDIG) Intel(R) Turbo Boost Technology Driver Intel Corporation 06.10.2010 01.01.01.1007 (NOTWENDIG) iTunes Apple Inc. 03.10.2012 182MB 10.7.0.21 (NOTWENDIG) iZotope Ozone 4 iZotope, Inc. 19.02.2011 4.00 (NOTWENDIG) Java(TM) 6 Update 33 Oracle 08.08.2012 95,6MB 6.0.330 (NOTWENDIG) Kicklab BSP Beat 06.03.2011 1,34MB 1.0.0 (UNNÖTIG) Live 8.2.2 11.05.2012 (NOTWENDIG) MAGIX Web Designer MX Premium MAGIX AG 30.01.2013 8.0.2.21761 (NOTWENDIG) Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 06.02.2013 18,4MB 1.70.0.1100 (NOTWENDIG) Microsoft .NET Framework 4 Client Profile Microsoft Corporation 22.02.2011 38,8MB 4.0.30319 (NOTWENDIG) Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 22.02.2011 2,93MB 4.0.30319 (NOTWENDIG) Microsoft Age of Empires II 01.08.2012 (NOTWENDIG) Microsoft Office 2000 Premium Microsoft Corporation 28.05.2011 231MB 9.00.2816 (NOTWENDIG) Microsoft Office 2010 Microsoft Corporation 06.10.2010 6,31MB 14.0.4763.1000 (NOTWENDIG) Microsoft Office Klick-und-Los 2010 Microsoft Corporation 20.02.2011 14.0.4763.1000 (NOTWENDIG) Microsoft Office Starter 2010 - Deutsch Microsoft Corporation 20.02.2011 14.0.4763.1000 (NOTWENDIG) Microsoft Silverlight Microsoft Corporation 12.05.2012 188MB 4.1.10329.0 (NOTWENDIG) Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Corporation 10.05.2010 1,72MB 3.1.0000 (NOTWENDIG) Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Corporation 24.01.2012 250KB 8.0.50727.4053 (NOTWENDIG) Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 28.10.2011 2,38MB 8.0.61001 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x64 9.0.30729.5570 Microsoft Corporation 23.04.2011 790KB 9.0.30729.5570 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Corporation 23.04.2011 598KB 9.0.30729.5570 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 Microsoft Corporation 10.05.2010 788KB 9.0.30729 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 Microsoft Corporation 06.10.2010 788KB 9.0.30729.4148 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 Microsoft Corporation 16.06.2011 788KB 9.0.30729.6161 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 19.02.2011 596KB 9.0.30729 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 20.02.2011 596KB 9.0.30729.4148 (NOTWENDIG) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 16.06.2011 600KB 9.0.30729.6161 (NOTWENDIG) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 18.10.2011 12,2MB 10.0.40219 (NOTWENDIG) MixMeister Fusion Demo 7.4.4 MixMeister Technology LLC 03.03.2011 (NOTWENDIG) Mozilla Firefox 18.0.2 (x86 de) Mozilla 06.02.2013 52,9MB 18.0.2 (NOTWENDIG) Mozilla Maintenance Service Mozilla 06.02.2013 330KB 18.0.2 (UNNÖTIG) MSXML 4.0 SP2 (KB973688) Microsoft Corporation 21.02.2011 1,33MB 4.20.9876.0 (NOTWENDIG) MSXML 4.0 SP3 Parser Microsoft Corporation 30.01.2013 1,47MB 4.30.2100.0 (NOTWENDIG) MSXML 4.0 SP3 Parser (KB2758694) Microsoft Corporation 30.01.2013 1,54MB 4.30.2117.0 (NOTWENDIG) Native Instruments Absynth 4 23.03.2011 (NOTWENDIG) Nero 9 Essentials Nero AG 10.05.2010 (UNNÖTIG) Nero BackItUp Nero AG 10.05.2010 102MB 5.2.21001 (UNNÖTIG) Nero BackItUp and Burn Nero AG 10.05.2010 305MB 1.2.0030 (UNNÖTIG) Nero BurnRights Nero AG 10.05.2010 4,36MB 3.6.26001 (UNNÖTIG) Nero Express Nero AG 10.05.2010 197MB 9.6.16000 (UNNÖTIG) Nero RescueAgent Nero AG 10.05.2010 5,19MB 2.6.25002 (UNNÖTIG) Opera 12.13 Opera Software ASA 03.02.2013 12.13.1734 (NOTWENDIG) Opticon USB Drivers Installer 30.09.2011 (UNBEKANNT) PC Connectivity Solution Nokia 23.02.2012 14,9MB 8.15.0.0 (UNBEKANNT) Photo Service - powered by myphotobook myphotobook GmbH 10.05.2010 1.0.7-279 (UNBEKANNT) PlayReady PC Runtime amd64 Microsoft Corporation 10.05.2010 2,05MB 1.3.0 (NOTWENDIG) Pro Evolution Soccer 2013 KONAMI 26.12.2012 6,03GB 1.03.0000 (NOTWENDIG) QuickTime Apple Inc. 20.06.2012 73,2MB 7.72.80.56 (NOTWENDIG) Realtek USB 2.0 Card Reader Realtek Semiconductor Corp. 12.01.2012 6.1.7600.30111 (NOTWENDIG) Realtek WLAN Driver REALTEK Semiconductor Corp. 06.10.2010 2.00.0013 (NOTWENDIG) Safari Apple Inc. 03.10.2012 104MB 5.34.57.2 (NOTWENDIG) SAMSUNG Mobile Composite Device Software 23.02.2012 (UNNÖTIG) Samsung Mobile Modem Device Software 23.02.2012 (UNNÖTIG) SAMSUNG Mobile Modem Driver Set 23.02.2012 (UNNÖTIG) Samsung Mobile phone USB driver Drive Software 23.02.2012 (UNNÖTIG) SAMSUNG Mobile USB Modem 1.0 Software 23.02.2012 (UNNÖTIG) SAMSUNG Mobile USB Modem Software 23.02.2012 (UNNÖTIG) SAMSUNG USB Mobile Device Software 23.02.2012 (UNNÖTIG) Skype™ 6.1 Skype Technologies S.A. 05.02.2013 20,8MB 6.1.129 (NOTWENDIG) SpywareBlaster 4.6 Javacool Software LLC 15.02.2012 6,53MB 4.6.0 (UNBEKANNT) Synaptics Pointing Device Driver Synaptics Incorporated 10.05.2010 15.0.8.1 (NOTWENDIG) TeamViewer 4 TeamViewer GmbH 25.05.2011 4.1.6597 (NOTWENDIG) Toshiba Assist TOSHIBA 10.05.2010 3.00.10 (NOTWENDIG) TOSHIBA Bulletin Board TOSHIBA Corporation 06.10.2010 1.6.06.64 (NOTWENDIG) TOSHIBA ConfigFree TOSHIBA Corporation 06.10.2010 72,8MB 8.0.29 (NOTWENDIG) TOSHIBA Disc Creator TOSHIBA Corporation 10.05.2010 10,2MB 2.1.0.2 for x64 (NOTWENDIG) TOSHIBA eco Utility TOSHIBA Corporation 06.10.2010 6,99MB 1.2.10.64 (NOTWENDIG) TOSHIBA Face Recognition TOSHIBA Corporation 06.10.2010 3.1.3.64 (NOTWENDIG) TOSHIBA Hardware Setup TOSHIBA Corporation 06.10.2010 2.00.06 (NOTWENDIG) TOSHIBA HDD/SSD Alert TOSHIBA Corporation 10.05.2010 39,4MB 3.1.64.6 (NOTWENDIG) Toshiba Manuals TOSHIBA 10.05.2010 10.01 (NOTWENDIG) TOSHIBA Media Controller TOSHIBA CORPORATION 06.10.2010 1.0.80.7.64 (NOTWENDIG) TOSHIBA Media Controller Plug-in TOSHIBA CORPORATION 06.10.2010 4,80MB 1.0.5.10 (NOTWENDIG) TOSHIBA Online Product Information TOSHIBA 10.05.2010 2.09.0001 (NOTWENDIG) TOSHIBA PC Health Monitor TOSHIBA Corporation 06.10.2010 27,9MB 1.6.0.64 (NOTWENDIG) TOSHIBA Recovery Media Creator TOSHIBA Corporation 10.05.2010 3,00MB 2.1.0.4 x64 (NOTWENDIG) TOSHIBA Recovery Media Creator Reminder TOSHIBA 10.05.2010 460KB 1.00.0019 (NOTWENDIG) TOSHIBA ReelTime TOSHIBA Corporation 06.10.2010 1.6.06.64 (NOTWENDIG) TOSHIBA Service Station TOSHIBA 02.06.2011 2.1.45 (NOTWENDIG) TOSHIBA Supervisor Password TOSHIBA Corporation 06.10.2010 2.00.03 (NOTWENDIG) Toshiba TEMPRO Toshiba Europe GmbH 10.05.2010 10,9MB 3.30 (NOTWENDIG) TOSHIBA Value Added Package TOSHIBA Corporation 06.10.2010 95,7MB 1.3.3.64 (NOTWENDIG) TOSHIBA Web Camera Application TOSHIBA Corporation 06.10.2010 1.1.1.15 (NOTWENDIG) TRORMCLauncher 06.10.2010 (UNBEKANNT) TubeBox Freetec 06.01.2013 34,9MB 4.1.1.0 TubeBox! Jens Lorek 21.04.2012 26,1MB 3.4.9 (UNNÖTIG) TuneUp Companion 2.2.1 TuneUp Media, Inc. 14.10.2011 45,1MB 2.2.1 (UNNÖTIG) Windows Live Essentials Microsoft Corporation 10.05.2010 14.0.8089.0726 (UNNÖTIG) Windows Live ID Sign-in Assistant Microsoft Corporation 10.05.2010 10,0MB 6.500.3165.0 (UNNÖTIG) Windows Live Sync Microsoft Corporation 10.05.2010 2,79MB 14.0.8089.726 (UNNÖTIG) Windows Live-Uploadtool Microsoft Corporation 10.05.2010 224KB 14.0.8014.1029 (UNNÖTIG) Windows Movie Maker 2.6 Microsoft Corporation 20.03.2011 8,85MB 2.6.4037.0 (NOTWENDIG) Windows-Treiberpaket - Nokia pccsmcfd (10/12/2007 6.85.4.0) Nokia 23.02.2012 10/12/2007 6.85.4.0 (UNBEKANNT) WinRAR 4.00 beta 7 (32-bit) win.rar GmbH 04.03.2011 4.00.7 (NOTWENDIG) WOW Sugar Bytes 04.03.2011 1.0 (NOTWENDIG) |
|
07.02.2013, 11:53
| #12 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? Deinstaliere: 7-Zip Adobe Community Adobe Flash Player alle Adobe - Adobe Flash Player installieren neueste version laden, instalieren. adobe reader: Adobe - Adobe Reader herunterladen - Alle Versionen haken bei mcafee security scan raus nehmen bitte auch mal den adobe reader wie folgt konfigurieren: adobe reader öffnen, bearbeiten, voreinstellungen. allgemein: nur zertifizierte zusatz module verwenden, anhaken. internet: hier sollte alles deaktiviert werden, es ist sehr unsicher pdfs automatisch zu öffnen, zu downloaden etc. es ist immer besser diese direkt abzuspeichern da man nur so die kontrolle hat was auf dem pc vor geht. bei javascript den haken bei java script verwenden raus nehmen bei updater, automatisch instalieren wählen. übernehmen /ok deinstaliere: avast: vorher lizenz sichern, dann deinstalierfen. neustarten. Avast remover nutzen: avast! Uninstall Utility neustarten. Avast reinstalieren, neustarten. Avira SearchFree : weg, toolbars sind nur ein zusatzrisiko und Avira eh nicht instaliert. bx_cleansweep DAEMON db DivX FabFilter FLV FM FotoSketcher ICQ7.4 Java downloade Java jre: http://www.java.com/de/download/manual.jsp klicke: Download der Java-Software für Windows Offline laden, und instalieren deinstaliere: Kicklab Nero : alle Photo Service SAMSUNG : alle SpywareBlaster TeamViewer : solche software würd ich nur bei Bedarf instaliern, zumal deine Version komplett veraltet ist, aktuell ist version 8! TubeBox: beide TuneUp Windows Live : alle für dich unnötigen. WinRAR 4.00 beta final instalieren. WinRAR 4 - die neue Generation | winrar.de - offizieller WinRAR-Distributor Öffne CCleaner, analysieren, starten, PC neustarten. Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Neustarten, testen, wie PC + Programme wie Browser bzw Avast laufen
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 14:15
| #13 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6889 # api_version=3.0.2 # EOSSerial=6765dacb5c92914499b18586bc056e6d # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-02-07 01:11:00 # local_time=2013-02-07 02:11:00 (+0100, Mitteleuropäische Zeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=772 16777213 100 97 6737892 136952532 0 0 # compatibility_mode=5893 16776573 100 94 84797 111872510 0 0 # scanned=629595 # found=2 # cleaned=0 # scan_time=12166 C:\Program Files (x86)\KONAMI\Pro Evolution Soccer 2012\rld.dll a variant of Win32/Packed.VMProtect.AAH trojan CF8FDDF77FDCFF5F668653CC153DF239A638A1E5 I C:\Qoobox\Quarantine\C\ProgramData\Tarma Installer\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}\_Setupx.dll.vir a variant of Win32/Adware.Yontoo.B application 9FA9FE5FEB58A851F1947745FB5B494F85B9494D I AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.111 - Datei am 07/02/2013 um 15:31:52 erstellt
# Aktualisiert am 05/02/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (64 bits)
# Benutzer : Maze - MAZE-TOSH
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Maze\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Program Files (x86)\Mozilla Firefox\searchplugins\babylon.xml
Ordner Gelöscht : C:\Program Files (x86)\Conduit
Ordner Gelöscht : C:\Program Files (x86)\ICQ6Toolbar
Ordner Gelöscht : C:\ProgramData\ICQ\ICQToolbar
Ordner Gelöscht : C:\Users\Maze\AppData\Local\Conduit
Ordner Gelöscht : C:\Users\Maze\AppData\Local\OpenCandy
Ordner Gelöscht : C:\Users\Maze\AppData\LocalLow\BabylonToolbar
Ordner Gelöscht : C:\Users\Maze\AppData\LocalLow\boost_interprocess
Ordner Gelöscht : C:\Users\Maze\AppData\LocalLow\Conduit
Ordner Gelöscht : C:\Users\Maze\AppData\LocalLow\PriceGong
Ordner Gelöscht : C:\Users\Maze\AppData\Roaming\OpenCandy
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\PriceGong
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar
Schlüssel Gelöscht : HKCU\Software\InstallCore
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{855F3B16-6D32-4FE6-8A56-BBB695989046}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{D4027C7F-154A-4066-A1AD-4243D8127440}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1F096B29-E9DA-4D64-8D63-936BE7762CC5}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{6552C7DD-90A4-4387-B795-F8F96747DE19}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{CFDAFE39-20CE-451D-BD45-A37452F39CF0}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\escort.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\GenericAskToolbar.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\YontooIEClient.DLL
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Conduit.Engine
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2849855
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Toolbar.CT2851647
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\TypeLib\{09C554C3-109B-483C-A06B-F14172F1A947}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\YontooIEClient.Api.1
Schlüssel Gelöscht : HKLM\Software\Conduit
Schlüssel Gelöscht : HKLM\Software\Freeze.com
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\BabylonToolbarsrv_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\SweetIM_RASMANCS
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{2EECD738-5844-4A99-B4B6-146BF802613B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{3C471948-F874-49F5-B338-4F214A2EE0B1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{7E84186E-B5DE-4226-8A66-6E49C6B511B4}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{80922EE0-8A76-46AE-95D5-BD3C3FE0708D}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{DF7770F7-832F-4BDF-B144-100EDDD0C3AE}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{E46C8196-B634-44A1-AF6E-957C64278AB1}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\CLSID\{FE9271F2-6EFD-44B0-A826-84C829536E93}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\dhkplhfnhceodhffomolpfigojocbpcb
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\niapdbllcanepiiimjjndipklodoedlc
Schlüssel Gelöscht : HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{AFDBDDAA-5D3F-42EE-B79C-185A7020515B}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{10DE7085-6A1E-4D41-A7BF-9AF93E351401}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{1AD27395-1659-4DFF-A319-2CFA243861A5}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Software
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser [{D4027C7F-154A-4066-A1AD-4243D8127440}]
***** [Internet Browser] *****
-\\ Internet Explorer v8.0.7601.17514
Ersetzt : [HKCU\Software\Microsoft\Internet Explorer\Main - ICQ Search] = hxxp://search.icq.com/search/results.php?q={searchTerms}&ch_id=osd --> hxxp://www.google.com
-\\ Mozilla Firefox v18.0.2 (de)
Datei : C:\Users\Maze\AppData\Roaming\Mozilla\Firefox\Profiles\19fss6mu.default\prefs.js
Gelöscht : user_pref("extensions.bloson.affiliateLists_data", "aoamedia.com,winavi.com,vso-software.fr,sothink.[...]
-\\ Opera v12.13.1734.0
Datei : C:\Users\Maze\AppData\Roaming\Opera\Opera\operaprefs.ini
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [6346 octets] - [07/02/2013 15:31:52]
########## EOF - C:\AdwCleaner[S1].txt - [6406 octets] ##########
-Avast läuft wieder -Meldung: Selfupdater kann nicht gestartet werden -die "SAMSUNG MObile..." konnten nicht deinstalliert werden |
|
07.02.2013, 21:15
| #14 |
| /// Malware-holic | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? deinstalation mit revo: Revo Uninstaller - Download - Filepony -Meldung: Selfupdater kann nicht gestartet werden steht da noch mehr? dann alles posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
07.02.2013, 22:07
| #15 |
| | Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? -Deinstallation mit revo nicht möglich, da Samsung Mobile... nicht angezeigt wird. *Meldung bei normaler Deinstalltion: A version of driver was found that was not installed with a compatible installer. This is possible because you installed an earlier version of this package. Would you like to uninstal the drivers? klicke -> OK, dann uninstall *Meldung: Samsung mobile...was removed succsessfully -> dann PC Neustart -> keine Veränderung *Selfupdater* Nach Hochfahren kommt Meldung: Selfupdate funktioniert nicht mehr.. Es wird nach einer Lösung gesucht -> nach kurzer Zeit verschwindet die Meldung Habe nach automatischen Updates geschaut, ist alles beim alten, alles aktiv usw. |
|
| Themen zu Avast lässt sich nicht mehr aktivieren - RPC-Fehler durch Wurm? |
| aktiviere, aktivieren, anweisung, avast, avast antivirus, bereits, bericht, bytes, dateien, deaktiviert, einfügen, entferne, erneute, foren, gelingt, hänge, infizierte, komplett, malware, malware bytes, meldung, nciht, nicht mehr, version, verursacht, virus, wurm |
WARNUNG an die MITLESER: 
Linear-Darstellung
