| |
| |||||||
Log-Analyse und Auswertung: win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefundenWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
12.02.2013, 19:47
| #1 | |
 |  win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden Hallo, habe in outlook gestern ein paar emails bekommen unteranderen " Missbrauch Ihres E-Mail-Accounts " und " MAILER-DAEMON@yahoo.com ". Habe danach auch gleich Avira, AVG und Anti Malwarebytes durchlaufen lassen aber ohne Erfolg. Nachdem ich heute Eset Online Scan durchgefürt habe kamen dann diese 2 Trojaner raus: Zitat:
Gruß Tracker7 |
|
13.02.2013, 10:58
| #2 |
| /// Malware-holic   | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden hi
__________________und wo wurden die gefunden, pfadangaben bitte http://www.trojaner-board.de/125889-...en-posten.html
__________________ |
|
13.02.2013, 18:15
| #3 | |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden gefunden wurden die hier:
__________________Zitat:
Code:
ATTFilter Malwarebytes Anti-Malware 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.02.11.09 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 ........ :: ...... [Administrator] 12.02.2013 20:16:17 mbam-log-2013-02-12 (20-16-17).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 230588 Laufzeit: 7 Minute(n), 37 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter C:\Users\.....\Downloads\vlc-2.0.2-win64.exe Win32/StartPage.OPH Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
M:\Mugge\House\Download\vlc-1.1.11-win32.exe Win32/StartPage.OIE Trojaner Gesäubert durch Löschen - in Quarantäne kopiert
|
|
14.02.2013, 14:45
| #4 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden hi lädst du den vlc player von der original page? VideoLAN - Official page for VLC media player, the Open Source video framework! software läf man immer nur vom hersteller! Falls noch nicht vorhanden, lade Dir bitte OTL von Oldtimer herunter und speichere es auf Deinem Desktop
Code:
ATTFilter activex
netsvcs
msconfig
%SYSTEMDRIVE%\*.
%PROGRAMFILES%\*.exe
%LOCALAPPDATA%\*.exe
%systemroot%\*. /mp /s
C:\Windows\system32\*.tsp
/md5start
userinit.exe
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
ws2ifsl.sys
sceclt.dll
ntelogon.dll
winlogon.exe
logevent.dll
user32.DLL
explorer.exe
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
ahcix86s.sys
/md5stop
%systemroot%\system32\drivers\*.sys /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\*.dll /lockedfiles
%USERPROFILE%\*.*
%USERPROFILE%\Local Settings\Temp\*.exe
%USERPROFILE%\Local Settings\Temp\*.dll
%USERPROFILE%\Application Data\*.exe
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs
CREATERESTOREPOINT
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
14.02.2013, 20:54
| #5 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden Hi, das weiß ich nicht mehr, ist schon ewig her, aber glaub der war von www.chip.de hier das OTL Log: Code:
ATTFilter OTL logfile created on: 14.02.2013 20:01:40 - Run 4 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Desktop 64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 8,00 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,13% Memory free 20,00 Gb Paging File | 18,11 Gb Available in Paging File | 90,58% Paging File free Paging file location(s): c:\pagefile.sys 12288 12288 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 186,23 Gb Total Space | 130,32 Gb Free Space | 69,98% Space Free | Partition Type: NTFS Drive M: | 390,62 Gb Total Space | 331,15 Gb Free Space | 84,77% Space Free | Partition Type: NTFS Drive P: | 390,62 Gb Total Space | 345,04 Gb Free Space | 88,33% Space Free | Partition Type: NTFS Drive S: | 195,31 Gb Total Space | 42,62 Gb Free Space | 21,82% Space Free | Partition Type: NTFS Computer Name: STEVE-DEVINE | User Name: ..... | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\.....\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files (x86)\AVG Secure Search\vprot.exe () PRC - C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe () PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) PRC - C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Windows\SysWOW64\DeltaIITray.exe () ========== Modules (No Company Name) ========== MOD - C:\Program Files (x86)\AVG Secure Search\vprot.exe () MOD - C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\SiteSafety.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Windows\SysWOW64\DeltaIITray.exe () ========== Services (SafeList) ========== SRV:64bit: - (VIAKaraokeService) -- C:\Windows\SysNative\ViakaraokeSrv.exe (VIA Technologies, Inc.) SRV:64bit: - (AppleChargerSrv) -- C:\Windows\SysNative\AppleChargerSrv.exe () SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (vToolbarUpdater14.1.7) -- C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe () SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (AVGIDSAgent) -- C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe (AVG Technologies CZ, s.r.o.) SRV - (HTCMonitorService) -- P:\HTC sync\HSMServiceEntry.exe (Nero AG) SRV - (avgwd) -- C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe (AVG Technologies CZ, s.r.o.) SRV - (PassThru Service) -- C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe () SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (nvUpdatusService) -- C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe (NVIDIA Corporation) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (clr_optimization_v4.0.30319_32) -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe (Microsoft Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ES lite Service) -- C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE () SRV - (clr_optimization_v2.0.50727_32) -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV:64bit: - (avgtp) -- C:\Windows\SysNative\drivers\avgtpx64.sys (AVG Technologies) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (Avgmfx64) -- C:\Windows\SysNative\drivers\avgmfx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgldx64) -- C:\Windows\SysNative\drivers\avgldx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (htcnprot) -- C:\Windows\SysNative\drivers\htcnprot.sys (Windows (R) Win 7 DDK provider) DRV:64bit: - (Avgtdia) -- C:\Windows\SysNative\drivers\avgtdia.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (Avgloga) -- C:\Windows\SysNative\drivers\avgloga.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSHA) -- C:\Windows\SysNative\drivers\avgidsha.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (ssudmdm) -- C:\Windows\SysNative\drivers\ssudmdm.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (dg_ssudbus) -- C:\Windows\SysNative\drivers\ssudbus.sys (DEVGURU Co., LTD.(www.devguru.co.kr)) DRV:64bit: - (Avgrkx64) -- C:\Windows\SysNative\drivers\avgrkx64.sys (AVG Technologies CZ, s.r.o.) DRV:64bit: - (AVGIDSDriver) -- C:\Windows\SysNative\drivers\avgidsdrivera.sys (AVG Technologies CZ, s.r.o. ) DRV:64bit: - (sscdmdm) -- C:\Windows\SysNative\drivers\sscdmdm.sys (MCCI Corporation) DRV:64bit: - (sscdbus) -- C:\Windows\SysNative\drivers\sscdbus.sys (MCCI Corporation) DRV:64bit: - (sscdmdfl) -- C:\Windows\SysNative\drivers\sscdmdfl.sys (MCCI Corporation) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (a8djavs) -- C:\Windows\SysNative\drivers\a8djavs.sys (Native Instruments GmbH) DRV:64bit: - (a8djusb_svc) -- C:\Windows\SysNative\drivers\a8djusb.sys (Native Instruments GmbH) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (DELTAII) -- C:\Windows\SysNative\drivers\MAudioDelta.sys (Avid Technology, Inc.) DRV:64bit: - (AppleCharger) -- C:\Windows\SysNative\drivers\AppleCharger.sys () DRV:64bit: - (VIAHdAudAddService) -- C:\Windows\SysNative\drivers\viahduaa.sys (VIA Technologies, Inc.) DRV:64bit: - (ElbyCDIO) -- C:\Windows\SysNative\drivers\ElbyCDIO.sys (Elaborate Bytes AG) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (tsusbhub) -- C:\Windows\SysNative\drivers\tsusbhub.sys (Microsoft Corporation) DRV:64bit: - (Synth3dVsc) -- C:\Windows\SysNative\drivers\Synth3dVsc.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (L1C) -- C:\Windows\SysNative\drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (HTCAND64) -- C:\Windows\SysNative\drivers\ANDROIDUSB.sys (HTC, Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\drivers\stexstor.sys (Promise Technology) DRV:64bit: - (usb_rndisx) -- C:\Windows\SysNative\drivers\usb8023x.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (b57nd60a) -- C:\Windows\SysNative\drivers\b57nd60a.sys (Broadcom Corporation) DRV:64bit: - (hcw85cir) -- C:\Windows\SysNative\drivers\hcw85cir.sys (Hauppauge Computer Works, Inc.) DRV - (gdrv) -- C:\Windows\gdrv.sys (Windows (R) Server 2003 DDK provider) DRV - (WIMMount) -- C:\Windows\SysWOW64\drivers\wimmount.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {0633EE93-D776-472f-A0FF-E1416B8B2E3A} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://de.msn.com/?ocid=iehp IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 96 CF 8C CE 9D 5F CD 01 [binary data] IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes,DefaultScope = {95B7759C-8C7F-4BF1-B163-73684A933233} IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=SPLBR1&pc=SPLH IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{5C236350-671F-40ce-B6C1-3C5476C2D2C1}: "URL" = hxxp://de.search.yahoo.com/search?p={searchTerms}&fr=chr-devicevm&type=IEBDSV IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{95B7759C-8C7F-4BF1-B163-73684A933233}: "URL" = https://isearch.avg.com/search?cid={C05C9820-C280-4E4B-88E7-745E822C2845}&mid=aa826477c25447d0af9581ac0f8228b4-9f9c2bea51192688557d723b2a25abf41b948d09&lang=de&ds=AVG&pr=fr&d=2012-10-03 19:10:07&v=12.2.5.34&sap=dsp&q={searchTerms} IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{9E177DC2-2452-45c1-9855-A13360BD68C5}: "URL" = hxxp://www.google.com/cse?cx=partner-pub-3794288947762788%3A7941509802&ie=UTF-8&sa=Search&siteurl=www.google.com%2Fcse%2Fhome%3Fcx%3Dpartner-pub-3794288947762788%3A7941509802&q={searchTerms} IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..\SearchScopes\{E2EDFDE3-69EC-493B-8D83-3F637DBFA538}: "URL" = hxxp://de.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=827316&p={searchTerms} IE - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "Yahoo" FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&ilc=12&type=827316" FF - prefs.js..browser.search.selectedEngine: "LEO Eng-Deu" FF - prefs.js..browser.startup.homepage: "www.google.de" FF - prefs.js..extensions.enabledAddons: {0153E448-190B-4987-BDE1-F256CADA672F}:15.0.6 FF - prefs.js..extensions.enabledAddons: avg@toolbar:14.1.0.10 FF - prefs.js..keyword.URL: "hxxp://isearch.avg.com/search?cid=%7B1d197ca7-8b43-4cf9-a6ce-1881e44254c3%7D&mid=aa826477c25447d0af9581ac0f8228b4-9f9c2bea51192688557d723b2a25abf41b948d09&ds=AVG&v=13.2.0.5&lang=de&pr=fr&d=2012-10-03%2019%3A10%3A07&sap=ku&q=" FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_168.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.2: P:\VLC\npvlc.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_168.dll () FF - HKLM\Software\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin: C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\14.1.7\\npsitesafety.dll () FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.13.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.13.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpchromebrowserrecordext;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprpchromebrowserrecordext.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=15.0.6.14: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpplugin;version=15.0.6.14: c:\program files (x86)\real\realplayer\Netscape6\nprpplugin.dll (RealPlayer) FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=2.0.4: C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@toolbar: C:\ProgramData\AVG Secure Search\FireFoxExt\14.1.0.10 [2013.02.12 05:58:34 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{0153E448-190B-4987-BDE1-F256CADA672F}: C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2012.12.27 10:21:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2012.07.11 20:17:15 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 13.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.07.11 20:17:26 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Extensions [2013.02.14 19:50:05 | 000,000,000 | ---D | M] (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\Firefox\Profiles\ekec08ch.default\extensions [2013.02.14 19:50:05 | 000,817,280 | ---- | M] () (No name found) -- C:\Users\.....\AppData\Roaming\mozilla\firefox\profiles\ekec08ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2012.07.11 20:17:15 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.12 05:58:34 | 000,000,000 | ---D | M] (AVG Security Toolbar) -- C:\PROGRAMDATA\AVG SECURE SEARCH\FIREFOXEXT\14.1.0.10 [2012.12.27 10:21:54 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\PROGRAMDATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT [2012.06.14 23:19:07 | 000,085,472 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.06.14 23:46:57 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.12 05:58:34 | 000,003,591 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\avg-secure-search.xml [2012.06.14 23:46:56 | 000,002,252 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.06.14 23:46:57 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.06.14 23:46:57 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.06.14 23:46:57 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.06.14 23:46:56 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml ========== Chrome ========== CHR - homepage: hxxp://www.google.com CHR - homepage: hxxp://www.google.com CHR - Extension: Google Mail = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf\0.0.0.19_0\ CHR - Extension: Google Mail = C:\Users\.....\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia\7_0\ O1 HOSTS File: ([2009.06.10 22:00:26 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\ProgramData\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found. O4 - HKLM..\Run: [AVG_UI] C:\Program Files (x86)\AVG\AVG2013\avgui.exe (AVG Technologies CZ, s.r.o.) O4 - HKLM..\Run: [M-Audio Taskbar Icon] C:\Windows\SysWOW64\DeltaIITray.exe () O4 - HKLM..\Run: [vProt] C:\Program Files (x86)\AVG Secure Search\vprot.exe () O4 - HKU\S-1-5-19..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\Run: [Sidebar] C:\Program Files (x86)\Windows Sidebar\Sidebar.exe (Microsoft Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O15 - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..Trusted Domains: fritz.box ([]* in Lokales Intranet) O15 - HKU\S-1-5-21-3224495606-1509413364-808719173-1000\..Trusted Ranges: Range1 ([*] in Lokales Intranet) O16:64bit: - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control) O16:64bit: - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} https://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{830FD184-6F66-4D8C-837B-9839C2155C07}: DhcpNameServer = 192.168.178.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{D143376D-5C2D-44C0-A6B8-0E264251D33C}: DhcpNameServer = 192.168.42.129 O18:64bit: - Protocol\Handler\linkscanner - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\viprotocol - No CLSID value found O18 - Protocol\Handler\linkscanner - No CLSID value found O18 - Protocol\Handler\viprotocol {B658800C-F66E-4EF3-AB85-6C0C227862A9} - C:\Program Files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.1.7\ViProtocol.dll () O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O28:64bit: - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Programme\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation) O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\PROGRA~2\MICROS~1\Office14\GROOVEEX.DLL (Microsoft Corporation) O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ActiveX:64bit: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX:64bit: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX:64bit: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX:64bit: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX:64bit: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX:64bit: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX:64bit: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX:64bit: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX:64bit: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX:64bit: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX:64bit: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX:64bit: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX:64bit: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\System32\ie4uinit.exe -BaseSettings ActiveX:64bit: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\system32\Rundll32.exe C:\Windows\system32\mscories.dll,Install ActiveX:64bit: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX:64bit: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX:64bit: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX:64bit: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX:64bit: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX:64bit: {FEBEF00C-046D-438D-8A88-BF94A6C9E703} - .NET Framework ActiveX:64bit: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX:64bit: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\System32\ie4uinit.exe -UserIconConfig ActiveX:64bit: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\iedkcs32.dll",BrandIEActiveSetup SIGNUP ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 12.0 ActiveX: {25FFAAD0-F4A3-4164-95FF-4461E9F35D51} - .NET Framework ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles(x86)%\Windows Mail\WinMail.exe" OCInstallUserConfigOE ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6 ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - Address Book 7 ActiveX: {7C028AF8-F614-47B3-82DA-BA94E41B1089} - .NET Framework ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\Windows\SysWOW64\ie4uinit.exe -BaseSettings ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - C:\Windows\SysWOW64\Rundll32.exe C:\Windows\SysWOW64\mscories.dll,Install ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface ActiveX: {F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} - .NET Framework ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - %SystemRoot%\system32\unregmp2.exe /ShowWMP ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\Windows\SysWOW64\ie4uinit.exe -UserIconConfig ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\Windows\SysWOW64\rundll32.exe" "C:\Windows\SysWOW64\iedkcs32.dll",BrandIEActiveSetup SIGNUP NetSvcs:64bit: AppMgmt - C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) MsConfig:64bit - StartUpFolder: C:^Users^.....^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - - File not found MsConfig:64bit - StartUpReg: Adobe ARM - hkey= - key= - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe (Adobe Systems Incorporated) MsConfig:64bit - StartUpReg: BCSSync - hkey= - key= - C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) MsConfig:64bit - StartUpReg: HDAudDeck - hkey= - key= - C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe (VIA) MsConfig:64bit - StartUpReg: KiesAirMessage - hkey= - key= - P:\Kies\KiesAirMessage.exe (Samsung Electronics) MsConfig:64bit - StartUpReg: KiesPreload - hkey= - key= - P:\Kies\Kies.exe (Samsung) MsConfig:64bit - StartUpReg: KiesTrayAgent - hkey= - key= - P:\Kies\KiesTrayAgent.exe (Samsung Electronics Co., Ltd.) MsConfig:64bit - StartUpReg: TkBellExe - hkey= - key= - c:\program files (x86)\real\realplayer\Update\realsched.exe (RealNetworks, Inc.) MsConfig:64bit - State: "services" - Reg Error: Key error. MsConfig:64bit - State: "startup" - Reg Error: Key error. CREATERESTOREPOINT Restore point Set: OTL Restore Point ========== Files/Folders - Created Within 30 Days ========== [2013.02.12 21:13:55 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\ESET [2013.02.12 21:00:15 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe [2013.02.12 05:58:23 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\AVG Secure Search [2013.02.08 18:02:05 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.08 18:02:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.08 18:02:00 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.08 18:02:00 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.01.27 11:42:50 | 000,000,000 | -H-D | C] -- C:\ProgramData\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F} [2013.01.27 11:42:08 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Native Instruments [2013.01.26 18:39:02 | 000,000,000 | ---D | C] -- C:\Users\.....\AppData\Local\Serato ========== Files - Modified Within 30 Days ========== [2013.02.14 19:59:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.14 14:11:21 | 000,022,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:11:21 | 000,022,864 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.14 14:04:11 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.14 14:04:09 | 2146,295,807 | -HS- | M] () -- C:\hiberfil.sys [2013.02.13 06:08:50 | 001,498,742 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.13 06:08:50 | 000,654,150 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.13 06:08:50 | 000,616,032 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.13 06:08:50 | 000,130,022 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.13 06:08:50 | 000,106,412 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.12 21:00:15 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\.....\Desktop\OTL.exe [2013.02.12 20:14:39 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.02.12 20:14:39 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl [2013.02.12 05:58:07 | 000,039,768 | ---- | M] (AVG Technologies) -- C:\Windows\SysNative\drivers\avgtpx64.sys [2013.02.10 18:27:51 | 787,955,756 | ---- | M] () -- C:\Users\.....\Desktop\2013-02-10_17h13m24.wav [2013.02.10 12:44:50 | 000,005,062 | ---- | M] () -- C:\Users\.....\Desktop\(Kündigung).pdf [2013.02.08 18:01:55 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.02.08 18:01:55 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.02.08 18:01:55 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.02.08 18:01:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.02.08 18:01:55 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.02.08 18:01:55 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.02.06 14:52:44 | 000,021,347 | ---- | M] () -- C:\Users\.....\Desktop\www.DJ-Technik.de.pdf [2013.01.26 22:20:29 | 000,000,000 | -H-- | M] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a8djusb_01009.Wdf [2013.01.25 15:49:02 | 000,127,111 | ---- | M] () -- C:\Users\.....\Desktop\PicsPlay_1359125342488.jpg [2013.01.25 13:02:12 | 000,000,125 | -HS- | M] () -- C:\ProgramData\.zreglib ========== Files Created - No Company Name ========== [2013.02.10 18:31:01 | 787,955,756 | ---- | C] () -- C:\Users\.....\Desktop\2013-02-10_17h13m24.wav [2013.02.10 12:44:49 | 000,005,062 | ---- | C] () -- C:\Users\.....\Desktop\(Kündigung).pdf [2013.02.07 12:33:43 | 000,127,111 | ---- | C] () -- C:\Users\.....\Desktop\PicsPlay_1359125342488.jpg [2013.02.06 14:52:43 | 000,021,347 | ---- | C] () -- C:\Users\.....\Desktop\www.DJ-Technik.de.pdf [2013.01.26 22:20:29 | 000,000,000 | -H-- | C] () -- C:\Windows\SysNative\drivers\Msft_Kernel_a8djusb_01009.Wdf [2012.10.10 20:21:36 | 000,000,125 | -HS- | C] () -- C:\ProgramData\.zreglib [2012.10.05 15:41:33 | 000,223,882 | ---- | C] () -- C:\Users\.....\.TransferManager.db [2012.09.26 19:57:16 | 000,030,568 | ---- | C] () -- C:\Windows\MusiccityDownload.exe [2012.09.26 19:57:14 | 000,974,848 | ---- | C] () -- C:\Windows\SysWow64\cis-2.4.dll [2012.09.26 19:57:14 | 000,081,920 | ---- | C] () -- C:\Windows\SysWow64\issacapi_bs-2.3.dll [2012.09.26 19:57:14 | 000,065,536 | ---- | C] () -- C:\Windows\SysWow64\issacapi_pe-2.3.dll [2012.09.26 19:57:14 | 000,057,344 | ---- | C] () -- C:\Windows\SysWow64\issacapi_se-2.3.dll [2012.07.11 19:49:47 | 000,000,010 | ---- | C] () -- C:\Windows\GSetup.ini [2011.02.18 15:28:16 | 000,236,040 | ---- | C] () -- C:\Windows\SysWow64\DeltaIITray.exe ========== ZeroAccess Check ========== [2009.07.14 05:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 = C:\Windows\SysNative\shell32.dll -- [2012.06.09 06:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) ThreadingModel = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] = %SystemRoot%\system32\shell32.dll -- [2012.06.09 05:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) ThreadingModel = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 = C:\Windows\SysNative\wbem\fastprox.dll -- [2009.07.14 02:40:51 | 000,909,312 | ---- | M] (Microsoft Corporation) ThreadingModel = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.21 04:24:25 | 000,606,208 | ---- | M] (Microsoft Corporation) ThreadingModel = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.14 02:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) ThreadingModel = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2012.10.13 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\Default\AppData\Roaming\TuneUp Software [2012.10.13 08:57:27 | 000,000,000 | ---D | M] -- C:\Users\Default User\AppData\Roaming\TuneUp Software [2013.01.12 14:19:05 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Ableton [2012.10.03 18:29:24 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\AVG2013 [2012.07.16 18:07:55 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Canneverbe Limited [2012.11.24 09:51:57 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\com.beatport.BeatportDownloader [2012.12.24 16:11:02 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC [2012.12.24 16:11:01 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\HTC Sync [2012.12.24 16:56:14 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\MyPhoneExplorer [2012.11.10 12:07:08 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\pdfforge [2012.11.04 10:24:13 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Samsung [2012.07.11 20:46:50 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\Splashtop [2012.10.03 18:10:16 | 000,000,000 | ---D | M] -- C:\Users\.....\AppData\Roaming\TuneUp Software ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\*. > [2012.10.13 08:56:58 | 000,000,000 | -H-D | M] -- C:\$AVG [2012.07.11 19:36:27 | 000,000,000 | -HSD | M] -- C:\$Recycle.Bin [2013.02.13 18:03:59 | 000,000,000 | -HSD | M] -- C:\Config.Msi [2011.12.06 21:53:57 | 000,000,000 | -HSD | M] -- C:\Dokumente und Einstellungen [2011.12.19 12:10:55 | 000,000,000 | ---D | M] -- C:\Intel [2011.12.10 19:31:36 | 000,000,000 | RH-D | M] -- C:\MSOCache [2011.12.17 19:54:10 | 000,000,000 | ---D | M] -- C:\NVIDIA [2012.07.15 09:08:07 | 000,000,000 | ---D | M] -- C:\PCWELT [2009.07.14 04:20:08 | 000,000,000 | ---D | M] -- C:\PerfLogs [2012.12.27 10:21:29 | 000,000,000 | R--D | M] -- C:\Program Files [2013.02.12 21:13:55 | 000,000,000 | R--D | M] -- C:\Program Files (x86) [2013.02.12 19:55:35 | 000,000,000 | -H-D | M] -- C:\ProgramData [2011.12.06 21:53:57 | 000,000,000 | -HSD | M] -- C:\Programme [2012.07.11 19:36:06 | 000,000,000 | -HSD | M] -- C:\Recovery [2013.02.14 20:02:57 | 000,000,000 | -HSD | M] -- C:\System Volume Information [2013.02.10 16:55:19 | 000,000,000 | ---D | M] -- C:\temp [2012.07.11 20:20:52 | 000,000,000 | R--D | M] -- C:\Users [2013.02.12 21:18:52 | 000,000,000 | ---D | M] -- C:\Windows [2012.07.12 18:50:37 | 000,000,000 | ---D | M] -- C:\Windows.old.000 < %PROGRAMFILES%\*.exe > < %LOCALAPPDATA%\*.exe > < %systemroot%\*. /mp /s > < C:\Windows\system32\*.tsp > [2009.07.14 02:14:11 | 000,030,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\hidphone.tsp [2009.07.14 02:14:11 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\kmddsp.tsp [2009.07.14 02:14:11 | 000,050,688 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\ndptsp.tsp [2009.07.14 02:14:11 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\remotesp.tsp [2010.11.21 04:23:55 | 000,281,088 | ---- | M] (Microsoft Corporation) -- C:\Windows\system32\unimdm.tsp [2009.07.14 06:08:49 | 000,000,006 | -H-- | C] () -- C:\Windows\Tasks\SA.DAT [2009.07.14 06:08:49 | 000,032,632 | ---- | C] () -- C:\Windows\Tasks\SCHEDLGU.TXT [2012.07.14 06:33:38 | 000,000,884 | ---- | C] () -- C:\Windows\Tasks\Adobe Flash Player Updater.job < MD5 for: AGP440.SYS > [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\drivers\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\SysNative\DriverStore\FileRepository\machine.inf_amd64_neutral_a2f120466549d68b\AGP440.sys [2009.07.14 02:52:21 | 000,061,008 | ---- | M] (Microsoft Corporation) MD5=608C14DBA7299D8CB6ED035A68A15799 -- C:\Windows\winsxs\amd64_machine.inf_31bf3856ad364e35_6.1.7601.17514_none_1838f2aad55063bb\AGP440.sys < MD5 for: ATAPI.SYS > [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\drivers\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\SysNative\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys [2009.07.14 02:52:21 | 000,024,128 | ---- | M] (Microsoft Corporation) MD5=02062C0B390B7729EDC9E69C680A6F3C -- C:\Windows\winsxs\amd64_mshdc.inf_31bf3856ad364e35_6.1.7601.17514_none_3b5e2d89382958dd\atapi.sys < MD5 for: CNGAUDIT.DLL > [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\SysWOW64\cngaudit.dll [2009.07.14 02:15:06 | 000,012,288 | ---- | M] (Microsoft Corporation) MD5=50BA656134F78AF64E4DD3C8B6FEFD7E -- C:\Windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\SysNative\cngaudit.dll [2009.07.14 02:40:20 | 000,018,944 | ---- | M] (Microsoft Corporation) MD5=86FE1B1F8FD42CD0DB641AB1CDB13093 -- C:\Windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll < MD5 for: EXPLORER.EXE > [2011.02.26 06:19:21 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=0FB9C74046656D1579A64660AD67B746 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_ba87e574ddfe652d\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\explorer.exe [2011.02.25 07:19:30 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=332FEAB1435662FC6C672E25BEB37BE3 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe [2011.02.26 07:14:34 | 002,871,808 | ---- | M] (Microsoft Corporation) MD5=3B69712041F3D63605529BD66DC00C48 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe [2010.11.21 04:24:25 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=40D777B7A95E00593EB1568C68514493 -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_ba2f56d3c4bcbafb\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\SysWOW64\explorer.exe [2011.02.25 06:30:54 | 002,616,320 | ---- | M] (Microsoft Corporation) MD5=8B88EBBB05A0E56B7DCC708498C02B3E -- C:\Windows\winsxs\wow64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_b9fc4815c4e292b5\explorer.exe [2010.11.21 04:24:11 | 002,872,320 | ---- | M] (Microsoft Corporation) MD5=AC4C51EB24AA95B77F705AB159189E24 -- C:\Windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe < MD5 for: IASTORV.SYS > [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_668286aa35d55928\iaStorV.sys [2010.11.21 04:23:47 | 000,410,496 | ---- | M] (Intel Corporation) MD5=3DF4395A7CF8B7A72A5F4606366B8C2D -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17514_none_0d3757e79e6784d0\iaStorV.sys [2011.03.11 07:19:16 | 000,410,496 | ---- | M] (Intel Corporation) MD5=5B3DE7208E5000D5B451B9D290D2579C -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.21680_none_0d714416b7c182d5\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\drivers\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\SysNative\DriverStore\FileRepository\iastorv.inf_amd64_neutral_0bcee2057afcc090\iaStorV.sys [2011.03.11 07:41:26 | 000,410,496 | ---- | M] (Intel Corporation) MD5=AAAF44DB3BD0B9D1FB6969B23ECC8366 -- C:\Windows\winsxs\amd64_iastorv.inf_31bf3856ad364e35_6.1.7601.17577_none_0cf9793d9e95787b\iaStorV.sys < MD5 for: NETLOGON.DLL > [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\SysNative\netlogon.dll [2010.11.21 04:24:01 | 000,695,808 | ---- | M] (Microsoft Corporation) MD5=AA339DD8BB128EF66660DFBBB59043D3 -- C:\Windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\SysWOW64\netlogon.dll [2010.11.21 04:24:09 | 000,563,712 | ---- | M] (Microsoft Corporation) MD5=C1809B9907ADEDAF16F50C894100883B -- C:\Windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll < MD5 for: NVSTOR.SYS > [2011.03.11 07:19:21 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=D23C7E8566DA2B8A7C0DBBB761D54888 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.21680_none_983ab4c5eef82cad\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\drivers\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_0276fc3b3ea60d41\nvstor.sys [2011.03.11 07:41:34 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=DAB0E87525C10052BF65F06152F37E4A -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17577_none_97c2e9ecd5cc2253\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\SysNative\DriverStore\FileRepository\nvraid.inf_amd64_neutral_dd659ed032d28a14\nvstor.sys [2010.11.21 04:23:47 | 000,166,272 | ---- | M] (NVIDIA Corporation) MD5=F7CD50FE7139F07E77DA8AC8033D1832 -- C:\Windows\winsxs\amd64_nvraid.inf_31bf3856ad364e35_6.1.7601.17514_none_9800c896d59e2ea8\nvstor.sys < MD5 for: SCECLI.DLL > [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\SysWOW64\scecli.dll [2010.11.21 04:23:54 | 000,175,616 | ---- | M] (Microsoft Corporation) MD5=8124944EC89D6A1815E4E53F5B96AAF4 -- C:\Windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\SysNative\scecli.dll [2010.11.21 04:24:32 | 000,232,960 | ---- | M] (Microsoft Corporation) MD5=ED78427259134C63ED69804D2132B86C -- C:\Windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll < MD5 for: USER32.DLL > [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\SysWOW64\user32.dll [2010.11.21 04:24:20 | 000,833,024 | ---- | M] (Microsoft Corporation) MD5=5E0DB2D8B2750543CD2EBB9EA8E6CDD3 -- C:\Windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\SysNative\user32.dll [2010.11.21 04:24:09 | 001,008,128 | ---- | M] (Microsoft Corporation) MD5=FE70103391A64039A921DBFFF9C7AB1B -- C:\Windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll < MD5 for: USERINIT.EXE > [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\SysWOW64\userinit.exe [2010.11.21 04:23:55 | 000,026,624 | ---- | M] (Microsoft Corporation) MD5=61AC3EFDFACFDD3F0F11DD4FD4044223 -- C:\Windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\SysNative\userinit.exe [2010.11.21 04:24:28 | 000,030,720 | ---- | M] (Microsoft Corporation) MD5=BAFE84E637BF7388C96EF48D4D3FDD53 -- C:\Windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe < MD5 for: WINLOGON.EXE > [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\SysNative\winlogon.exe [2010.11.21 04:24:29 | 000,390,656 | ---- | M] (Microsoft Corporation) MD5=1151B1BAA6F350B1DB6598E0FEA7C457 -- C:\Windows\winsxs\amd64_microsoft-windows-winlogon_31bf3856ad364e35_6.1.7601.17514_none_cde90685eb910636\winlogon.exe [2012.12.14 16:49:28 | 000,216,424 | ---- | M] () MD5=22101A85B3CA2FE2BE05FE9A61A7A83D -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\Chameleon\winlogon.exe < MD5 for: WS2IFSL.SYS > [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\SysNative\drivers\ws2ifsl.sys [2009.07.14 01:10:33 | 000,021,504 | ---- | M] (Microsoft Corporation) MD5=6BCC1D7D2FD2453957C5479A32364E52 -- C:\Windows\winsxs\amd64_microsoft-windows-w..rastructure-ws2ifsl_31bf3856ad364e35_6.1.7600.16385_none_ab7b927be17eace8\ws2ifsl.sys < %systemroot%\system32\drivers\*.sys /lockedfiles > < %systemroot%\System32\config\*.sav > < %systemroot%\system32\*.dll /lockedfiles > < %USERPROFILE%\*.* > [2012.11.24 08:12:26 | 000,223,882 | ---- | M] () -- C:\Users\.....\.TransferManager.db [2013.02.14 20:01:51 | 003,670,016 | -HS- | M] () -- C:\Users\.....\ntuser.dat [2013.02.14 20:01:51 | 000,262,144 | -HS- | M] () -- C:\Users\.....\ntuser.dat.LOG1 [2012.07.11 19:36:12 | 000,000,000 | -HS- | M] () -- C:\Users\.....\ntuser.dat.LOG2 [2012.07.11 20:10:43 | 000,065,536 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf [2012.07.11 20:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms [2012.07.11 20:10:43 | 000,524,288 | -HS- | M] () -- C:\Users\.....\NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms [2012.07.11 19:36:13 | 000,000,020 | -HS- | M] () -- C:\Users\.....\ntuser.ini < %USERPROFILE%\Local Settings\Temp\*.exe > < %USERPROFILE%\Local Settings\Temp\*.dll > < %USERPROFILE%\Application Data\*.exe > < HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems|Windows /rs > HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Required: DebugWindows [binary data] HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager\SubSystems\\Windows: %SystemRoot%\system32\csrss.exe ObjectDirectory=\Windows SharedSection=1024,20480,768 Windows=On SubSystemType=Windows ServerDll=basesrv,1 ServerDll=winsrv:UserServerDllInitialization,3 ServerDll=winsrv:ConServerDllInitialization,2 ServerDll=sxssrv,4 ProfileControl=Off MaxRequestThreads=16 < > < End of report > hier der Extra Log: Code:
ATTFilter OTL Extras logfile created on: 14.02.2013 20:01:40 - Run 4
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\.....\Desktop
64bit- Enterprise Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
8,00 Gb Total Physical Memory | 6,17 Gb Available Physical Memory | 77,13% Memory free
20,00 Gb Paging File | 18,11 Gb Available in Paging File | 90,58% Paging File free
Paging file location(s): c:\pagefile.sys 12288 12288 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86)
Drive C: | 186,23 Gb Total Space | 130,32 Gb Free Space | 69,98% Space Free | Partition Type: NTFS
Drive M: | 390,62 Gb Total Space | 331,15 Gb Free Space | 84,77% Space Free | Partition Type: NTFS
Drive P: | 390,62 Gb Total Space | 345,04 Gb Free Space | 88,33% Space Free | Partition Type: NTFS
Drive S: | 195,31 Gb Total Space | 42,62 Gb Free Space | 21,82% Space Free | Partition Type: NTFS
Computer Name: ..... | User Name: ..... | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html[@ = ChromeHTML] -- Reg Error: Key error. File not found
.url[@ = InternetShortcut] -- C:\Windows\SysNative\rundll32.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\SysWow64\control.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found
[HKEY_USERS\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
InternetShortcut [open] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\ieframe.dll",OpenURL %l (Microsoft Corporation)
InternetShortcut [print] -- "C:\Windows\System32\rundll32.exe" "C:\Windows\System32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
http [open] -- Reg Error: Key error.
https [open] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
cval = 1
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
VistaSp1 = 28 4D B2 76 41 04 CA 01 [binary data]
AntiVirusOverride = 0
AntiSpywareOverride = 0
FirewallOverride = 0
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
EnableFirewall = 1
DisableNotifications = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
EnableFirewall = 1
DisableNotifications = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
EnableFirewall = 1
DisableNotifications = 0
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{07E54400-2BD1-4404-9716-4D8EA4DE5894} = rport=445 | protocol=6 | dir=out | app=system |
{09A9AB53-8DD9-40EC-B1E2-694FBD8DBD7D} = rport=139 | protocol=6 | dir=out | app=system |
{0BA559C5-8D60-49F1-9E3B-9143FFCBD998} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{1509F5F6-1370-441C-BBE8-02CBA3C669B7} = rport=3702 | protocol=17 | dir=out | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{2A39B6D1-D513-4664-8684-1C9B19CCF73E} = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{2A516AF8-A264-4E84-AF69-1D0EB8A9E322} = lport=3702 | protocol=17 | dir=in | svc=fdphost | app=%systemroot%\system32\svchost.exe |
{2EE202B2-36D1-40B4-AB77-C4A10BBA40DB} = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{37DF1393-92A8-490A-A891-A134D085C691} = rport=138 | protocol=17 | dir=out | app=system |
{39296BA5-7C6B-407A-B168-2A3FE50A999A} = lport=137 | protocol=17 | dir=in | app=system |
{3A05D413-E662-4DF7-A5C9-73BCFE2CACCA} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{44E0A0F6-E7AD-46BD-A3AB-527385894A1D} = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
{496C1097-4FFB-476D-8126-536AEB9BE3F8} = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{5CBAB4E6-CB8D-49DB-8822-45EF3F2B8CC3} = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
{6E4F5852-842A-40D9-9E94-629EB02F904E} = lport=3702 | protocol=17 | dir=in | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{704D6EEF-01B3-40DC-BBEA-3E9070D8E57B} = lport=2869 | protocol=6 | dir=in | app=system |
{8D991D30-A9F8-4253-B054-157B7052C5E9} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{8DEC3FEB-20C9-44BB-B95D-F4063D2E7EA5} = lport=138 | protocol=17 | dir=in | app=system |
{8FD23DFB-D3B7-4F11-9565-2453E327C9C5} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{96481BCE-F58F-4B00-90C7-C44841B73872} = lport=10243 | protocol=6 | dir=in | app=system |
{B172C30C-52AC-465F-82A5-902E4D1887E2} = rport=3702 | protocol=17 | dir=out | svc=fdrespub | app=%systemroot%\system32\svchost.exe |
{BAFCEB9B-0D71-4556-AA47-A1A52FECE7E3} = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{BE63929F-9D2A-458E-A064-EBDA140A2FEA} = lport=6004 | protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\outlook.exe |
{C93BB3DA-1B32-48A2-8BD6-ECCF700F5618} = lport=445 | protocol=6 | dir=in | app=system |
{D4ED57DC-4010-4E3D-8D94-E6A17660829D} = rport=137 | protocol=17 | dir=out | app=system |
{D5E3919D-6BBC-4555-B5B4-D1860E2B03C9} = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
{DFF8BCC4-A22D-4138-AF77-6240327C806A} = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
{E75AF2A4-AFCE-4AEA-87F6-A92F41C6508F} = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
{F2BAB077-BED7-4BA4-BEC5-4E77073434EB} = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
{F363EAF8-AFA2-4FE1-BE65-6F87A50231BA} = lport=139 | protocol=6 | dir=in | app=system |
{F71CD422-715A-4B6F-AC3A-538D7F12BAA6} = rport=10243 | protocol=6 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
{19750B4F-82C0-4005-9CAF-C3A189063A87} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
{43D3EE78-410D-4695-8F4B-96750275C6E4} = protocol=6 | dir=in | app=c:\windows\syswow64\muzapp.exe |
{4E91E7BE-7CB1-4428-92F2-B6D1CE899E77} = protocol=17 | dir=in | app=c:\windows\syswow64\muzapp.exe |
{5547F602-ABCB-4A0A-A09F-F85B5DE6B615} = protocol=17 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{558C09FD-E4A0-444B-B28F-59FC3E6B435F} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{57CECAD1-AA0C-42FF-8069-117E74765358} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{593FB00C-FC6F-4430-9154-2B717BD64D6E} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
{60380D15-FBD7-4C8B-BC3C-8967A8F45F07} = protocol=6 | dir=out | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{62A68AED-6884-4D27-837C-33DD97AD0DAA} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{6B95C4F1-21C9-406E-AD93-AE1320CD5D00} = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
{6C3CA40A-32CF-410B-8CB7-A78C7932B576} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{7268EE29-6953-4FFE-93AB-675178B42B4D} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{7332D17F-FEE3-42C3-84A5-825C76DC7963} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
{73E75108-BFE1-4E4F-9FBE-0BB7018A1893} = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
{7C3CC28B-55C8-44F8-8A66-F5072F2E76D6} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{803CBD30-1039-43C7-9E4E-2C1DA04F3EE8} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
{878C23B5-3EA6-4FCB-A85B-4B76F9EEED67} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
{8BC25A10-01E6-4B0B-94D2-04A58E184E65} = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
{9563EDB6-1B66-4089-8A84-8CA5297DE2C7} = protocol=17 | dir=in | app=%programfiles(x86)%\windows media player\wmplayer.exe |
{975FA220-208A-4C0D-B358-9E26A3FFF0D1} = protocol=6 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{9F13E84D-2D97-4E6C-90E5-0EEADE9B5FF1} = dir=in | app=p:\htc sync\htcsyncmanager.exe |
{A0582EE6-81C3-440E-A2A1-FDC811C3A234} = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{A584B170-F9A7-43FA-A032-8DCD4016FA54} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\groove.exe |
{A5ACB58B-8371-46DD-9BEF-BAACC021C3FD} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgmfapx.exe |
{A9B2CA1D-8D8B-4265-A234-93153A56205F} = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
{B09AC059-CC0C-46A5-A2A9-8BBCB7911CAD} = protocol=17 | dir=in | app=c:\program files (x86)\microsoft office\office14\onenote.exe |
{B9FC76BE-84A8-4A0F-A58D-4C02E78143C1} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgemca.exe |
{BEF906F8-5B1D-469A-B0BF-4CAAB2704AB4} = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
{C3716975-741B-4E9B-AF26-1774ADA184F0} = protocol=17 | dir=in | app=c:\program files (x86)\avg\avg2013\avgnsa.exe |
{C6214EB8-D355-4373-82C6-54358DE6FDBD} = protocol=6 | dir=in | app=c:\program files (x86)\avg\avg2013\avgdiagex.exe |
{CCA80023-B485-4541-A2FB-A9F7F8767F74} = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
{D5FAF219-BCA2-41D6-96F7-2A92AC1A19A0} = protocol=6 | dir=out | app=system |
{E94EDAA1-1AC4-491B-83AB-311F7FFCAF4F} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
{F838C6CC-DE62-4FAE-B0A9-0B253678888C} = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
{F90A1BC3-4B97-429C-AC51-DA356804F42A} = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
TCP Query User{021D38A8-9C22-408A-88A7-6DF6174BFFBA}C:\program files (x86)\java\jre7\bin\javaw.exe = protocol=6 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
UDP Query User{F11308D1-9A4D-4990-AE7C-C16F04D05B00}C:\program files (x86)\java\jre7\bin\javaw.exe = protocol=17 | dir=in | app=c:\program files (x86)\java\jre7\bin\javaw.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
64bit: [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{0E3DAF3D-FF69-345A-A99E-1FED304CA083} = Microsoft .NET Framework 4 Client Profile DEU Language Pack
{1D8E6291-B0D5-35EC-8441-6616F567A0F7} = Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
{21B133D6-5979-47F0-BE1C-F6A6B304693F} = Visual Studio 2010 x64 Redistributables
{2A358F86-3AF5-11E0-A832-B6A6DFD72085} = M-Audio Delta Driver 6.0.5 (x64)
{470BB39A-7231-4077-AD3D-86067AD04604} = Native Instruments Audio 8 DJ
{502275B0-3DA3-44D8-8702-066525CAAE98} = AVG 2013
{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00} = Microsoft Silverlight
{90140000-002A-0000-1000-0000000FF1CE} = Microsoft Office Office 64-bit Components 2010
{90140000-002A-0407-1000-0000000FF1CE} = Microsoft Office Shared 64-bit MUI (German) 2010
{A8EC0CC0-AD8D-4244-B080-424EDF7A7634} = Native Instruments Traktor 2
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.ControlPanel = NVIDIA Systemsteuerung 301.42
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver = NVIDIA Grafiktreiber 301.42
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update = NVIDIA Update 1.8.15
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer = NVIDIA Install Application
{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_NVIDIA.Update = NVIDIA Update Components
{D0795B21-0CDA-4a92-AB9E-6E92D8111E44} = SAMSUNG USB Driver for Mobile Phones
{D9B7744C-1C39-49B8-86B3-F930631B4FE2} = AVG 2013
{F5B09CFD-F0B2-36AF-8DF4-1DF6B63FC7B4} = Microsoft .NET Framework 4 Client Profile
AVG = AVG 2013
CCleaner = CCleaner
Microsoft .NET Framework 4 Client Profile = Microsoft .NET Framework 4 Client Profile
Microsoft .NET Framework 4 Client Profile DEU Language Pack = Microsoft .NET Framework 4 Client Profile DEU Language Pack
WinRAR archiver = WinRAR 4.20 (64-Bit)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
{0001B4FD-9EA3-4D90-A79E-FD14BA3AB01D} = PDFCreator
{01E9B2FF-DAF4-4529-9CC9-2101625517C7} = nero.prerequisites.msi
{05A6B1CD-AA10-46A0-8D5C-6AD2A9EEFC8B} = Nero Burning ROM 11
{07300F01-89CA-4CF8-92BD-2A605EB83C95} = EasySaver B9.0904.1
{1111706F-666A-4037-7777-211328764D10} = JavaFX 2.1.1
{11D3EF85-63E1-4AE4-A7C1-9241BDB16B51} = Nero ControlCenter 11
{14DC0059-00F1-4F62-BD1A-AB23CD51A95E} = Adobe AIR
{1F1C2DFC-2D24-3E06-BCB8-725134ADF989} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
{20D4A895-748C-4D88-871C-FDB1695B0169} = Platform
{21AE04E8-EBF6-40DB-9AA9-B7A80C5D057D} = mkv2vob
{26A24AE4-039D-4CA4-87B4-2F83217013FF} = Java 7 Update 13
{28C2DED6-325B-4CC7-983A-1777C8F7FBAB} = RealUpgrade 1.1
{3108C217-BE83-42E4-AE9E-A56A2A92E549} = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
{3DECD372-76A1-4483-BF10-B547790A3261} = ON_OFF Charge B11.0110.1
{4A03706F-666A-4037-7777-5F2748764D10} = Java Auto Updater
{4CEEE5D0-F905-4688-B9F9-ECC710507796} = HTC Driver Installer
{5DC3BFF3-B84F-4CBE-B2BD-FB52B6C247CA} = HTC Sync Manager
{710f4c1c-cc18-4c49-8cbf-51240c89a1a2} = Microsoft Visual C++ 2005 Redistributable
{758C8301-2696-4855-AF45-534B1200980A} = Samsung Kies
{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA} = RealNetworks - Microsoft Visual C++ 2008 Runtime
{7E265513-8CDA-4631-B696-F40D983F3B07}_is1 = CDBurnerXP
{837b34e3-7c30-493c-8f6a-2b0f04e2912c} = Microsoft Visual C++ 2005 Redistributable
{90140000-0011-0000-0000-0000000FF1CE} = Microsoft Office Professional Plus 2010
{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{047B0968-E622-4FAA-9B4B-121FA109EDDE} = Microsoft Office 2010 Service Pack 1 (SP1)
{90140000-0015-0407-0000-0000000FF1CE} = Microsoft Office Access MUI (German) 2010
{90140000-0016-0407-0000-0000000FF1CE} = Microsoft Office Excel MUI (German) 2010
{90140000-0018-0407-0000-0000000FF1CE} = Microsoft Office PowerPoint MUI (German) 2010
{90140000-0019-0407-0000-0000000FF1CE} = Microsoft Office Publisher MUI (German) 2010
{90140000-001A-0407-0000-0000000FF1CE} = Microsoft Office Outlook MUI (German) 2010
{90140000-001B-0407-0000-0000000FF1CE} = Microsoft Office Word MUI (German) 2010
{90140000-001F-0407-0000-0000000FF1CE} = Microsoft Office Proof (German) 2010
{90140000-001F-0409-0000-0000000FF1CE} = Microsoft Office Proof (English) 2010
{90140000-001F-040C-0000-0000000FF1CE} = Microsoft Office Proof (French) 2010
{90140000-001F-0410-0000-0000000FF1CE} = Microsoft Office Proof (Italian) 2010
{90140000-002A-0000-1000-0000000FF1CE}_Office14.PROPLUS_{967EF02C-5C7E-4718-8FCB-BDC050190CCF} = Microsoft Office 2010 Service Pack 1 (SP1)
{90140000-002C-0407-0000-0000000FF1CE} = Microsoft Office Proofing (German) 2010
{90140000-0044-0407-0000-0000000FF1CE} = Microsoft Office InfoPath MUI (German) 2010
{90140000-006E-0407-0000-0000000FF1CE} = Microsoft Office Shared MUI (German) 2010
{90140000-00A1-0407-0000-0000000FF1CE} = Microsoft Office OneNote MUI (German) 2010
{90140000-00BA-0407-0000-0000000FF1CE} = Microsoft Office Groove MUI (German) 2010
{9A25302D-30C0-39D9-BD6F-21E6EC160475} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
{9BE518E6-ECC6-35A9-88E4-87755C07200F} = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
{A048F6D6-BECE-D521-9BC9-B8806BFB118C} = Beatport Downloader
{A7C30414-2382-4086-B0D6-01A88ABA21C3} = VAIO Gate
{AC76BA86-7AD7-1031-7B44-AA1000000001} = Adobe Reader X (10.1.3) - Deutsch
{B1846721-A8E6-46C7-83B6-0DCF7ADB4267} = Nero Burning ROM 11
{BEBEE34D-84A2-4EDD-8BEA-96CC54371263} = Nero Core Components 11
{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5} = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
{FCDBEA60-79F0-4FAE-BBA8-55A26C609A49} = Visual Studio 2008 x64 Redistributables
Adobe AIR = Adobe AIR
Adobe Flash Player ActiveX = Adobe Flash Player 11 ActiveX
Adobe Flash Player Plugin = Adobe Flash Player 11 Plugin
AVMFBox = AVM FRITZ!Box Dokumentation
AVMFBoxPrinter = AVM FRITZ!Box Druckeranschluss
CloneDVD2 = CloneDVD2
com.beatport.BeatportDownloader = Beatport Downloader
ESET Online Scanner = ESET Online Scanner v3
InstallShield_{20D4A895-748C-4D88-871C-FDB1695B0169} = VIA Plattform-Geräte-Manager
InstallShield_{758C8301-2696-4855-AF45-534B1200980A} = Samsung Kies
Malwarebytes' Anti-Malware_is1 = Malwarebytes Anti-Malware Version 1.70.0.1100
Mozilla Firefox 13.0.1 (x86 de) = Mozilla Firefox 13.0.1 (x86 de)
MozillaMaintenanceService = Mozilla Maintenance Service
MPE = MyPhoneExplorer
Native Instruments Audio 8 DJ = Native Instruments Audio 8 DJ
Native Instruments Traktor 2 = Native Instruments Traktor 2
Office14.PROPLUS = Microsoft Office Professional Plus 2010
YTdetect = Yahoo! Detect
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3224495606-1509413364-808719173-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 03.02.2013 09:16:02 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 03.02.2013 11:56:13 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 04.02.2013 03:53:56 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 03:39:23 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 05.02.2013 07:03:17 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 06.02.2013 03:36:18 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2013 04:15:28 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 07.02.2013 13:14:22 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 08.02.2013 03:01:43 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
Error - 08.02.2013 12:27:08 | Computer Name = ..... | Source = WinMgmt | ID = 10
Description =
[ System Events ]
Error - 12.12.2012 11:34:21 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.12.2012 11:34:25 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 12.12.2012 11:38:15 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 12.12.2012 11:38:15 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 13.12.2012 02:20:59 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 13.12.2012 02:20:59 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
Error - 13.12.2012 02:21:00 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 13.12.2012 02:21:05 | Computer Name = ..... | Source = Service Control Manager | ID = 7006
Description = Der Aufruf "ScRegSetValueExW" ist für "FailureActions" aufgrund folgenden
Fehlers fehlgeschlagen: %%5
Error - 13.12.2012 02:24:48 | Computer Name = ..... | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
AVGIDSAgent erreicht.
Error - 13.12.2012 02:24:48 | Computer Name = ..... | Source = Service Control Manager | ID = 7000
Description = Der Dienst "AVGIDSAgent" wurde aufgrund folgenden Fehlers nicht gestartet:
%%1053
< End of report >
|
|
14.02.2013, 21:29
| #6 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden otl fix Fixen mit OTL
Code:
ATTFilter :OTL
O2 - BHO: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found
O3 - HKLM\..\Toolbar: (no name) - {95B7759C-8C7F-4BF1-B163-73684A933233} - No CLSID value found.
O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe File not found
:files
:Commands
[emptytemp]
__________________ --> win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden |
|
15.02.2013, 14:27
| #7 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefundenCode:
ATTFilter All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{95B7759C-8C7F-4BF1-B163-73684A933233} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}\ not found.
Registry value HKEY_USERS\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
Registry value HKEY_USERS\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\RunOnce\\mctadmin deleted successfully.
========== FILES ==========
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 58264 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes
User: Public
User: .....
->Temp folder emptied: 39199472 bytes
->Temporary Internet Files folder emptied: 18355054 bytes
->Java cache emptied: 1941727 bytes
->FireFox cache emptied: 131226489 bytes
->Google Chrome cache emptied: 6317821 bytes
->Flash cache emptied: 17340039 bytes
User: UpdatusUser
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 30620899 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 67765 bytes
RecycleBin emptied: 715664 bytes
Total Files Cleaned = 234,00 mb
OTL by OldTimer - Version 3.2.69.0 log created on 02152013_142108
Files\Folders moved on Reboot...
C:\Users\Steve Devine\AppData\Local\Temp\FXSAPIDebugLogFile.txt moved successfully.
File\Folder C:\Users\.....\AppData\Local\Temp\~DF0ECEEF6917A9BC2B.TMP not found!
File\Folder C:\Users\.....\AppData\Local\Temp\~DF7159EFAA198565E2.TMP not found!
File\Folder C:\Users\.....\AppData\Local\Temp\~DF84214B85EAEE8C08.TMP not found!
File\Folder C:\Users\.....\AppData\Local\Temp\~DFD3EA03A5F9EFDB7F.TMP not found!
File\Folder C:\Users\.....\AppData\Local\Temp\~DFF466CA804DFE5752.TMP not found!
File\Folder C:\Users\.....\AppData\Local\Temp\~DFFD41D8DAFD0C04A8.TMP not found!
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
|
|
15.02.2013, 14:57
| #8 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden hi, [OTLFIX]
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
15.02.2013, 17:07
| #9 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden Hi, hab ich doch gepostet oben |
|
15.02.2013, 17:16
| #10 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden hi hab da den falschen Buton erwischt, sorry Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
17.02.2013, 11:01
| #11 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefundenCode:
ATTFilter 10:55:47.0003 3756 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
10:55:47.0237 3756 ============================================================
10:55:47.0237 3756 Current date / time: 2013/02/17 10:55:47.0237
10:55:47.0237 3756 SystemInfo:
10:55:47.0237 3756
10:55:47.0237 3756 OS Version: 6.1.7601 ServicePack: 1.0
10:55:47.0237 3756 Product type: Workstation
10:55:47.0237 3756 ComputerName: ......
10:55:47.0237 3756 UserName: .....
10:55:47.0237 3756 Windows directory: C:\Windows
10:55:47.0237 3756 System windows directory: C:\Windows
10:55:47.0237 3756 Running under WOW64
10:55:47.0237 3756 Processor architecture: Intel x64
10:55:47.0237 3756 Number of processors: 2
10:55:47.0237 3756 Page size: 0x1000
10:55:47.0237 3756 Boot type: Normal boot
10:55:47.0237 3756 ============================================================
10:55:48.0376 3756 Drive \Device\Harddisk0\DR0 - Size: 0x15D50F66000 (1397.27 Gb), SectorSize: 0x200, Cylinders: 0x2F509, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xF0, Type 'K0', Flags 0x00000040
10:55:48.0392 3756 ============================================================
10:55:48.0392 3756 \Device\Harddisk0\DR0:
10:55:48.0392 3756 MBR partitions:
10:55:48.0392 3756 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000
10:55:48.0392 3756 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x17474800
10:55:48.0392 3756 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x174A7000, BlocksNum 0x30D40000
10:55:48.0392 3756 \Device\Harddisk0\DR0\Partition4: MBR, Type 0x7, StartLBA 0x481E7800, BlocksNum 0x30D40000
10:55:48.0407 3756 \Device\Harddisk0\DR0\Partition5: MBR, Type 0x7, StartLBA 0x78F28000, BlocksNum 0x186A0000
10:55:48.0407 3756 ============================================================
10:55:48.0454 3756 C: <-> \Device\Harddisk0\DR0\Partition2
10:55:48.0470 3756 M: <-> \Device\Harddisk0\DR0\Partition3
10:55:48.0517 3756 P: <-> \Device\Harddisk0\DR0\Partition4
10:55:48.0548 3756 S: <-> \Device\Harddisk0\DR0\Partition5
10:55:48.0548 3756 ============================================================
10:55:48.0548 3756 Initialize success
10:55:48.0548 3756 ============================================================
10:57:33.0177 3120 ============================================================
10:57:33.0177 3120 Scan started
10:57:33.0177 3120 Mode: Manual; SigCheck; TDLFS;
10:57:33.0177 3120 ============================================================
10:57:33.0630 3120 ================ Scan system memory ========================
10:57:33.0630 3120 System memory - ok
10:57:33.0630 3120 ================ Scan services =============================
10:57:33.0770 3120 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
10:57:33.0833 3120 1394ohci - ok
10:57:33.0879 3120 [ BDD5ED82BD07B70A8D5BA743F4BFB893 ] a8djavs C:\Windows\system32\Drivers\a8djavs.sys
10:57:48.0902 3120 a8djavs - ok
10:57:48.0933 3120 [ 20655C1777D20B428A8C3DBFFE6A2E19 ] a8djusb_svc C:\Windows\system32\Drivers\a8djusb.sys
10:57:48.0949 3120 a8djusb_svc - ok
10:57:48.0965 3120 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
10:57:48.0980 3120 ACPI - ok
10:57:48.0996 3120 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
10:57:49.0027 3120 AcpiPmi - ok
10:57:49.0152 3120 [ 62B7936F9036DD6ED36E6A7EFA805DC0 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
10:57:49.0167 3120 AdobeARMservice - ok
10:57:49.0261 3120 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
10:57:49.0277 3120 AdobeFlashPlayerUpdateSvc - ok
10:57:49.0323 3120 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
10:57:49.0339 3120 adp94xx - ok
10:57:49.0370 3120 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
10:57:49.0386 3120 adpahci - ok
10:57:49.0401 3120 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
10:57:49.0417 3120 adpu320 - ok
10:57:49.0464 3120 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
10:57:49.0495 3120 AeLookupSvc - ok
10:57:49.0542 3120 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
10:57:49.0573 3120 AFD - ok
10:57:49.0589 3120 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
10:57:49.0604 3120 agp440 - ok
10:57:49.0620 3120 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
10:57:49.0667 3120 ALG - ok
10:57:49.0682 3120 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
10:57:49.0698 3120 aliide - ok
10:57:49.0698 3120 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
10:57:49.0713 3120 amdide - ok
10:57:49.0729 3120 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
10:57:49.0760 3120 AmdK8 - ok
10:57:49.0791 3120 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
10:57:49.0823 3120 AmdPPM - ok
10:57:49.0869 3120 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
10:57:49.0885 3120 amdsata - ok
10:57:49.0901 3120 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
10:57:49.0916 3120 amdsbs - ok
10:57:49.0947 3120 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
10:57:49.0963 3120 amdxata - ok
10:57:50.0025 3120 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
10:57:50.0197 3120 AppID - ok
10:57:50.0213 3120 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
10:57:50.0259 3120 AppIDSvc - ok
10:57:50.0306 3120 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
10:57:50.0353 3120 Appinfo - ok
10:57:50.0400 3120 [ 6BE11AD81D4527D299F0CB5F3731AABC ] AppleCharger C:\Windows\system32\DRIVERS\AppleCharger.sys
10:57:55.0111 3120 AppleCharger - ok
10:57:55.0127 3120 [ 95EF7247C50C7241FDAE39A9B3AFF4AE ] AppleChargerSrv C:\Windows\system32\AppleChargerSrv.exe
10:57:55.0127 3120 AppleChargerSrv - ok
10:57:55.0142 3120 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
10:57:55.0189 3120 AppMgmt - ok
10:57:55.0205 3120 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
10:57:55.0220 3120 arc - ok
10:57:55.0283 3120 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
10:57:55.0329 3120 arcsas - ok
10:57:55.0423 3120 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
10:57:55.0517 3120 AsyncMac - ok
10:57:55.0532 3120 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
10:57:55.0548 3120 atapi - ok
10:57:55.0579 3120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
10:57:55.0641 3120 AudioEndpointBuilder - ok
10:57:55.0673 3120 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
10:57:55.0719 3120 AudioSrv - ok
10:57:55.0875 3120 [ 4AFC14AFA58878FAA1D249E7E90EA54B ] AVGIDSAgent C:\Program Files (x86)\AVG\AVG2013\avgidsagent.exe
10:57:55.0985 3120 AVGIDSAgent - ok
10:57:56.0016 3120 [ F1A99DA71E6549D7D944596E15142866 ] AVGIDSDriver C:\Windows\system32\DRIVERS\avgidsdrivera.sys
10:57:56.0031 3120 AVGIDSDriver - ok
10:57:56.0031 3120 [ E6CB84918C1ABE84AAAF749D2EA4E764 ] AVGIDSHA C:\Windows\system32\DRIVERS\avgidsha.sys
10:57:56.0047 3120 AVGIDSHA - ok
10:57:56.0094 3120 [ 5989592A91A17587799792A81E1541D4 ] Avgldx64 C:\Windows\system32\DRIVERS\avgldx64.sys
10:57:56.0109 3120 Avgldx64 - ok
10:57:56.0125 3120 [ 3FC43AA02545FCDDC22817829114DEC8 ] Avgloga C:\Windows\system32\DRIVERS\avgloga.sys
10:57:56.0141 3120 Avgloga - ok
10:57:56.0141 3120 [ 841C40C193889730848849AC220D9242 ] Avgmfx64 C:\Windows\system32\DRIVERS\avgmfx64.sys
10:57:56.0156 3120 Avgmfx64 - ok
10:57:56.0187 3120 [ FE4F444DBE4BBBDFD8FECF49398DEFC7 ] Avgrkx64 C:\Windows\system32\DRIVERS\avgrkx64.sys
10:57:56.0203 3120 Avgrkx64 - ok
10:57:56.0203 3120 [ 6E634525613D48A1D1657FB21F21F3B2 ] Avgtdia C:\Windows\system32\DRIVERS\avgtdia.sys
10:57:56.0219 3120 Avgtdia - ok
10:57:56.0250 3120 [ B4FBFADDA6B39AB24456C45C03EF3991 ] avgtp C:\Windows\system32\drivers\avgtpx64.sys
10:57:56.0265 3120 avgtp - ok
10:57:56.0281 3120 [ 6B72E1E329C4E98C6B6FDD2D265E3BA3 ] avgwd C:\Program Files (x86)\AVG\AVG2013\avgwdsvc.exe
10:57:56.0312 3120 avgwd - ok
10:57:56.0343 3120 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
10:57:56.0375 3120 AxInstSV - ok
10:57:56.0406 3120 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
10:57:56.0437 3120 b06bdrv - ok
10:57:56.0484 3120 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
10:57:56.0515 3120 b57nd60a - ok
10:57:56.0546 3120 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
10:57:56.0577 3120 BDESVC - ok
10:57:56.0593 3120 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
10:57:56.0640 3120 Beep - ok
10:57:56.0687 3120 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
10:57:56.0733 3120 BFE - ok
10:57:56.0765 3120 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
10:57:56.0843 3120 BITS - ok
10:57:56.0858 3120 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
10:57:56.0874 3120 blbdrive - ok
10:57:56.0889 3120 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
10:57:56.0921 3120 bowser - ok
10:57:56.0952 3120 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
10:57:56.0967 3120 BrFiltLo - ok
10:57:56.0983 3120 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
10:57:56.0999 3120 BrFiltUp - ok
10:57:57.0014 3120 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
10:57:57.0030 3120 Browser - ok
10:57:57.0045 3120 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
10:57:57.0092 3120 Brserid - ok
10:57:57.0108 3120 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
10:57:57.0139 3120 BrSerWdm - ok
10:57:57.0139 3120 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
10:57:57.0170 3120 BrUsbMdm - ok
10:57:57.0170 3120 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
10:57:57.0186 3120 BrUsbSer - ok
10:57:57.0201 3120 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
10:57:57.0217 3120 BTHMODEM - ok
10:57:57.0248 3120 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
10:57:57.0279 3120 bthserv - ok
10:57:57.0295 3120 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
10:57:57.0357 3120 cdfs - ok
10:57:57.0357 3120 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
10:57:57.0373 3120 cdrom - ok
10:57:57.0404 3120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
10:57:57.0467 3120 CertPropSvc - ok
10:57:57.0482 3120 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
10:57:57.0513 3120 circlass - ok
10:57:57.0529 3120 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
10:57:57.0545 3120 CLFS - ok
10:57:57.0623 3120 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
10:57:57.0638 3120 clr_optimization_v2.0.50727_32 - ok
10:57:57.0701 3120 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
10:57:57.0701 3120 clr_optimization_v2.0.50727_64 - ok
10:57:57.0779 3120 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
10:57:57.0794 3120 clr_optimization_v4.0.30319_32 - ok
10:57:57.0841 3120 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
10:57:57.0857 3120 clr_optimization_v4.0.30319_64 - ok
10:57:57.0857 3120 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
10:57:57.0888 3120 CmBatt - ok
10:57:57.0888 3120 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
10:57:57.0903 3120 cmdide - ok
10:57:57.0950 3120 [ 9AC4F97C2D3E93367E2148EA940CD2CD ] CNG C:\Windows\system32\Drivers\cng.sys
10:57:57.0981 3120 CNG - ok
10:57:57.0997 3120 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
10:57:58.0013 3120 Compbatt - ok
10:57:58.0028 3120 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\DRIVERS\CompositeBus.sys
10:57:58.0059 3120 CompositeBus - ok
10:57:58.0059 3120 COMSysApp - ok
10:57:58.0091 3120 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
10:57:58.0106 3120 crcdisk - ok
10:57:58.0153 3120 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
10:57:58.0184 3120 CryptSvc - ok
10:57:58.0200 3120 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
10:57:58.0247 3120 CSC - ok
10:57:58.0309 3120 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
10:57:58.0325 3120 CscService - ok
10:57:58.0340 3120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
10:57:58.0403 3120 DcomLaunch - ok
10:57:58.0434 3120 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
10:57:58.0481 3120 defragsvc - ok
10:57:58.0512 3120 [ 71D9CCEE8A3A70BBCE3E76B7B06A4784 ] DELTAII C:\Windows\system32\DRIVERS\MAudioDelta.sys
10:57:58.0527 3120 DELTAII - ok
10:57:58.0543 3120 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
10:57:58.0590 3120 DfsC - ok
10:57:58.0637 3120 [ B9430166FEB246F6070A62B3554932C9 ] dg_ssudbus C:\Windows\system32\DRIVERS\ssudbus.sys
10:57:58.0652 3120 dg_ssudbus - ok
10:57:58.0683 3120 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
10:57:58.0730 3120 Dhcp - ok
10:57:58.0746 3120 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
10:57:58.0808 3120 discache - ok
10:57:58.0824 3120 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
10:57:58.0839 3120 Disk - ok
10:57:58.0855 3120 [ 5DB085A8A6600BE6401F2B24EECB5415 ] dmvsc C:\Windows\system32\drivers\dmvsc.sys
10:57:58.0871 3120 dmvsc - ok
10:57:58.0902 3120 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
10:57:58.0933 3120 Dnscache - ok
10:57:58.0949 3120 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
10:57:58.0995 3120 dot3svc - ok
10:57:59.0011 3120 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
10:57:59.0058 3120 DPS - ok
10:57:59.0105 3120 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
10:57:59.0120 3120 drmkaud - ok
10:57:59.0151 3120 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
10:57:59.0183 3120 DXGKrnl - ok
10:57:59.0183 3120 [ EDC6E9C057C9D7F83EEA22B4CEF5DCAD ] E1G60 C:\Windows\system32\DRIVERS\E1G6032E.sys
10:57:59.0198 3120 E1G60 - ok
10:57:59.0214 3120 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
10:57:59.0261 3120 EapHost - ok
10:57:59.0323 3120 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
10:57:59.0417 3120 ebdrv - ok
10:57:59.0448 3120 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
10:57:59.0479 3120 EFS - ok
10:57:59.0526 3120 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
10:57:59.0557 3120 ehRecvr - ok
10:57:59.0588 3120 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
10:57:59.0604 3120 ehSched - ok
10:57:59.0619 3120 [ A05FC7ECA0966EBB70E4D17B855A853B ] ElbyCDIO C:\Windows\system32\Drivers\ElbyCDIO.sys
10:57:59.0635 3120 ElbyCDIO - ok
10:57:59.0666 3120 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
10:57:59.0682 3120 elxstor - ok
10:57:59.0697 3120 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
10:57:59.0729 3120 ErrDev - ok
10:57:59.0791 3120 [ B8FA96995726D1FA58476E352C02AD82 ] ES lite Service C:\Program Files (x86)\Gigabyte\EasySaver\ESSVR.EXE
10:57:59.0807 3120 ES lite Service - ok
10:57:59.0838 3120 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
10:57:59.0885 3120 EventSystem - ok
10:57:59.0916 3120 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
10:57:59.0947 3120 exfat - ok
10:57:59.0963 3120 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
10:58:00.0009 3120 fastfat - ok
10:58:00.0056 3120 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
10:58:00.0087 3120 Fax - ok
10:58:00.0087 3120 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\DRIVERS\fdc.sys
10:58:00.0103 3120 fdc - ok
10:58:00.0119 3120 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
10:58:00.0150 3120 fdPHost - ok
10:58:00.0165 3120 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
10:58:00.0228 3120 FDResPub - ok
10:58:00.0243 3120 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
10:58:00.0259 3120 FileInfo - ok
10:58:00.0275 3120 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
10:58:00.0321 3120 Filetrace - ok
10:58:00.0337 3120 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
10:58:00.0353 3120 flpydisk - ok
10:58:00.0368 3120 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
10:58:00.0384 3120 FltMgr - ok
10:58:00.0415 3120 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
10:58:00.0431 3120 FontCache - ok
10:58:00.0493 3120 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
10:58:00.0540 3120 FontCache3.0.0.0 - ok
10:58:00.0587 3120 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
10:58:00.0602 3120 FsDepends - ok
10:58:00.0696 3120 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
10:58:00.0711 3120 Fs_Rec - ok
10:58:00.0789 3120 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
10:58:00.0805 3120 fvevol - ok
10:58:00.0821 3120 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
10:58:00.0836 3120 gagp30kx - ok
10:58:00.0852 3120 [ 7907E14F9BCF3A4689C9A74A1A873CB6 ] gdrv C:\Windows\gdrv.sys
10:58:00.0867 3120 gdrv - ok
10:58:00.0899 3120 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
10:58:00.0945 3120 gpsvc - ok
10:58:00.0945 3120 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
10:58:00.0961 3120 hcw85cir - ok
10:58:00.0992 3120 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
10:58:01.0039 3120 HdAudAddService - ok
10:58:01.0055 3120 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\DRIVERS\HDAudBus.sys
10:58:01.0086 3120 HDAudBus - ok
10:58:01.0101 3120 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
10:58:01.0133 3120 HidBatt - ok
10:58:01.0164 3120 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\drivers\hidbth.sys
10:58:01.0179 3120 HidBth - ok
10:58:01.0195 3120 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
10:58:01.0211 3120 HidIr - ok
10:58:01.0211 3120 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\system32\hidserv.dll
10:58:01.0273 3120 hidserv - ok
10:58:01.0289 3120 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
10:58:01.0304 3120 HidUsb - ok
10:58:01.0320 3120 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
10:58:01.0382 3120 hkmsvc - ok
10:58:01.0398 3120 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
10:58:01.0413 3120 HomeGroupListener - ok
10:58:01.0429 3120 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
10:58:01.0445 3120 HomeGroupProvider - ok
10:58:01.0460 3120 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
10:58:01.0476 3120 HpSAMD - ok
10:58:01.0491 3120 [ F47CEC45FB85791D4AB237563AD0FA8F ] HTCAND64 C:\Windows\system32\Drivers\ANDROIDUSB.sys
10:58:01.0538 3120 HTCAND64 - ok
10:58:01.0601 3120 [ 5C8BC8A28798FD010E7ABC4E0D588CAA ] HTCMonitorService P:\HTC sync\HSMServiceEntry.exe
10:58:01.0616 3120 HTCMonitorService - ok
10:58:01.0632 3120 [ B8B1B284362E1D8135112573395D5DA5 ] htcnprot C:\Windows\system32\DRIVERS\htcnprot.sys
10:58:01.0647 3120 htcnprot - ok
10:58:01.0663 3120 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
10:58:01.0725 3120 HTTP - ok
10:58:01.0757 3120 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
10:58:01.0757 3120 hwpolicy - ok
10:58:01.0788 3120 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\DRIVERS\i8042prt.sys
10:58:01.0803 3120 i8042prt - ok
10:58:01.0819 3120 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
10:58:01.0850 3120 iaStorV - ok
10:58:01.0881 3120 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
10:58:01.0913 3120 idsvc - ok
10:58:01.0928 3120 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
10:58:01.0944 3120 iirsp - ok
10:58:01.0959 3120 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
10:58:02.0022 3120 IKEEXT - ok
10:58:02.0037 3120 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
10:58:02.0053 3120 intelide - ok
10:58:02.0069 3120 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
10:58:02.0084 3120 intelppm - ok
10:58:02.0100 3120 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
10:58:02.0147 3120 IPBusEnum - ok
10:58:02.0209 3120 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
10:58:02.0240 3120 IpFilterDriver - ok
10:58:02.0271 3120 [ 08C2957BB30058E663720C5606885653 ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
10:58:02.0318 3120 iphlpsvc - ok
10:58:02.0334 3120 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
10:58:02.0349 3120 IPMIDRV - ok
10:58:02.0396 3120 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
10:58:02.0459 3120 IPNAT - ok
10:58:02.0474 3120 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
10:58:02.0505 3120 IRENUM - ok
10:58:02.0521 3120 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
10:58:02.0537 3120 isapnp - ok
10:58:02.0568 3120 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
10:58:02.0599 3120 iScsiPrt - ok
10:58:02.0599 3120 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
10:58:02.0630 3120 kbdclass - ok
10:58:02.0646 3120 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
10:58:02.0677 3120 kbdhid - ok
10:58:02.0708 3120 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
10:58:02.0724 3120 KeyIso - ok
10:58:02.0755 3120 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
10:58:02.0771 3120 KSecDD - ok
10:58:02.0786 3120 [ 26C43A7C2862447EC59DEDA188D1DA07 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
10:58:02.0802 3120 KSecPkg - ok
10:58:02.0817 3120 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
10:58:02.0864 3120 ksthunk - ok
10:58:02.0895 3120 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
10:58:02.0942 3120 KtmRm - ok
10:58:02.0973 3120 [ 32980B4E711D2EF7128C44DC2CF85706 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
10:58:02.0989 3120 L1C - ok
10:58:03.0020 3120 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\system32\srvsvc.dll
10:58:03.0067 3120 LanmanServer - ok
10:58:03.0098 3120 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
10:58:03.0145 3120 LanmanWorkstation - ok
10:58:03.0161 3120 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
10:58:03.0207 3120 lltdio - ok
10:58:03.0239 3120 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
10:58:03.0285 3120 lltdsvc - ok
10:58:03.0301 3120 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
10:58:03.0348 3120 lmhosts - ok
10:58:03.0379 3120 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
10:58:03.0395 3120 LSI_FC - ok
10:58:03.0395 3120 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
10:58:03.0410 3120 LSI_SAS - ok
10:58:03.0426 3120 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
10:58:03.0441 3120 LSI_SAS2 - ok
10:58:03.0457 3120 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
10:58:03.0473 3120 LSI_SCSI - ok
10:58:03.0488 3120 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
10:58:03.0551 3120 luafv - ok
10:58:03.0582 3120 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
10:58:03.0597 3120 MBAMProtector - ok
10:58:03.0644 3120 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
10:58:03.0660 3120 MBAMScheduler - ok
10:58:03.0707 3120 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
10:58:03.0722 3120 MBAMService - ok
10:58:03.0738 3120 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
10:58:03.0753 3120 Mcx2Svc - ok
10:58:03.0769 3120 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
10:58:03.0785 3120 megasas - ok
10:58:03.0816 3120 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
10:58:03.0831 3120 MegaSR - ok
10:58:03.0878 3120 Microsoft SharePoint Workspace Audit Service - ok
10:58:03.0894 3120 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
10:58:03.0956 3120 MMCSS - ok
10:58:03.0972 3120 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
10:58:04.0019 3120 Modem - ok
10:58:04.0034 3120 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
10:58:04.0065 3120 monitor - ok
10:58:04.0097 3120 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
10:58:04.0112 3120 mouclass - ok
10:58:04.0128 3120 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
10:58:04.0143 3120 mouhid - ok
10:58:04.0175 3120 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
10:58:04.0190 3120 mountmgr - ok
10:58:04.0221 3120 [ 15D5398EED42C2504BB3D4FC875C15D1 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
10:58:04.0237 3120 MozillaMaintenance - ok
10:58:04.0268 3120 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
10:58:04.0284 3120 mpio - ok
10:58:04.0299 3120 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
10:58:04.0331 3120 mpsdrv - ok
10:58:04.0362 3120 [ 54FFC9C8898113ACE189D4AA7199D2C1 ] MpsSvc C:\Windows\system32\mpssvc.dll
10:58:04.0409 3120 MpsSvc - ok
10:58:04.0424 3120 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
10:58:04.0471 3120 MRxDAV - ok
10:58:04.0487 3120 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
10:58:04.0502 3120 mrxsmb - ok
10:58:04.0549 3120 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
10:58:04.0565 3120 mrxsmb10 - ok
10:58:04.0580 3120 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
10:58:04.0596 3120 mrxsmb20 - ok
10:58:04.0611 3120 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
10:58:04.0627 3120 msahci - ok
10:58:04.0643 3120 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
10:58:04.0658 3120 msdsm - ok
10:58:04.0674 3120 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
10:58:04.0705 3120 MSDTC - ok
10:58:04.0736 3120 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
10:58:04.0783 3120 Msfs - ok
10:58:04.0799 3120 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
10:58:04.0845 3120 mshidkmdf - ok
10:58:04.0861 3120 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
10:58:04.0877 3120 msisadrv - ok
10:58:04.0892 3120 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
10:58:04.0939 3120 MSiSCSI - ok
10:58:04.0939 3120 msiserver - ok
10:58:04.0955 3120 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
10:58:05.0001 3120 MSKSSRV - ok
10:58:05.0017 3120 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
10:58:05.0079 3120 MSPCLOCK - ok
10:58:05.0079 3120 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
10:58:05.0126 3120 MSPQM - ok
10:58:05.0142 3120 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
10:58:05.0157 3120 MsRPC - ok
10:58:05.0189 3120 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\DRIVERS\mssmbios.sys
10:58:05.0204 3120 mssmbios - ok
10:58:05.0220 3120 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
10:58:05.0267 3120 MSTEE - ok
10:58:05.0267 3120 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
10:58:05.0282 3120 MTConfig - ok
10:58:05.0298 3120 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
10:58:05.0313 3120 Mup - ok
10:58:05.0329 3120 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
10:58:05.0376 3120 napagent - ok
10:58:05.0407 3120 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
10:58:05.0438 3120 NativeWifiP - ok
10:58:05.0469 3120 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
10:58:05.0501 3120 NDIS - ok
10:58:05.0516 3120 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
10:58:05.0563 3120 NdisCap - ok
10:58:05.0594 3120 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
10:58:05.0625 3120 NdisTapi - ok
10:58:05.0641 3120 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
10:58:05.0672 3120 Ndisuio - ok
10:58:05.0688 3120 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
10:58:05.0750 3120 NdisWan - ok
10:58:05.0750 3120 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
10:58:05.0797 3120 NDProxy - ok
10:58:05.0813 3120 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
10:58:05.0844 3120 NetBIOS - ok
10:58:05.0875 3120 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
10:58:05.0906 3120 NetBT - ok
10:58:05.0922 3120 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
10:58:05.0937 3120 Netlogon - ok
10:58:05.0953 3120 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
10:58:06.0015 3120 Netman - ok
10:58:06.0047 3120 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
10:58:06.0093 3120 netprofm - ok
10:58:06.0109 3120 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
10:58:06.0125 3120 NetTcpPortSharing - ok
10:58:06.0140 3120 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
10:58:06.0156 3120 nfrd960 - ok
10:58:06.0203 3120 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
10:58:06.0218 3120 NlaSvc - ok
10:58:06.0265 3120 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
10:58:06.0312 3120 Npfs - ok
10:58:06.0312 3120 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
10:58:06.0359 3120 nsi - ok
10:58:06.0359 3120 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
10:58:06.0421 3120 nsiproxy - ok
10:58:06.0483 3120 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
10:58:06.0515 3120 Ntfs - ok
10:58:06.0546 3120 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
10:58:06.0593 3120 Null - ok
10:58:06.0842 3120 [ BA0B4889C40380A01ECDF84C227A89C9 ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
10:58:07.0076 3120 nvlddmkm - ok
10:58:07.0139 3120 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
10:58:07.0154 3120 nvraid - ok
10:58:07.0170 3120 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
10:58:07.0185 3120 nvstor - ok
10:58:07.0217 3120 [ 06633CF95BEA62164C3BFCA24BCE6B11 ] nvsvc C:\Windows\system32\nvvsvc.exe
10:58:07.0248 3120 nvsvc - ok
10:58:07.0295 3120 [ 53B629CE436B110C5689C2F6439E567B ] nvUpdatusService C:\Program Files (x86)\NVIDIA Corporation\NVIDIA Update Core\daemonu.exe
10:58:07.0326 3120 nvUpdatusService - ok
10:58:07.0357 3120 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
10:58:07.0373 3120 nv_agp - ok
10:58:07.0388 3120 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
10:58:07.0404 3120 ohci1394 - ok
10:58:07.0466 3120 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
10:58:07.0482 3120 ose - ok
10:58:07.0638 3120 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
10:58:07.0778 3120 osppsvc - ok
10:58:07.0809 3120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
10:58:07.0841 3120 p2pimsvc - ok
10:58:07.0856 3120 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
10:58:07.0887 3120 p2psvc - ok
10:58:07.0903 3120 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\DRIVERS\parport.sys
10:58:07.0919 3120 Parport - ok
10:58:07.0934 3120 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
10:58:07.0950 3120 partmgr - ok
10:58:07.0997 3120 [ 5F731DD45D3B176C071E4CCEEB87B06B ] PassThru Service C:\Program Files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe
10:58:08.0012 3120 PassThru Service ( UnsignedFile.Multi.Generic ) - warning
10:58:08.0012 3120 PassThru Service - detected UnsignedFile.Multi.Generic (1)
10:58:08.0043 3120 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
10:58:08.0075 3120 PcaSvc - ok
10:58:08.0090 3120 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
10:58:08.0121 3120 pci - ok
10:58:08.0121 3120 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
10:58:08.0137 3120 pciide - ok
10:58:08.0153 3120 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
10:58:08.0184 3120 pcmcia - ok
10:58:08.0199 3120 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
10:58:08.0215 3120 pcw - ok
10:58:08.0246 3120 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
10:58:08.0293 3120 PEAUTH - ok
10:58:08.0340 3120 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
10:58:08.0371 3120 PeerDistSvc - ok
10:58:08.0449 3120 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
10:58:08.0480 3120 PerfHost - ok
10:58:08.0527 3120 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
10:58:08.0589 3120 pla - ok
10:58:08.0636 3120 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
10:58:08.0652 3120 PlugPlay - ok
10:58:08.0667 3120 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
10:58:08.0683 3120 PNRPAutoReg - ok
10:58:08.0699 3120 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
10:58:08.0714 3120 PNRPsvc - ok
10:58:08.0745 3120 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
10:58:08.0808 3120 PolicyAgent - ok
10:58:08.0839 3120 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
10:58:08.0886 3120 Power - ok
10:58:08.0901 3120 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
10:58:08.0948 3120 PptpMiniport - ok
10:58:08.0964 3120 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
10:58:08.0995 3120 Processor - ok
10:58:09.0011 3120 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
10:58:09.0042 3120 ProfSvc - ok
10:58:09.0057 3120 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
10:58:09.0073 3120 ProtectedStorage - ok
10:58:09.0089 3120 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
10:58:09.0135 3120 Psched - ok
10:58:09.0167 3120 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
10:58:09.0229 3120 ql2300 - ok
10:58:09.0245 3120 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
10:58:09.0260 3120 ql40xx - ok
10:58:09.0276 3120 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
10:58:09.0291 3120 QWAVE - ok
10:58:09.0307 3120 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
10:58:09.0338 3120 QWAVEdrv - ok
10:58:09.0354 3120 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
10:58:09.0401 3120 RasAcd - ok
10:58:09.0432 3120 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
10:58:09.0479 3120 RasAgileVpn - ok
10:58:09.0494 3120 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
10:58:09.0541 3120 RasAuto - ok
10:58:09.0541 3120 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
10:58:09.0603 3120 Rasl2tp - ok
10:58:09.0603 3120 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
10:58:09.0650 3120 RasMan - ok
10:58:09.0666 3120 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
10:58:09.0713 3120 RasPppoe - ok
10:58:09.0728 3120 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
10:58:09.0775 3120 RasSstp - ok
10:58:09.0791 3120 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
10:58:09.0853 3120 rdbss - ok
10:58:09.0884 3120 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
10:58:09.0900 3120 rdpbus - ok
10:58:09.0915 3120 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
10:58:09.0947 3120 RDPCDD - ok
10:58:09.0962 3120 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
10:58:09.0978 3120 RDPDR - ok
10:58:10.0009 3120 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
10:58:10.0040 3120 RDPENCDD - ok
10:58:10.0056 3120 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
10:58:10.0103 3120 RDPREFMP - ok
10:58:10.0118 3120 [ 70CBA1A0C98600A2AA1863479B35CB90 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
10:58:10.0134 3120 RdpVideoMiniport - ok
10:58:10.0165 3120 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
10:58:10.0181 3120 RDPWD - ok
10:58:10.0212 3120 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
10:58:10.0227 3120 rdyboost - ok
10:58:10.0243 3120 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
10:58:10.0290 3120 RemoteAccess - ok
10:58:10.0305 3120 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
10:58:10.0368 3120 RemoteRegistry - ok
10:58:10.0368 3120 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
10:58:10.0430 3120 RpcEptMapper - ok
10:58:10.0446 3120 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
10:58:10.0461 3120 RpcLocator - ok
10:58:10.0493 3120 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
10:58:10.0539 3120 RpcSs - ok
10:58:10.0539 3120 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
10:58:10.0586 3120 rspndr - ok
10:58:10.0617 3120 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
10:58:10.0633 3120 s3cap - ok
10:58:10.0649 3120 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
10:58:10.0664 3120 SamSs - ok
10:58:10.0664 3120 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
10:58:10.0680 3120 sbp2port - ok
10:58:10.0711 3120 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
10:58:10.0758 3120 SCardSvr - ok
10:58:10.0773 3120 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
10:58:10.0820 3120 scfilter - ok
10:58:10.0961 3120 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
10:58:11.0023 3120 Schedule - ok
10:58:11.0101 3120 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
10:58:11.0148 3120 SCPolicySvc - ok
10:58:11.0163 3120 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
10:58:11.0195 3120 SDRSVC - ok
10:58:11.0195 3120 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
10:58:11.0241 3120 secdrv - ok
10:58:11.0241 3120 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
10:58:11.0288 3120 seclogon - ok
10:58:11.0304 3120 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
10:58:11.0366 3120 SENS - ok
10:58:11.0382 3120 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
10:58:11.0413 3120 SensrSvc - ok
10:58:11.0444 3120 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
10:58:11.0460 3120 Serenum - ok
10:58:11.0475 3120 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\DRIVERS\serial.sys
10:58:11.0507 3120 Serial - ok
10:58:11.0553 3120 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
10:58:11.0569 3120 sermouse - ok
10:58:11.0585 3120 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
10:58:11.0647 3120 SessionEnv - ok
10:58:11.0663 3120 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
10:58:11.0678 3120 sffdisk - ok
10:58:11.0678 3120 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
10:58:11.0709 3120 sffp_mmc - ok
10:58:11.0709 3120 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
10:58:11.0741 3120 sffp_sd - ok
10:58:11.0741 3120 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
10:58:11.0772 3120 sfloppy - ok
10:58:11.0803 3120 [ B95F6501A2F8B2E78C697FEC401970CE ] SharedAccess C:\Windows\System32\ipnathlp.dll
10:58:11.0850 3120 SharedAccess - ok
10:58:11.0881 3120 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
10:58:11.0928 3120 ShellHWDetection - ok
10:58:11.0943 3120 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
10:58:11.0959 3120 SiSRaid2 - ok
10:58:11.0959 3120 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
10:58:11.0975 3120 SiSRaid4 - ok
10:58:12.0006 3120 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
10:58:12.0068 3120 Smb - ok
10:58:12.0084 3120 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
10:58:12.0115 3120 SNMPTRAP - ok
10:58:12.0131 3120 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
10:58:12.0146 3120 spldr - ok
10:58:12.0177 3120 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
10:58:12.0209 3120 Spooler - ok
10:58:12.0271 3120 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
10:58:12.0349 3120 sppsvc - ok
10:58:12.0365 3120 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
10:58:12.0396 3120 sppuinotify - ok
10:58:12.0427 3120 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
10:58:12.0458 3120 srv - ok
10:58:12.0474 3120 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
10:58:12.0505 3120 srv2 - ok
10:58:12.0521 3120 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
10:58:12.0536 3120 srvnet - ok
10:58:12.0567 3120 [ ED161B91FDF7EAA39469D72D463D5F4E ] sscdbus C:\Windows\system32\DRIVERS\sscdbus.sys
10:58:12.0583 3120 sscdbus - ok
10:58:12.0614 3120 [ 4CB09E77593DBD8D7AF33B37375CA715 ] sscdmdfl C:\Windows\system32\DRIVERS\sscdmdfl.sys
10:58:12.0614 3120 sscdmdfl - ok
10:58:12.0630 3120 [ C7B4CF53497A6E5363F3439427663882 ] sscdmdm C:\Windows\system32\DRIVERS\sscdmdm.sys
10:58:12.0645 3120 sscdmdm - ok
10:58:12.0677 3120 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
10:58:12.0723 3120 SSDPSRV - ok
10:58:12.0739 3120 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
10:58:12.0770 3120 SstpSvc - ok
10:58:12.0817 3120 [ C692C94FE55CAD0633440236022C27B3 ] ssudmdm C:\Windows\system32\DRIVERS\ssudmdm.sys
10:58:12.0833 3120 ssudmdm - ok
10:58:12.0848 3120 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
10:58:12.0864 3120 stexstor - ok
10:58:12.0926 3120 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
10:58:12.0957 3120 stisvc - ok
10:58:12.0989 3120 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
10:58:13.0004 3120 storflt - ok
10:58:13.0020 3120 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
10:58:13.0035 3120 StorSvc - ok
10:58:13.0051 3120 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
10:58:13.0067 3120 storvsc - ok
10:58:13.0082 3120 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\DRIVERS\swenum.sys
10:58:13.0098 3120 swenum - ok
10:58:13.0113 3120 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
10:58:13.0160 3120 swprv - ok
10:58:13.0176 3120 [ C3A39C4079305480972D29C44B868C78 ] Synth3dVsc C:\Windows\system32\drivers\Synth3dVsc.sys
10:58:13.0191 3120 Synth3dVsc - ok
10:58:13.0238 3120 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
10:58:13.0285 3120 SysMain - ok
10:58:13.0301 3120 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
10:58:13.0316 3120 TabletInputService - ok
10:58:13.0363 3120 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
10:58:13.0410 3120 TapiSrv - ok
10:58:13.0425 3120 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
10:58:13.0472 3120 TBS - ok
10:58:13.0519 3120 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
10:58:13.0566 3120 Tcpip - ok
10:58:13.0597 3120 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
10:58:13.0644 3120 TCPIP6 - ok
10:58:13.0659 3120 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
10:58:13.0675 3120 tcpipreg - ok
10:58:13.0691 3120 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
10:58:13.0722 3120 TDPIPE - ok
10:58:13.0753 3120 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
10:58:13.0769 3120 TDTCP - ok
10:58:13.0784 3120 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
10:58:13.0815 3120 tdx - ok
10:58:13.0847 3120 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\DRIVERS\termdd.sys
10:58:13.0847 3120 TermDD - ok
10:58:13.0862 3120 [ 2B5BDFF688EC9871D7EC5837833374E9 ] terminpt C:\Windows\system32\drivers\terminpt.sys
10:58:13.0878 3120 terminpt - ok
10:58:13.0909 3120 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
10:58:13.0956 3120 TermService - ok
10:58:13.0971 3120 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
10:58:13.0987 3120 Themes - ok
10:58:14.0003 3120 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
10:58:14.0049 3120 THREADORDER - ok
10:58:14.0065 3120 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
10:58:14.0112 3120 TrkWks - ok
10:58:14.0159 3120 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
10:58:14.0190 3120 TrustedInstaller - ok
10:58:14.0205 3120 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
10:58:14.0252 3120 tssecsrv - ok
10:58:14.0268 3120 [ D11C783E3EF9A3C52C0EBE83CC5000E9 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
10:58:14.0283 3120 TsUsbFlt - ok
10:58:14.0299 3120 [ 9CC2CCAE8A84820EAECB886D477CBCB8 ] TsUsbGD C:\Windows\system32\drivers\TsUsbGD.sys
10:58:14.0315 3120 TsUsbGD - ok
10:58:14.0330 3120 [ E1748D04AE40118B62BC18AC86032192 ] tsusbhub C:\Windows\system32\drivers\tsusbhub.sys
10:58:14.0361 3120 tsusbhub - ok
10:58:14.0393 3120 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
10:58:14.0439 3120 tunnel - ok
10:58:14.0471 3120 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
10:58:14.0486 3120 uagp35 - ok
10:58:14.0502 3120 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
10:58:14.0564 3120 udfs - ok
10:58:14.0595 3120 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
10:58:14.0627 3120 UI0Detect - ok
10:58:14.0642 3120 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
10:58:14.0658 3120 uliagpkx - ok
10:58:14.0673 3120 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\DRIVERS\umbus.sys
10:58:14.0689 3120 umbus - ok
10:58:14.0705 3120 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
10:58:14.0736 3120 UmPass - ok
10:58:14.0751 3120 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
10:58:14.0783 3120 UmRdpService - ok
10:58:14.0798 3120 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
10:58:14.0861 3120 upnphost - ok
10:58:14.0923 3120 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
10:58:14.0939 3120 usbaudio - ok
10:58:14.0985 3120 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
10:58:15.0001 3120 usbccgp - ok
10:58:15.0017 3120 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
10:58:15.0032 3120 usbcir - ok
10:58:15.0079 3120 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
10:58:15.0095 3120 usbehci - ok
10:58:15.0126 3120 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
10:58:15.0157 3120 usbhub - ok
10:58:15.0157 3120 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
10:58:15.0188 3120 usbohci - ok
10:58:15.0188 3120 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
10:58:15.0219 3120 usbprint - ok
10:58:15.0219 3120 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
10:58:15.0235 3120 USBSTOR - ok
10:58:15.0266 3120 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
10:58:15.0282 3120 usbuhci - ok
10:58:15.0329 3120 [ 70D05EE263568A742D14E1876DF80532 ] usb_rndisx C:\Windows\system32\DRIVERS\usb8023x.sys
10:58:15.0344 3120 usb_rndisx - ok
10:58:15.0360 3120 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
10:58:15.0407 3120 UxSms - ok
10:58:15.0422 3120 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
10:58:15.0438 3120 VaultSvc - ok
10:58:15.0438 3120 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
10:58:15.0453 3120 vdrvroot - ok
10:58:15.0485 3120 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
10:58:15.0547 3120 vds - ok
10:58:15.0578 3120 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
10:58:15.0594 3120 vga - ok
10:58:15.0609 3120 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
10:58:15.0656 3120 VgaSave - ok
10:58:15.0656 3120 VGPU - ok
10:58:15.0672 3120 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
10:58:15.0703 3120 vhdmp - ok
10:58:15.0781 3120 [ 279030EF4C22919F756269206E0E533F ] VIAHdAudAddService C:\Windows\system32\drivers\viahduaa.sys
10:58:15.0828 3120 VIAHdAudAddService - ok
10:58:15.0828 3120 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
10:58:15.0843 3120 viaide - ok
10:58:15.0859 3120 [ F82B532AAF31D4ED446CB98A00030541 ] VIAKaraokeService C:\Windows\system32\viakaraokesrv.exe
10:58:15.0875 3120 VIAKaraokeService - ok
10:58:15.0890 3120 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
10:58:15.0921 3120 vmbus - ok
10:58:15.0921 3120 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
10:58:15.0953 3120 VMBusHID - ok
10:58:15.0953 3120 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
10:58:15.0968 3120 volmgr - ok
10:58:15.0984 3120 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
10:58:15.0999 3120 volmgrx - ok
10:58:16.0031 3120 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
10:58:16.0046 3120 volsnap - ok
10:58:16.0077 3120 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
10:58:16.0093 3120 vsmraid - ok
10:58:16.0140 3120 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
10:58:16.0249 3120 VSS - ok
10:58:16.0343 3120 [ 87C57CBE385E00726A2113614F6C6BD2 ] vToolbarUpdater14.1.7 C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.1.7\ToolbarUpdater.exe
10:58:16.0358 3120 vToolbarUpdater14.1.7 - ok
10:58:16.0389 3120 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
10:58:16.0421 3120 vwifibus - ok
10:58:16.0436 3120 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
10:58:16.0483 3120 W32Time - ok
10:58:16.0499 3120 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
10:58:16.0514 3120 WacomPen - ok
10:58:16.0530 3120 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
10:58:16.0577 3120 WANARP - ok
10:58:16.0577 3120 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
10:58:16.0623 3120 Wanarpv6 - ok
10:58:16.0655 3120 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
10:58:16.0701 3120 wbengine - ok
10:58:16.0733 3120 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
10:58:16.0748 3120 WbioSrvc - ok
10:58:16.0764 3120 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
10:58:16.0811 3120 wcncsvc - ok
10:58:16.0826 3120 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
10:58:16.0842 3120 WcsPlugInService - ok
10:58:16.0857 3120 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
10:58:16.0873 3120 Wd - ok
10:58:16.0904 3120 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
10:58:16.0935 3120 Wdf01000 - ok
10:58:16.0951 3120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
10:58:16.0982 3120 WdiServiceHost - ok
10:58:16.0998 3120 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
10:58:17.0013 3120 WdiSystemHost - ok
10:58:17.0029 3120 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
10:58:17.0060 3120 WebClient - ok
10:58:17.0076 3120 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
10:58:17.0138 3120 Wecsvc - ok
10:58:17.0154 3120 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
10:58:17.0201 3120 wercplsupport - ok
10:58:17.0216 3120 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
10:58:17.0263 3120 WerSvc - ok
10:58:17.0279 3120 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
10:58:17.0325 3120 WfpLwf - ok
10:58:17.0325 3120 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
10:58:17.0341 3120 WIMMount - ok
10:58:17.0372 3120 WinDefend - ok
10:58:17.0372 3120 WinHttpAutoProxySvc - ok
10:58:17.0435 3120 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
10:58:17.0481 3120 Winmgmt - ok
10:58:17.0528 3120 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
10:58:17.0591 3120 WinRM - ok
10:58:17.0653 3120 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
10:58:17.0669 3120 WinUsb - ok
10:58:17.0715 3120 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
10:58:17.0747 3120 Wlansvc - ok
10:58:17.0762 3120 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
10:58:17.0778 3120 WmiAcpi - ok
10:58:17.0809 3120 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
10:58:17.0840 3120 wmiApSrv - ok
10:58:17.0856 3120 WMPNetworkSvc - ok
10:58:17.0871 3120 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
10:58:17.0903 3120 WPCSvc - ok
10:58:17.0918 3120 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
10:58:17.0934 3120 WPDBusEnum - ok
10:58:17.0949 3120 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
10:58:17.0996 3120 ws2ifsl - ok
10:58:17.0996 3120 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\System32\wscsvc.dll
10:58:18.0027 3120 wscsvc - ok
10:58:18.0027 3120 WSearch - ok
10:58:18.0105 3120 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
10:58:18.0152 3120 wuauserv - ok
10:58:18.0183 3120 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
10:58:18.0199 3120 WudfPf - ok
10:58:18.0230 3120 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
10:58:18.0261 3120 WUDFRd - ok
10:58:18.0293 3120 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
10:58:18.0308 3120 wudfsvc - ok
10:58:18.0324 3120 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
10:58:18.0371 3120 WwanSvc - ok
10:58:18.0402 3120 ================ Scan global ===============================
10:58:18.0433 3120 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
10:58:18.0449 3120 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:58:18.0464 3120 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
10:58:18.0480 3120 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
10:58:18.0511 3120 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
10:58:18.0511 3120 [Global] - ok
10:58:18.0511 3120 ================ Scan MBR ==================================
10:58:18.0542 3120 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
10:58:18.0776 3120 \Device\Harddisk0\DR0 - ok
10:58:18.0776 3120 ================ Scan VBR ==================================
10:58:18.0776 3120 [ 2B498EB154E795D6871405467EFB29BD ] \Device\Harddisk0\DR0\Partition1
10:58:18.0776 3120 \Device\Harddisk0\DR0\Partition1 - ok
10:58:18.0792 3120 [ 48F59E6C859714ED99DD36346597C829 ] \Device\Harddisk0\DR0\Partition2
10:58:18.0807 3120 \Device\Harddisk0\DR0\Partition2 - ok
10:58:18.0823 3120 [ 307D24DEF8A536072285CEE80E457717 ] \Device\Harddisk0\DR0\Partition3
10:58:18.0823 3120 \Device\Harddisk0\DR0\Partition3 - ok
10:58:18.0823 3120 [ 9732B025B4A669E9FC6F0CC44BE48F01 ] \Device\Harddisk0\DR0\Partition4
10:58:18.0823 3120 \Device\Harddisk0\DR0\Partition4 - ok
10:58:18.0854 3120 [ A0D40B637BCD1E866BBEAA030A156DA7 ] \Device\Harddisk0\DR0\Partition5
10:58:18.0854 3120 \Device\Harddisk0\DR0\Partition5 - ok
10:58:18.0854 3120 ============================================================
10:58:18.0854 3120 Scan finished
10:58:18.0854 3120 ============================================================
10:58:18.0870 2432 Detected object count: 1
10:58:18.0870 2432 Actual detected object count: 1
10:58:51.0879 2432 PassThru Service ( UnsignedFile.Multi.Generic ) - skipped by user
10:58:51.0879 2432 PassThru Service ( UnsignedFile.Multi.Generic ) - User select action: Skip
|
|
18.02.2013, 17:20
| #12 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden Hi, Scan mit Combofix
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 21:07
| #13 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefundenCode:
ATTFilter ComboFix 13-02-18.02 - ..... 18.02.2013 20:15:36.1.2 - x64
Microsoft Windows 7 Enterprise 6.1.7601.1.1252.49.1031.18.8190.6523 [GMT 1:00]
ausgeführt von:: c:\users\....\Desktop\ComboFix.exe
AV: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {0E9420C4-06B3-7FA0-3AB1-6E49CB52ECD9}
SP: AVG Anti-Virus Free Edition 2013 *Disabled/Updated* {B5F5C120-2089-702E-0001-553BB0D5A664}
SP: Windows Defender *Disabled/Outdated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\programdata\ntuser.dat
c:\windows\SysWow64\muzapp.exe
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-01-18 bis 2013-02-18 ))))))))))))))))))))))))))))))
.
.
2013-02-18 19:25 . 2013-02-18 19:25 -------- d-----w- c:\users\UpdatusUser\AppData\Local\temp
2013-02-18 19:25 . 2013-02-18 19:25 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-02-16 14:01 . 2013-02-16 14:01 -------- d-----w- c:\program files\M-Audio
2013-02-16 13:59 . 2013-02-16 13:59 -------- d-----w- c:\programdata\AVID
2013-02-15 13:21 . 2013-02-15 13:21 -------- d-----w- C:\_OTL
2013-02-14 19:59 . 2013-01-09 01:10 996352 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 19:59 . 2013-01-08 22:01 768000 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\VGX\VGX.dll
2013-02-14 10:30 . 2013-01-05 05:53 5553512 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-02-14 10:30 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2013-02-14 10:30 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2013-02-14 10:30 . 2013-01-04 03:26 3153408 ----a-w- c:\windows\system32\win32k.sys
2013-02-14 10:30 . 2013-01-04 05:46 215040 ----a-w- c:\windows\system32\winsrv.dll
2013-02-14 10:30 . 2013-01-04 04:51 5120 ----a-w- c:\windows\SysWow64\wow32.dll
2013-02-14 10:30 . 2013-01-04 02:47 25600 ----a-w- c:\windows\SysWow64\setup16.exe
2013-02-14 10:30 . 2013-01-04 02:47 7680 ----a-w- c:\windows\SysWow64\instnm.exe
2013-02-14 10:30 . 2013-01-04 02:47 2048 ----a-w- c:\windows\SysWow64\user.exe
2013-02-14 10:30 . 2013-01-04 02:47 14336 ----a-w- c:\windows\SysWow64\ntvdm64.dll
2013-02-14 10:30 . 2013-01-03 06:00 1913192 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-02-14 10:30 . 2013-01-03 06:00 288088 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-02-12 20:13 . 2013-02-12 20:13 -------- d-----w- c:\program files (x86)\ESET
2013-02-12 04:58 . 2013-02-18 19:07 -------- d-----w- c:\program files (x86)\AVG Secure Search
2013-02-08 17:02 . 2013-02-08 17:01 95648 ----a-w- c:\windows\SysWow64\WindowsAccessBridge-32.dll
2013-01-27 10:42 . 2013-01-27 10:42 -------- dc-h--w- c:\programdata\{60143F1F-63C8-4CC1-A37B-28EB1FC6C10F}
2013-01-27 10:42 . 2013-01-27 10:42 -------- d-----w- c:\program files (x86)\Common Files\Native Instruments
2013-01-26 17:39 . 2013-01-26 17:39 -------- d-----w- c:\users\......\AppData\Local\Serato
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-02-18 19:07 . 2012-08-12 12:26 39768 ----a-w- c:\windows\system32\drivers\avgtpx64.sys
2013-02-14 20:03 . 2011-04-08 12:32 70004024 ----a-w- c:\windows\system32\MRT.exe
2013-02-12 19:14 . 2012-07-13 19:12 71024 ----a-w- c:\windows\SysWow64\FlashPlayerCPLApp.cpl
2013-02-12 19:14 . 2012-07-13 19:12 691568 ----a-w- c:\windows\SysWow64\FlashPlayerApp.exe
2013-02-08 17:01 . 2012-07-13 19:15 782240 ----a-w- c:\windows\SysWow64\deployJava1.dll
2013-02-08 17:01 . 2012-07-13 19:15 861088 ----a-w- c:\windows\SysWow64\npDeployJava1.dll
2013-01-04 04:43 . 2013-02-14 10:30 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2012-12-31 19:13 . 2012-12-31 19:13 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2012-12-31 19:13 . 2012-12-31 19:13 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2012-12-31 19:13 . 2012-12-31 19:13 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2012-12-16 17:11 . 2012-12-21 21:32 46080 ----a-w- c:\windows\system32\atmlib.dll
2012-12-16 14:45 . 2012-12-21 21:32 367616 ----a-w- c:\windows\system32\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:32 295424 ----a-w- c:\windows\SysWow64\atmfd.dll
2012-12-16 14:13 . 2012-12-21 21:32 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2012-12-14 15:49 . 2012-07-12 06:04 24176 ----a-w- c:\windows\system32\drivers\mbam.sys
2012-12-07 16:35 . 2012-12-07 16:35 499712 ----a-w- c:\windows\SysWow64\msvcp71.dll
2012-12-07 16:35 . 2012-12-07 16:35 348160 ----a-w- c:\windows\SysWow64\msvcr71.dll
2012-12-07 13:20 . 2013-01-09 06:55 441856 ----a-w- c:\windows\system32\Wpc.dll
2012-12-07 13:15 . 2013-01-09 06:55 2746368 ----a-w- c:\windows\system32\gameux.dll
2012-12-07 12:26 . 2013-01-09 06:55 308736 ----a-w- c:\windows\SysWow64\Wpc.dll
2012-12-07 12:20 . 2013-01-09 06:55 2576384 ----a-w- c:\windows\SysWow64\gameux.dll
2012-12-07 11:20 . 2013-01-09 06:55 30720 ----a-w- c:\windows\system32\usk.rs
2012-12-07 11:20 . 2013-01-09 06:55 43520 ----a-w- c:\windows\system32\csrr.rs
2012-12-07 11:20 . 2013-01-09 06:55 23552 ----a-w- c:\windows\system32\oflc.rs
2012-12-07 11:20 . 2013-01-09 06:55 45568 ----a-w- c:\windows\system32\oflc-nz.rs
2012-12-07 11:20 . 2013-01-09 06:55 44544 ----a-w- c:\windows\system32\pegibbfc.rs
2012-12-07 11:20 . 2013-01-09 06:55 20480 ----a-w- c:\windows\system32\pegi-fi.rs
2012-12-07 11:20 . 2013-01-09 06:55 20480 ----a-w- c:\windows\system32\pegi-pt.rs
2012-12-07 11:19 . 2013-01-09 06:55 20480 ----a-w- c:\windows\system32\pegi.rs
2012-12-07 11:19 . 2013-01-09 06:55 46592 ----a-w- c:\windows\system32\fpb.rs
2012-12-07 11:19 . 2013-01-09 06:55 40960 ----a-w- c:\windows\system32\cob-au.rs
2012-12-07 11:19 . 2013-01-09 06:55 21504 ----a-w- c:\windows\system32\grb.rs
2012-12-07 11:19 . 2013-01-09 06:55 15360 ----a-w- c:\windows\system32\djctq.rs
2012-12-07 11:19 . 2013-01-09 06:55 55296 ----a-w- c:\windows\system32\cero.rs
2012-12-07 11:19 . 2013-01-09 06:55 51712 ----a-w- c:\windows\system32\esrb.rs
2012-12-07 10:46 . 2013-01-09 06:55 43520 ----a-w- c:\windows\SysWow64\csrr.rs
2012-12-07 10:46 . 2013-01-09 06:55 30720 ----a-w- c:\windows\SysWow64\usk.rs
2012-12-07 10:46 . 2013-01-09 06:55 45568 ----a-w- c:\windows\SysWow64\oflc-nz.rs
2012-12-07 10:46 . 2013-01-09 06:55 44544 ----a-w- c:\windows\SysWow64\pegibbfc.rs
2012-12-07 10:46 . 2013-01-09 06:55 20480 ----a-w- c:\windows\SysWow64\pegi-pt.rs
2012-12-07 10:46 . 2013-01-09 06:55 23552 ----a-w- c:\windows\SysWow64\oflc.rs
2012-12-07 10:46 . 2013-01-09 06:55 20480 ----a-w- c:\windows\SysWow64\pegi-fi.rs
2012-12-07 10:46 . 2013-01-09 06:55 46592 ----a-w- c:\windows\SysWow64\fpb.rs
2012-12-07 10:46 . 2013-01-09 06:55 20480 ----a-w- c:\windows\SysWow64\pegi.rs
2012-12-07 10:46 . 2013-01-09 06:55 21504 ----a-w- c:\windows\SysWow64\grb.rs
2012-12-07 10:46 . 2013-01-09 06:55 40960 ----a-w- c:\windows\SysWow64\cob-au.rs
2012-12-07 10:46 . 2013-01-09 06:55 15360 ----a-w- c:\windows\SysWow64\djctq.rs
2012-12-07 10:46 . 2013-01-09 06:55 55296 ----a-w- c:\windows\SysWow64\cero.rs
2012-12-07 10:46 . 2013-01-09 06:55 51712 ----a-w- c:\windows\SysWow64\esrb.rs
2012-11-30 05:45 . 2013-01-09 06:54 362496 ----a-w- c:\windows\system32\wow64win.dll
2012-11-30 05:45 . 2013-01-09 06:54 243200 ----a-w- c:\windows\system32\wow64.dll
2012-11-30 05:45 . 2013-01-09 06:54 13312 ----a-w- c:\windows\system32\wow64cpu.dll
2012-11-30 05:43 . 2013-01-09 06:54 16384 ----a-w- c:\windows\system32\ntvdm64.dll
2012-11-30 05:41 . 2013-01-09 06:54 424448 ----a-w- c:\windows\system32\KernelBase.dll
2012-11-30 05:41 . 2013-01-09 06:54 1161216 ----a-w- c:\windows\system32\kernel32.dll
2012-11-30 05:38 . 2013-01-09 06:54 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2012-11-30 05:38 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2012-11-30 04:53 . 2013-01-09 06:54 274944 ----a-w- c:\windows\SysWow64\KernelBase.dll
2012-11-30 04:45 . 2013-01-09 06:54 4608 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processthreads-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-sysinfo-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-synch-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-misc-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localregistry-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-processenvironment-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-namedpipe-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-memory-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-libraryloader-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-interlocked-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3584 ---ha-w- c:\windows\SysWow64\api-ms-win-core-heap-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-string-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-profile-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-io-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 4096 ---ha-w- c:\windows\SysWow64\api-ms-win-core-localization-l1-1-0.dll
2012-11-30 04:45 . 2013-01-09 06:54 3072 ---ha-w- c:\windows\SysWow64\api-ms-win-core-rtlsupport-l1-1-0.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2010-11-21 1475584]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"vProt"="c:\program files (x86)\AVG Secure Search\vprot.exe" [2013-02-18 1151152]
"AVG_UI"="c:\program files (x86)\AVG\AVG2013\avgui.exe" [2012-12-11 3147384]
"BCSSync"="c:\program files (x86)\Microsoft Office\Office14\BCSSync.exe" [2010-03-13 91520]
"SunJavaUpdateSched"="c:\program files (x86)\Common Files\Java\Java Update\jusched.exe" [2012-07-03 252848]
"M-Audio Taskbar Icon"="c:\windows\system32\DeltaIITray.exe" [2012-01-25 237872]
"Adobe ARM"="c:\program files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
.
c:\users\.....\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OneNote 2010 Bildschirmausschnitt- und Startprogramm.lnk - c:\program files (x86)\Microsoft Office\Office14\ONENOTEM.EXE [2011-9-2 227712]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
R2 AVGIDSAgent;AVGIDSAgent;c:\program files (x86)\AVG\AVG2013\avgidsagent.exe [2012-11-15 5814904]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [2010-03-18 138576]
R3 a8djusb_svc;Audio 8 DJ;c:\windows\system32\Drivers\a8djusb.sys [2011-04-11 98384]
R3 AppleChargerSrv;AppleChargerSrv;c:\windows\system32\AppleChargerSrv.exe [2010-04-06 31272]
R3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudbus.sys [2012-09-20 102368]
R3 dmvsc;dmvsc;c:\windows\system32\drivers\dmvsc.sys [2010-11-21 71168]
R3 HTCAND64;HTC Device Driver;c:\windows\system32\Drivers\ANDROIDUSB.sys [2009-11-02 33736]
R3 htcnprot;HTC NDIS Protocol Driver;c:\windows\system32\DRIVERS\htcnprot.sys [2012-09-25 36928]
R3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [2012-12-14 24176]
R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2010-11-21 20992]
R3 ssudmdm;SAMSUNG Mobile USB Modem Drivers (DEVGURU Ver.);c:\windows\system32\DRIVERS\ssudmdm.sys [2012-09-20 203104]
R3 Synth3dVsc;Microsoft Virtual 3D Video Transport Driver;c:\windows\system32\drivers\Synth3dVsc.sys [2010-11-21 88960]
R3 terminpt;Microsoft Remote Desktop Input Driver;c:\windows\system32\drivers\terminpt.sys [2010-11-21 34816]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [2010-11-21 59392]
R3 TsUsbGD;%TsUsbGD.DeviceDesc.Generic%;c:\windows\system32\drivers\TsUsbGD.sys [2010-11-21 31232]
R3 tsusbhub;Remote Deskotop USB Hub;c:\windows\system32\drivers\tsusbhub.sys [2010-11-21 117248]
R3 VGPU;VGPU;c:\windows\system32\drivers\rdvgkmd.sys [x]
R4 ES lite Service;ES lite Service for program management.;c:\program files (x86)\Gigabyte\EasySaver\ESSVR.EXE [2009-08-24 68136]
R4 HTCMonitorService;HTCMonitorService;p:\htc sync\HSMServiceEntry.exe [2012-10-26 87368]
R4 MBAMService;MBAMService;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe [2012-12-14 682344]
R4 VIAKaraokeService;VIA Karaoke digital mixer Service;c:\windows\system32\viakaraokesrv.exe [2010-12-22 27760]
S0 AVGIDSHA;AVGIDSHA;c:\windows\system32\DRIVERS\avgidsha.sys [2012-09-21 61792]
S0 Avgloga;AVG Logging Driver;c:\windows\system32\DRIVERS\avgloga.sys [2012-09-21 225120]
S0 Avgmfx64;AVG Mini-Filter Resident Anti-Virus Shield;c:\windows\system32\DRIVERS\avgmfx64.sys [2012-11-15 111968]
S0 Avgrkx64;AVG Anti-Rootkit Driver;c:\windows\system32\DRIVERS\avgrkx64.sys [2012-09-14 40800]
S1 AppleCharger;AppleCharger;c:\windows\system32\DRIVERS\AppleCharger.sys [2011-01-10 21104]
S1 AVGIDSDriver;AVGIDSDriver;c:\windows\system32\DRIVERS\avgidsdrivera.sys [2012-09-13 151904]
S1 Avgldx64;AVG AVI Loader Driver;c:\windows\system32\DRIVERS\avgldx64.sys [2012-10-02 185696]
S1 Avgtdia;AVG TDI Driver;c:\windows\system32\DRIVERS\avgtdia.sys [2012-09-21 200032]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys [2013-02-18 39768]
S2 avgwd;AVG WatchDog;c:\program files (x86)\AVG\AVG2013\avgwdsvc.exe [2012-10-22 196664]
S2 MBAMScheduler;MBAMScheduler;c:\program files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe [2012-12-14 398184]
S2 PassThru Service;Internet Pass-Through Service;c:\program files (x86)\HTC\Internet Pass-Through\PassThruSvr.exe [2012-10-08 166912]
S2 vToolbarUpdater14.2.0;vToolbarUpdater14.2.0;c:\program files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\14.2.0\ToolbarUpdater.exe [2013-02-18 968880]
S3 DELTAII;Service for M-Audio Delta Driver (WDM);c:\windows\system32\DRIVERS\MAudioDelta.sys [2012-01-25 339760]
S3 L1C;NDIS Miniport Driver for Atheros AR813x/AR815x PCI-E Ethernet Controller;c:\windows\system32\DRIVERS\L1C62x64.sys [2010-06-25 76912]
S3 VIAHdAudAddService;VIA High Definition Audio Driver Service;c:\windows\system32\drivers\viahduaa.sys [2010-12-22 2156656]
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-02-18 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2012-07-13 19:14]
.
.
--------- X64 Entries -----------
.
.
------- Zusätzlicher Suchlauf -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.de/
mLocal Page = c:\windows\SysWOW64\blank.htm
IE: An OneNote s&enden - c:\progra~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: Nach Microsoft E&xcel exportieren - c:\progra~2\MICROS~1\Office14\EXCEL.EXE/3000
TCP: DhcpNameServer = 192.168.178.1
Handler: viprotocol - {B658800C-F66E-4EF3-AB85-6C0C227862A9} - c:\program files (x86)\Common Files\AVG Secure Search\ViProtocolInstaller\14.2.0\ViProtocol.dll
FF - ProfilePath - c:\users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\ekec08ch.default\
FF - prefs.js: browser.search.selectedEngine - LEO Eng-Deu
FF - prefs.js: browser.startup.homepage - www.google.de
FF - prefs.js: keyword.URL - hxxp://isearch.avg.com/search?cid=%7B1d197ca7-8b43-4cf9-a6ce-1881e44254c3%7D&mid=aa826477c25447d0af9581ac0f8228b4-9f9c2bea51192688557d723b2a25abf41b948d09&ds=AVG&v=13.2.0.5&lang=de&pr=fr&d=2012-10-03%2019%3A10%3A07&sap=ku&q=
FF - ExtSQL: 2013-01-31 08:52; {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}; c:\users\.....\AppData\Roaming\Mozilla\Firefox\Profiles\ekec08ch.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi
FF - ExtSQL: 2013-02-12 05:58; avg@toolbar; c:\programdata\AVG Secure Search\FireFoxExt\14.2.0.1
.
- - - - Entfernte verwaiste Registrierungseinträge - - - -
.
BHO-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
Toolbar-{95B7759C-8C7F-4BF1-B163-73684A933233} - (no file)
.
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_11_5_502_135_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.11"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_11_5_502_135.ocx, 1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Wow6432Node\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*]
@="?????????????????? v1"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*1*\CLSID]
@="{E23FE9C6-778E-49D4-B537-38FCDE4887D8}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*]
@="?????????????????? v2"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\VideoLAN.VLCPlugin.*2*\CLSID]
@="{9BE31822-FDAD-461B-AD51-BE1D1C159921}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Office\Common\Smart Tag\Actions\{B7EFF951-E52F-45CC-9EF7-57124F2177CC}]
@Denied: (A) (Everyone)
"Solution"="{15727DE6-F92D-4E46-ACB4-0E2C58B31A18}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3]
@Denied: (A) (Everyone)
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Schema Library\ActionsPane3\0]
"Key"="ActionsPane3"
"Location"="c:\\Program Files (x86)\\Common Files\\Microsoft Shared\\VSTO\\ActionsPane3.xsd"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-02-18 20:40:18
ComboFix-quarantined-files.txt 2013-02-18 19:40
.
Vor Suchlauf: 12 Verzeichnis(se), 137.106.206.720 Bytes frei
Nach Suchlauf: 18 Verzeichnis(se), 136.853.118.976 Bytes frei
.
- - End Of File - - 30B8EE345042EF745A404D738858B4FB
|
|
18.02.2013, 21:13
| #14 |
| /// Malware-holic | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden Hi lade den CCleaner standard: CCleaner - Download - Filepony falls der CCleaner bereits instaliert, überspringen. öffnen, Tools (extras),uninstall Llist, als txt speichern. öffnen. hinter, jedes von dir benötigte programm, schreibe notwendig. hinter, jedes, von dir nicht benötigte, unnötig. hinter, dir unbekannte, unbekannt. liste posten.
__________________ -Verdächtige mails bitte an uns zur Analyse weiterleiten: markusg.trojaner-board@web.de Weiterleiten Anleitung: http://markusg.trojaner-board.de Mails bitte vorerst nach obiger Anleitung an markusg.trojaner-board@web.de Weiterleiten Wenn Ihr uns unterstützen möchtet |
|
18.02.2013, 22:05
| #15 |
| | win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefundenCode:
ATTFilter Adobe AIR Adobe Systems Incorporated 23.11.2012 3.5.0.600 Adobe Flash Player 11 ActiveX Adobe Systems Incorporated 10.12.2012 6,00MB 11.5.502.135 Adobe Flash Player 11 Plugin Adobe Systems Incorporated 11.02.2013 6,00MB 11.6.602.168 Adobe Reader X (10.1.5) - Deutsch Adobe Systems Incorporated 16.02.2013 121,4MB 10.1.5 Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver Atheros Communications Inc. 10.07.2012 1.0.0.33 AVG 2013 AVG Technologies 12.02.2013 2013.0.2899 AVG Security Toolbar 17.02.2013 AVM FRITZ!Box Dokumentation AVM Berlin 10.07.2012 AVM FRITZ!Box Druckeranschluss AVM Berlin 10.07.2012 Beatport Downloader Beatport LLC 23.11.2012 1.4 CCleaner Piriform 11.07.2012 3.14 CDBurnerXP CDBurnerXP 15.07.2012 17,4MB 4.4.1.3243 CloneDVD2 Elaborate Bytes 09.10.2012 2.9.3.0 EasySaver B9.0904.1 Gigabyte 11.07.2012 1.00.0000 ESET Online Scanner v3 11.02.2013 HTC Driver Installer HTC Corporation 23.12.2012 2,09MB 4.0.0.009 HTC Sync Manager HTC 23.12.2012 158,9MB 1.1.66.0 Java 7 Update 13 Oracle 07.02.2013 129,0MB 7.0.130 JavaFX 2.1.1 Oracle Corporation 12.07.2012 20,9MB 2.1.1 M-Audio Delta 6.0.8 (x64) M-Audio 15.02.2013 3,79MB 6.0.8 Malwarebytes Anti-Malware Version 1.70.0.1100 Malwarebytes Corporation 29.12.2012 18,5MB 1.70.0.1100 Microsoft .NET Framework 4 Client Profile Microsoft Corporation 04.10.2012 38,8MB 4.0.30320 Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Corporation 04.10.2012 2,94MB 4.0.30320 Microsoft Office Professional Plus 2010 Microsoft Corporation 03.10.2012 14.0.6029.1000 Microsoft Silverlight Microsoft Corporation 02.10.2012 50,7MB 5.1.10411.0 Microsoft Visual C++ 2005 Redistributable Microsoft Corporation 11.10.2012 0,29MB 8.0.59193 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Corporation 10.10.2012 0,23MB 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Corporation 11.07.2012 0,57MB 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Corporation 03.10.2012 0,59MB 9.0.30729.6161 Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 Microsoft Corporation 11.10.2012 5,85MB 10.0.40219 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Microsoft Corporation 03.10.2012 12,3MB 10.0.40219 mkv2vob 3r1c 09.10.2012 10,2MB 2.4.9 Mozilla Firefox 13.0.1 (x86 de) Mozilla 10.07.2012 35,8MB 13.0.1 Mozilla Maintenance Service Mozilla 10.07.2012 0,19MB 13.0.1 MSXML 4.0 SP2 (KB954430) Microsoft Corporation 26.12.2012 1,28MB 4.20.9870.0 MSXML 4.0 SP2 (KB973688) Microsoft Corporation 26.12.2012 1,33MB 4.20.9876.0 MyPhoneExplorer F.J. Wechselberger 23.12.2012 1.8.4 Native Instruments Audio 8 DJ 14.07.2012 Native Instruments Audio 8 DJ Native Instruments 15.07.2012 Native Instruments Traktor 2 26.01.2013 Native Instruments Traktor 2 Native Instruments 27.01.2013 Nero Burning ROM 11 Nero AG 10.10.2012 235MB 11.2.00400 NVIDIA Grafiktreiber 301.42 NVIDIA Corporation 13.07.2012 301.42 NVIDIA Update 1.8.15 NVIDIA Corporation 13.07.2012 1.8.15 ON_OFF Charge B11.0110.1 GIGABYTE 10.07.2012 1.00.0001 PDFCreator Frank Heindörfer, Philip Chinery 09.11.2012 1.2.3 Samsung Kies Samsung Electronics Co., Ltd. 04.10.2012 183,7MB 2.5.0.12094_27 SAMSUNG USB Driver for Mobile Phones SAMSUNG Electronics Co., Ltd. 05.12.2012 33,8MB 1.5.15.0 VAIO Gate Sony Corporation 10.07.2012 1.0.0.08050 VIA Plattform-Geräte-Manager VIA Technologies, Inc. 10.07.2012 2,62MB 1.34 Visual Studio 2008 x64 Redistributables AVG Technologies 11.07.2012 42,00KB 10.0.0.2 Visual Studio 2010 x64 Redistributables AVG Technologies 02.10.2012 12,4MB 13.0.0.1 WinRAR 4.20 (64-Bit) win.rar GmbH 13.07.2012 4.20.0 |
|
| Themen zu win32/startpage.oie Trojaner + win32/startpage.oph Trojaner gefunden |
| anti, avg, avira, beste, besten, emails, eset, frage, gefunde, gestern, heute, mailer-daemon, malwarebytes, online, outlook, rojaner gefunden, scan, tracker, troja, trojaner, trojaner gefunden, win, win32/startpage.oie, win32/startpage.oph, yahoo.com |
WARNUNG an die MITLESER: 
Linear-Darstellung
