| |
| |||||||
Log-Analyse und Auswertung: Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair TrojanerWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
 |
21.02.2013, 09:31
| #1 |
| |  Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Hi, Ich bin zurzeit auf Geschäftsreise weit weit weg von zu Hause und habe daher nicht meine gewohnten Tools etc. Ich benötige mein Notebook extrem dringend. Ich bin Softwareentwickler und würde mich als absoluten Computerprofi bezeichnen. Gestern hatte ich plötzlich einen „Scanhost.exe – Corrupt Disk“ System Repair Trojaner auf meinem System. Meines Wissens das erste Problem in 1.5 Jahren seitdem ich dies Notebook habe. Avira hat nichts gefunden. Alle Updates des OS und der Tools stets gemacht. (Ich hatte ganz kurz eine sehr alte Version von Acrobat auf dem System, da könnte ich mir etwas eingefangen haben.) Windows 7 Pro 64 Bit. Mit Hilfe von Grindin habe ich den Rechner gesäubert und die hidden Files wieder sichtbar gemacht. Soweit alles okay. Ab und zu finde ich nochmal hidden Dateien, wie z.B. eben die Favoriten. Diese hatte ich eh mit xmarks synchronisiert, so dass ich die leicht wiederherstellen konnte. Ich würde aber gerne noch eine Systemwiderherstellung machen. Es wurden regelmäßig Systemwiederherstellungspunkte erstellt. Allerdings sind keine (außer einem neuen) sichtbar. Ich vermute, dass auch diese Dateien hidden sind. Wie kann ich diese wieder sichtbar machen? Vielen Dank uns viele Grüße Peter OTL Logfile: Code:
ATTFilter OTL logfile created on: 21.02.2013 03:33:01 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Max Mustermann\Downloads 64bit- Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 5,68 Gb Total Physical Memory | 3,00 Gb Available Physical Memory | 52,88% Memory free 11,35 Gb Paging File | 9,01 Gb Available in Paging File | 79,37% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 228,87 Gb Total Space | 81,05 Gb Free Space | 35,41% Space Free | Partition Type: NTFS Computer Name: SK | User Name: Max Mustermann | Logged in as Administrator. Boot Mode: Normal | Scan Mode: Current user | Quick Scan | Include 64bit Scans Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - [2013.02.21 03:00:32 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Max Mustermann\Downloads\OTL.exe PRC - [2013.02.20 18:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe PRC - [2013.01.24 03:06:40 | 011,184,480 | ---- | M] (SugarSync, Inc.) -- C:\Program Files (x86)\SugarSync\SugarSyncManager.exe PRC - [2012.12.15 15:16:21 | 000,308,368 | ---- | M] (Google Inc.) -- C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe PRC - [2012.11.28 17:33:52 | 000,567,296 | ---- | M] () -- C:\Program Files (x86)\Prey\platform\windows\bin\bash.exe PRC - [2012.11.28 17:33:52 | 000,023,552 | ---- | M] (Fork Ltd.) -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe PRC - [2012.10.05 10:08:42 | 000,109,064 | ---- | M] (Wajam) -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe PRC - [2012.03.07 15:33:00 | 001,122,848 | ---- | M] (Xmarks.com) -- C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe PRC - [2012.01.22 23:43:08 | 000,247,728 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe PRC - [2012.01.22 23:43:08 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe PRC - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) -- C:\Windows\SysWOW64\cjpcsc.exe PRC - [2011.06.28 18:26:08 | 000,278,528 | ---- | M] (MAXA Research Int'l Inc.) -- C:\Program Files (x86)\MAXA Notifier for Skype\SkypeNotifier.exe PRC - [2011.03.02 10:20:58 | 000,224,256 | ---- | M] () -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe PRC - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) -- C:\Programme\Sony\VAIO Care\VCService.exe PRC - [2011.01.29 05:36:18 | 000,081,016 | ---- | M] (Sony of America Corporation) -- C:\Programme\Sony\VAIO Care\listener.exe PRC - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe PRC - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe PRC - [2009.12.29 10:38:50 | 000,112,488 | ---- | M] (Sony Corporation) -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe PRC - [2009.12.03 02:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe PRC - [2009.11.04 06:39:26 | 002,320,920 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe PRC - [2009.11.04 06:39:24 | 000,268,824 | ---- | M] (Intel Corporation) -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe PRC - [2009.10.29 01:54:00 | 000,312,784 | ---- | M] () -- C:\Program Files (x86)\OneClickInternet\WTGService.exe PRC - [2009.02.23 04:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe PRC - [2006.03.26 13:31:26 | 000,431,104 | ---- | M] (Unique Internet Services) -- C:\Program Files (x86)\ProxyFirewall\ProxyFirewall.exe ========== Modules (No Company Name) ========== MOD - [2011.03.16 23:11:16 | 004,297,568 | ---- | M] () -- C:\Program Files (x86)\Common Files\Microsoft Shared\office14\Cultures\office.odf ========== Services (SafeList) ========== SRV:64bit: - [2011.01.29 05:36:18 | 000,259,192 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files\Sony\VAIO Care\VCPerfService.exe -- (SampleCollector) SRV:64bit: - [2009.07.13 20:40:01 | 000,193,536 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Windows\SysNative\appmgmts.dll -- (AppMgmt) SRV:64bit: - [2008.07.29 12:20:28 | 004,737,024 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe -- (msvsmon90) SRV - [2013.02.20 18:13:50 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto | Running] -- C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService) SRV - [2013.02.20 18:12:59 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Disabled | Stopped] -- C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService) SRV - [2013.02.10 15:55:30 | 000,012,288 | ---- | M] (Chris Pietschmann (hxxp://pietschsoft.com)) [Auto | Running] -- C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe -- (Virtual Router) SRV - [2013.02.08 14:46:57 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand | Stopped] -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance) SRV - [2013.02.08 02:36:12 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc) SRV - [2013.01.08 12:55:20 | 000,161,536 | R--- | M] (Skype Technologies) [Auto | Stopped] -- C:\Program Files (x86)\Skype\Updater\Updater.exe -- (SkypeUpdate) SRV - [2012.11.28 17:33:52 | 000,023,552 | ---- | M] (Fork Ltd.) [Auto | Running] -- C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe -- (CronService) SRV - [2012.10.26 09:44:28 | 001,286,784 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Update\VUAgent.exe -- (VUAgent) SRV - [2012.10.05 10:08:42 | 000,109,064 | ---- | M] (Wajam) [Auto | Running] -- C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe -- (WajamUpdater) SRV - [2012.01.22 23:43:08 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService) SRV - [2011.07.22 07:49:26 | 000,511,920 | ---- | M] (REINER SCT) [Auto | Running] -- C:\Windows\SysWOW64\cjpcsc.exe -- (cjpcsc) SRV - [2011.03.02 10:20:58 | 000,224,256 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe -- (DirMngr) SRV - [2011.02.14 13:23:50 | 000,044,736 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Care\VCService.exe -- (VCService) SRV - [2010.12.10 17:36:54 | 000,153,440 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Programme\Microsoft SQL Server\90\Shared\sqlwriter.exe -- (SQLWriter) SRV - [2010.08.11 07:46:06 | 000,845,312 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Programme\Sony\VAIO Smart Network\VSNService.exe -- (VSNService) SRV - [2010.05.28 10:14:24 | 000,205,168 | ---- | M] (Sony Corporation) [Auto | Running] -- C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe -- (VAIO Event Service) SRV - [2010.04.19 23:51:30 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service) SRV - [2010.03.18 12:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32) SRV - [2010.03.05 09:26:38 | 001,425,168 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Intel\WiFi\bin\EvtEng.exe -- (EvtEng) SRV - [2010.03.05 09:06:22 | 000,831,760 | ---- | M] (Intel(R) Corporation) [Auto | Running] -- C:\Programme\Common Files\Intel\WirelessCommon\RegSrvc.exe -- (RegSrvc) SRV - [2010.03.03 19:16:06 | 000,013,336 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe -- (IAStorDataMgrSvc) SRV - [2010.01.09 20:34:24 | 004,925,184 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Programme\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE -- (osppsvc) SRV - [2010.01.06 07:56:10 | 000,571,248 | ---- | M] (Sony Corporation) [On_Demand | Running] -- C:\Programme\Sony\VAIO Power Management\SPMService.exe -- (VAIO Power Management) SRV - [2009.12.17 01:51:10 | 000,091,432 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe -- (SOHPlMgr) SRV - [2009.12.17 01:51:08 | 000,427,304 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe -- (SOHDms) SRV - [2009.12.17 01:51:08 | 000,120,104 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe -- (SOHCImp) SRV - [2009.12.17 01:51:08 | 000,075,048 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe -- (SOHDs) SRV - [2009.12.17 01:51:08 | 000,070,952 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe -- (SOHDBSvr) SRV - [2009.12.03 02:27:28 | 000,330,488 | ---- | M] (QUALCOMM, Inc.) [Auto | Running] -- c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe -- (QDLService2kSony) SRV - [2009.11.04 06:39:26 | 002,320,920 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe -- (UNS) SRV - [2009.11.04 06:39:24 | 000,268,824 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe -- (LMS) SRV - [2009.10.29 01:54:00 | 000,312,784 | ---- | M] () [Auto | Running] -- C:\Program Files (x86)\OneClickInternet\WTGService.exe -- (WTGService) SRV - [2009.09.28 02:42:50 | 000,109,056 | ---- | M] (ArcSoft Inc.) [On_Demand | Stopped] -- C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon) SRV - [2009.09.04 16:35:12 | 000,873,248 | ---- | M] (Broadcom Corporation.) [Auto | Running] -- C:\Programme\WIDCOMM\Bluetooth Software\btwdins.exe -- (btwdins) SRV - [2009.08.30 18:59:30 | 000,362,992 | ---- | M] (Sonic Solutions) [Auto | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe -- (Roxio Upnp Server 10) SRV - [2009.08.30 18:59:18 | 000,313,840 | ---- | M] (Sonic Solutions) [On_Demand | Stopped] -- C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe -- (Roxio UPnP Renderer 10) SRV - [2009.06.10 16:23:09 | 000,066,384 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2009.02.23 04:48:50 | 000,030,312 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe -- (BcmSqlStartupSvc) SRV - [2008.12.08 08:16:56 | 000,169,312 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor7.0) SRV - [2008.09.05 11:10:00 | 000,136,568 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe -- (awhost32) SRV - [2006.01.19 10:29:52 | 002,041,536 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE -- (LiveUpdate) ========== Driver Services (SafeList) ========== DRV:64bit: - [2013.02.20 18:14:24 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avkmgr.sys -- (avkmgr) DRV:64bit: - [2013.02.20 18:14:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\avipbb.sys -- (avipbb) DRV:64bit: - [2012.09.28 10:32:56 | 000,053,760 | ---- | M] (Apple, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\usbaapl64.sys -- (USBAAPL64) DRV:64bit: - [2012.08.23 09:10:20 | 000,019,456 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\rdpvideominiport.sys -- (RdpVideoMiniport) DRV:64bit: - [2012.08.23 09:07:35 | 000,057,856 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\TsUsbFlt.sys -- (TsUsbFlt) DRV:64bit: - [2012.08.21 13:01:20 | 000,033,240 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\GEARAspiWDM.sys -- (GEARAspiWDM) DRV:64bit: - [2012.03.01 01:46:16 | 000,023,408 | ---- | M] (Microsoft Corporation) [Recognizer | Boot | Unknown] -- C:\Windows\SysNative\drivers\fs_rec.sys -- (Fs_Rec) DRV:64bit: - [2012.01.04 09:28:36 | 000,016,640 | ---- | M] (Windows (R) Win 7 DDK provider) [File_System | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\gtkdrv.sys -- (TrojanKillerDriver) DRV:64bit: - [2011.03.29 10:50:26 | 000,034,672 | ---- | M] (REINER SCT) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\cjusb.sys -- (cjusb) DRV:64bit: - [2011.03.11 01:41:12 | 000,107,904 | ---- | M] (Advanced Micro Devices) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsata.sys -- (amdsata) DRV:64bit: - [2011.03.11 01:41:12 | 000,027,008 | ---- | M] (Advanced Micro Devices) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\amdxata.sys -- (amdxata) DRV:64bit: - [2010.11.20 08:34:02 | 000,360,832 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcvmm.sys -- (vpcvmm) DRV:64bit: - [2010.11.20 08:34:02 | 000,194,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpchbus.sys -- (vpcbus) DRV:64bit: - [2010.11.20 08:33:35 | 000,078,720 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\HpSAMD.sys -- (HpSAMD) DRV:64bit: - [2010.11.20 06:35:32 | 000,095,232 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\vpcusb.sys -- (vpcusb) DRV:64bit: - [2010.11.20 06:35:20 | 000,059,392 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\vpcnfltr.sys -- (vpcnfltr) DRV:64bit: - [2010.11.20 04:37:42 | 000,109,056 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\sdbus.sys -- (sdbus) DRV:64bit: - [2010.05.31 11:05:06 | 007,689,216 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\NETw5s64.sys -- (NETw5s64) DRV:64bit: - [2010.05.20 14:13:28 | 000,034,840 | ---- | M] (Colasoft Co., Ltd.) [Kernel | System | Running] -- C:\Windows\SysNative\drivers\CSN5PDTS82x64.sys -- (CSN5PDTS82x64) DRV:64bit: - [2010.04.19 20:29:18 | 000,022,528 | ---- | M] (Apple Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\netaapl64.sys -- (Netaapl) DRV:64bit: - [2010.03.03 18:51:40 | 000,540,696 | ---- | M] (Intel Corporation) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\iaStor.sys -- (iaStor) DRV:64bit: - [2010.02.06 00:05:17 | 000,084,584 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\nvhda64v.sys -- (NVHDA) DRV:64bit: - [2010.01.29 01:37:46 | 000,299,568 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SynTP.sys -- (SynTP) DRV:64bit: - [2009.12.17 15:09:29 | 000,293,552 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\e1k62x64.sys -- (e1kexpress) DRV:64bit: - [2009.12.17 15:06:59 | 000,151,936 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\Impcd.sys -- (Impcd) DRV:64bit: - [2009.12.03 01:47:44 | 000,240,640 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbnetsny2k.sys -- (qcusbnetsny2k) DRV:64bit: - [2009.12.03 01:47:44 | 000,121,216 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcusbserSny2k.sys -- (qcusbsersny2k) DRV:64bit: - [2009.12.03 01:47:44 | 000,006,400 | ---- | M] (QUALCOMM Incorporated) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\qcfilterSny2k.sys -- (qcfilterSny2k) DRV:64bit: - [2009.12.02 15:02:50 | 000,012,032 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\SFEP.sys -- (SFEP) DRV:64bit: - [2009.11.18 15:09:45 | 000,021,160 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwrchid.sys -- (btwrchid) DRV:64bit: - [2009.11.18 15:09:44 | 000,132,648 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwavdt.sys -- (btwavdt) DRV:64bit: - [2009.11.18 15:09:44 | 000,098,344 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwaudio.sys -- (btwaudio) DRV:64bit: - [2009.11.18 15:09:43 | 000,052,264 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btusbflt.sys -- (btusbflt) DRV:64bit: - [2009.11.18 15:09:14 | 000,035,104 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\btwl2cap.sys -- (btwl2cap) DRV:64bit: - [2009.11.06 15:31:27 | 000,076,800 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\risdsne64.sys -- (risdsnpe) DRV:64bit: - [2009.11.06 15:31:18 | 000,093,696 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\Windows\SysNative\drivers\rimssne64.sys -- (rimspci) DRV:64bit: - [2009.09.17 15:54:54 | 000,056,344 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\HECIx64.sys -- (HECIx64) DRV:64bit: - [2009.07.13 20:52:20 | 000,194,128 | ---- | M] (AMD Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\amdsbs.sys -- (amdsbs) DRV:64bit: - [2009.07.13 20:48:04 | 000,065,600 | ---- | M] (LSI Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\lsi_sas2.sys -- (LSI_SAS2) DRV:64bit: - [2009.07.13 20:45:55 | 000,024,656 | ---- | M] (Promise Technology) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\stexstor.sys -- (stexstor) DRV:64bit: - [2009.07.13 19:39:20 | 000,023,040 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\WSDPrint.sys -- (WSDPrintDevice) DRV:64bit: - [2009.07.13 19:35:32 | 000,012,288 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\serscan.sys -- (StillCam) DRV:64bit: - [2009.07.13 18:21:48 | 000,038,400 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\Windows\SysNative\drivers\tpm.sys -- (TPM) DRV:64bit: - [2009.06.10 15:34:33 | 003,286,016 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\evbda.sys -- (ebdrv) DRV:64bit: - [2009.06.10 15:34:28 | 000,468,480 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\bxvbda.sys -- (b06bdrv) DRV:64bit: - [2009.06.10 15:34:23 | 000,270,848 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\b57nd60a.sys -- (b57nd60a) DRV:64bit: - [2009.06.10 15:31:59 | 000,031,232 | ---- | M] (Hauppauge Computer Works, Inc.) [Kernel | On_Demand | Stopped] -- C:\Windows\SysNative\drivers\hcw85cir.sys -- (hcw85cir) DRV:64bit: - [2009.05.20 05:00:00 | 000,055,280 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\Windows\SysNative\drivers\PxHlpa64.sys -- (PxHlpa64) DRV - [2009.07.13 20:19:10 | 000,019,008 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Stopped] -- C:\Windows\SysWOW64\drivers\wimmount.sys -- (WIMMount) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE:64bit: - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {6A1806CD-94D4-4689-BA73-E35EA1EA9990} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=SVEC&bmod=EU01 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank IE - HKCU\..\SearchScopes,DefaultScope = {4A3CA983-CA40-42E1-9EA3-90FDAFD06257} IE - HKCU\..\SearchScopes\{043C5167-00BB-4324-AF7E-62013FAEDACF}: "URL" = hxxp://vshare.toolbarhome.com/search.aspx?q={searchTerms}&srch=dsp IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKCU\..\SearchScopes\{4A3CA983-CA40-42E1-9EA3-90FDAFD06257}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SVEC_deDE376 IE - HKCU\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKCU\..\SearchScopes\{6CCEEA73-FFA5-4F30-A3FC-EE7D66389415}: "URL" = hxxp://de.shopping.com/?linkin_id=8056363 IE - HKCU\..\SearchScopes\{A9D75C31-CBC1-40EF-8849-ABCBBB19569F}: "URL" = hxxp://rover.ebay.com/rover/1/707-37276-16609-0/4?satitle={searchTerms} IE - HKCU\..\SearchScopes\{EC9E7945-DF16-420C-B3D3-B5D24E972ABF}: "URL" = hhxxp://www.zinio.com/search/index.jsp?s={searchTerms}&rf=sonyie8search IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local> ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "about:blank" FF - prefs.js..extensions.enabledAddons: %7BD9A7CBEC-DE1A-444f-A092-844461596C4D%7D:5.0 FF - prefs.js..extensions.enabledAddons: plugin%40selectionlinks.com:1.5 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:18.0.2 FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_5_502_149.dll File not found FF:64bit: - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.5.0: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.5.0: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF:64bit: - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF:64bit: - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_5_502_149.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.15.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.15.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files (x86)\Microsoft Silverlight\5.1.10411.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 14:46:57 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird2\components [2012.12.31 10:23:30 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 15.0.1\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird2\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 01:55:29 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.20 01:55:30 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.02.08 14:46:57 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2013.02.20 19:59:11 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Components: C:\Program Files (x86)\Mozilla Thunderbird\components [2013.02.20 01:55:29 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Thunderbird 17.0.3\extensions\\Plugins: C:\Program Files (x86)\Mozilla Thunderbird\plugins [2013.02.20 01:55:30 | 000,000,000 | ---D | M] [2011.03.18 20:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions [2010.10.28 09:56:35 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions\{3550f703-e582-4d05-9a08-453d09bdfdc6} [2011.03.18 20:56:28 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Extensions\home2@tomtom.com [2012.12.21 10:08:58 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions [2012.12.14 09:30:53 | 000,000,000 | ---D | M] ("Default Full Zoom Level") -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions\{D9A7CBEC-DE1A-444f-A092-844461596C4D} [2012.12.21 10:08:51 | 000,000,000 | ---D | M] (SelectionLinks) -- C:\Users\Max Mustermann\AppData\Roaming\mozilla\Firefox\Profiles\qy2j5vdv.default\extensions\plugin@selectionlinks.com [2013.02.08 14:46:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.02.08 14:46:57 | 000,262,552 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2012.10.24 17:03:12 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.10.24 17:03:11 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2012.10.24 17:03:12 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2012.10.24 17:03:12 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2012.10.24 17:03:12 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2012.10.24 17:03:11 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.04.26 16:04:12 | 000,000,861 | ---- | M]) - C:\Windows\SysNative\drivers\etc\hosts O2:64bit: - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2:64bit: - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O2:64bit: - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2:64bit: - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O2 - BHO: (IE7Pro BHO) - {00011268-E188-40DF-A514-835FCD78B1BF} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com) O2 - BHO: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O2 - BHO: (SelectionLinksBHO Class) - {300BEC06-B743-4D19-86B9-11DC711D7FFB} - C:\Program Files (x86)\OApps\SelectionLinks.dll (SelectionLinks) O2 - BHO: (FoxyProxy Internet Explorer Add-on) - {5D4A582E-1F8B-4b0d-93F6-0FAA20B5B95D} - C:\ProgramData\fpie\FoxyProxyAdd-on.dll () O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (United MileagePlus Shopping Assistant) - {89867A4A-BDEE-4259-964A-B8E87C4892F3} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.) O2 - BHO: (Evernote extension) - {92EF2EAD-A7CE-4424-B0DB-499CF856608E} - C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O2 - BHO: (Wajam) - {A7A6995D-6EE1-4FD1-A258-49395D5BF99C} - C:\Program Files (x86)\Wajam\IE\priam_bho.dll (Wajam) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3:64bit: - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKLM\..\Toolbar: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll () O3 - HKLM\..\Toolbar: (United MileagePlus Shopping Assistant) - {EF91116F-DE92-4286-9087-093085152182} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (vShare Plugin) - {043C5167-00BB-4324-AF7E-62013FAEDACF} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O3:64bit: - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll (Google Inc.) O3 - HKCU\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files (x86)\IEPro\IEProRecorder.dll () O3 - HKCU\..\Toolbar\WebBrowser: (United MileagePlus Shopping Assistant) - {EF91116F-DE92-4286-9087-093085152182} - C:\Program Files (x86)\United MileagePlus Shopping Assistant\UnitedMPSIE.dll (Billeo, Inc.) O4:64bit: - HKLM..\Run: [ApplyEsf-eDocPrintPro] "C:\Program Files\Common Files\MAYComputer\eDocPrintPro\\ApplyEsf.exe" File not found O4:64bit: - HKLM..\Run: [HotKeysCmds] C:\Windows\SysNative\hkcmd.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [IgfxTray] C:\Windows\SysNative\igfxtray.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [NvCplDaemon] C:\Windows\SysNative\NvCpl.dll (NVIDIA Corporation) O4:64bit: - HKLM..\Run: [Persistence] C:\Windows\SysNative\igfxpers.exe (Intel Corporation) O4:64bit: - HKLM..\Run: [PSQLLauncher] c:\Program Files\Protector Suite\launcher.exe (UPEK Inc.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BirdieSync] C:\Program Files (x86)\BirdieSync\BirdieSync.exe -minimized File not found O4 - HKLM..\Run: [ControlCenter3] C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [DivXUpdate] C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe () O4 - HKLM..\Run: [IAStorIcon] C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe (Intel Corporation) O4 - HKLM..\Run: [ISBMgr.exe] C:\Program Files (x86)\Sony\ISB Utility\ISBMgr.exe (Sony Corporation) O4 - HKLM..\Run: [MarketingTools] C:\Program Files (x86)\Sony\Marketing Tools\MarketingTools.exe (Sony Corporation) O4 - HKLM..\Run: [SpeechExec Startup] C:\Program Files (x86)\Common Files\Philips Speech Shared\Components\PSP.SpeechExec.StartupApp.exe (Philips Austria GmbH - Speech Processing) O4 - HKCU..\Run: [PureText] C:\Users\Max Mustermann\AppData\Local\Temp\_tc\PureText.exe (hxxp://www.SteveMiller.net) O4 - HKCU..\Run: [SkypeNotifier] C:\Program Files (x86)\MAXA Notifier for Skype\SkypeNotifier.exe (MAXA Research Int'l Inc.) O4 - HKCU..\Run: [SugarSync] C:\Program Files (x86)\SugarSync\SugarSyncManager.exe (SugarSync, Inc.) O4 - HKCU..\Run: [TomTomHOME.exe] C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe (TomTom) O4 - HKCU..\Run: [updateMgr] C:\Program Files (x86)\Adobe\Acrobat 7.0\Acrobat\AdobeUpdateManager.exe AcPro7_1_0 -reboot 1 File not found O4 - HKCU..\Run: [VJqeiIpbxgLlY.exe] C:\ProgramData\VJqeiIpbxgLlY.exe File not found O4 - HKCU..\Run: [Xmarks] C:\Program Files (x86)\Xmarks\IE Extension\xmarkssync.exe (Xmarks.com) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk = C:\Program Files (x86)\Bitcoin\bitcoin-qt.exe () O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteClipper.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk = C:\Program Files (x86)\Evernote\Evernote\EvernoteTray.exe (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\FastStone Capture.lnk = C:\Program Files (x86)\FastStone Capture\FSCapture.exe (FastStone Soft) O4 - Startup: C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present O8:64bit: - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O8:64bit: - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8:64bit: - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8:64bit: - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O8:64bit: - Extra context menu item: FoxyProxy - C:\ProgramData\fpie\FoxyProxyAdd-on.dll () O8:64bit: - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM () O8:64bit: - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM () O8:64bit: - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8:64bit: - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8:64bit: - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8:64bit: - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html () O8 - Extra context menu item: &ieSpell Options - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: An OneNote s&enden - res://C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105 File not found O8 - Extra context menu item: Bild an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm () O8 - Extra context menu item: Check &Spelling - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O8 - Extra context menu item: FoxyProxy - C:\ProgramData\fpie\FoxyProxyAdd-on.dll () O8 - Extra context menu item: Lookup on Merriam Webster - C:\Program Files (x86)\ieSpell\Merriam Webster.HTM () O8 - Extra context menu item: Lookup on Wikipedia - C:\Program Files (x86)\ieSpell\wikipedia.HTM () O8 - Extra context menu item: Nach Microsoft E&xcel exportieren - res://C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Neue Notiz - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\NewNote.html () O8 - Extra context menu item: Seite an &Bluetooth-Gerät senden... - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O8 - Extra context menu item: Zu Evernote 4 hinzufügen - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\Clip.html () O9:64bit: - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Programme\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation) O9:64bit: - Extra Button: Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra 'Tools' menuitem : Verknüpfte &OneNote-Notizen - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Programme\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation) O9:64bit: - Extra Button: @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9:64bit: - Extra 'Tools' menuitem : @C:\Program Files\WIDCOMM\Bluetooth Software\btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra Button: IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Grab and Drag - {000002a3-84fe-43f1-b958-f2c3ca804f1a} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com) O9 - Extra Button: IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com) O9 - Extra 'Tools' menuitem : IE7Pro Preferences - {0026439F-A980-4f18-8C95-4F1CBBF9C1D8} - C:\Program Files (x86)\IEPro\iepro.dll (IE7Pro.com) O9 - Extra Button: ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell - {0E17D5B7-9F5D-4fee-9DF6-CA6EE38B68A8} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O9 - Extra 'Tools' menuitem : ieSpell Options - {1606D6F9-9D3B-4aea-A025-ED5B2FD488E7} - C:\Program Files (x86)\ieSpell\iespell.dll (Red Egg Software) O9 - Extra Button: FoxyProxy - {5D4A582E-1F8B-4b0d-93F6-0FAA20B5B95D} - C:\ProgramData\fpie\FoxyProxyAdd-on.dll () O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra 'Tools' menuitem : @C:\Program Files (x86)\Evernote\Evernote\Resource.dll,-101 - {A95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\Program Files (x86)\Evernote\Evernote\\EvernoteIERes\AddNote.html () O9 - Extra Button: Send To Bluetooth - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O9 - Extra 'Tools' menuitem : Send to &Bluetooth Device... - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Programme\WIDCOMM\Bluetooth Software\btsendto_ie.htm () O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O16:64bit: - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0) O16:64bit: - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 1.6.0_16) O16:64bit: - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab (Java Plug-in 10.5.0) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {C345E174-3E87-4F41-A01C-B066A90A49B4} hxxp://trial.trymicrosoftoffice.com/trialoaa/buymsoffice_assets/framework/microsoft/wrc32.ocx (WRC Class) O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22) O16 - DPF: {CAFEEFAC-0016-0000-0033-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 1.6.0_33) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_33-windows-i586.cab (Java Plug-in 10.15.2) O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.) O16 - DPF: {FD0B6769-6490-4A91-AA0A-B5AE0DC75AC9} https://secure.logmein.com/activex/ractrl.cab?lmi=100 (Performance Viewer Activex Control) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{05D709C7-3DCE-482D-A7C1-0E1374BBFE9F}: NameServer = 139.7.30.125 139.7.30.126 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46C0F332-C448-430D-B84D-4FC4FEF99F71}: DhcpNameServer = 192.168.1.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A7B95E7D-FDE7-4ACD-9067-404E83E5322C}: DhcpNameServer = 192.168.1.1 O18:64bit: - Protocol\Handler\ipp - No CLSID value found O18:64bit: - Protocol\Handler\ipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\0x00000001 - No CLSID value found O18:64bit: - Protocol\Handler\msdaipp\oledb - No CLSID value found O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\ms-itss - No CLSID value found O18:64bit: - Protocol\Handler\mso-offdap11 - No CLSID value found O18:64bit: - Protocol\Handler\skype4com - No CLSID value found O18:64bit: - Protocol\Handler\skype-ie-addon-data - No CLSID value found O18:64bit: - Protocol\Handler\vsharechrome - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11D1-9C6B-0000F875AC61} - C:\PROGRA~2\COMMON~1\System\OLEDB~1\MSDAIPP.DLL (Microsoft Corporation) O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\PROGRA~2\COMMON~1\MICROS~1\WEBCOM~1\11\OWC11.DLL (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~2\COMMON~1\Skype\SKYPE4~1.DLL (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\vsharechrome {3F3A4B8A-86FC-43A4-BB00-6D7EBE9D4484} - C:\Program Files (x86)\vShare\vshare_toolbar.dll () O18:64bit: - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O20:64bit: - Winlogon\Notify\igfxcui: DllName - (igfxdev.dll) - C:\Windows\SysNative\igfxdev.dll (Intel Corporation) O20:64bit: - Winlogon\Notify\psfus: DllName - (c:\Program Files\Protector Suite\psqlpwd.dll) - c:\Programme\Protector Suite\psqlpwd.dll (UPEK Inc.) O20 - Winlogon\Notify\PCANotify: DllName - (PCANotify.dll) - C:\Windows\SysWow64\PCANotify.dll (Symantec Corporation) O20 - Winlogon\Notify\VESWinlogon: DllName - (VESWinlogon.dll) - C:\Windows\SysWow64\VESWinlogon.dll (Sony Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.02.20 19:03:02 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GridinSoft Trojan Killer [2013.02.20 19:02:57 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\GridinSoft Trojan Killer [2013.02.20 18:17:08 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\Avira [2013.02.20 18:15:45 | 000,129,216 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.20 18:15:45 | 000,099,912 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.20 18:15:45 | 000,027,800 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.20 18:15:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.02.20 18:15:45 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Avira [2013.02.20 01:55:29 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Thunderbird [2013.02.19 10:53:47 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Virtual Router [2013.02.09 14:39:33 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Roaming\AdobeUM [2013.02.08 14:46:54 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\PlotSoft [2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\PlotSoft [2013.02.08 11:42:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDFill [2013.01.31 18:28:17 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Evernote [2013.01.31 18:28:13 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Evernote [2013.01.30 01:24:32 | 000,000,000 | -HSD | C] -- C:\Windows\SysNative\%APPDATA% [2013.01.28 14:40:16 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sketch Drawer [2013.01.28 14:40:11 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Sketch Drawer [2013.01.27 11:31:46 | 000,000,000 | ---D | C] -- C:\Users\Max Mustermann\AppData\Local\Evernote [2013.01.25 19:23:38 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Total Commander [2013.01.25 06:47:34 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype [2013.01.25 06:47:34 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Common Files\Skype [4 C:\Users\Max Mustermann\Documents\*.tmp files -> C:\Users\Max Mustermann\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.02.21 03:32:51 | 000,000,029 | ---- | M] () -- C:\Windows\SysWow64\TempWmicBatchFile.bat [2013.02.21 03:24:47 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 03:24:47 | 000,014,160 | -H-- | M] () -- C:\Windows\SysNative\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.02.21 03:21:02 | 000,001,124 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.02.21 02:59:16 | 000,000,000 | ---- | M] () -- C:\Users\Max Mustermann\defogger_reenable [2013.02.21 02:36:01 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.02.21 00:21:05 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.02.20 20:38:31 | 001,646,182 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.02.20 20:38:31 | 000,713,264 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.02.20 20:38:31 | 000,663,508 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.02.20 20:38:31 | 000,154,420 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.02.20 20:38:31 | 000,124,702 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.02.20 20:34:16 | 000,001,054 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Bitcoin.lnk [2013.02.20 20:31:58 | 000,000,022 | ---- | M] () -- C:\Windows\S.dirmngr [2013.02.20 20:31:55 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.02.20 20:31:50 | 277,209,087 | -HS- | M] () -- C:\hiberfil.sys [2013.02.20 20:01:03 | 000,467,336 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.02.20 19:03:02 | 000,001,139 | ---- | M] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2013.02.20 18:15:47 | 000,002,066 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.20 18:14:24 | 000,027,800 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avkmgr.sys [2013.02.20 18:14:23 | 000,129,216 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avipbb.sys [2013.02.20 18:14:22 | 000,099,912 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\SysNative\drivers\avgntflt.sys [2013.02.20 17:59:23 | 000,000,168 | ---- | M] () -- C:\ProgramData\VJqeiIpbxgLlY [2013.02.20 17:56:44 | 000,000,160 | ---- | M] () -- C:\ProgramData\-VJqeiIpbxgLlY [2013.02.20 17:41:40 | 000,000,184 | ---- | M] () -- C:\ProgramData\-VJqeiIpbxgLlYr [2013.02.20 15:26:54 | 000,002,270 | ---- | M] () -- C:\Users\Max Mustermann\Documents\Default.rdp [2013.02.19 10:53:47 | 000,002,619 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2013.02.19 10:38:47 | 000,000,127 | ---- | M] () -- C:\Windows\SysNative\MRT.INI [2013.02.12 05:34:19 | 000,000,000 | ---- | M] () -- C:\Users\Max Mustermann\Documents\Nuance Image Printer Writer Port [2013.02.09 15:54:51 | 000,009,252 | ---- | M] () -- C:\test.xml [2013.02.09 14:48:39 | 000,001,550 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_1_0.ini [2013.02.09 14:48:02 | 000,000,095 | ---- | M] () -- C:\Users\Public\Documents\AcPro7_1_0.sta [2013.02.09 14:47:39 | 000,002,453 | ---- | M] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2013.02.08 11:42:32 | 000,002,094 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk [2013.02.08 11:42:32 | 000,001,092 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk [2013.02.08 11:42:32 | 000,001,062 | ---- | M] () -- C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk [2013.02.08 07:15:10 | 000,000,988 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Sketch Drawer.lnk [2013.01.31 20:41:09 | 000,051,840 | ---- | M] () -- C:\Users\Max Mustermann\Documents\v_ktt.de.rtf [2013.01.31 12:04:10 | 000,000,000 | ---- | M] () -- C:\END [2013.01.27 11:39:56 | 000,001,112 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2013.01.27 11:33:36 | 000,001,127 | ---- | M] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013.01.27 11:29:05 | 000,000,932 | ---- | M] () -- C:\Users\Max Mustermann\Desktop\Evernote.lnk [2013.01.25 06:47:34 | 000,002,517 | ---- | M] () -- C:\Users\Public\Desktop\Skype.lnk [2013.01.23 12:50:47 | 000,020,480 | ---- | M] () -- C:\Users\Max Mustermann\Documents\delphian.zdp [4 C:\Users\Max Mustermann\Documents\*.tmp files -> C:\Users\Max Mustermann\Documents\*.tmp -> ] [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.02.21 02:59:16 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\defogger_reenable [2013.02.20 20:31:58 | 000,000,022 | ---- | C] () -- C:\Windows\S.dirmngr [2013.02.20 20:30:03 | 000,002,619 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Virtual Router Manager.lnk [2013.02.20 20:30:03 | 000,002,519 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk [2013.02.20 20:30:03 | 000,002,459 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Distiller 7.0.lnk [2013.02.20 20:30:03 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Designer 7.0.lnk [2013.02.20 20:30:03 | 000,002,453 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Acrobat - Schnellstart.lnk [2013.02.20 20:30:03 | 000,002,447 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Acrobat 7.0 Professional.lnk [2013.02.20 20:30:03 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader 9.lnk [2013.02.20 20:30:03 | 000,002,254 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Control Center.lnk [2013.02.20 20:30:03 | 000,002,157 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Premiere Elements 7.0.lnk [2013.02.20 20:30:03 | 000,002,153 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Support für Übertragungen.lnk [2013.02.20 20:30:03 | 000,002,135 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Audible Download Manager.lnk [2013.02.20 20:30:03 | 000,002,085 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Help Center.lnk [2013.02.20 20:30:03 | 000,002,072 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Gate.lnk [2013.02.20 20:30:03 | 000,002,067 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Bridge.lnk [2013.02.20 20:30:03 | 000,002,045 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop CS2.lnk [2013.02.20 20:30:03 | 000,002,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe ImageReady CS2.lnk [2013.02.20 20:30:03 | 000,002,024 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Media plus.lnk [2013.02.20 20:30:03 | 000,002,017 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Care.lnk [2013.02.20 20:30:03 | 000,001,962 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SugarSync Manager.lnk [2013.02.20 20:30:03 | 000,001,820 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Documentation.lnk [2013.02.20 20:30:03 | 000,001,547 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk [2013.02.20 20:30:03 | 000,001,352 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk [2013.02.20 20:30:03 | 000,001,345 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk [2013.02.20 20:30:03 | 000,001,330 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk [2013.02.20 20:30:03 | 000,001,326 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk [2013.02.20 20:30:03 | 000,001,246 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk [2013.02.20 20:30:03 | 000,001,210 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk [2013.02.20 20:30:03 | 000,001,205 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\UnitedMPS.lnk [2013.02.20 20:30:03 | 000,001,149 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MAXA Notifier for Skype.lnk [2013.02.20 20:30:03 | 000,001,119 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Photoshop Elements 7.0.lnk [2013.02.20 20:30:03 | 000,001,065 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO-Wiederherstellungscenter.lnk [2013.02.20 20:30:03 | 000,001,042 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Premium Partners.lnk [2013.02.20 20:30:03 | 000,001,019 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk [2013.02.20 20:30:03 | 000,000,984 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Data Restore Tool.lnk [2013.02.20 20:30:03 | 000,000,834 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth.lnk [2013.02.20 19:49:05 | 000,002,517 | ---- | C] () -- C:\Users\Public\Desktop\Skype.lnk [2013.02.20 19:49:05 | 000,002,374 | ---- | C] () -- C:\Users\Public\Desktop\Google Chrome.lnk [2013.02.20 19:49:05 | 000,002,140 | ---- | C] () -- C:\Users\Public\Desktop\Brother Creative Center.lnk [2013.02.20 19:49:05 | 000,002,094 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Editor.lnk [2013.02.20 19:49:05 | 000,002,066 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.02.20 19:49:05 | 000,002,061 | ---- | C] () -- C:\Users\Public\Desktop\DPMAdirekt Desktop.lnk [2013.02.20 19:49:05 | 000,001,950 | ---- | C] () -- C:\Users\Public\Desktop\SugarSync Manager.lnk [2013.02.20 19:49:05 | 000,001,918 | ---- | C] () -- C:\Users\Public\Desktop\DOSBox 0.74.lnk [2013.02.20 19:49:05 | 000,001,783 | ---- | C] () -- C:\Users\Public\Desktop\iTunes.lnk [2013.02.20 19:49:05 | 000,001,308 | ---- | C] () -- C:\Users\Public\Desktop\iPhone Backup Extractor.lnk [2013.02.20 19:49:05 | 000,001,168 | ---- | C] () -- C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk [2013.02.20 19:49:05 | 000,001,147 | ---- | C] () -- C:\Users\Public\Desktop\Mozilla Firefox.lnk [2013.02.20 19:49:05 | 000,001,135 | ---- | C] () -- C:\Users\Public\Desktop\cyberJack Gerätemanager, Funktionstest.lnk [2013.02.20 19:49:05 | 000,001,123 | ---- | C] () -- C:\Users\Public\Desktop\Audiograbber.lnk [2013.02.20 19:49:05 | 000,001,092 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Tools (Free).lnk [2013.02.20 19:49:05 | 000,001,075 | ---- | C] () -- C:\Users\Public\Desktop\FastStone Capture.lnk [2013.02.20 19:49:05 | 000,001,070 | ---- | C] () -- C:\Users\Public\Desktop\Exact Audio Copy.lnk [2013.02.20 19:49:05 | 000,001,062 | ---- | C] () -- C:\Users\Public\Desktop\PDFill PDF Writer (Free).lnk [2013.02.20 19:49:05 | 000,001,061 | ---- | C] () -- C:\Users\Public\Desktop\No23 Recorder.lnk [2013.02.20 19:49:05 | 000,000,998 | ---- | C] () -- C:\Users\Public\Desktop\IrfanView.lnk [2013.02.20 19:03:02 | 000,001,139 | ---- | C] () -- C:\Users\Public\Desktop\Trojan Killer.lnk [2013.02.20 18:58:34 | 000,001,141 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VAIO Update.lnk [2013.02.20 17:41:40 | 000,000,184 | ---- | C] () -- C:\ProgramData\-VJqeiIpbxgLlYr [2013.02.20 17:41:40 | 000,000,160 | ---- | C] () -- C:\ProgramData\-VJqeiIpbxgLlY [2013.02.20 17:41:38 | 000,000,168 | ---- | C] () -- C:\ProgramData\VJqeiIpbxgLlY [2013.02.19 10:38:47 | 000,000,127 | ---- | C] () -- C:\Windows\SysNative\MRT.INI [2013.02.09 14:48:40 | 000,001,550 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_1_0.ini [2013.02.09 14:48:40 | 000,000,095 | ---- | C] () -- C:\Users\Public\Documents\AcPro7_1_0.sta [2013.01.31 20:34:03 | 000,051,840 | ---- | C] () -- C:\Users\Max Mustermann\Documents\v_ktt.de.rtf [2013.01.31 12:04:09 | 000,000,000 | ---- | C] () -- C:\END [2013.01.28 14:40:16 | 000,000,988 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Sketch Drawer.lnk [2013.01.27 11:39:56 | 000,001,112 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteTray.lnk [2013.01.27 11:33:36 | 000,001,127 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EvernoteClipper.lnk [2013.01.27 11:29:05 | 000,000,932 | ---- | C] () -- C:\Users\Max Mustermann\Desktop\Evernote.lnk [2013.01.23 12:50:50 | 000,020,480 | ---- | C] () -- C:\Users\Max Mustermann\Documents\delphian.zdp [2012.12.17 15:58:40 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\wklnhst.dat [2012.09.14 03:59:15 | 000,000,034 | ---- | C] () -- C:\Windows\cdplayer.ini [2012.03.24 20:41:17 | 000,000,288 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Roaming\.backup.dm [2011.11.08 00:32:29 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{5F1DD325-5A67-4DC4-9821-390D7457A532} [2011.11.03 22:29:36 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{7AE6E0C5-0F43-498B-A3AF-E53C3D747E7E} [2011.10.24 22:18:12 | 007,678,740 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\census.cache [2011.10.24 22:15:44 | 000,133,215 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\ars.cache [2011.10.24 11:54:36 | 000,000,036 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\housecall.guid.cache [2011.09.13 15:55:35 | 000,000,396 | ---- | C] () -- C:\Windows\hbcikrnl.ini [2011.09.13 15:55:29 | 000,167,936 | ---- | C] () -- C:\Windows\SysWow64\SerialXP.dll [2011.09.13 15:55:29 | 000,027,648 | ---- | C] () -- C:\Windows\SysWow64\win32com.dll [2011.09.11 16:00:25 | 000,016,384 | ---- | C] () -- C:\Windows\SysWow64\FileOps.exe [2011.06.29 17:51:47 | 000,000,000 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\{B54C9B80-D662-4574-9297-7AB127B58B72} [2011.05.22 13:15:11 | 000,001,974 | ---- | C] () -- C:\Users\Max Mustermann\Default.rdp [2011.04.20 10:11:59 | 000,145,920 | ---- | C] () -- C:\Windows\see32.dll [2011.03.22 16:51:20 | 000,005,120 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2010.07.31 15:16:55 | 000,000,600 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\PUTTY.RND [2010.07.05 00:50:03 | 000,007,674 | ---- | C] () -- C:\Users\Max Mustermann\AppData\Local\Resmon.ResmonCfg ========== ZeroAccess Check ========== [2009.07.13 23:55:00 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 "ThreadingModel" = Both "" = C:\$Recycle.Bin\S-1-5-21-2476053136-1873075345-53563557-1003\$f1b2ebf8afe27e5adc9826a56ba2d4e6\n. -- File not found [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2012.06.09 00:43:10 | 014,172,672 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.08 23:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 07:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2009.07.13 20:41:56 | 000,505,856 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] ========== LOP Check ========== [2010.04.20 08:24:26 | 000,000,000 | -HSD | M] -- C:\Users\Max Mustermann\AppData\Roaming\.# [2011.04.27 12:22:37 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Amazon [2012.11.23 19:33:22 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Audacity [2010.05.22 15:40:45 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Auslogics [2012.07.26 16:00:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\BirdieSync [2013.02.20 20:33:20 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Bitcoin [2012.04.10 19:21:07 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft Capsa 7 - Professional Edition [2012.04.12 17:25:16 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft MAC Scanner [2012.04.13 16:02:26 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Colasoft Packet Builder [2011.09.13 15:47:16 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\D-TRUST Card Assistant [2012.01.01 09:15:09 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\EAC [2011.11.08 15:30:42 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GHISLER [2013.02.08 18:22:47 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\gnupg [2012.06.10 17:24:27 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GoodSync [2011.01.30 17:30:52 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\GrabPro [2012.11.07 21:05:46 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\iScreensaver [2011.02.02 20:12:34 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\MiniDm [2010.06.23 08:16:09 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\OpenOffice.org [2011.01.06 19:25:54 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\PC-FAX TX [2010.06.22 06:40:02 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Philips Speech [2010.04.20 00:16:08 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Protector Suite [2011.01.09 08:47:46 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\ScanSoft [2012.01.09 22:40:59 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TeamViewer [2010.10.28 09:56:34 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Thunderbird [2010.08.03 15:37:08 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TightVNC [2011.05.02 20:45:14 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Titanium [2011.03.18 20:56:28 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\TomTom [2011.01.09 08:47:49 | 000,000,000 | ---D | M] -- C:\Users\Max Mustermann\AppData\Roaming\Zeon ========== Purity Check ========== ========== Alternate Data Streams ========== @Alternate Data Stream - 1084 bytes -> C:\Users\Max Mustermann\Documents\po1.prg:medfileparm @Alternate Data Stream - 1084 bytes -> C:\Users\Max Mustermann\Desktop\UniForum:medfileparm < End of report > Geändert von PETERMUELLER (21.02.2013 um 10:01 Uhr) |
|
21.02.2013, 13:37
| #2 |
| /// TB-Ausbilder  | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Also bevor es überhaupt losgeht. Ich sehe auf der Maschine erstmal nur Spuren eines Trojaners und einem ehemaligen Rootkit.
__________________ Lesestoff: Rootkit-Warnung Dein Computer wurde mit einem besonderen Schädling infiziert, der sich vor herkömmlichen Virenscannern und dem Betriebssystem selbst verstecken kann. Zusätzlich hat so ein Schädling meist auch Backdoor-Funktionalität, reißt also ganz bewußt Löcher durch alle Schutzmaßnahmen, damit er weiteren Schadcode nachladen oder die Daten, die er so sammelt, an die "bösen Jungs" weiterleiten kann. Was heißt das jetzt für dich?
Teile mir also mit, wie du dich entschieden hast. Wie würdest du gerne vorgehen?
__________________ |
|
21.02.2013, 15:31
| #3 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Vielen Dank. Ja, ich bin mir der Gefahr bewusst. Online Banking mache ich nicht von hier.
__________________Ansonsten habe ich derzeit keine andere Wahl ... ich bin 5000 Flugmeilen von zu Hause weg und wirklich in Schwierigkeiten. Ich möchte also mit der Säuberung weitermachen. Diesmal auch mit "****" statt "Max Mustermann" GMER Logfile: Code:
ATTFilter GMER 2.1.18952 - hxxp://www.gmer.net
Rootkit scan 2013-02-21 11:02:02
Windows 6.1.7601 Service Pack 1 x64 \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 Intel___ rev.1.0. 238,50GB
Running: GMER_2.1.18952.exe; Driver: C:\Users\STEPHA~1\AppData\Local\Temp\pxldypow.sys
---- User code sections - GMER 2.1 ----
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 69 0000000076561465 2 bytes [56, 76]
.text c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe[2536] C:\Windows\syswow64\psapi.dll!GetModuleInformation + 155 00000000765614bb 2 bytes [56, 76]
.text ... * 2
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076561465 2 bytes [56, 76]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe[2668] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765614bb 2 bytes [56, 76]
.text ... * 2
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076561465 2 bytes [56, 76]
.text C:\Program Files (x86)\SONY\VAIO Event Service\VESMgrSub.exe[2836] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765614bb 2 bytes [56, 76]
.text ... * 2
.text C:\Windows\Explorer.EXE[4664] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersA 000000007682c2b0 5 bytes JMP 000000016fff00d8
.text C:\Windows\Explorer.EXE[4664] C:\Windows\system32\WININET.dll!HttpAddRequestHeadersW 0000000076838074 5 bytes JMP 000000016fff0110
.text C:\Windows\Explorer.EXE[4664] C:\Windows\system32\WINMM.dll!waveOutWrite 000007fefa4a3d40 5 bytes JMP 000007fffa4900d8
? C:\Windows\system32\mssprxy.dll [2136] entry point in ".rdata" section 00000000658371e6
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_A 0000000076daf548 7 bytes JMP 0000000102ef04c8
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\SYSTEM32\ntdll.dll!NtdllDefWindowProc_W 0000000076dbb0ac 7 bytes JMP 0000000102ef0500
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\kernel32.dll!CreateThread 0000000076a76580 9 bytes JMP 0000000102ef0420
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\ole32.dll!OleLoadFromStream 000007fefd7e75f0 7 bytes [68, 38, 05, EF, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\OLEAUT32.dll!VariantClear 000007fefed41180 10 bytes [68, 18, 06, EF, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\OLEAUT32.dll!SysFreeString 000007fefed41320 7 bytes [68, A8, 05, EF, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\OLEAUT32.dll!SysAllocStringByteLen 000007fefed44450 6 bytes [68, 70, 05, EF, 02, C3]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\OLEAUT32.dll!VariantChangeType 000007fefed46720 10 bytes [68, E0, 05, EF, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\OLEAUT32.dll!OleCreatePropertyFrameIndirect 000007fefeda4ed0 9 bytes [68, 78, 03, EF, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheetW 000007fefc445c54 7 bytes [68, 08, 03, EF, 02, C3, CC]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\WinSxS\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_fa396087175ac9ac\comctl32.dll!PropertySheet 000007fefc445c64 9 bytes [68, 40, 03, EF, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\comdlg32.dll!PageSetupDlgW 000007fefdcc17a0 9 bytes [68, B0, 03, EF, 02, C3, CC, ...]
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!closesocket 000007fefebc18e0 5 bytes JMP 000007fffeaf0148
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!getaddrinfo 000007fefebc2720 5 bytes JMP 000007fffeaf01f0
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!connect 000007fefebc45c0 5 bytes JMP 000007fffeaf0110
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!send 000007fefebc8000 5 bytes JMP 000007fffeaf0180
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!gethostbyname 000007fefebc8df0 9 bytes JMP 000007fffeaf01b8
.text C:\Program Files\Internet Explorer\iexplore.exe[9936] C:\Windows\system32\WS2_32.dll!recv 000007fefebcdf40 5 bytes JMP 000007fffeaf00d8
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076561465 2 bytes [56, 76]
.text C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbarUser_32.exe[4960] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765614bb 2 bytes [56, 76]
.text ... * 2
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\kernel32.dll!SetUnhandledExceptionFilter 00000000761887b1 5 bytes JMP 0000000158f9856d
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\ole32.dll!OleLoadFromStream 0000000076376143 5 bytes JMP 00000001594cfa9a
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\OLEAUT32.dll!SysFreeString 0000000075403e59 5 bytes JMP 0000000158fc97d1
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\OLEAUT32.dll!VariantClear 0000000075403eae 5 bytes JMP 0000000158fd7641
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\OLEAUT32.dll!SysAllocStringByteLen 0000000075404731 5 bytes JMP 0000000158fd65d9
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\OLEAUT32.dll!VariantChangeType 0000000075405dee 5 bytes JMP 0000000158ffda4f
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 69 0000000076561465 2 bytes [56, 76]
.text C:\Program Files (x86)\Microsoft Office\Office14\WINWORD.EXE[10884] C:\Windows\syswow64\PSAPI.DLL!GetModuleInformation + 155 00000000765614bb 2 bytes [56, 76]
.text ... * 2
---- Trace I/O - GMER 2.1 ----
Trace ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0xfffffa80063435a4]<< iaStor.sys hal.dll fffffa80063435a4
Trace 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xfffffa800632f060] fffffa800632f060
Trace 3 CLASSPNP.SYS[fffff88001af243f] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0xfffffa8006083050] fffffa8006083050
Trace \Driver\iaStor[0xfffffa8006040530] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0xfffffa80063435a4 fffffa80063435a4
---- Threads - GMER 2.1 ----
Thread System [4:244] fffffa8006345bb4
Thread C:\Windows\system32\svchost.exe [1208:3296] 0000000000132fc0
Thread C:\Windows\Explorer.EXE [4664:4684] 0000000002e03220
Thread C:\Windows\Explorer.EXE [4664:4688] 0000000001261430
Thread C:\Windows\Explorer.EXE [4664:4764] 0000000002deb704
Thread C:\Windows\Explorer.EXE [4664:4528] 0000000003e8180c
Thread C:\Windows\Explorer.EXE [4664:6888] 0000000004781670
Thread C:\Windows\Explorer.EXE [4664:4068] 0000000004781518
Thread C:\Windows\Explorer.EXE [4664:10688] 0000000002dea018
---- Processes - GMER 2.1 ----
Library c:\windows\system32\z (*** suspicious ***) @ C:\Windows\Explorer.EXE [4664] 0000066656340000
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076a1ff08
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313d16f4c
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\506313d16f4c@7ced8d0921f6 0x9B 0xC9 0x95 0x73 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076a1ff08 (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313d16f4c (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\506313d16f4c@7ced8d0921f6 0x9B 0xC9 0x95 0x73 ...
---- Files - GMER 2.1 ----
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\XUD56WWE.txt 1348 bytes
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\8GG9BORE.txt 88 bytes
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\8H32246Q.txt 177 bytes
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\IWN0Q55W.txt 2162 bytes
File C:\Users\****\AppData\Roaming\Microsoft\Windows\Cookies\J0MSMLG3.txt 0 bytes
---- EOF - GMER 2.1 ----
|
|
21.02.2013, 18:21
| #4 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner In Ordnung. Dann legen wir mal los. Scan mit Combofix
__________________  Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.02.2013, 19:54
| #5 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Hängt seit mehr als einer Stunde nach Fertigestellt Stufe_3. Gibt aber etwas Aktivität auf der SSD Laufen lassen ? Nochmal versuchen ? Safe Mode ? |
|
21.02.2013, 20:18
| #6 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Ja probiere mal abgesichert. Wenn das nicht hilft, dann in NoMBR.exe umbenennen.
__________________ --> Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner |
|
21.02.2013, 21:33
| #7 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Hab ich beides gemacht. Leider ist er immer bei Stufe_3 "stehengeblieben". Jetzt hab ich NoMBR im Safe mode laufen und warte mal ab. (sieht so aus, als ob er hängt, aber schwer zu sagen, da ich ja ma Rechner nichts machen soll.) Ich habe sehr sehr viele Thunderbird E-Mails auf dem Rechner und habe kürzlich sehr sehr viele Microsoft Mail E-Mails gelöscht. Nur falls die Anzahl der Files etwas damit zu tun hat. Geändert von PETERMUELLER (21.02.2013 um 21:39 Uhr) |
|
21.02.2013, 21:44
| #8 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner eigentlich hat das nicht direkt was damit zu tun lass nochmal ein wenig laufen (20 minuten) Wenn es dann nicht läuft, lassen wir es sein. Alternative: Scan mit MBAR Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
21.02.2013, 22:55
| #9 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Nach 30 Min abgebrochen. Dann mbar gestartet. Zweimal laufen lassen. Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free Anti-Malware download Database version: v2013.02.21.10 Windows 7 Service Pack 1 x64 NTFS (Safe Mode/Networking) Internet Explorer 9.0.8112.16421 Stephan Koenig :: SK [administrator] 21.02.2013 16:13:22 mbar-log-2013-02-21 (16-13-22).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 64483 Time elapsed: 15 minute(s), 48 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 18 HKLM\SOFTWARE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{F85FA3F2-D2C8-4D4D-BB1C-3181E691AF2B} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{D6975F9E-15B2-4FE7-9D16-FC2E85CB201B} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{A3F56272-CDB4-4310-9BB1-9A0D0757A3B3} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\CLASSES\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHO (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\CLASSES\SelectionLinks.SelectionLinksBHO.1 (PUP.FaceThemes) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\PREAPPROVED\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{300BEC06-B743-4D19-86B9-11DC711D7FFB} (PUP.FaceThemes) -> Delete on reboot. HKCU\SOFTWARE\CLASSES\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9} (Hijack.Trojan.Siredef.C) -> Delete on reboot. Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 3 HKCU\SOFTWARE\MICROSOFT\SECURITY CENTER|AntiVirusDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\SECURITY CENTER|FirewallDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. HKCU\SOFTWARE\MICROSOFT\SECURITY CENTER|UpdatesDisableNotify (PUM.Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Delete on reboot. Folders Detected: 0 (No malicious items detected) Files Detected: 10 C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Bootstrap_0_3_500131840_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\MBR_0_infected.mbam (Rootkit.Alureon.F.VBR) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500142816_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500150496_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500151008_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500152319_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500152800_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500160480_user.mbam (Forged physical sector) -> Delete on reboot. C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\Sector_0_500162559_user.mbam (Forged physical sector) -> Delete on reboot. c:\Program Files (x86)\OApps\SelectionLinks.dll (PUP.FaceThemes) -> Delete on reboot. (end) Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1020 Malwarebytes : Free Anti-Malware download Database version: v2013.02.21.10 Windows 7 Service Pack 1 x64 NTFS Internet Explorer 9.0.8112.16421 Stephan Koenig :: SK [administrator] 21.02.2013 16:51:57 mbar-log-2013-02-21 (16-51-57).txt Scan type: Quick scan Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P Scan options disabled: Objects scanned: 64722 Time elapsed: 29 minute(s), 9 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) Geändert von PETERMUELLER (21.02.2013 um 23:00 Uhr) |
|
22.02.2013, 11:57
| #10 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Oh da war etwas sehr unangenehmes dabei. Wir müssen da kontrollieren ob es auch wirklich weg ist. Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.02.2013, 12:14
| #11 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Nichts gefunden Code:
ATTFilter 06:10:09.0635 7604 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
06:10:09.0915 7604 ============================================================
06:10:09.0915 7604 Current date / time: 2013/02/22 06:10:09.0915
06:10:09.0915 7604 SystemInfo:
06:10:09.0915 7604
06:10:09.0915 7604 OS Version: 6.1.7601 ServicePack: 1.0
06:10:09.0915 7604 Product type: Workstation
06:10:09.0915 7604 ComputerName: **
06:10:09.0915 7604 UserName: ****
06:10:09.0915 7604 Windows directory: C:\Windows
06:10:09.0915 7604 System windows directory: C:\Windows
06:10:09.0915 7604 Running under WOW64
06:10:09.0915 7604 Processor architecture: Intel x64
06:10:09.0915 7604 Number of processors: 4
06:10:09.0915 7604 Page size: 0x1000
06:10:09.0915 7604 Boot type: Normal boot
06:10:09.0915 7604 ============================================================
06:10:10.0365 7604 Drive \Device\Harddisk0\DR0 - Size: 0x3B9FC00000 (238.50 Gb), SectorSize: 0x200, Cylinders: 0x799D, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
06:10:10.0375 7604 ============================================================
06:10:10.0375 7604 \Device\Harddisk0\DR0:
06:10:10.0375 7604 MBR partitions:
06:10:10.0375 7604 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1306800, BlocksNum 0x32000
06:10:10.0375 7604 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1338800, BlocksNum 0x1C9BE000
06:10:10.0375 7604 ============================================================
06:10:10.0385 7604 C: <-> \Device\Harddisk0\DR0\Partition2
06:10:10.0385 7604 ============================================================
06:10:10.0385 7604 Initialize success
06:10:10.0385 7604 ============================================================
06:10:31.0488 7584 ============================================================
06:10:31.0488 7584 Scan started
06:10:31.0488 7584 Mode: Manual; TDLFS;
06:10:31.0488 7584 ============================================================
06:10:31.0798 7584 ================ Scan system memory ========================
06:10:31.0798 7584 System memory - ok
06:10:31.0808 7584 ================ Scan services =============================
06:10:31.0858 7584 [ A87D604AEA360176311474C87A63BB88 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
06:10:31.0868 7584 1394ohci - ok
06:10:31.0878 7584 [ 35F57598F0589FEB3C3ABC1621BF329F ] ACDaemon C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
06:10:31.0878 7584 ACDaemon - ok
06:10:31.0888 7584 [ D81D9E70B8A6DD14D42D7B4EFA65D5F2 ] ACPI C:\Windows\system32\drivers\ACPI.sys
06:10:31.0898 7584 ACPI - ok
06:10:31.0908 7584 [ 99F8E788246D495CE3794D7E7821D2CA ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
06:10:31.0908 7584 AcpiPmi - ok
06:10:31.0918 7584 [ 8B46D5A1D3EF08232C04D0EAFB871FB2 ] Adobe LM Service C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
06:10:31.0918 7584 Adobe LM Service - ok
06:10:31.0928 7584 [ 6D9FC1E7EA3C548F4D3455F0C3FEEF8C ] AdobeActiveFileMonitor7.0 c:\Program Files (x86)\Adobe\Photoshop Elements 7.0\PhotoshopElementsFileAgent.exe
06:10:31.0938 7584 AdobeActiveFileMonitor7.0 - ok
06:10:31.0978 7584 [ EC807244904FA170C299AB06D87FBDBE ] AdobeFlashPlayerUpdateSvc C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
06:10:31.0978 7584 AdobeFlashPlayerUpdateSvc - ok
06:10:31.0998 7584 [ 2F6B34B83843F0C5118B63AC634F5BF4 ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
06:10:32.0008 7584 adp94xx - ok
06:10:32.0018 7584 [ 597F78224EE9224EA1A13D6350CED962 ] adpahci C:\Windows\system32\drivers\adpahci.sys
06:10:32.0028 7584 adpahci - ok
06:10:32.0038 7584 [ E109549C90F62FB570B9540C4B148E54 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
06:10:32.0038 7584 adpu320 - ok
06:10:32.0048 7584 [ 4B78B431F225FD8624C5655CB1DE7B61 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
06:10:32.0058 7584 AeLookupSvc - ok
06:10:32.0068 7584 [ 1C7857B62DE5994A75B054A9FD4C3825 ] AFD C:\Windows\system32\drivers\afd.sys
06:10:32.0078 7584 AFD - ok
06:10:32.0088 7584 [ 608C14DBA7299D8CB6ED035A68A15799 ] agp440 C:\Windows\system32\drivers\agp440.sys
06:10:32.0088 7584 agp440 - ok
06:10:32.0098 7584 [ 3290D6946B5E30E70414990574883DDB ] ALG C:\Windows\System32\alg.exe
06:10:32.0098 7584 ALG - ok
06:10:32.0108 7584 [ 5812713A477A3AD7363C7438CA2EE038 ] aliide C:\Windows\system32\drivers\aliide.sys
06:10:32.0108 7584 aliide - ok
06:10:32.0118 7584 [ 1FF8B4431C353CE385C875F194924C0C ] amdide C:\Windows\system32\drivers\amdide.sys
06:10:32.0118 7584 amdide - ok
06:10:32.0128 7584 [ 7024F087CFF1833A806193EF9D22CDA9 ] AmdK8 C:\Windows\system32\drivers\amdk8.sys
06:10:32.0128 7584 AmdK8 - ok
06:10:32.0138 7584 [ 1E56388B3FE0D031C44144EB8C4D6217 ] AmdPPM C:\Windows\system32\drivers\amdppm.sys
06:10:32.0138 7584 AmdPPM - ok
06:10:32.0138 7584 [ D4121AE6D0C0E7E13AA221AA57EF2D49 ] amdsata C:\Windows\system32\drivers\amdsata.sys
06:10:32.0148 7584 amdsata - ok
06:10:32.0158 7584 [ F67F933E79241ED32FF46A4F29B5120B ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
06:10:32.0158 7584 amdsbs - ok
06:10:32.0168 7584 [ 540DAF1CEA6094886D72126FD7C33048 ] amdxata C:\Windows\system32\drivers\amdxata.sys
06:10:32.0168 7584 amdxata - ok
06:10:32.0178 7584 [ 89A69C3F2F319B43379399547526D952 ] AppID C:\Windows\system32\drivers\appid.sys
06:10:32.0178 7584 AppID - ok
06:10:32.0188 7584 [ 0BC381A15355A3982216F7172F545DE1 ] AppIDSvc C:\Windows\System32\appidsvc.dll
06:10:32.0188 7584 AppIDSvc - ok
06:10:32.0198 7584 [ 3977D4A871CA0D4F2ED1E7DB46829731 ] Appinfo C:\Windows\System32\appinfo.dll
06:10:32.0198 7584 Appinfo - ok
06:10:32.0208 7584 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
06:10:32.0208 7584 Apple Mobile Device - ok
06:10:32.0218 7584 [ 4ABA3E75A76195A3E38ED2766C962899 ] AppMgmt C:\Windows\System32\appmgmts.dll
06:10:32.0218 7584 AppMgmt - ok
06:10:32.0228 7584 [ C484F8CEB1717C540242531DB7845C4E ] arc C:\Windows\system32\drivers\arc.sys
06:10:32.0238 7584 arc - ok
06:10:32.0238 7584 [ 019AF6924AEFE7839F61C830227FE79C ] arcsas C:\Windows\system32\drivers\arcsas.sys
06:10:32.0248 7584 arcsas - ok
06:10:32.0248 7584 [ 769765CE2CC62867468CEA93969B2242 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
06:10:32.0248 7584 AsyncMac - ok
06:10:32.0258 7584 [ 02062C0B390B7729EDC9E69C680A6F3C ] atapi C:\Windows\system32\drivers\atapi.sys
06:10:32.0258 7584 atapi - ok
06:10:32.0278 7584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
06:10:32.0288 7584 AudioEndpointBuilder - ok
06:10:32.0298 7584 [ F23FEF6D569FCE88671949894A8BECF1 ] AudioSrv C:\Windows\System32\Audiosrv.dll
06:10:32.0298 7584 AudioSrv - ok
06:10:32.0308 7584 [ B7A8FE974F4C5785F21B8EDFCCD1BB86 ] awecho C:\Windows\syswow64\drivers\awechomd.sys
06:10:32.0308 7584 awecho - ok
06:10:32.0318 7584 [ E1CDED3A9CCD6EF4B1EC9FB1C4EB6275 ] awhost32 C:\Program Files (x86)\Symantec\pcAnywhere\awhost32.exe
06:10:32.0328 7584 awhost32 - ok
06:10:32.0328 7584 [ 9808626EC988C6B7C773589B3B5993A0 ] AW_HOST C:\Windows\syswow64\drivers\aw_host5.sys
06:10:32.0338 7584 AW_HOST - ok
06:10:32.0338 7584 [ A6BF31A71B409DFA8CAC83159E1E2AFF ] AxInstSV C:\Windows\System32\AxInstSV.dll
06:10:32.0348 7584 AxInstSV - ok
06:10:32.0368 7584 [ 3E5B191307609F7514148C6832BB0842 ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
06:10:32.0368 7584 b06bdrv - ok
06:10:32.0388 7584 [ B5ACE6968304A3900EEB1EBFD9622DF2 ] b57nd60a C:\Windows\system32\DRIVERS\b57nd60a.sys
06:10:32.0388 7584 b57nd60a - ok
06:10:32.0398 7584 [ 6163664C7E9CD110AF70180C126C3FDC ] BcmSqlStartupSvc C:\Program Files (x86)\Microsoft Small Business\Business Contact Manager\BcmSqlStartupSvc.exe
06:10:32.0408 7584 BcmSqlStartupSvc - ok
06:10:32.0418 7584 [ FDE360167101B4E45A96F939F388AEB0 ] BDESVC C:\Windows\System32\bdesvc.dll
06:10:32.0418 7584 BDESVC - ok
06:10:32.0418 7584 [ 16A47CE2DECC9B099349A5F840654746 ] Beep C:\Windows\system32\drivers\Beep.sys
06:10:32.0418 7584 Beep - ok
06:10:32.0448 7584 [ 82974D6A2FD19445CC5171FC378668A4 ] BFE C:\Windows\System32\bfe.dll
06:10:32.0458 7584 BFE - ok
06:10:32.0498 7584 [ 1EA7969E3271CBC59E1730697DC74682 ] BITS C:\Windows\System32\qmgr.dll
06:10:32.0508 7584 BITS - ok
06:10:32.0518 7584 [ 61583EE3C3A17003C4ACD0475646B4D3 ] blbdrive C:\Windows\system32\drivers\blbdrive.sys
06:10:32.0518 7584 blbdrive - ok
06:10:32.0538 7584 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
06:10:32.0548 7584 Bonjour Service - ok
06:10:32.0548 7584 [ 6C02A83164F5CC0A262F4199F0871CF5 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
06:10:32.0558 7584 bowser - ok
06:10:32.0568 7584 [ F09EEE9EDC320B5E1501F749FDE686C8 ] BrFiltLo C:\Windows\system32\drivers\BrFiltLo.sys
06:10:32.0568 7584 BrFiltLo - ok
06:10:32.0568 7584 [ B114D3098E9BDB8BEA8B053685831BE6 ] BrFiltUp C:\Windows\system32\drivers\BrFiltUp.sys
06:10:32.0568 7584 BrFiltUp - ok
06:10:32.0578 7584 [ 5C2F352A4E961D72518261257AAE204B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys
06:10:32.0588 7584 BridgeMP - ok
06:10:32.0588 7584 [ 05F5A0D14A2EE1D8255C2AA0E9E8E694 ] Browser C:\Windows\System32\browser.dll
06:10:32.0598 7584 Browser - ok
06:10:32.0608 7584 [ 43BEA8D483BF1870F018E2D02E06A5BD ] Brserid C:\Windows\System32\Drivers\Brserid.sys
06:10:32.0618 7584 Brserid - ok
06:10:32.0618 7584 [ A6ECA2151B08A09CACECA35C07F05B42 ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
06:10:32.0618 7584 BrSerWdm - ok
06:10:32.0628 7584 [ B79968002C277E869CF38BD22CD61524 ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
06:10:32.0628 7584 BrUsbMdm - ok
06:10:32.0638 7584 [ A87528880231C54E75EA7A44943B38BF ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
06:10:32.0638 7584 BrUsbSer - ok
06:10:32.0648 7584 [ CF98190A94F62E405C8CB255018B2315 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
06:10:32.0648 7584 BthEnum - ok
06:10:32.0658 7584 [ 9DA669F11D1F894AB4EB69BF546A42E8 ] BTHMODEM C:\Windows\system32\drivers\bthmodem.sys
06:10:32.0658 7584 BTHMODEM - ok
06:10:32.0668 7584 [ 02DD601B708DD0667E1331FA8518E9FF ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
06:10:32.0668 7584 BthPan - ok
06:10:32.0688 7584 [ 738D0E9272F59EB7A1449C3EC118E6C4 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
06:10:32.0698 7584 BTHPORT - ok
06:10:32.0698 7584 [ 95F9C2976059462CBBF227F7AAB10DE9 ] bthserv C:\Windows\system32\bthserv.dll
06:10:32.0708 7584 bthserv - ok
06:10:32.0718 7584 [ F188B7394D81010767B6DF3178519A37 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
06:10:32.0718 7584 BTHUSB - ok
06:10:32.0718 7584 [ 6E04458E98DAF28826482E41A7A62DF5 ] btusbflt C:\Windows\system32\drivers\btusbflt.sys
06:10:32.0728 7584 btusbflt - ok
06:10:32.0738 7584 [ 4BDBDB86ABBA924E029FB2683BE7C505 ] btwaudio C:\Windows\system32\drivers\btwaudio.sys
06:10:32.0738 7584 btwaudio - ok
06:10:32.0748 7584 [ 5C849BD7C78791C5CEE9F4651D7FE38D ] btwavdt C:\Windows\system32\drivers\btwavdt.sys
06:10:32.0748 7584 btwavdt - ok
06:10:32.0778 7584 [ 31DA517946FFE416442E864592548F8A ] btwdins C:\Program Files\WIDCOMM\Bluetooth Software\btwdins.exe
06:10:32.0788 7584 btwdins - ok
06:10:32.0798 7584 [ 6149301DC3F81D6F9667A3FBAC410975 ] btwl2cap C:\Windows\system32\DRIVERS\btwl2cap.sys
06:10:32.0798 7584 btwl2cap - ok
06:10:32.0798 7584 [ 3E1991AFA851A36DC978B0A1B0535C8B ] btwrchid C:\Windows\system32\DRIVERS\btwrchid.sys
06:10:32.0798 7584 btwrchid - ok
06:10:32.0808 7584 [ B8BD2BB284668C84865658C77574381A ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
06:10:32.0808 7584 cdfs - ok
06:10:32.0818 7584 [ F036CE71586E93D94DAB220D7BDF4416 ] cdrom C:\Windows\system32\drivers\cdrom.sys
06:10:32.0818 7584 cdrom - ok
06:10:32.0838 7584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] CertPropSvc C:\Windows\System32\certprop.dll
06:10:32.0838 7584 CertPropSvc - ok
06:10:32.0848 7584 [ D7CD5C4E1B71FA62050515314CFB52CF ] circlass C:\Windows\system32\drivers\circlass.sys
06:10:32.0848 7584 circlass - ok
06:10:32.0858 7584 [ 8FEE4423D682394EB436C975D0A3A994 ] cjpcsc C:\Windows\SysWOW64\cjpcsc.exe
06:10:32.0868 7584 cjpcsc - ok
06:10:32.0878 7584 [ 06E1F5228399FC49A8D026DA38DB6784 ] cjusb C:\Windows\system32\DRIVERS\cjusb.sys
06:10:32.0878 7584 cjusb - ok
06:10:32.0898 7584 [ FE1EC06F2253F691FE36217C592A0206 ] CLFS C:\Windows\system32\CLFS.sys
06:10:32.0898 7584 CLFS - ok
06:10:32.0918 7584 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
06:10:32.0918 7584 clr_optimization_v2.0.50727_32 - ok
06:10:32.0928 7584 [ D1CEEA2B47CB998321C579651CE3E4F8 ] clr_optimization_v2.0.50727_64 C:\Windows\Microsoft.NET\Framework64\v2.0.50727\mscorsvw.exe
06:10:32.0928 7584 clr_optimization_v2.0.50727_64 - ok
06:10:32.0938 7584 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
06:10:32.0948 7584 clr_optimization_v4.0.30319_32 - ok
06:10:32.0958 7584 [ C6F9AF94DCD58122A4D7E89DB6BED29D ] clr_optimization_v4.0.30319_64 C:\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe
06:10:32.0958 7584 clr_optimization_v4.0.30319_64 - ok
06:10:32.0968 7584 [ 0840155D0BDDF1190F84A663C284BD33 ] CmBatt C:\Windows\system32\drivers\CmBatt.sys
06:10:32.0968 7584 CmBatt - ok
06:10:32.0978 7584 [ E19D3F095812725D88F9001985B94EDD ] cmdide C:\Windows\system32\drivers\cmdide.sys
06:10:32.0978 7584 cmdide - ok
06:10:32.0998 7584 [ AAFCB52FE0037207FB6FBEA070D25EFE ] CNG C:\Windows\system32\Drivers\cng.sys
06:10:32.0998 7584 CNG - ok
06:10:33.0008 7584 [ 102DE219C3F61415F964C88E9085AD14 ] Compbatt C:\Windows\system32\drivers\compbatt.sys
06:10:33.0008 7584 Compbatt - ok
06:10:33.0018 7584 [ 03EDB043586CCEBA243D689BDDA370A8 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
06:10:33.0018 7584 CompositeBus - ok
06:10:33.0018 7584 COMSysApp - ok
06:10:33.0028 7584 [ 1C827878A998C18847245FE1F34EE597 ] crcdisk C:\Windows\system32\drivers\crcdisk.sys
06:10:33.0038 7584 crcdisk - ok
06:10:33.0038 7584 [ 2C53AB51F07EF7B58D32C36D8F2F8C16 ] CronService C:\Program Files (x86)\Prey\platform\windows\cronsvc.exe
06:10:33.0038 7584 CronService - ok
06:10:33.0058 7584 [ 9C01375BE382E834CC26D1B7EAF2C4FE ] CryptSvc C:\Windows\system32\cryptsvc.dll
06:10:33.0058 7584 CryptSvc - ok
06:10:33.0078 7584 [ 54DA3DFD29ED9F1619B6F53F3CE55E49 ] CSC C:\Windows\system32\drivers\csc.sys
06:10:33.0088 7584 CSC - ok
06:10:33.0118 7584 [ 3AB183AB4D2C79DCF459CD2C1266B043 ] CscService C:\Windows\System32\cscsvc.dll
06:10:33.0128 7584 CscService - ok
06:10:33.0128 7584 CSN5PDTS82 - ok
06:10:33.0138 7584 [ E7956DB62954ECA3FFD2AC88F6B83BB4 ] CSN5PDTS82x64 C:\Windows\system32\Drivers\CSN5PDTS82x64.sys
06:10:33.0138 7584 CSN5PDTS82x64 - ok
06:10:33.0158 7584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] DcomLaunch C:\Windows\system32\rpcss.dll
06:10:33.0168 7584 DcomLaunch - ok
06:10:33.0188 7584 [ 3CEC7631A84943677AA8FA8EE5B6B43D ] defragsvc C:\Windows\System32\defragsvc.dll
06:10:33.0188 7584 defragsvc - ok
06:10:33.0198 7584 [ 9BB2EF44EAA163B29C4A4587887A0FE4 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
06:10:33.0198 7584 DfsC - ok
06:10:33.0208 7584 DFUBTUSB - ok
06:10:33.0218 7584 [ 43D808F5D9E1A18E5EEB5EBC83969E4E ] Dhcp C:\Windows\system32\dhcpcore.dll
06:10:33.0228 7584 Dhcp - ok
06:10:33.0238 7584 [ 4F26BB00747D41E7C0FE8EBB2900F862 ] DirMngr C:\Program Files (x86)\GNU\GnuPG\dirmngr.exe
06:10:33.0248 7584 DirMngr - ok
06:10:33.0248 7584 [ 13096B05847EC78F0977F2C0F79E9AB3 ] discache C:\Windows\system32\drivers\discache.sys
06:10:33.0258 7584 discache - ok
06:10:33.0258 7584 [ 9819EEE8B5EA3784EC4AF3B137A5244C ] Disk C:\Windows\system32\drivers\disk.sys
06:10:33.0258 7584 Disk - ok
06:10:33.0268 7584 [ 16835866AAA693C7D7FCEBA8FFF706E4 ] Dnscache C:\Windows\System32\dnsrslvr.dll
06:10:33.0278 7584 Dnscache - ok
06:10:33.0288 7584 [ B1FB3DDCA0FDF408750D5843591AFBC6 ] dot3svc C:\Windows\System32\dot3svc.dll
06:10:33.0288 7584 dot3svc - ok
06:10:33.0298 7584 [ B26F4F737E8F9DF4F31AF6CF31D05820 ] DPS C:\Windows\system32\dps.dll
06:10:33.0308 7584 DPS - ok
06:10:33.0308 7584 [ 9B19F34400D24DF84C858A421C205754 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
06:10:33.0308 7584 drmkaud - ok
06:10:33.0338 7584 [ F5BEE30450E18E6B83A5012C100616FD ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
06:10:33.0358 7584 DXGKrnl - ok
06:10:33.0368 7584 [ 711405DA1FBC40B820DB5A2B4DD939F0 ] e1kexpress C:\Windows\system32\DRIVERS\e1k62x64.sys
06:10:33.0368 7584 e1kexpress - ok
06:10:33.0378 7584 [ E2DDA8726DA9CB5B2C4000C9018A9633 ] EapHost C:\Windows\System32\eapsvc.dll
06:10:33.0388 7584 EapHost - ok
06:10:33.0478 7584 [ DC5D737F51BE844D8C82C695EB17372F ] ebdrv C:\Windows\system32\drivers\evbda.sys
06:10:33.0518 7584 ebdrv - ok
06:10:33.0518 7584 [ C118A82CD78818C29AB228366EBF81C3 ] EFS C:\Windows\System32\lsass.exe
06:10:33.0528 7584 EFS - ok
06:10:33.0558 7584 [ C4002B6B41975F057D98C439030CEA07 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
06:10:33.0568 7584 ehRecvr - ok
06:10:33.0568 7584 [ 4705E8EF9934482C5BB488CE28AFC681 ] ehSched C:\Windows\ehome\ehsched.exe
06:10:33.0578 7584 ehSched - ok
06:10:33.0598 7584 [ 0E5DA5369A0FCAEA12456DD852545184 ] elxstor C:\Windows\system32\drivers\elxstor.sys
06:10:33.0598 7584 elxstor - ok
06:10:33.0608 7584 [ 34A3C54752046E79A126E15C51DB409B ] ErrDev C:\Windows\system32\drivers\errdev.sys
06:10:33.0608 7584 ErrDev - ok
06:10:33.0628 7584 [ 4166F82BE4D24938977DD1746BE9B8A0 ] EventSystem C:\Windows\system32\es.dll
06:10:33.0638 7584 EventSystem - ok
06:10:33.0708 7584 [ B56D9602DB5FE1C116B1CA5EFD8E2E50 ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe
06:10:33.0718 7584 EvtEng - ok
06:10:33.0728 7584 [ A510C654EC00C1E9BDD91EEB3A59823B ] exfat C:\Windows\system32\drivers\exfat.sys
06:10:33.0738 7584 exfat - ok
06:10:33.0748 7584 [ 0ADC83218B66A6DB380C330836F3E36D ] fastfat C:\Windows\system32\drivers\fastfat.sys
06:10:33.0748 7584 fastfat - ok
06:10:33.0778 7584 [ DBEFD454F8318A0EF691FDD2EAAB44EB ] Fax C:\Windows\system32\fxssvc.exe
06:10:33.0788 7584 Fax - ok
06:10:33.0798 7584 [ D765D19CD8EF61F650C384F62FAC00AB ] fdc C:\Windows\system32\drivers\fdc.sys
06:10:33.0798 7584 fdc - ok
06:10:33.0808 7584 [ 0438CAB2E03F4FB61455A7956026FE86 ] fdPHost C:\Windows\system32\fdPHost.dll
06:10:33.0808 7584 fdPHost - ok
06:10:33.0808 7584 [ 802496CB59A30349F9A6DD22D6947644 ] FDResPub C:\Windows\system32\fdrespub.dll
06:10:33.0818 7584 FDResPub - ok
06:10:33.0818 7584 [ 655661BE46B5F5F3FD454E2C3095B930 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
06:10:33.0828 7584 FileInfo - ok
06:10:33.0828 7584 [ 5F671AB5BC87EEA04EC38A6CD5962A47 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
06:10:33.0828 7584 Filetrace - ok
06:10:33.0858 7584 [ F76D04F7413B07DAA029F6520B64B4E8 ] FLEXnet Licensing Service C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
06:10:33.0868 7584 FLEXnet Licensing Service - ok
06:10:33.0878 7584 [ C172A0F53008EAEB8EA33FE10E177AF5 ] flpydisk C:\Windows\system32\drivers\flpydisk.sys
06:10:33.0878 7584 flpydisk - ok
06:10:33.0888 7584 [ DA6B67270FD9DB3697B20FCE94950741 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
06:10:33.0898 7584 FltMgr - ok
06:10:33.0918 7584 [ 5C4CB4086FB83115B153E47ADD961A0C ] FontCache C:\Windows\system32\FntCache.dll
06:10:33.0938 7584 FontCache - ok
06:10:33.0948 7584 [ A8B7F3818AB65695E3A0BB3279F6DCE6 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
06:10:33.0948 7584 FontCache3.0.0.0 - ok
06:10:33.0958 7584 [ D43703496149971890703B4B1B723EAC ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
06:10:33.0958 7584 FsDepends - ok
06:10:33.0968 7584 [ 6BD9295CC032DD3077C671FCCF579A7B ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
06:10:33.0968 7584 Fs_Rec - ok
06:10:33.0978 7584 [ 1F7B25B858FA27015169FE95E54108ED ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
06:10:33.0978 7584 fvevol - ok
06:10:33.0988 7584 [ 8C778D335C9D272CFD3298AB02ABE3B6 ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
06:10:33.0988 7584 gagp30kx - ok
06:10:33.0998 7584 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
06:10:33.0998 7584 GEARAspiWDM - ok
06:10:34.0028 7584 [ 277BBC7E1AA1EE957F573A10ECA7EF3A ] gpsvc C:\Windows\System32\gpsvc.dll
06:10:34.0038 7584 gpsvc - ok
06:10:34.0048 7584 [ 626A24ED1228580B9518C01930936DF9 ] gupdate C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:10:34.0048 7584 gupdate - ok
06:10:34.0058 7584 [ 626A24ED1228580B9518C01930936DF9 ] gupdatem C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
06:10:34.0058 7584 gupdatem - ok
06:10:34.0068 7584 [ 5D4BC124FAAE6730AC002CDB67BF1A1C ] gusvc C:\Program Files (x86)\Google\Common\Google Updater\GoogleUpdaterService.exe
06:10:34.0078 7584 gusvc - ok
06:10:34.0078 7584 [ F2523EF6460FC42405B12248338AB2F0 ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
06:10:34.0088 7584 hcw85cir - ok
06:10:34.0098 7584 [ 975761C778E33CD22498059B91E7373A ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
06:10:34.0108 7584 HdAudAddService - ok
06:10:34.0118 7584 [ 97BFED39B6B79EB12CDDBFEED51F56BB ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
06:10:34.0118 7584 HDAudBus - ok
06:10:34.0128 7584 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\system32\DRIVERS\HECIx64.sys
06:10:34.0128 7584 HECIx64 - ok
06:10:34.0138 7584 [ 78E86380454A7B10A5EB255DC44A355F ] HidBatt C:\Windows\system32\drivers\HidBatt.sys
06:10:34.0138 7584 HidBatt - ok
06:10:34.0138 7584 [ 7FD2A313F7AFE5C4DAB14798C48DD104 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
06:10:34.0148 7584 HidBth - ok
06:10:34.0148 7584 [ 0A77D29F311B88CFAE3B13F9C1A73825 ] HidIr C:\Windows\system32\drivers\hidir.sys
06:10:34.0158 7584 HidIr - ok
06:10:34.0158 7584 [ BD9EB3958F213F96B97B1D897DEE006D ] hidserv C:\Windows\System32\hidserv.dll
06:10:34.0158 7584 hidserv - ok
06:10:34.0168 7584 [ 9592090A7E2B61CD582B612B6DF70536 ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
06:10:34.0168 7584 HidUsb - ok
06:10:34.0178 7584 [ 387E72E739E15E3D37907A86D9FF98E2 ] hkmsvc C:\Windows\system32\kmsvc.dll
06:10:34.0178 7584 hkmsvc - ok
06:10:34.0188 7584 [ EFDFB3DD38A4376F93E7985173813ABD ] HomeGroupListener C:\Windows\system32\ListSvc.dll
06:10:34.0198 7584 HomeGroupListener - ok
06:10:34.0208 7584 [ 908ACB1F594274965A53926B10C81E89 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
06:10:34.0208 7584 HomeGroupProvider - ok
06:10:34.0218 7584 [ 39D2ABCD392F3D8A6DCE7B60AE7B8EFC ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
06:10:34.0218 7584 HpSAMD - ok
06:10:34.0238 7584 [ 0EA7DE1ACB728DD5A369FD742D6EEE28 ] HTTP C:\Windows\system32\drivers\HTTP.sys
06:10:34.0248 7584 HTTP - ok
06:10:34.0258 7584 [ A5462BD6884960C9DC85ED49D34FF392 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
06:10:34.0258 7584 hwpolicy - ok
06:10:34.0258 7584 [ FA55C73D4AFFA7EE23AC4BE53B4592D3 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
06:10:34.0268 7584 i8042prt - ok
06:10:34.0278 7584 [ ABBF174CB394F5C437410A788B7E404A ] iaStor C:\Windows\system32\drivers\iaStor.sys
06:10:34.0288 7584 iaStor - ok
06:10:34.0298 7584 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
06:10:34.0298 7584 IAStorDataMgrSvc - ok
06:10:34.0318 7584 [ AAAF44DB3BD0B9D1FB6969B23ECC8366 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
06:10:34.0318 7584 iaStorV - ok
06:10:34.0358 7584 [ 5988FC40F8DB5B0739CD1E3A5D0D78BD ] idsvc C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\infocard.exe
06:10:34.0368 7584 idsvc - ok
06:10:34.0378 7584 [ 5C18831C61933628F5BB0EA2675B9D21 ] iirsp C:\Windows\system32\drivers\iirsp.sys
06:10:34.0378 7584 iirsp - ok
06:10:34.0398 7584 [ FCD84C381E0140AF901E58D48882D26B ] IKEEXT C:\Windows\System32\ikeext.dll
06:10:34.0408 7584 IKEEXT - ok
06:10:34.0418 7584 [ 36FDF367A1DABFF903E2214023D71368 ] Impcd C:\Windows\system32\drivers\Impcd.sys
06:10:34.0418 7584 Impcd - ok
06:10:34.0508 7584 [ 9AA1E982BC10176CE316AADFBD5C28F5 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
06:10:34.0528 7584 IntcAzAudAddService - ok
06:10:34.0538 7584 [ F00F20E70C6EC3AA366910083A0518AA ] intelide C:\Windows\system32\drivers\intelide.sys
06:10:34.0538 7584 intelide - ok
06:10:34.0548 7584 [ ADA036632C664CAA754079041CF1F8C1 ] intelppm C:\Windows\system32\drivers\intelppm.sys
06:10:34.0548 7584 intelppm - ok
06:10:34.0558 7584 [ 098A91C54546A3B878DAD6A7E90A455B ] IPBusEnum C:\Windows\system32\ipbusenum.dll
06:10:34.0558 7584 IPBusEnum - ok
06:10:34.0568 7584 [ C9F0E1BD74365A8771590E9008D22AB6 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
06:10:34.0568 7584 IpFilterDriver - ok
06:10:34.0578 7584 [ 0FC1AEA580957AA8817B8F305D18CA3A ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
06:10:34.0578 7584 IPMIDRV - ok
06:10:34.0588 7584 [ AF9B39A7E7B6CAA203B3862582E9F2D0 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
06:10:34.0588 7584 IPNAT - ok
06:10:34.0618 7584 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
06:10:34.0618 7584 iPod Service - ok
06:10:34.0628 7584 [ 3ABF5E7213EB28966D55D58B515D5CE9 ] IRENUM C:\Windows\system32\drivers\irenum.sys
06:10:34.0628 7584 IRENUM - ok
06:10:34.0638 7584 [ 2F7B28DC3E1183E5EB418DF55C204F38 ] isapnp C:\Windows\system32\drivers\isapnp.sys
06:10:34.0638 7584 isapnp - ok
06:10:34.0658 7584 [ D931D7309DEB2317035B07C9F9E6B0BD ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
06:10:34.0658 7584 iScsiPrt - ok
06:10:34.0668 7584 [ BC02336F1CBA7DCC7D1213BB588A68A5 ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
06:10:34.0668 7584 kbdclass - ok
06:10:34.0678 7584 [ 0705EFF5B42A9DB58548EEC3B26BB484 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
06:10:34.0678 7584 kbdhid - ok
06:10:34.0688 7584 [ C118A82CD78818C29AB228366EBF81C3 ] KeyIso C:\Windows\system32\lsass.exe
06:10:34.0688 7584 KeyIso - ok
06:10:34.0698 7584 [ 97A7070AEA4C058B6418519E869A63B4 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
06:10:34.0698 7584 KSecDD - ok
06:10:34.0708 7584 [ 7EFB9333E4ECCE6AE4AE9D777D9E553E ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
06:10:34.0708 7584 KSecPkg - ok
06:10:34.0718 7584 [ 6869281E78CB31A43E969F06B57347C4 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
06:10:34.0718 7584 ksthunk - ok
06:10:34.0738 7584 [ 6AB66E16AA859232F64DEB66887A8C9C ] KtmRm C:\Windows\system32\msdtckrm.dll
06:10:34.0738 7584 KtmRm - ok
06:10:34.0748 7584 [ D9F42719019740BAA6D1C6D536CBDAA6 ] LanmanServer C:\Windows\System32\srvsvc.dll
06:10:34.0758 7584 LanmanServer - ok
06:10:34.0768 7584 [ 851A1382EED3E3A7476DB004F4EE3E1A ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
06:10:34.0778 7584 LanmanWorkstation - ok
06:10:34.0818 7584 [ FF7075265691C741AFD2F756559A10D5 ] LiveUpdate C:\PROGRA~2\Symantec\LIVEUP~1\LUCOMS~1.EXE
06:10:34.0848 7584 LiveUpdate - ok
06:10:34.0858 7584 [ 1538831CF8AD2979A04C423779465827 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
06:10:34.0858 7584 lltdio - ok
06:10:34.0868 7584 [ C1185803384AB3FEED115F79F109427F ] lltdsvc C:\Windows\System32\lltdsvc.dll
06:10:34.0878 7584 lltdsvc - ok
06:10:34.0878 7584 [ F993A32249B66C9D622EA5592A8B76B8 ] lmhosts C:\Windows\System32\lmhsvc.dll
06:10:34.0888 7584 lmhosts - ok
06:10:34.0898 7584 [ D0E7FF91B52FE9FD2F9522B91F27CB09 ] LMS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
06:10:34.0898 7584 LMS - ok
06:10:34.0908 7584 [ 1A93E54EB0ECE102495A51266DCDB6A6 ] LSI_FC C:\Windows\system32\drivers\lsi_fc.sys
06:10:34.0918 7584 LSI_FC - ok
06:10:34.0918 7584 [ 1047184A9FDC8BDBFF857175875EE810 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
06:10:34.0928 7584 LSI_SAS - ok
06:10:34.0928 7584 [ 30F5C0DE1EE8B5BC9306C1F0E4A75F93 ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
06:10:34.0938 7584 LSI_SAS2 - ok
06:10:34.0948 7584 [ 0504EACAFF0D3C8AED161C4B0D369D4A ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
06:10:34.0948 7584 LSI_SCSI - ok
06:10:34.0958 7584 [ 43D0F98E1D56CCDDB0D5254CFF7B356E ] luafv C:\Windows\system32\drivers\luafv.sys
06:10:34.0958 7584 luafv - ok
06:10:34.0968 7584 [ 0BE09CD858ABF9DF6ED259D57A1A1663 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
06:10:34.0968 7584 Mcx2Svc - ok
06:10:34.0978 7584 [ A55805F747C6EDB6A9080D7C633BD0F4 ] megasas C:\Windows\system32\drivers\megasas.sys
06:10:34.0978 7584 megasas - ok
06:10:34.0988 7584 [ BAF74CE0072480C3B6B7C13B2A94D6B3 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
06:10:34.0998 7584 MegaSR - ok
06:10:35.0008 7584 [ E40E80D0304A73E8D269F7141D77250B ] MMCSS C:\Windows\system32\mmcss.dll
06:10:35.0008 7584 MMCSS - ok
06:10:35.0018 7584 [ 800BA92F7010378B09F9ED9270F07137 ] Modem C:\Windows\system32\drivers\modem.sys
06:10:35.0018 7584 Modem - ok
06:10:35.0018 7584 [ B03D591DC7DA45ECE20B3B467E6AADAA ] monitor C:\Windows\system32\DRIVERS\monitor.sys
06:10:35.0028 7584 monitor - ok
06:10:35.0028 7584 [ 7D27EA49F3C1F687D357E77A470AEA99 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
06:10:35.0028 7584 mouclass - ok
06:10:35.0038 7584 [ D3BF052C40B0C4166D9FD86A4288C1E6 ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
06:10:35.0038 7584 mouhid - ok
06:10:35.0048 7584 [ 32E7A3D591D671A6DF2DB515A5CBE0FA ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
06:10:35.0048 7584 mountmgr - ok
06:10:35.0058 7584 [ 51A84B690DF519DCF656F780243D953E ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
06:10:35.0058 7584 MozillaMaintenance - ok
06:10:35.0068 7584 [ A44B420D30BD56E145D6A2BC8768EC58 ] mpio C:\Windows\system32\drivers\mpio.sys
06:10:35.0078 7584 mpio - ok
06:10:35.0088 7584 [ 6C38C9E45AE0EA2FA5E551F2ED5E978F ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
06:10:35.0088 7584 mpsdrv - ok
06:10:35.0098 7584 [ DC722758B8261E1ABAFD31A3C0A66380 ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
06:10:35.0098 7584 MRxDAV - ok
06:10:35.0108 7584 [ A5D9106A73DC88564C825D317CAC68AC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
06:10:35.0118 7584 mrxsmb - ok
06:10:35.0128 7584 [ D711B3C1D5F42C0C2415687BE09FC163 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
06:10:35.0128 7584 mrxsmb10 - ok
06:10:35.0138 7584 [ 9423E9D355C8D303E76B8CFBD8A5C30C ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
06:10:35.0148 7584 mrxsmb20 - ok
06:10:35.0148 7584 [ C25F0BAFA182CBCA2DD3C851C2E75796 ] msahci C:\Windows\system32\drivers\msahci.sys
06:10:35.0148 7584 msahci - ok
06:10:35.0158 7584 [ DB801A638D011B9633829EB6F663C900 ] msdsm C:\Windows\system32\drivers\msdsm.sys
06:10:35.0158 7584 msdsm - ok
06:10:35.0168 7584 [ DE0ECE52236CFA3ED2DBFC03F28253A8 ] MSDTC C:\Windows\System32\msdtc.exe
06:10:35.0178 7584 MSDTC - ok
06:10:35.0188 7584 [ AA3FB40E17CE1388FA1BEDAB50EA8F96 ] Msfs C:\Windows\system32\drivers\Msfs.sys
06:10:35.0188 7584 Msfs - ok
06:10:35.0188 7584 [ F9D215A46A8B9753F61767FA72A20326 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
06:10:35.0198 7584 mshidkmdf - ok
06:10:35.0198 7584 [ D916874BBD4F8B07BFB7FA9B3CCAE29D ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
06:10:35.0198 7584 msisadrv - ok
06:10:35.0208 7584 [ 808E98FF49B155C522E6400953177B08 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
06:10:35.0218 7584 MSiSCSI - ok
06:10:35.0218 7584 msiserver - ok
06:10:35.0228 7584 [ 49CCF2C4FEA34FFAD8B1B59D49439366 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
06:10:35.0228 7584 MSKSSRV - ok
06:10:35.0238 7584 [ BDD71ACE35A232104DDD349EE70E1AB3 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
06:10:35.0238 7584 MSPCLOCK - ok
06:10:35.0238 7584 [ 4ED981241DB27C3383D72092B618A1D0 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
06:10:35.0238 7584 MSPQM - ok
06:10:35.0258 7584 [ 759A9EEB0FA9ED79DA1FB7D4EF78866D ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
06:10:35.0258 7584 MsRPC - ok
06:10:35.0268 7584 [ 0EED230E37515A0EAEE3C2E1BC97B288 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
06:10:35.0268 7584 mssmbios - ok
06:10:35.0278 7584 MSSQL$MSSMLBIZ - ok
06:10:35.0288 7584 [ 1D89EB4E2A99CABD4E81225F4F4C4B25 ] MSSQLServerADHelper c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqladhlp90.exe
06:10:35.0288 7584 MSSQLServerADHelper - ok
06:10:35.0288 7584 [ 2E66F9ECB30B4221A318C92AC2250779 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
06:10:35.0298 7584 MSTEE - ok
06:10:35.0368 7584 [ CB4A082AF58D1A0969F931816D5CFB05 ] msvsmon90 C:\Program Files\Microsoft Visual Studio 9.0\Common7\IDE\Remote Debugger\x64\msvsmon.exe
06:10:35.0418 7584 msvsmon90 - ok
06:10:35.0428 7584 [ 7EA404308934E675BFFDE8EDF0757BCD ] MTConfig C:\Windows\system32\drivers\MTConfig.sys
06:10:35.0428 7584 MTConfig - ok
06:10:35.0438 7584 [ F9A18612FD3526FE473C1BDA678D61C8 ] Mup C:\Windows\system32\Drivers\mup.sys
06:10:35.0438 7584 Mup - ok
06:10:35.0448 7584 [ 582AC6D9873E31DFA28A4547270862DD ] napagent C:\Windows\system32\qagentRT.dll
06:10:35.0458 7584 napagent - ok
06:10:35.0478 7584 [ 1EA3749C4114DB3E3161156FFFFA6B33 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
06:10:35.0478 7584 NativeWifiP - ok
06:10:35.0508 7584 [ 760E38053BF56E501D562B70AD796B88 ] NDIS C:\Windows\system32\drivers\ndis.sys
06:10:35.0518 7584 NDIS - ok
06:10:35.0528 7584 [ 9F9A1F53AAD7DA4D6FEF5BB73AB811AC ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
06:10:35.0528 7584 NdisCap - ok
06:10:35.0538 7584 [ 30639C932D9FEF22B31268FE25A1B6E5 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
06:10:35.0538 7584 NdisTapi - ok
06:10:35.0548 7584 [ 136185F9FB2CC61E573E676AA5402356 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
06:10:35.0548 7584 Ndisuio - ok
06:10:35.0558 7584 [ 53F7305169863F0A2BDDC49E116C2E11 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
06:10:35.0558 7584 NdisWan - ok
06:10:35.0568 7584 [ 015C0D8E0E0421B4CFD48CFFE2825879 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
06:10:35.0568 7584 NDProxy - ok
06:10:35.0578 7584 [ 307BC83250FC8E3B2878D81E7D760299 ] Netaapl C:\Windows\system32\DRIVERS\netaapl64.sys
06:10:35.0578 7584 Netaapl - ok
06:10:35.0578 7584 [ 86743D9F5D2B1048062B14B1D84501C4 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
06:10:35.0588 7584 NetBIOS - ok
06:10:35.0598 7584 [ 09594D1089C523423B32A4229263F068 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
06:10:35.0598 7584 NetBT - ok
06:10:35.0608 7584 [ C118A82CD78818C29AB228366EBF81C3 ] Netlogon C:\Windows\system32\lsass.exe
06:10:35.0608 7584 Netlogon - ok
06:10:35.0628 7584 [ 847D3AE376C0817161A14A82C8922A9E ] Netman C:\Windows\System32\netman.dll
06:10:35.0628 7584 Netman - ok
06:10:35.0648 7584 [ 5F28111C648F1E24F7DBC87CDEB091B8 ] netprofm C:\Windows\System32\netprofm.dll
06:10:35.0658 7584 netprofm - ok
06:10:35.0668 7584 [ 3E5A36127E201DDF663176B66828FAFE ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v3.0\Windows Communication Foundation\SMSvcHost.exe
06:10:35.0668 7584 NetTcpPortSharing - ok
06:10:35.0808 7584 [ 18555F48844C2861D9DCE8F2B7223AE5 ] NETw5s64 C:\Windows\system32\DRIVERS\NETw5s64.sys
06:10:35.0888 7584 NETw5s64 - ok
06:10:35.0898 7584 [ 77889813BE4D166CDAB78DDBA990DA92 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
06:10:35.0898 7584 nfrd960 - ok
06:10:35.0908 7584 [ 8AD77806D336673F270DB31645267293 ] NlaSvc C:\Windows\System32\nlasvc.dll
06:10:35.0918 7584 NlaSvc - ok
06:10:35.0918 7584 [ 1E4C4AB5C9B8DD13179BBDC75A2A01F7 ] Npfs C:\Windows\system32\drivers\Npfs.sys
06:10:35.0928 7584 Npfs - ok
06:10:35.0928 7584 [ D54BFDF3E0C953F823B3D0BFE4732528 ] nsi C:\Windows\system32\nsisvc.dll
06:10:35.0938 7584 nsi - ok
06:10:35.0938 7584 [ E7F5AE18AF4168178A642A9247C63001 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
06:10:35.0938 7584 nsiproxy - ok
06:10:36.0008 7584 [ E453ACF4E7D44E5530B5D5F2B9CA8563 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
06:10:36.0028 7584 Ntfs - ok
06:10:36.0028 7584 [ 9899284589F75FA8724FF3D16AED75C1 ] Null C:\Windows\system32\drivers\Null.sys
06:10:36.0028 7584 Null - ok
06:10:36.0038 7584 [ 181E7FE39211E04128A30708906627D8 ] NVHDA C:\Windows\system32\drivers\nvhda64v.sys
06:10:36.0038 7584 NVHDA - ok
06:10:36.0198 7584 [ 9439174331D5D1FFE6316590356C34EE ] nvlddmkm C:\Windows\system32\DRIVERS\nvlddmkm.sys
06:10:36.0328 7584 nvlddmkm - ok
06:10:36.0338 7584 [ 0A92CB65770442ED0DC44834632F66AD ] nvraid C:\Windows\system32\drivers\nvraid.sys
06:10:36.0338 7584 nvraid - ok
06:10:36.0348 7584 [ DAB0E87525C10052BF65F06152F37E4A ] nvstor C:\Windows\system32\drivers\nvstor.sys
06:10:36.0358 7584 nvstor - ok
06:10:36.0368 7584 [ 982F4D28A521E99A78496775150D3B1C ] nvsvc C:\Windows\system32\nvvsvc.exe
06:10:36.0378 7584 nvsvc - ok
06:10:36.0388 7584 [ 270D7CD42D6E3979F6DD0146650F0E05 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
06:10:36.0388 7584 nv_agp - ok
06:10:36.0398 7584 [ 3589478E4B22CE21B41FA1BFC0B8B8A0 ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
06:10:36.0398 7584 ohci1394 - ok
06:10:36.0408 7584 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
06:10:36.0418 7584 ose - ok
06:10:36.0498 7584 [ 61BFFB5F57AD12F83AB64B7181829B34 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
06:10:36.0548 7584 osppsvc - ok
06:10:36.0568 7584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
06:10:36.0578 7584 p2pimsvc - ok
06:10:36.0588 7584 [ 927463ECB02179F88E4B9A17568C63C3 ] p2psvc C:\Windows\system32\p2psvc.dll
06:10:36.0598 7584 p2psvc - ok
06:10:36.0608 7584 [ 0086431C29C35BE1DBC43F52CC273887 ] Parport C:\Windows\system32\drivers\parport.sys
06:10:36.0608 7584 Parport - ok
06:10:36.0618 7584 [ E9766131EEADE40A27DC27D2D68FBA9C ] partmgr C:\Windows\system32\drivers\partmgr.sys
06:10:36.0618 7584 partmgr - ok
06:10:36.0628 7584 [ 3AEAA8B561E63452C655DC0584922257 ] PcaSvc C:\Windows\System32\pcasvc.dll
06:10:36.0638 7584 PcaSvc - ok
06:10:36.0648 7584 [ 94575C0571D1462A0F70BDE6BD6EE6B3 ] pci C:\Windows\system32\drivers\pci.sys
06:10:36.0658 7584 pci - ok
06:10:36.0658 7584 [ B5B8B5EF2E5CB34DF8DCF8831E3534FA ] pciide C:\Windows\system32\drivers\pciide.sys
06:10:36.0658 7584 pciide - ok
06:10:36.0678 7584 [ B2E81D4E87CE48589F98CB8C05B01F2F ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
06:10:36.0678 7584 pcmcia - ok
06:10:36.0688 7584 [ D6B9C2E1A11A3A4B26A182FFEF18F603 ] pcw C:\Windows\system32\drivers\pcw.sys
06:10:36.0688 7584 pcw - ok
06:10:36.0708 7584 [ 68769C3356B3BE5D1C732C97B9A80D6E ] PEAUTH C:\Windows\system32\drivers\peauth.sys
06:10:36.0718 7584 PEAUTH - ok
06:10:36.0778 7584 [ B9B0A4299DD2D76A4243F75FD54DC680 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
06:10:36.0788 7584 PeerDistSvc - ok
06:10:36.0828 7584 [ E495E408C93141E8FC72DC0C6046DDFA ] PerfHost C:\Windows\SysWow64\perfhost.exe
06:10:36.0828 7584 PerfHost - ok
06:10:36.0868 7584 [ C7CF6A6E137463219E1259E3F0F0DD6C ] pla C:\Windows\system32\pla.dll
06:10:36.0888 7584 pla - ok
06:10:36.0908 7584 [ 25FBDEF06C4D92815B353F6E792C8129 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
06:10:36.0918 7584 PlugPlay - ok
06:10:36.0918 7584 [ F485770EEC8959684CC4C4786B63C06C ] Pml Driver HPZ12 C:\Windows\system32\HPZipm12.dll
06:10:36.0928 7584 Pml Driver HPZ12 - ok
06:10:36.0928 7584 [ 7195581CEC9BB7D12ABE54036ACC2E38 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
06:10:36.0938 7584 PNRPAutoReg - ok
06:10:36.0938 7584 [ 3EAC4455472CC2C97107B5291E0DCAFE ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
06:10:36.0948 7584 PNRPsvc - ok
06:10:36.0968 7584 [ 4F15D75ADF6156BF56ECED6D4A55C389 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
06:10:36.0978 7584 PolicyAgent - ok
06:10:36.0988 7584 [ 6BA9D927DDED70BD1A9CADED45F8B184 ] Power C:\Windows\system32\umpo.dll
06:10:36.0998 7584 Power - ok
06:10:36.0998 7584 [ F92A2C41117A11A00BE01CA01A7FCDE9 ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
06:10:37.0008 7584 PptpMiniport - ok
06:10:37.0018 7584 [ 0D922E23C041EFB1C3FAC2A6F943C9BF ] Processor C:\Windows\system32\drivers\processr.sys
06:10:37.0018 7584 Processor - ok
06:10:37.0028 7584 [ 53E83F1F6CF9D62F32801CF66D8352A8 ] ProfSvc C:\Windows\system32\profsvc.dll
06:10:37.0028 7584 ProfSvc - ok
06:10:37.0038 7584 [ C118A82CD78818C29AB228366EBF81C3 ] ProtectedStorage C:\Windows\system32\lsass.exe
06:10:37.0038 7584 ProtectedStorage - ok
06:10:37.0048 7584 [ 0557CF5A2556BD58E26384169D72438D ] Psched C:\Windows\system32\DRIVERS\pacer.sys
06:10:37.0058 7584 Psched - ok
06:10:37.0058 7584 [ AED797CCA02783296C68AA10D0CFF8A9 ] PxHlpa64 C:\Windows\system32\Drivers\PxHlpa64.sys
06:10:37.0068 7584 PxHlpa64 - ok
06:10:37.0068 7584 [ FD79ACB284B6BB288C8826FFF72778E9 ] qcfilterSny2k C:\Windows\system32\DRIVERS\qcfilterSny2k.sys
06:10:37.0068 7584 qcfilterSny2k - ok
06:10:37.0078 7584 [ D4168D8BEBCF573B8FFB2A0C09094DA3 ] qcusbnetsny2k C:\Windows\system32\DRIVERS\qcusbnetsny2k.sys
06:10:37.0088 7584 qcusbnetsny2k - ok
06:10:37.0098 7584 [ 3A5625922508A972345F096CB163D55B ] qcusbsersny2k C:\Windows\system32\DRIVERS\qcusbserSny2k.sys
06:10:37.0098 7584 qcusbsersny2k - ok
06:10:37.0108 7584 [ 4EF14082BF62F3B23C4E35453775FE68 ] QDLService2kSony c:\Program Files (x86)\QUALCOMM\QDLService2k\QDLService2kSony.exe
06:10:37.0118 7584 QDLService2kSony - ok
06:10:37.0168 7584 [ A53A15A11EBFD21077463EE2C7AFEEF0 ] ql2300 C:\Windows\system32\drivers\ql2300.sys
06:10:37.0188 7584 ql2300 - ok
06:10:37.0198 7584 [ 4F6D12B51DE1AAEFF7DC58C4D75423C8 ] ql40xx C:\Windows\system32\drivers\ql40xx.sys
06:10:37.0198 7584 ql40xx - ok
06:10:37.0208 7584 [ 906191634E99AEA92C4816150BDA3732 ] QWAVE C:\Windows\system32\qwave.dll
06:10:37.0218 7584 QWAVE - ok
06:10:37.0228 7584 [ 76707BB36430888D9CE9D705398ADB6C ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
06:10:37.0228 7584 QWAVEdrv - ok
06:10:37.0228 7584 [ 5A0DA8AD5762FA2D91678A8A01311704 ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
06:10:37.0238 7584 RasAcd - ok
06:10:37.0238 7584 [ 7ECFF9B22276B73F43A99A15A6094E90 ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
06:10:37.0248 7584 RasAgileVpn - ok
06:10:37.0248 7584 [ 8F26510C5383B8DBE976DE1CD00FC8C7 ] RasAuto C:\Windows\System32\rasauto.dll
06:10:37.0258 7584 RasAuto - ok
06:10:37.0268 7584 [ 471815800AE33E6F1C32FB1B97C490CA ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
06:10:37.0268 7584 Rasl2tp - ok
06:10:37.0278 7584 [ EE867A0870FC9E4972BA9EAAD35651E2 ] RasMan C:\Windows\System32\rasmans.dll
06:10:37.0288 7584 RasMan - ok
06:10:37.0288 7584 [ 855C9B1CD4756C5E9A2AA58A15F58C25 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
06:10:37.0298 7584 RasPppoe - ok
06:10:37.0298 7584 [ E8B1E447B008D07FF47D016C2B0EEECB ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
06:10:37.0308 7584 RasSstp - ok
06:10:37.0318 7584 [ 77F665941019A1594D887A74F301FA2F ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
06:10:37.0328 7584 rdbss - ok
06:10:37.0328 7584 [ 302DA2A0539F2CF54D7C6CC30C1F2D8D ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
06:10:37.0328 7584 rdpbus - ok
06:10:37.0338 7584 [ CEA6CC257FC9B7715F1C2B4849286D24 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
06:10:37.0338 7584 RDPCDD - ok
06:10:37.0348 7584 [ 1B6163C503398B23FF8B939C67747683 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
06:10:37.0358 7584 RDPDR - ok
06:10:37.0358 7584 [ BB5971A4F00659529A5C44831AF22365 ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
06:10:37.0358 7584 RDPENCDD - ok
06:10:37.0368 7584 [ 216F3FA57533D98E1F74DED70113177A ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
06:10:37.0368 7584 RDPREFMP - ok
06:10:37.0378 7584 [ 313F68E1A3E6345A4F47A36B07062F34 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
06:10:37.0378 7584 RdpVideoMiniport - ok
06:10:37.0398 7584 [ E61608AA35E98999AF9AAEEEA6114B0A ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
06:10:37.0398 7584 RDPWD - ok
06:10:37.0408 7584 [ 34ED295FA0121C241BFEF24764FC4520 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
06:10:37.0418 7584 rdyboost - ok
06:10:37.0428 7584 [ 0AA473966357C4A41B5EB19649EB6E5E ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
06:10:37.0448 7584 RegSrvc - ok
06:10:37.0458 7584 [ 254FB7A22D74E5511C73A3F6D802F192 ] RemoteAccess C:\Windows\System32\mprdim.dll
06:10:37.0458 7584 RemoteAccess - ok
06:10:37.0468 7584 [ E4D94F24081440B5FC5AA556C7C62702 ] RemoteRegistry C:\Windows\system32\regsvc.dll
06:10:37.0478 7584 RemoteRegistry - ok
06:10:37.0488 7584 [ 3DD798846E2C28102B922C56E71B7932 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
06:10:37.0488 7584 RFCOMM - ok
06:10:37.0498 7584 [ 5CA4ABD888B602551B59BAA26941C167 ] rimspci C:\Windows\system32\drivers\rimssne64.sys
06:10:37.0498 7584 rimspci - ok
06:10:37.0508 7584 [ AA7B4AC7CB1281349CD61DE067F00D5D ] risdsnpe C:\Windows\system32\drivers\risdsne64.sys
06:10:37.0508 7584 risdsnpe - ok
06:10:37.0528 7584 [ D151224BC11078895A60FA970728FF59 ] Roxio UPnP Renderer 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUPnPRenderer10.exe
06:10:37.0528 7584 Roxio UPnP Renderer 10 - ok
06:10:37.0548 7584 [ 5022A927944878BD750960BD21E751AF ] Roxio Upnp Server 10 C:\Program Files (x86)\Roxio\Digital Home 10\RoxioUpnpService10.exe
06:10:37.0558 7584 Roxio Upnp Server 10 - ok
06:10:37.0558 7584 [ E4DC58CF7B3EA515AE917FF0D402A7BB ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
06:10:37.0568 7584 RpcEptMapper - ok
06:10:37.0568 7584 [ D5BA242D4CF8E384DB90E6A8ED850B8C ] RpcLocator C:\Windows\system32\locator.exe
06:10:37.0578 7584 RpcLocator - ok
06:10:37.0598 7584 [ 5C627D1B1138676C0A7AB2C2C190D123 ] RpcSs C:\Windows\system32\rpcss.dll
06:10:37.0598 7584 RpcSs - ok
06:10:37.0608 7584 [ DDC86E4F8E7456261E637E3552E804FF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
06:10:37.0608 7584 rspndr - ok
06:10:37.0618 7584 [ E60C0A09F997826C7627B244195AB581 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
06:10:37.0618 7584 s3cap - ok
06:10:37.0628 7584 [ C118A82CD78818C29AB228366EBF81C3 ] SamSs C:\Windows\system32\lsass.exe
06:10:37.0628 7584 SamSs - ok
06:10:37.0638 7584 [ AC03AF3329579FFFB455AA2DAABBE22B ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
06:10:37.0638 7584 sbp2port - ok
06:10:37.0648 7584 [ 9B7395789E3791A3B6D000FE6F8B131E ] SCardSvr C:\Windows\System32\SCardSvr.dll
06:10:37.0658 7584 SCardSvr - ok
06:10:37.0668 7584 [ 253F38D0D7074C02FF8DEB9836C97D2B ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
06:10:37.0668 7584 scfilter - ok
06:10:37.0688 7584 [ 262F6592C3299C005FD6BEC90FC4463A ] Schedule C:\Windows\system32\schedsvc.dll
06:10:37.0708 7584 Schedule - ok
06:10:37.0708 7584 [ F17D1D393BBC69C5322FBFAFACA28C7F ] SCPolicySvc C:\Windows\System32\certprop.dll
06:10:37.0718 7584 SCPolicySvc - ok
06:10:37.0718 7584 [ 111E0EBC0AD79CB0FA014B907B231CF0 ] sdbus C:\Windows\system32\drivers\sdbus.sys
06:10:37.0728 7584 sdbus - ok
06:10:37.0738 7584 [ 6EA4234DC55346E0709560FE7C2C1972 ] SDRSVC C:\Windows\System32\SDRSVC.dll
06:10:37.0738 7584 SDRSVC - ok
06:10:37.0748 7584 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
06:10:37.0748 7584 secdrv - ok
06:10:37.0758 7584 [ BC617A4E1B4FA8DF523A061739A0BD87 ] seclogon C:\Windows\system32\seclogon.dll
06:10:37.0758 7584 seclogon - ok
06:10:37.0768 7584 [ C32AB8FA018EF34C0F113BD501436D21 ] SENS C:\Windows\System32\sens.dll
06:10:37.0768 7584 SENS - ok
06:10:37.0778 7584 [ 0336CFFAFAAB87A11541F1CF1594B2B2 ] SensrSvc C:\Windows\system32\sensrsvc.dll
06:10:37.0778 7584 SensrSvc - ok
06:10:37.0788 7584 [ CB624C0035412AF0DEBEC78C41F5CA1B ] Serenum C:\Windows\system32\drivers\serenum.sys
06:10:37.0788 7584 Serenum - ok
06:10:37.0798 7584 [ C1D8E28B2C2ADFAEC4BA89E9FDA69BD6 ] Serial C:\Windows\system32\drivers\serial.sys
06:10:37.0798 7584 Serial - ok
06:10:37.0808 7584 [ 1C545A7D0691CC4A027396535691C3E3 ] sermouse C:\Windows\system32\drivers\sermouse.sys
06:10:37.0808 7584 sermouse - ok
06:10:37.0828 7584 [ 0B6231BF38174A1628C4AC812CC75804 ] SessionEnv C:\Windows\system32\sessenv.dll
06:10:37.0828 7584 SessionEnv - ok
06:10:37.0838 7584 [ 286D3889E6AB5589646FF8A63CB928AE ] SFEP C:\Windows\system32\drivers\SFEP.sys
06:10:37.0838 7584 SFEP - ok
06:10:37.0848 7584 [ A554811BCD09279536440C964AE35BBF ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
06:10:37.0848 7584 sffdisk - ok
06:10:37.0858 7584 [ FF414F0BAEFEBA59BC6C04B3DB0B87BF ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
06:10:37.0858 7584 sffp_mmc - ok
06:10:37.0868 7584 [ DD85B78243A19B59F0637DCF284DA63C ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
06:10:37.0868 7584 sffp_sd - ok
06:10:37.0868 7584 [ A9D601643A1647211A1EE2EC4E433FF4 ] sfloppy C:\Windows\system32\drivers\sfloppy.sys
06:10:37.0868 7584 sfloppy - ok
06:10:37.0888 7584 [ AAF932B4011D14052955D4B212A4DA8D ] ShellHWDetection C:\Windows\System32\shsvcs.dll
06:10:37.0898 7584 ShellHWDetection - ok
06:10:37.0908 7584 [ 843CAF1E5FDE1FFD5FF768F23A51E2E1 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
06:10:37.0908 7584 SiSRaid2 - ok
06:10:37.0918 7584 [ 6A6C106D42E9FFFF8B9FCB4F754F6DA4 ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
06:10:37.0918 7584 SiSRaid4 - ok
06:10:37.0928 7584 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files (x86)\Skype\Updater\Updater.exe
06:10:37.0928 7584 SkypeUpdate - ok
06:10:37.0938 7584 [ 548260A7B8654E024DC30BF8A7C5BAA4 ] Smb C:\Windows\system32\DRIVERS\smb.sys
06:10:37.0938 7584 Smb - ok
06:10:37.0948 7584 [ 6313F223E817CC09AA41811DAA7F541D ] SNMPTRAP C:\Windows\System32\snmptrap.exe
06:10:37.0958 7584 SNMPTRAP - ok
06:10:37.0968 7584 [ 98886C88A1CB13D61672AE2C638B7E1C ] SOHCImp C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHCImp.exe
06:10:37.0968 7584 SOHCImp - ok
06:10:37.0978 7584 [ 442A13F395546F4564C377296D43B564 ] SOHDBSvr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDBSvr.exe
06:10:37.0978 7584 SOHDBSvr - ok
06:10:37.0988 7584 [ 556681BE668D71DC162391A45422B52C ] SOHDms C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDms.exe
06:10:37.0998 7584 SOHDms - ok
06:10:38.0008 7584 [ 72B46103E4111439109ACF5882627C24 ] SOHDs C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHDs.exe
06:10:38.0008 7584 SOHDs - ok
06:10:38.0008 7584 [ 725B6E9CD1959271AC993DC035E1606D ] SOHPlMgr C:\Program Files (x86)\Common Files\Sony Shared\SOHLib\SOHPlMgr.exe
06:10:38.0018 7584 SOHPlMgr - ok
06:10:38.0018 7584 [ B9E31E5CACDFE584F34F730A677803F9 ] spldr C:\Windows\system32\drivers\spldr.sys
06:10:38.0028 7584 spldr - ok
06:10:38.0038 7584 [ 85DAA09A98C9286D4EA2BA8D0E644377 ] Spooler C:\Windows\System32\spoolsv.exe
06:10:38.0048 7584 Spooler - ok
06:10:38.0128 7584 [ E17E0188BB90FAE42D83E98707EFA59C ] sppsvc C:\Windows\system32\sppsvc.exe
06:10:38.0168 7584 sppsvc - ok
06:10:38.0178 7584 [ 93D7D61317F3D4BC4F4E9F8A96A7DE45 ] sppuinotify C:\Windows\system32\sppuinotify.dll
06:10:38.0178 7584 sppuinotify - ok
06:10:38.0188 7584 [ 86EBD8B1F23E743AAD21F4D5B4D40985 ] SQLBrowser c:\Program Files (x86)\Microsoft SQL Server\90\Shared\sqlbrowser.exe
06:10:38.0198 7584 SQLBrowser - ok
06:10:38.0208 7584 [ 3C432A96363097870995E2A3C8B66ABD ] SQLWriter c:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
06:10:38.0208 7584 SQLWriter - ok
06:10:38.0228 7584 [ 441FBA48BFF01FDB9D5969EBC1838F0B ] srv C:\Windows\system32\DRIVERS\srv.sys
06:10:38.0238 7584 srv - ok
06:10:38.0248 7584 [ B4ADEBBF5E3677CCE9651E0F01F7CC28 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
06:10:38.0258 7584 srv2 - ok
06:10:38.0268 7584 [ 27E461F0BE5BFF5FC737328F749538C3 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
06:10:38.0268 7584 srvnet - ok
06:10:38.0278 7584 [ 51B52FBD583CDE8AA9BA62B8B4298F33 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
06:10:38.0288 7584 SSDPSRV - ok
06:10:38.0298 7584 [ AB7AEBF58DAD8DAAB7A6C45E6A8885CB ] SstpSvc C:\Windows\system32\sstpsvc.dll
06:10:38.0298 7584 SstpSvc - ok
06:10:38.0308 7584 [ F3817967ED533D08327DC73BC4D5542A ] stexstor C:\Windows\system32\drivers\stexstor.sys
06:10:38.0308 7584 stexstor - ok
06:10:38.0318 7584 [ DECACB6921DED1A38642642685D77DAC ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
06:10:38.0318 7584 StillCam - ok
06:10:38.0328 7584 [ 8DD52E8E6128F4B2DA92CE27402871C1 ] stisvc C:\Windows\System32\wiaservc.dll
06:10:38.0338 7584 stisvc - ok
06:10:38.0348 7584 [ 7785DC213270D2FC066538DAF94087E7 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
06:10:38.0348 7584 storflt - ok
06:10:38.0358 7584 [ C40841817EF57D491F22EB103DA587CC ] StorSvc C:\Windows\system32\storsvc.dll
06:10:38.0358 7584 StorSvc - ok
06:10:38.0368 7584 [ D34E4943D5AC096C8EDEEBFD80D76E23 ] storvsc C:\Windows\system32\drivers\storvsc.sys
06:10:38.0368 7584 storvsc - ok
06:10:38.0378 7584 [ D01EC09B6711A5F8E7E6564A4D0FBC90 ] swenum C:\Windows\system32\drivers\swenum.sys
06:10:38.0378 7584 swenum - ok
06:10:38.0398 7584 [ E08E46FDD841B7184194011CA1955A0B ] swprv C:\Windows\System32\swprv.dll
06:10:38.0408 7584 swprv - ok
06:10:38.0418 7584 [ 3C08FB2829A5304825F974B1631DEDFA ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys
06:10:38.0418 7584 SynTP - ok
06:10:38.0459 7584 [ BF9CCC0BF39B418C8D0AE8B05CF95B7D ] SysMain C:\Windows\system32\sysmain.dll
06:10:38.0479 7584 SysMain - ok
06:10:38.0489 7584 [ E3C61FD7B7C2557E1F1B0B4CEC713585 ] TabletInputService C:\Windows\System32\TabSvc.dll
06:10:38.0499 7584 TabletInputService - ok
06:10:38.0509 7584 [ 40F0849F65D13EE87B9A9AE3C1DD6823 ] TapiSrv C:\Windows\System32\tapisrv.dll
06:10:38.0519 7584 TapiSrv - ok
06:10:38.0529 7584 [ 1BE03AC720F4D302EA01D40F588162F6 ] TBS C:\Windows\System32\tbssvc.dll
06:10:38.0529 7584 TBS - ok
06:10:38.0569 7584 [ B62A953F2BF3922C8764A29C34A22899 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
06:10:38.0599 7584 Tcpip - ok
06:10:38.0639 7584 [ B62A953F2BF3922C8764A29C34A22899 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
06:10:38.0649 7584 TCPIP6 - ok
06:10:38.0669 7584 [ 1B16D0BD9841794A6E0CDE0CEF744ABC ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
06:10:38.0669 7584 tcpipreg - ok
06:10:38.0679 7584 [ 3371D21011695B16333A3934340C4E7C ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
06:10:38.0679 7584 TDPIPE - ok
06:10:38.0689 7584 [ 51C5ECEB1CDEE2468A1748BE550CFBC8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
06:10:38.0689 7584 TDTCP - ok
06:10:38.0699 7584 [ DDAD5A7AB24D8B65F8D724F5C20FD806 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
06:10:38.0699 7584 tdx - ok
06:10:38.0709 7584 [ 561E7E1F06895D78DE991E01DD0FB6E5 ] TermDD C:\Windows\system32\drivers\termdd.sys
06:10:38.0709 7584 TermDD - ok
06:10:38.0739 7584 [ 2E648163254233755035B46DD7B89123 ] TermService C:\Windows\System32\termsrv.dll
06:10:38.0749 7584 TermService - ok
06:10:38.0759 7584 [ F0344071948D1A1FA732231785A0664C ] Themes C:\Windows\system32\themeservice.dll
06:10:38.0759 7584 Themes - ok
06:10:38.0769 7584 [ E40E80D0304A73E8D269F7141D77250B ] THREADORDER C:\Windows\system32\mmcss.dll
06:10:38.0769 7584 THREADORDER - ok
06:10:38.0779 7584 [ 3199A477F0F06EEDE41BD55179F8EB05 ] TomTomHOMEService C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
06:10:38.0789 7584 TomTomHOMEService - ok
06:10:38.0789 7584 [ DBCC20C02E8A3E43B03C304A4E40A84F ] TPM C:\Windows\system32\drivers\tpm.sys
06:10:38.0799 7584 TPM - ok
06:10:38.0799 7584 [ 7E7AFD841694F6AC397E99D75CEAD49D ] TrkWks C:\Windows\System32\trkwks.dll
06:10:38.0809 7584 TrkWks - ok
06:10:38.0809 7584 [ 9BF9E809FBB2D5D0403B32B15ABE5F30 ] TrojanKillerDriver C:\Windows\system32\DRIVERS\gtkdrv.sys
06:10:38.0819 7584 TrojanKillerDriver - ok
06:10:38.0829 7584 [ 773212B2AAA24C1E31F10246B15B276C ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
06:10:38.0829 7584 TrustedInstaller - ok
06:10:38.0839 7584 [ CE18B2CDFC837C99E5FAE9CA6CBA5D30 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
06:10:38.0839 7584 tssecsrv - ok
06:10:38.0849 7584 [ 17C6B51CBCCDED95B3CC14E22791F85E ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
06:10:38.0849 7584 TsUsbFlt - ok
06:10:38.0859 7584 [ 3566A8DAAFA27AF944F5D705EAA64894 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
06:10:38.0859 7584 tunnel - ok
06:10:38.0869 7584 [ B4DD609BD7E282BFC683CEC7EAAAAD67 ] uagp35 C:\Windows\system32\drivers\uagp35.sys
06:10:38.0869 7584 uagp35 - ok
06:10:38.0889 7584 [ FF4232A1A64012BAA1FD97C7B67DF593 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
06:10:38.0889 7584 udfs - ok
06:10:38.0909 7584 [ 3CBDEC8D06B9968ABA702EBA076364A1 ] UI0Detect C:\Windows\system32\UI0Detect.exe
06:10:38.0909 7584 UI0Detect - ok
06:10:38.0919 7584 [ 4BFE1BC28391222894CBF1E7D0E42320 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
06:10:38.0919 7584 uliagpkx - ok
06:10:38.0929 7584 [ DC54A574663A895C8763AF0FA1FF7561 ] umbus C:\Windows\system32\drivers\umbus.sys
06:10:38.0929 7584 umbus - ok
06:10:38.0929 7584 [ B2E8E8CB557B156DA5493BBDDCC1474D ] UmPass C:\Windows\system32\drivers\umpass.sys
06:10:38.0939 7584 UmPass - ok
06:10:38.0949 7584 [ A293DCD756D04D8492A750D03B9A297C ] UmRdpService C:\Windows\System32\umrdp.dll
06:10:38.0959 7584 UmRdpService - ok
06:10:39.0029 7584 [ A7377410BC0D28C5A72135A4BE1A1068 ] UNS C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
06:10:39.0049 7584 UNS - ok
06:10:39.0059 7584 [ D47EC6A8E81633DD18D2436B19BAF6DE ] upnphost C:\Windows\System32\upnphost.dll
06:10:39.0069 7584 upnphost - ok
06:10:39.0079 7584 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\system32\Drivers\usbaapl64.sys
06:10:39.0079 7584 USBAAPL64 - ok
06:10:39.0089 7584 [ 82E8F44688E6FAC57B5B7C6FC7ADBC2A ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
06:10:39.0089 7584 usbaudio - ok
06:10:39.0099 7584 [ 6F1A3157A1C89435352CEB543CDB359C ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
06:10:39.0099 7584 usbccgp - ok
06:10:39.0109 7584 [ AF0892A803FDDA7492F595368E3B68E7 ] usbcir C:\Windows\system32\drivers\usbcir.sys
06:10:39.0109 7584 usbcir - ok
06:10:39.0119 7584 [ C025055FE7B87701EB042095DF1A2D7B ] usbehci C:\Windows\system32\drivers\usbehci.sys
06:10:39.0119 7584 usbehci - ok
06:10:39.0129 7584 [ 287C6C9410B111B68B52CA298F7B8C24 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
06:10:39.0139 7584 usbhub - ok
06:10:39.0139 7584 [ 9840FC418B4CBD632D3D0A667A725C31 ] usbohci C:\Windows\system32\drivers\usbohci.sys
06:10:39.0149 7584 usbohci - ok
06:10:39.0149 7584 [ 73188F58FB384E75C4063D29413CEE3D ] usbprint C:\Windows\system32\drivers\usbprint.sys
06:10:39.0149 7584 usbprint - ok
06:10:39.0159 7584 [ FED648B01349A3C8395A5169DB5FB7D6 ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
06:10:39.0159 7584 USBSTOR - ok
06:10:39.0169 7584 [ 62069A34518BCF9C1FD9E74B3F6DB7CD ] usbuhci C:\Windows\system32\drivers\usbuhci.sys
06:10:39.0169 7584 usbuhci - ok
06:10:39.0179 7584 [ 454800C2BC7F3927CE030141EE4F4C50 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
06:10:39.0189 7584 usbvideo - ok
06:10:39.0189 7584 [ EDBB23CBCF2CDF727D64FF9B51A6070E ] UxSms C:\Windows\System32\uxsms.dll
06:10:39.0199 7584 UxSms - ok
06:10:39.0209 7584 [ 6B31C9CB94927DBEEB62E15275F4CC54 ] VAIO Event Service C:\Program Files (x86)\SONY\VAIO Event Service\VESMgr.exe
06:10:39.0219 7584 VAIO Event Service - ok
06:10:39.0229 7584 [ B8C9A7010AFD5CBBE194CB9EF7C4FD14 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe
06:10:39.0239 7584 VAIO Power Management - ok
06:10:39.0249 7584 [ C118A82CD78818C29AB228366EBF81C3 ] VaultSvc C:\Windows\system32\lsass.exe
06:10:39.0249 7584 VaultSvc - ok
06:10:39.0259 7584 [ D347D3ABE070AA09C22FC37121555D52 ] VCService C:\Program Files\Sony\VAIO Care\VCService.exe
06:10:39.0259 7584 VCService - ok
06:10:39.0269 7584 [ C5C876CCFC083FF3B128F933823E87BD ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
06:10:39.0269 7584 vdrvroot - ok
06:10:39.0289 7584 [ 8D6B481601D01A456E75C3210F1830BE ] vds C:\Windows\System32\vds.exe
06:10:39.0299 7584 vds - ok
06:10:39.0309 7584 [ DA4DA3F5E02943C2DC8C6ED875DE68DD ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
06:10:39.0309 7584 vga - ok
06:10:39.0319 7584 [ 53E92A310193CB3C03BEA963DE7D9CFC ] VgaSave C:\Windows\System32\drivers\vga.sys
06:10:39.0319 7584 VgaSave - ok
06:10:39.0329 7584 [ 2CE2DF28C83AEAF30084E1B1EB253CBB ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
06:10:39.0339 7584 vhdmp - ok
06:10:39.0339 7584 [ E5689D93FFE4E5D66C0178761240DD54 ] viaide C:\Windows\system32\drivers\viaide.sys
06:10:39.0349 7584 viaide - ok
06:10:39.0349 7584 [ 4E11F13C400F4721E38CFC12976057DE ] Virtual Router C:\Program Files (x86)\Virtual Router\VirtualRouterService.exe
06:10:39.0349 7584 Virtual Router - ok
06:10:39.0359 7584 [ 86EA3E79AE350FEA5331A1303054005F ] vmbus C:\Windows\system32\drivers\vmbus.sys
06:10:39.0369 7584 vmbus - ok
06:10:39.0379 7584 [ 7DE90B48F210D29649380545DB45A187 ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
06:10:39.0379 7584 VMBusHID - ok
06:10:39.0379 7584 [ D2AAFD421940F640B407AEFAAEBD91B0 ] volmgr C:\Windows\system32\drivers\volmgr.sys
06:10:39.0389 7584 volmgr - ok
06:10:39.0399 7584 [ A255814907C89BE58B79EF2F189B843B ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
06:10:39.0409 7584 volmgrx - ok
06:10:39.0419 7584 [ 0D08D2F3B3FF84E433346669B5E0F639 ] volsnap C:\Windows\system32\drivers\volsnap.sys
06:10:39.0429 7584 volsnap - ok
06:10:39.0439 7584 [ B4A73CA4EF9A02B9738CEA9AD5FE5917 ] vpcbus C:\Windows\system32\DRIVERS\vpchbus.sys
06:10:39.0439 7584 vpcbus - ok
06:10:39.0449 7584 [ E675FB2B48C54F09895482E2253B289C ] vpcnfltr C:\Windows\system32\DRIVERS\vpcnfltr.sys
06:10:39.0459 7584 vpcnfltr - ok
06:10:39.0459 7584 [ 5FB42082B0D19A0268705F1DD343DF20 ] vpcusb C:\Windows\system32\DRIVERS\vpcusb.sys
06:10:39.0469 7584 vpcusb - ok
06:10:39.0479 7584 [ 207B6539799CC1C112661A9B620DD233 ] vpcvmm C:\Windows\system32\drivers\vpcvmm.sys
06:10:39.0489 7584 vpcvmm - ok
06:10:39.0499 7584 [ 5E2016EA6EBACA03C04FEAC5F330D997 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
06:10:39.0499 7584 vsmraid - ok
06:10:39.0519 7584 [ 047F22BDFDAE6DF6F1E47E747A1237A2 ] VSNService C:\Program Files\Sony\VAIO Smart Network\VSNService.exe
06:10:39.0529 7584 VSNService - ok
06:10:39.0559 7584 [ B60BA0BC31B0CB414593E169F6F21CC2 ] VSS C:\Windows\system32\vssvc.exe
06:10:39.0589 7584 VSS - ok
06:10:39.0619 7584 [ D2D646D4D686C6996BA1FF96E11BE570 ] VUAgent C:\Program Files\Sony\VAIO Update\VUAgent.exe
06:10:39.0639 7584 VUAgent - ok
06:10:39.0639 7584 [ 36D4720B72B5C5D9CB2B9C29E9DF67A1 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
06:10:39.0649 7584 vwifibus - ok
06:10:39.0649 7584 [ 6A3D66263414FF0D6FA754C646612F3F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
06:10:39.0659 7584 vwififlt - ok
06:10:39.0659 7584 [ 6A638FC4BFDDC4D9B186C28C91BD1A01 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
06:10:39.0669 7584 vwifimp - ok
06:10:39.0679 7584 [ 1C9D80CC3849B3788048078C26486E1A ] W32Time C:\Windows\system32\w32time.dll
06:10:39.0689 7584 W32Time - ok
06:10:39.0699 7584 [ 4E9440F4F152A7B944CB1663D3935A3E ] WacomPen C:\Windows\system32\drivers\wacompen.sys
06:10:39.0699 7584 WacomPen - ok
06:10:39.0709 7584 [ 4AA2CC5979AFF984227364F2C23B04F3 ] WajamUpdater C:\Program Files (x86)\Wajam\Updater\WajamUpdater.exe
06:10:39.0709 7584 WajamUpdater - ok
06:10:39.0719 7584 [ 356AFD78A6ED4457169241AC3965230C ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
06:10:39.0729 7584 WANARP - ok
06:10:39.0729 7584 [ 356AFD78A6ED4457169241AC3965230C ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
06:10:39.0729 7584 Wanarpv6 - ok
06:10:39.0779 7584 [ 3CEC96DE223E49EAAE3651FCF8FAEA6C ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
06:10:39.0789 7584 WatAdminSvc - ok
06:10:39.0839 7584 [ 78F4E7F5C56CB9716238EB57DA4B6A75 ] wbengine C:\Windows\system32\wbengine.exe
06:10:39.0859 7584 wbengine - ok
06:10:39.0869 7584 [ 3AA101E8EDAB2DB4131333F4325C76A3 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
06:10:39.0879 7584 WbioSrvc - ok
06:10:39.0889 7584 [ 7368A2AFD46E5A4481D1DE9D14848EDD ] wcncsvc C:\Windows\System32\wcncsvc.dll
06:10:39.0899 7584 wcncsvc - ok
06:10:39.0909 7584 [ 20F7441334B18CEE52027661DF4A6129 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
06:10:39.0909 7584 WcsPlugInService - ok
06:10:39.0919 7584 [ 72889E16FF12BA0F235467D6091B17DC ] Wd C:\Windows\system32\drivers\wd.sys
06:10:39.0919 7584 Wd - ok
06:10:39.0949 7584 [ 442783E2CB0DA19873B7A63833FF4CB4 ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
06:10:39.0959 7584 Wdf01000 - ok
06:10:39.0959 7584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiServiceHost C:\Windows\system32\wdi.dll
06:10:39.0969 7584 WdiServiceHost - ok
06:10:39.0969 7584 [ BF1FC3F79B863C914687A737C2F3D681 ] WdiSystemHost C:\Windows\system32\wdi.dll
06:10:39.0979 7584 WdiSystemHost - ok
06:10:39.0989 7584 [ 3DB6D04E1C64272F8B14EB8BC4616280 ] WebClient C:\Windows\System32\webclnt.dll
06:10:39.0989 7584 WebClient - ok
06:10:40.0009 7584 [ C749025A679C5103E575E3B48E092C43 ] Wecsvc C:\Windows\system32\wecsvc.dll
06:10:40.0009 7584 Wecsvc - ok
06:10:40.0019 7584 [ 7E591867422DC788B9E5BD337A669A08 ] wercplsupport C:\Windows\System32\wercplsupport.dll
06:10:40.0019 7584 wercplsupport - ok
06:10:40.0029 7584 [ 6D137963730144698CBD10F202E9F251 ] WerSvc C:\Windows\System32\WerSvc.dll
06:10:40.0039 7584 WerSvc - ok
06:10:40.0039 7584 [ 611B23304BF067451A9FDEE01FBDD725 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
06:10:40.0039 7584 WfpLwf - ok
06:10:40.0049 7584 [ 05ECAEC3E4529A7153B3136CEB49F0EC ] WIMMount C:\Windows\system32\drivers\wimmount.sys
06:10:40.0049 7584 WIMMount - ok
06:10:40.0059 7584 WinDefend - ok
06:10:40.0069 7584 WinHttpAutoProxySvc - ok
06:10:40.0079 7584 [ 19B07E7E8915D701225DA41CB3877306 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
06:10:40.0089 7584 Winmgmt - ok
06:10:40.0159 7584 [ BCB1310604AA415C4508708975B3931E ] WinRM C:\Windows\system32\WsmSvc.dll
06:10:40.0179 7584 WinRM - ok
06:10:40.0189 7584 [ FE88B288356E7B47B74B13372ADD906D ] WinUsb C:\Windows\system32\DRIVERS\WinUSB.sys
06:10:40.0189 7584 WinUsb - ok
06:10:40.0219 7584 [ 4FADA86E62F18A1B2F42BA18AE24E6AA ] Wlansvc C:\Windows\System32\wlansvc.dll
06:10:40.0229 7584 Wlansvc - ok
06:10:40.0239 7584 [ F6FF8944478594D0E414D3F048F0D778 ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
06:10:40.0239 7584 WmiAcpi - ok
06:10:40.0249 7584 [ 38B84C94C5A8AF291ADFEA478AE54F93 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
06:10:40.0259 7584 wmiApSrv - ok
06:10:40.0259 7584 WMPNetworkSvc - ok
06:10:40.0269 7584 [ 96C6E7100D724C69FCF9E7BF590D1DCA ] WPCSvc C:\Windows\System32\wpcsvc.dll
06:10:40.0269 7584 WPCSvc - ok
06:10:40.0279 7584 [ 93221146D4EBBF314C29B23CD6CC391D ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
06:10:40.0289 7584 WPDBusEnum - ok
06:10:40.0289 7584 [ 6BCC1D7D2FD2453957C5479A32364E52 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
06:10:40.0299 7584 ws2ifsl - ok
06:10:40.0299 7584 [ E8B1FE6669397D1772D8196DF0E57A9E ] wscsvc C:\Windows\system32\wscsvc.dll
06:10:40.0309 7584 wscsvc - ok
06:10:40.0309 7584 [ 8D918B1DB190A4D9B1753A66FA8C96E8 ] WSDPrintDevice C:\Windows\system32\DRIVERS\WSDPrint.sys
06:10:40.0319 7584 WSDPrintDevice - ok
06:10:40.0319 7584 WSearch - ok
06:10:40.0339 7584 [ 5706CF84B4F02D5013CC6733AD2378F3 ] WTGService C:\Program Files (x86)\OneClickInternet\WTGService.exe
06:10:40.0339 7584 WTGService - ok
06:10:40.0439 7584 [ D9EF901DCA379CFE914E9FA13B73B4C4 ] wuauserv C:\Windows\system32\wuaueng.dll
06:10:40.0469 7584 wuauserv - ok
06:10:40.0479 7584 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
06:10:40.0479 7584 WudfPf - ok
06:10:40.0489 7584 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
06:10:40.0489 7584 WUDFRd - ok
06:10:40.0499 7584 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
06:10:40.0509 7584 wudfsvc - ok
06:10:40.0509 7584 [ 9A3452B3C2A46C073166C5CF49FAD1AE ] WwanSvc C:\Windows\System32\wwansvc.dll
06:10:40.0519 7584 WwanSvc - ok
06:10:40.0539 7584 ================ Scan global ===============================
06:10:40.0549 7584 [ BA0CD8C393E8C9F83354106093832C7B ] C:\Windows\system32\basesrv.dll
06:10:40.0559 7584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
06:10:40.0569 7584 [ 0C27239FEA4DB8A2AAC9E502186B7264 ] C:\Windows\system32\winsrv.dll
06:10:40.0579 7584 [ D6160F9D869BA3AF0B787F971DB56368 ] C:\Windows\system32\sxssrv.dll
06:10:40.0599 7584 [ 24ACB7E5BE595468E3B9AA488B9B4FCB ] C:\Windows\system32\services.exe
06:10:40.0599 7584 [Global] - ok
06:10:40.0599 7584 ================ Scan MBR ==================================
06:10:40.0609 7584 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
06:10:40.0699 7584 \Device\Harddisk0\DR0 - ok
06:10:40.0699 7584 ================ Scan VBR ==================================
06:10:40.0709 7584 [ 30069A9E529428CDD370A8037DBA8CDB ] \Device\Harddisk0\DR0\Partition1
06:10:40.0709 7584 \Device\Harddisk0\DR0\Partition1 - ok
06:10:40.0709 7584 [ 878463265DF28E6375E01AB4AA4B1808 ] \Device\Harddisk0\DR0\Partition2
06:10:40.0709 7584 \Device\Harddisk0\DR0\Partition2 - ok
06:10:40.0709 7584 ============================================================
06:10:40.0709 7584 Scan finished
06:10:40.0709 7584 ============================================================
06:10:40.0729 6832 Detected object count: 0
06:10:40.0729 6832 Actual detected object count: 0
|
|
22.02.2013, 14:42
| #12 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Gut dann noch 2 Kontrollen und dann sind wir soweit durch. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Hinweis: Der Scan kann sehr lange (einige Stunden) dauern!  Schritt 2: Scan mit SecurityCheck Downloade Dir bitte  SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
22.02.2013, 17:45
| #13 |
| | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Prima. Hier die Ergebnisse (die ersten zwei sind falscher Alarm) Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=54dfab2d4937c441850731ca5fd51a08
# engine=13221
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-02-22 04:27:24
# local_time=2013-02-22 11:27:24 (-0500, Eastern Normalzeit)
# country="Germany"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode=5893 16776574 100 94 56571381 113093894 0 0
# scanned=431485
# found=8
# cleaned=0
# scan_time=9293
sh=228327404BD31BC49DD244353963F5EE8FABD6AE ft=1 fh=e4bd1127e66ed633 vn="probably a variant of Win32/Agent.IYZQUN trojan" ac=I fn="C:\Program Files\Totalcmd\TCMC.exe"
sh=C02423884B82F50565A8AA2BE8F974E821760F18 ft=0 fh=0000000000000000 vn="Eicar test file" ac=I fn="C:\Users\****\AppData\Local\Temp\Av-test.txt"
sh=ED38AEC16D8C5DE961EF59111A64C5A1391A62E2 ft=0 fh=0000000000000000 vn="Java/Exploit.CVE-2012-4681.BW trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\13\5b9b218d-26301f4c"
sh=EE4B219E4C5553515CE88BB3156DD15E71F59C9D ft=1 fh=2e038803439834bb vn="a variant of Win32/Kryptik.ATIR trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\38\1dd46ca6-2a81ba3b"
sh=32863B1613E76C003CDB7935043BF2F932635632 ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NBQ trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\3a45abf3-341d817e"
sh=77815CBBD63BEBA6C562457A9A16911F7F931F95 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\51\f7f70b3-5b5a96b9"
sh=9C3EF365555E41FED265F4541DCB5D1CDC57687D ft=0 fh=0000000000000000 vn="Java/Exploit.Agent.NGZ trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\174c7fc7-2d02c444"
sh=7681D519BD240DF890A115047ABB1A398FEE620F ft=1 fh=2ad2997298054f7b vn="Win32/PSW.Fareit.A trojan" ac=I fn="C:\Users\****\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\7\7b75787-57fd090a"
Lektion gelert. Zur Fragmentation der Platte: Ist eine SSD. Code:
ATTFilter Results of screen317's Security Check version 0.99.59
Windows 7 Service Pack 1 x64 (UAC is enabled)
Internet Explorer 9
``````````````Antivirus/Firewall Check:``````````````
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Java(TM) 6 Update 22
Java(TM) 6 Update 33
Java 7 Update 15
Java version out of Date!
Adobe Flash Player 11.5.502.149 Flash Player out of Date!
Adobe Reader 9 Adobe Reader out of Date!
Mozilla Firefox 18.0.2 Firefox out of Date!
Mozilla Thunderbird (17.0.3)
Google Chrome 24.0.1312.56
Google Chrome 24.0.1312.57
````````Process Check: objlist.exe by Laurent````````
Microsoft Small Business Business Contact Manager BcmSqlStartupSvc.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:
````````````````````End of Log``````````````````````
|
|
22.02.2013, 17:47
| #14 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Prima!  Damit wären wir fertig. Wir räumen jetzt noch ein wenig auf und dann habe ich am Ende etwas Lesestoff für dich. Schritt 1: Tools deinstallieren Die Reihenfolge ist hier entscheidend.
Schritt 2: ESET deinstallieren (Optional)
Schritt 3: Java Update (Windows XP, Vista, 7) Dein Java ist nicht mehr aktuell. Ältere Versionen enthalten Sicherheitslücken, die von Malware missbraucht werden können. Schritt 4: Update: Firefox, Addons und Plugins Schritt 5: Update: Adobe Flash Player
Schritt 6: Update: Adobe Reader
Probiere einen alternativen Viewer für pdf-Dokumente aus. Diese sind meist schlanker, schneller und schleusen sehr viel seltener Schädlinge ein. Mein Vorschlag:
Abschließend noch Tipps zu folgenden Themen:
Lesestoff:Systemupdates Man kann es gar nicht oft genug erwähnen, wie wichtig es ist, sein System aktuell zu halten. Dein Auto bringst du ja auch regelmässig zur Inspektion in die Werkstatt. Stelle also bitte sicher, dass die Systemupdates aktiviert sind:
Lesestoff:Softwareupdates Ebenso wichtig wie die Systemprogramme ist auch die Software, die du täglich nutzt. Die folgende Liste gibt dir einen kleinen Überblick mit Links zu den Updates, welche Programme dringend aktuell gehalten werden müssen (falls du sie überhaupt installiert hast und nutzt), weil durch deren Sicherheitslücken oft Malware auf die Computer gelangen kann:
Lesestoff:Sicherheitssoftware Würde dich jemand nackt auf dem Motorrad auf der Autobahn überholen würdest du auch den Kopf schütteln. Dein Computer braucht auch einen Schutz vor den täglichen kleinen Angriffen durch Schädlinge. Neben hervorragenden kommerziellen Anti-Viren-Lösungen gibt es auch durchaus gute Schutzprogramme, die kostenfrei mit reduziertem Funktionsumfang erhältlich sind. Aber vorsicht, hier gilt nicht "je mehr desto besser". Was du brauchst ist genau einen Virenscanner mit Hintergrundwächter. Nicht mehr und nicht weniger. Es gibt hier viele Produkte auf dem Markt, die einem gute Dienste leisten. Ich persönlich empfehle dir Avast Free Antivirus. Es bietet relativ guten Schutz, bei wenig nerviger Werbung und installiert dir ein Browserplugin, das dich vor gefährlichen Webseiten warnt.
 Lesestoff:Sicheres Surfen Zunächst muss man sagen, dass es üblicherweise immer der menschliche Faktor ist, der es Malware ermöglicht auf einen Computer zu gelangen. Kaufst du Leuten, die an deiner Haustür klingeln, auch sofort ohne nachzudenken irgendwelches Zeug ab? Gewöhne dir daher zunächst einige Verhaltensregeln beim Surfen im Internet an:
Aber selbst bei der peinlichen Einhaltung dieser Regeln kann es dennoch zu einer sogenannten Drive-By-Infektion kommen, bei der ein Schädling aus dem Schutzmechanismus des Webbrowsers ausbricht. Um die Sicherheit noch weiter zu erhöhen gibt es spezielle Schutzsoftware, die deinen Browser noch weiter absichert.
Zuletzt denke bitte über die Benutzung eines alternativen Browsers nach. Programme, die nicht so oft verwendet werden, sind auch nicht so sehr im Focus der "bösen Jungs". D.h. du bist mit einem exotischen Browser eher auf der sicheren Seite. Grundsätzlich bist du erst einmal deutlich sicherer, wenn du nicht den Internet Explorer benutzt.
Damit wünsche ich dir noch viel Spaß beim Surfen im Internet ... und vielleicht möchtest du ja das Trojaner-Board unterstützen? Eine Bitte: Gib mir eine kurze Rückmeldung, wenn alles erledigt ist und keine Fragen mehr vorhanden sind, damit ich diesen Thread aus meinen Abos löschen kann.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
24.02.2013, 16:51
| #15 |
| /// TB-Ausbilder | Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner Schön, dass wir helfen konnten  Dieses Thema scheint erledigt und wird aus meinen Abos gelöscht. Solltest Du das Thema erneut brauchen schicke mir bitte eine PM. Jeder andere bitte hier klicken und einen eigenen Thread erstellen Falls du noch Lob oder Kritik loswerden möchtest, dann gibt es diesen Bereich hier: http://www.trojaner-board.de/lob-kritik-wuensche/
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
|
| Themen zu Systemwiederherstellungspunkte verschwunden nach "Scanhost.exe – Corrupt Disk“ System Repair Trojaner |
| absolute, acrobat, avira, dateien, eingefangen, files, forged physical sector, hijack.trojan.siredef.c, neuen, notebook, plug-in, plötzlich, preferences, problem, pum.disabled.securitycenter, pup.facethemes, rechner, recycle.bin, rootkit.alureon.f.vbr, sichtbar, system, tools, trojaner, updates, verschwunden, version, visual studio, wajam, wiederherstellen, wissens |
+ R Taste und kopiere folgenden Text in das Ausführen-Fenster und klicke OK.
Linear-Darstellung
