|
Log-Analyse und Auswertung: Trojaner ProblemWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
21.02.2013, 18:41 | #1 |
| Trojaner Problem Hallo, ich habe höchstwahrscheinlich ein Trojaner-Problem. Als ich heute den Rechner einschaltete, arbeitete ständig die Festplatte(Geräusche als ob sich Antivir aktualisiert) und plötzlich war das Windows-Sicherheitscenter ausgeschaltet sowie die Helligkeit des Notebooks empfindlich schwächer... Ich konnte natürlich auch nicht auf das Internet zugreifen und allgemein war die Windows-Funktionalität stark eingeschränkt. Was ich schon vorgenommen habe: Antivir- Suchlauf, hat etwas gefunden, befindet sich in Quarantäne. Neustart brachte wieder dasselbe Problem. Malwarebytes fand im Quick-Scan gar nichts. Mit der Windows 7 DVD gestartet und System auf den letzten Wiederherstellungspunkt zurückgesetzt. Danach kam eine Fehlermeldung, dass die Systemwiederherstellung nicht richtig funktioniert hat. Trotzdem ließ sich danach das System scheinbar normal starten. Daher kann ich diesen Zeilen hier schreiben. Ich hätte als nächstes vor, einen Malwarbytes Full-Scan vorzunehmen. Ich lasse mich aber gerne eines besseren belehren und einen besseren Weg zeigen. Die Formatierungsoption möchte ich als Letztes nutzen, da ich das System erst vor einigen Monaten neu aufgesetzt habe. Ich danke Euch im voraus... |
21.02.2013, 19:05 | #2 |
/// TB-Ausbilder | Trojaner Problem Und das MBAM-Log soll ich mir ausdenken?
__________________Poste es bitte hier damit ich weiß worum es geht. So funktioniert es: Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
21.02.2013, 20:48 | #3 |
| Trojaner ProblemCode:
ATTFilter Malwarebytes Anti-Malware 1.65.0.1400 www.malwarebytes.org Database version: v2012.10.21.02 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 9.0.8112.16421 PhilundPepi :: PHIL-PC [limited] 21.02.2013 19:13:01 mbam-log-2013-02-21 (19-13-01).txt Scan type: Full scan (C:\|) Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM Scan options disabled: P2P Objects scanned: 313097 Time elapsed: 1 hour(s), 20 minute(s), 35 second(s) Memory Processes Detected: 0 (No malicious items detected) Memory Modules Detected: 0 (No malicious items detected) Registry Keys Detected: 0 (No malicious items detected) Registry Values Detected: 0 (No malicious items detected) Registry Data Items Detected: 0 (No malicious items detected) Folders Detected: 0 (No malicious items detected) Files Detected: 0 (No malicious items detected) (end) |
21.02.2013, 20:57 | #4 |
/// TB-Ausbilder | Trojaner Problem Alles klar, dann schauen wir mal: Ich werde dir bei deinem Problem helfen. Eine Bereinigung ist mitunter mit viel Arbeit für Dich (und mich) verbunden. Bevor es los geht, habe ich etwas Lesestoff für dich. Bitte Lesen: Regeln für die Bereinigung Damit die Bereinigung funktioniert bitte ich dich, die folgenden Punkte aufmerksam zu lesen:
Gelesen und verstanden? Schritt 1: Laufwerksemulationen abschalten mit Defogger Downloade Dir bitte defogger von jpshortstuff auf Deinem Desktop und starte es: Schritt 2: Scan mit aswMBR
Schritt 3: Scan mit dem TDSS-Killer Lese bitte folgende Anweisungen genau. Wir wollen hier noch nichts "fixen" sondern nur einen Scan Report sehen.
Schritt 4: Scan mit DDS+ (mit attach) Downloade dir bitte DDS (von sUBs) und speichere die Datei auf deinem Desktop.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
21.02.2013, 22:16 | #5 |
| Trojaner Problem Ich bin die Schritte der Reihe nach durch....aber ich habe ein Problem: Ich habe die aswMBR.txt wie oben beschrieben auf dem Desktop abgespeichert-nur : ich finde sie nicht! Bei der Suche mit der Suchfunktion bekomme ich die Datei mit fehlender Verknüpfung. Hätte ich vielleicht bei Schritt 4 dieses Programm nicht schließen sollen? Soll ich die Schritte wiederholen? Die anderen logfiles liegen vor. Guten Morgen, ich denke obiger Beitrag von mir kann gelöscht werden. Ich habe heute alles vom Administratorkonto versucht. Also Schritt 1 Code:
ATTFilter defogger_disable by jpshortstuff (23.02.10.1) Log created at 10:36 on 22/02/2013 (Phil) Checking for autostart values... HKCU\~\Run values retrieved. HKLM\~\Run values retrieved. Checking for services/drivers... -=E.O.F=- Code:
ATTFilter aswMBR version 0.9.9.1707 Copyright(c) 2011 AVAST Software Run date: 2013-02-22 10:37:00 ----------------------------- 10:37:00.292 OS Version: Windows 6.1.7601 Service Pack 1 10:37:00.292 Number of processors: 2 586 0x1706 10:37:00.293 ComputerName: PHIL-PC UserName: Phil 10:37:36.257 Initialize success 10:37:45.567 AVAST engine defs: 13022102 10:38:49.790 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 10:38:49.792 Disk 0 Vendor: SAMSUNG_HM320JI 2SS00_01 Size: 305245MB BusType: 11 10:38:49.798 Disk 1 \Device\Harddisk1\SR0 -> \Device\SdBus-0 10:38:49.801 Disk 1 Vendor: ( Size: 1898MB BusType: 12 10:38:49.804 Disk 2 \Device\Harddisk2\DR1 -> \Device\0000006f 10:38:49.808 Disk 2 Vendor: RICOH 02 Size: 1898MB BusType: 0 10:38:49.820 Disk 0 MBR read successfully 10:38:49.824 Disk 0 MBR scan 10:38:49.842 Disk 0 Windows 7 default MBR code 10:38:49.857 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 10:38:49.868 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 305143 MB offset 206848 10:38:49.883 Disk 0 scanning sectors +625139712 10:38:49.973 Disk 0 scanning C:\Windows\system32\drivers 10:39:12.191 Service scanning 10:39:53.699 Modules scanning 10:40:11.243 Disk 0 trace - called modules: 10:40:11.255 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys 10:40:11.261 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x85e61778] 10:40:11.267 3 CLASSPNP.SYS[893a759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x85d8f030] 10:40:12.937 AVAST engine scan C:\Windows 10:40:18.786 AVAST engine scan C:\Windows\system32 10:46:27.888 AVAST engine scan C:\Windows\system32\drivers 10:46:49.512 AVAST engine scan C:\Users\Phil 11:01:28.148 AVAST engine scan C:\ProgramData 11:04:18.209 Scan finished successfully 11:05:25.797 Disk 0 MBR has been saved successfully to "C:\Users\Phil\Desktop\MBR.dat" 11:05:25.806 The log file has been saved successfully to "C:\Users\Phil\Desktop\aswMBR.txt" Code:
ATTFilter 11:06:06.0566 5348 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 11:06:06.0808 5348 ============================================================ 11:06:06.0808 5348 Current date / time: 2013/02/22 11:06:06.0808 11:06:06.0808 5348 SystemInfo: 11:06:06.0808 5348 11:06:06.0808 5348 OS Version: 6.1.7601 ServicePack: 1.0 11:06:06.0808 5348 Product type: Workstation 11:06:06.0808 5348 ComputerName: PHIL-PC 11:06:06.0808 5348 UserName: Phil 11:06:06.0808 5348 Windows directory: C:\Windows 11:06:06.0808 5348 System windows directory: C:\Windows 11:06:06.0808 5348 Processor architecture: Intel x86 11:06:06.0808 5348 Number of processors: 2 11:06:06.0808 5348 Page size: 0x1000 11:06:06.0808 5348 Boot type: Normal boot 11:06:06.0808 5348 ============================================================ 11:06:08.0482 5348 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 11:06:08.0485 5348 ============================================================ 11:06:08.0485 5348 \Device\Harddisk0\DR0: 11:06:08.0493 5348 MBR partitions: 11:06:08.0493 5348 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 11:06:08.0493 5348 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x253FB800 11:06:08.0493 5348 ============================================================ 11:06:08.0546 5348 C: <-> \Device\Harddisk0\DR0\Partition2 11:06:08.0546 5348 ============================================================ 11:06:08.0546 5348 Initialize success 11:06:08.0546 5348 ============================================================ 11:06:23.0952 0192 ============================================================ 11:06:23.0952 0192 Scan started 11:06:23.0952 0192 Mode: Manual; TDLFS; 11:06:23.0952 0192 ============================================================ 11:06:25.0543 0192 ================ Scan system memory ======================== 11:06:25.0543 0192 System memory - ok 11:06:25.0544 0192 ================ Scan services ============================= 11:06:25.0770 0192 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 11:06:25.0776 0192 1394ohci - ok 11:06:25.0904 0192 [ A8A4E18857CDFD8D9AB81E2C9EAF89B5 ] a2acc C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys 11:06:25.0918 0192 a2acc - ok 11:06:26.0064 0192 [ EF54559757DFB88CADACC095B83173DE ] a2AntiMalware C:\Program Files\Emsisoft Anti-Malware\a2service.exe 11:06:26.0107 0192 a2AntiMalware - ok 11:06:26.0147 0192 [ F7EABCA8375EA2DC6F35C4BCA4757515 ] A2DDA C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys 11:06:26.0149 0192 A2DDA - ok 11:06:26.0205 0192 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 11:06:26.0211 0192 ACPI - ok 11:06:26.0246 0192 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 11:06:26.0248 0192 AcpiPmi - ok 11:06:26.0591 0192 [ D19C4EE2AC7C47B8F5F84FFF1A789D8A ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 11:06:26.0632 0192 AdobeARMservice - ok 11:06:26.0740 0192 [ 563CDCFEEAEF97163E206AF71A61AA6E ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 11:06:26.0779 0192 AdobeFlashPlayerUpdateSvc - ok 11:06:26.0858 0192 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 11:06:26.0870 0192 adp94xx - ok 11:06:26.0900 0192 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 11:06:26.0911 0192 adpahci - ok 11:06:26.0936 0192 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 11:06:26.0942 0192 adpu320 - ok 11:06:26.0980 0192 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 11:06:26.0983 0192 AeLookupSvc - ok 11:06:27.0052 0192 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 11:06:27.0063 0192 AFD - ok 11:06:27.0100 0192 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 11:06:27.0104 0192 agp440 - ok 11:06:27.0144 0192 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 11:06:27.0148 0192 aic78xx - ok 11:06:27.0190 0192 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 11:06:27.0193 0192 ALG - ok 11:06:27.0237 0192 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 11:06:27.0240 0192 aliide - ok 11:06:27.0289 0192 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe 11:06:27.0295 0192 AMD External Events Utility - ok 11:06:27.0320 0192 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 11:06:27.0323 0192 amdagp - ok 11:06:27.0337 0192 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 11:06:27.0339 0192 amdide - ok 11:06:27.0385 0192 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 11:06:27.0388 0192 AmdK8 - ok 11:06:27.0420 0192 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 11:06:27.0422 0192 AmdPPM - ok 11:06:27.0469 0192 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 11:06:27.0473 0192 amdsata - ok 11:06:27.0496 0192 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 11:06:27.0503 0192 amdsbs - ok 11:06:27.0523 0192 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 11:06:27.0527 0192 amdxata - ok 11:06:27.0697 0192 [ 459465DA28E49B358ECFE0D788F328F4 ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 11:06:27.0701 0192 AntiVirSchedulerService - ok 11:06:27.0770 0192 [ BCDD17E8469D647A71B347C4B6F86685 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 11:06:27.0772 0192 AntiVirService - ok 11:06:27.0827 0192 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 11:06:27.0829 0192 AppID - ok 11:06:27.0880 0192 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 11:06:27.0883 0192 AppIDSvc - ok 11:06:27.0932 0192 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 11:06:27.0935 0192 Appinfo - ok 11:06:28.0056 0192 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 11:06:28.0060 0192 Apple Mobile Device - ok 11:06:28.0096 0192 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 11:06:28.0100 0192 arc - ok 11:06:28.0113 0192 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 11:06:28.0116 0192 arcsas - ok 11:06:28.0162 0192 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 11:06:28.0165 0192 AsyncMac - ok 11:06:28.0202 0192 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 11:06:28.0203 0192 atapi - ok 11:06:28.0376 0192 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys 11:06:28.0449 0192 atikmdag - ok 11:06:28.0504 0192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 11:06:28.0517 0192 AudioEndpointBuilder - ok 11:06:28.0529 0192 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 11:06:28.0532 0192 Audiosrv - ok 11:06:28.0593 0192 [ A5C175039B1D6D85D0E79F5855828E4D ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 11:06:28.0596 0192 avgntflt - ok 11:06:28.0702 0192 [ 37B854C7D1F477E66C5B49C7700C47CC ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 11:06:28.0706 0192 avipbb - ok 11:06:28.0763 0192 [ FFB78D74E1EA5F811341A6E7AC547A46 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 11:06:28.0765 0192 avkmgr - ok 11:06:28.0815 0192 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 11:06:28.0820 0192 AxInstSV - ok 11:06:28.0886 0192 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 11:06:28.0898 0192 b06bdrv - ok 11:06:28.0949 0192 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 11:06:28.0957 0192 b57nd60x - ok 11:06:29.0016 0192 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 11:06:29.0051 0192 BDESVC - ok 11:06:29.0071 0192 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 11:06:29.0072 0192 Beep - ok 11:06:29.0133 0192 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 11:06:29.0146 0192 BFE - ok 11:06:29.0206 0192 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll 11:06:29.0237 0192 BITS - ok 11:06:29.0255 0192 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 11:06:29.0257 0192 blbdrive - ok 11:06:29.0388 0192 [ D7A7C2A64F7103CD1A1DE6DF7FAFA63E ] BlueSoleilCS C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe 11:06:29.0410 0192 BlueSoleilCS - ok 11:06:29.0503 0192 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 11:06:29.0515 0192 Bonjour Service - ok 11:06:29.0568 0192 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 11:06:29.0571 0192 bowser - ok 11:06:29.0588 0192 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 11:06:29.0589 0192 BrFiltLo - ok 11:06:29.0619 0192 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 11:06:29.0620 0192 BrFiltUp - ok 11:06:29.0664 0192 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 11:06:29.0668 0192 Browser - ok 11:06:29.0701 0192 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 11:06:29.0707 0192 Brserid - ok 11:06:29.0721 0192 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 11:06:29.0724 0192 BrSerWdm - ok 11:06:29.0738 0192 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 11:06:29.0740 0192 BrUsbMdm - ok 11:06:29.0749 0192 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 11:06:29.0750 0192 BrUsbSer - ok 11:06:29.0816 0192 [ 257183456C159D85F5568D3E97AFB7A8 ] BsHelpCS C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe 11:06:29.0820 0192 BsHelpCS - ok 11:06:29.0864 0192 [ 6BEFFADB2F6834E78B531E40142832E8 ] BsMobileCS C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe 11:06:29.0868 0192 BsMobileCS - ok 11:06:29.0904 0192 [ 33A331BD56AEAEF290E175E926D52C57 ] BT C:\Windows\system32\DRIVERS\btnetdrv.sys 11:06:29.0907 0192 BT - ok 11:06:29.0955 0192 [ E5FDCB01AF073A653C55A77AD8AC8ECB ] Btcsrusb C:\Windows\system32\Drivers\btcusb.sys 11:06:29.0959 0192 Btcsrusb - ok 11:06:30.0030 0192 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys 11:06:30.0034 0192 BthEnum - ok 11:06:30.0093 0192 [ 00D4EE3EA6F2713B2314A000BA3232DC ] BtHidBus C:\Windows\system32\Drivers\BtHidBus.sys 11:06:30.0096 0192 BtHidBus - ok 11:06:30.0114 0192 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 11:06:30.0118 0192 BTHMODEM - ok 11:06:30.0150 0192 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys 11:06:30.0155 0192 BthPan - ok 11:06:30.0212 0192 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys 11:06:30.0225 0192 BTHPORT - ok 11:06:30.0270 0192 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 11:06:30.0274 0192 bthserv - ok 11:06:30.0311 0192 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys 11:06:30.0315 0192 BTHUSB - ok 11:06:30.0344 0192 [ A57E73C28CCEF938BA096ACA63183388 ] btnetBUs C:\Windows\system32\Drivers\btnetBus.sys 11:06:30.0346 0192 btnetBUs - ok 11:06:30.0406 0192 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 11:06:30.0411 0192 cdfs - ok 11:06:30.0483 0192 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\drivers\cdrom.sys 11:06:30.0488 0192 cdrom - ok 11:06:30.0543 0192 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 11:06:30.0547 0192 CertPropSvc - ok 11:06:30.0571 0192 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 11:06:30.0575 0192 circlass - ok 11:06:30.0604 0192 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 11:06:30.0612 0192 CLFS - ok 11:06:30.0737 0192 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 11:06:30.0756 0192 clr_optimization_v2.0.50727_32 - ok 11:06:30.0880 0192 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 11:06:30.0932 0192 clr_optimization_v4.0.30319_32 - ok 11:06:30.0961 0192 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 11:06:30.0964 0192 CmBatt - ok 11:06:31.0001 0192 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 11:06:31.0004 0192 cmdide - ok 11:06:31.0059 0192 [ 42F158036BD4C2FF3122BF142E60E6FD ] CNG C:\Windows\system32\Drivers\cng.sys 11:06:31.0071 0192 CNG - ok 11:06:31.0114 0192 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 11:06:31.0115 0192 Compbatt - ok 11:06:31.0161 0192 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 11:06:31.0165 0192 CompositeBus - ok 11:06:31.0191 0192 COMSysApp - ok 11:06:31.0216 0192 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 11:06:31.0218 0192 crcdisk - ok 11:06:31.0290 0192 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 11:06:31.0296 0192 CryptSvc - ok 11:06:31.0360 0192 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 11:06:31.0375 0192 DcomLaunch - ok 11:06:31.0418 0192 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 11:06:31.0426 0192 defragsvc - ok 11:06:31.0485 0192 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 11:06:31.0490 0192 DfsC - ok 11:06:31.0535 0192 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 11:06:31.0540 0192 Dhcp - ok 11:06:31.0555 0192 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 11:06:31.0558 0192 discache - ok 11:06:31.0612 0192 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 11:06:31.0616 0192 Disk - ok 11:06:31.0726 0192 [ F206E28ED74C491FD5D7C0A1119CE37F ] DMICall C:\Windows\system32\DRIVERS\DMICall.sys 11:06:31.0728 0192 DMICall - ok 11:06:31.0771 0192 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 11:06:31.0777 0192 Dnscache - ok 11:06:31.0827 0192 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 11:06:31.0857 0192 dot3svc - ok 11:06:31.0904 0192 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 11:06:31.0911 0192 DPS - ok 11:06:31.0962 0192 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 11:06:31.0964 0192 drmkaud - ok 11:06:32.0031 0192 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 11:06:32.0050 0192 DXGKrnl - ok 11:06:32.0083 0192 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 11:06:32.0087 0192 EapHost - ok 11:06:32.0220 0192 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 11:06:32.0271 0192 ebdrv - ok 11:06:32.0309 0192 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 11:06:32.0312 0192 EFS - ok 11:06:32.0458 0192 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 11:06:32.0506 0192 ehRecvr - ok 11:06:32.0538 0192 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 11:06:32.0576 0192 ehSched - ok 11:06:32.0643 0192 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 11:06:32.0656 0192 elxstor - ok 11:06:32.0703 0192 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 11:06:32.0706 0192 ErrDev - ok 11:06:32.0771 0192 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 11:06:32.0776 0192 EventSystem - ok 11:06:32.0934 0192 [ 791464A9E9ADE063327A29F1B3F1A86C ] EvtEng C:\Program Files\Intel\WiFi\bin\EvtEng.exe 11:06:32.0955 0192 EvtEng - ok 11:06:32.0984 0192 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 11:06:32.0990 0192 exfat - ok 11:06:33.0015 0192 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 11:06:33.0020 0192 fastfat - ok 11:06:33.0088 0192 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 11:06:33.0104 0192 Fax - ok 11:06:33.0123 0192 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 11:06:33.0126 0192 fdc - ok 11:06:33.0143 0192 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 11:06:33.0146 0192 fdPHost - ok 11:06:33.0167 0192 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 11:06:33.0170 0192 FDResPub - ok 11:06:33.0185 0192 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 11:06:33.0188 0192 FileInfo - ok 11:06:33.0205 0192 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 11:06:33.0207 0192 Filetrace - ok 11:06:33.0321 0192 [ D60EF46DC0E757FE5EB579DB95B88954 ] FLEXnet Licensing Service C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe 11:06:33.0383 0192 FLEXnet Licensing Service - ok 11:06:33.0398 0192 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 11:06:33.0400 0192 flpydisk - ok 11:06:33.0439 0192 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 11:06:33.0446 0192 FltMgr - ok 11:06:33.0524 0192 [ B3A5EC6B6B6673DB7E87C2BCDBDDC074 ] FontCache C:\Windows\system32\FntCache.dll 11:06:33.0546 0192 FontCache - ok 11:06:33.0628 0192 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 11:06:33.0668 0192 FontCache3.0.0.0 - ok 11:06:33.0696 0192 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 11:06:33.0698 0192 FsDepends - ok 11:06:33.0739 0192 [ 2ED0BABD4CD98ED820FD0D0BCBE96721 ] fssfltr C:\Windows\system32\DRIVERS\fssfltr.sys 11:06:33.0742 0192 fssfltr - ok 11:06:33.0883 0192 [ 812E1BA5C52A78F13EA6AA10DF708B1D ] fsssvc C:\Program Files\Windows Live\Family Safety\fsssvc.exe 11:06:33.0962 0192 fsssvc - ok 11:06:33.0999 0192 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 11:06:34.0001 0192 Fs_Rec - ok 11:06:34.0056 0192 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 11:06:34.0061 0192 fvevol - ok 11:06:34.0122 0192 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 11:06:34.0126 0192 gagp30kx - ok 11:06:34.0192 0192 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 11:06:34.0195 0192 GEARAspiWDM - ok 11:06:34.0252 0192 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 11:06:34.0264 0192 gpsvc - ok 11:06:34.0391 0192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 11:06:34.0394 0192 gupdate - ok 11:06:34.0421 0192 [ 8F0DE4FEF8201E306F9938B0905AC96A ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 11:06:34.0422 0192 gupdatem - ok 11:06:34.0444 0192 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 11:06:34.0446 0192 hcw85cir - ok 11:06:34.0505 0192 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 11:06:34.0515 0192 HdAudAddService - ok 11:06:34.0551 0192 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 11:06:34.0556 0192 HDAudBus - ok 11:06:34.0578 0192 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 11:06:34.0581 0192 HidBatt - ok 11:06:34.0622 0192 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 11:06:34.0624 0192 HidBth - ok 11:06:34.0662 0192 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 11:06:34.0666 0192 HidIr - ok 11:06:34.0696 0192 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll 11:06:34.0701 0192 hidserv - ok 11:06:34.0744 0192 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys 11:06:34.0746 0192 HidUsb - ok 11:06:34.0780 0192 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 11:06:34.0786 0192 hkmsvc - ok 11:06:34.0836 0192 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 11:06:34.0845 0192 HomeGroupListener - ok 11:06:34.0892 0192 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 11:06:34.0902 0192 HomeGroupProvider - ok 11:06:34.0951 0192 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 11:06:34.0955 0192 HpSAMD - ok 11:06:35.0053 0192 [ 7BC42C65B5C6281777C1A7605B253BA8 ] HSF_DPV C:\Windows\system32\DRIVERS\HSX_DPV.sys 11:06:35.0078 0192 HSF_DPV - ok 11:06:35.0104 0192 [ 9EBF2D102CCBB6BCDFBF1B7922F8BA2E ] HSXHWAZL C:\Windows\system32\DRIVERS\HSXHWAZL.sys 11:06:35.0108 0192 HSXHWAZL - ok 11:06:35.0176 0192 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 11:06:35.0190 0192 HTTP - ok 11:06:35.0245 0192 [ 19E6885A061011D8DABE8F64498423FA ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys 11:06:35.0250 0192 hwdatacard - ok 11:06:35.0286 0192 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 11:06:35.0289 0192 hwpolicy - ok 11:06:35.0357 0192 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 11:06:35.0361 0192 i8042prt - ok 11:06:35.0411 0192 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 11:06:35.0417 0192 iaStorV - ok 11:06:35.0483 0192 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 11:06:35.0556 0192 idsvc - ok 11:06:35.0587 0192 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 11:06:35.0589 0192 iirsp - ok 11:06:35.0661 0192 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 11:06:35.0681 0192 IKEEXT - ok 11:06:35.0865 0192 [ F2C17D2C3D70C389193D9954E375E5E3 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 11:06:35.0936 0192 IntcAzAudAddService - ok 11:06:35.0951 0192 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 11:06:35.0952 0192 intelide - ok 11:06:36.0005 0192 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 11:06:36.0009 0192 intelppm - ok 11:06:36.0036 0192 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 11:06:36.0039 0192 IPBusEnum - ok 11:06:36.0060 0192 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 11:06:36.0062 0192 IpFilterDriver - ok 11:06:36.0133 0192 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 11:06:36.0149 0192 iphlpsvc - ok 11:06:36.0192 0192 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 11:06:36.0194 0192 IPMIDRV - ok 11:06:36.0217 0192 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 11:06:36.0221 0192 IPNAT - ok 11:06:36.0319 0192 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 11:06:36.0334 0192 iPod Service - ok 11:06:36.0373 0192 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 11:06:36.0376 0192 IRENUM - ok 11:06:36.0432 0192 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 11:06:36.0436 0192 isapnp - ok 11:06:36.0464 0192 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 11:06:36.0473 0192 iScsiPrt - ok 11:06:36.0509 0192 [ 981C005C2389BA1DE8575CDDB2829340 ] IvtBtBUs C:\Windows\system32\Drivers\IvtBtBus.sys 11:06:36.0511 0192 IvtBtBUs - ok 11:06:36.0556 0192 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 11:06:36.0560 0192 kbdclass - ok 11:06:36.0620 0192 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 11:06:36.0624 0192 kbdhid - ok 11:06:36.0643 0192 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 11:06:36.0648 0192 KeyIso - ok 11:06:36.0682 0192 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 11:06:36.0685 0192 KSecDD - ok 11:06:36.0721 0192 [ 5FE1ABF1AF591A3458C9CF24ED9A4D35 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 11:06:36.0724 0192 KSecPkg - ok 11:06:36.0751 0192 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 11:06:36.0759 0192 KtmRm - ok 11:06:36.0781 0192 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll 11:06:36.0788 0192 LanmanServer - ok 11:06:36.0838 0192 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 11:06:36.0848 0192 LanmanWorkstation - ok 11:06:36.0899 0192 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 11:06:36.0903 0192 lltdio - ok 11:06:36.0938 0192 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 11:06:36.0948 0192 lltdsvc - ok 11:06:36.0974 0192 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 11:06:36.0980 0192 lmhosts - ok 11:06:37.0030 0192 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 11:06:37.0035 0192 LSI_FC - ok 11:06:37.0058 0192 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 11:06:37.0062 0192 LSI_SAS - ok 11:06:37.0087 0192 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 11:06:37.0089 0192 LSI_SAS2 - ok 11:06:37.0109 0192 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 11:06:37.0113 0192 LSI_SCSI - ok 11:06:37.0130 0192 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 11:06:37.0133 0192 luafv - ok 11:06:37.0176 0192 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 11:06:37.0180 0192 Mcx2Svc - ok 11:06:37.0215 0192 [ 0CEA2D0D3FA284B85ED5B68365114F76 ] mdmxsdk C:\Windows\system32\DRIVERS\mdmxsdk.sys 11:06:37.0217 0192 mdmxsdk - ok 11:06:37.0234 0192 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 11:06:37.0237 0192 megasas - ok 11:06:37.0269 0192 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 11:06:37.0274 0192 MegaSR - ok 11:06:37.0291 0192 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 11:06:37.0295 0192 MMCSS - ok 11:06:37.0307 0192 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 11:06:37.0309 0192 Modem - ok 11:06:37.0355 0192 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 11:06:37.0357 0192 monitor - ok 11:06:37.0398 0192 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 11:06:37.0401 0192 mouclass - ok 11:06:37.0447 0192 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 11:06:37.0450 0192 mouhid - ok 11:06:37.0495 0192 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 11:06:37.0499 0192 mountmgr - ok 11:06:37.0521 0192 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 11:06:37.0527 0192 mpio - ok 11:06:37.0546 0192 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 11:06:37.0550 0192 mpsdrv - ok 11:06:37.0616 0192 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 11:06:37.0634 0192 MpsSvc - ok 11:06:37.0671 0192 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 11:06:37.0677 0192 MRxDAV - ok 11:06:37.0741 0192 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 11:06:37.0782 0192 mrxsmb - ok 11:06:37.0830 0192 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 11:06:37.0835 0192 mrxsmb10 - ok 11:06:37.0847 0192 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 11:06:37.0850 0192 mrxsmb20 - ok 11:06:37.0881 0192 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 11:06:37.0884 0192 msahci - ok 11:06:37.0923 0192 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 11:06:37.0926 0192 msdsm - ok 11:06:37.0952 0192 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 11:06:37.0958 0192 MSDTC - ok 11:06:37.0978 0192 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 11:06:37.0980 0192 Msfs - ok 11:06:37.0997 0192 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 11:06:37.0999 0192 mshidkmdf - ok 11:06:38.0016 0192 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 11:06:38.0018 0192 msisadrv - ok 11:06:38.0072 0192 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 11:06:38.0079 0192 MSiSCSI - ok 11:06:38.0088 0192 msiserver - ok 11:06:38.0126 0192 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 11:06:38.0130 0192 MSKSSRV - ok 11:06:38.0154 0192 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 11:06:38.0157 0192 MSPCLOCK - ok 11:06:38.0166 0192 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 11:06:38.0170 0192 MSPQM - ok 11:06:38.0191 0192 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 11:06:38.0195 0192 MsRPC - ok 11:06:38.0211 0192 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 11:06:38.0213 0192 mssmbios - ok 11:06:38.0227 0192 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 11:06:38.0228 0192 MSTEE - ok 11:06:38.0246 0192 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 11:06:38.0247 0192 MTConfig - ok 11:06:38.0262 0192 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 11:06:38.0264 0192 Mup - ok 11:06:38.0311 0192 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 11:06:38.0325 0192 napagent - ok 11:06:38.0388 0192 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 11:06:38.0397 0192 NativeWifiP - ok 11:06:38.0475 0192 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 11:06:38.0494 0192 NDIS - ok 11:06:38.0531 0192 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 11:06:38.0533 0192 NdisCap - ok 11:06:38.0565 0192 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 11:06:38.0568 0192 NdisTapi - ok 11:06:38.0609 0192 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 11:06:38.0613 0192 Ndisuio - ok 11:06:38.0655 0192 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 11:06:38.0660 0192 NdisWan - ok 11:06:38.0699 0192 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 11:06:38.0703 0192 NDProxy - ok 11:06:38.0729 0192 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 11:06:38.0732 0192 NetBIOS - ok 11:06:38.0768 0192 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 11:06:38.0773 0192 NetBT - ok 11:06:38.0782 0192 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 11:06:38.0784 0192 Netlogon - ok 11:06:38.0846 0192 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 11:06:38.0858 0192 Netman - ok 11:06:38.0885 0192 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 11:06:38.0894 0192 netprofm - ok 11:06:38.0912 0192 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 11:06:38.0945 0192 NetTcpPortSharing - ok 11:06:39.0096 0192 [ F0C42E0CDCE558D658FA53A222B4CCB1 ] netw5v32 C:\Windows\system32\DRIVERS\netw5v32.sys 11:06:39.0181 0192 netw5v32 - ok 11:06:39.0235 0192 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 11:06:39.0239 0192 nfrd960 - ok 11:06:39.0283 0192 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 11:06:39.0294 0192 NlaSvc - ok 11:06:39.0314 0192 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 11:06:39.0318 0192 Npfs - ok 11:06:39.0341 0192 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 11:06:39.0344 0192 nsi - ok 11:06:39.0360 0192 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 11:06:39.0362 0192 nsiproxy - ok 11:06:39.0499 0192 [ 42CE5E77721E60F39858FF2A35450342 ] NSUService C:\Program Files\Sony\Network Utility\NSUService.exe 11:06:39.0509 0192 NSUService - ok 11:06:39.0605 0192 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 11:06:39.0636 0192 Ntfs - ok 11:06:39.0692 0192 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 11:06:39.0717 0192 Null - ok 11:06:39.0832 0192 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 11:06:39.0836 0192 nvraid - ok 11:06:39.0858 0192 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 11:06:39.0863 0192 nvstor - ok 11:06:39.0900 0192 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 11:06:39.0903 0192 nv_agp - ok 11:06:39.0925 0192 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 11:06:39.0927 0192 ohci1394 - ok 11:06:39.0965 0192 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 11:06:39.0972 0192 p2pimsvc - ok 11:06:39.0991 0192 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 11:06:39.0999 0192 p2psvc - ok 11:06:40.0015 0192 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 11:06:40.0018 0192 Parport - ok 11:06:40.0060 0192 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 11:06:40.0063 0192 partmgr - ok 11:06:40.0079 0192 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 11:06:40.0081 0192 Parvdm - ok 11:06:40.0099 0192 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 11:06:40.0105 0192 PcaSvc - ok 11:06:40.0121 0192 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 11:06:40.0125 0192 pci - ok 11:06:40.0139 0192 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 11:06:40.0141 0192 pciide - ok 11:06:40.0160 0192 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 11:06:40.0165 0192 pcmcia - ok 11:06:40.0178 0192 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 11:06:40.0181 0192 pcw - ok 11:06:40.0229 0192 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 11:06:40.0245 0192 PEAUTH - ok 11:06:40.0334 0192 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 11:06:40.0364 0192 pla - ok 11:06:40.0425 0192 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 11:06:40.0436 0192 PlugPlay - ok 11:06:40.0456 0192 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 11:06:40.0460 0192 PNRPAutoReg - ok 11:06:40.0483 0192 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 11:06:40.0488 0192 PNRPsvc - ok 11:06:40.0507 0192 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 11:06:40.0514 0192 PolicyAgent - ok 11:06:40.0530 0192 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 11:06:40.0536 0192 Power - ok 11:06:40.0582 0192 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 11:06:40.0587 0192 PptpMiniport - ok 11:06:40.0611 0192 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 11:06:40.0614 0192 Processor - ok 11:06:40.0662 0192 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 11:06:40.0671 0192 ProfSvc - ok 11:06:40.0690 0192 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 11:06:40.0695 0192 ProtectedStorage - ok 11:06:40.0741 0192 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 11:06:40.0744 0192 Psched - ok 11:06:40.0806 0192 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 11:06:40.0840 0192 ql2300 - ok 11:06:40.0872 0192 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 11:06:40.0875 0192 ql40xx - ok 11:06:40.0911 0192 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 11:06:40.0923 0192 QWAVE - ok 11:06:40.0938 0192 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 11:06:40.0941 0192 QWAVEdrv - ok 11:06:40.0960 0192 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 11:06:40.0962 0192 RasAcd - ok 11:06:41.0005 0192 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 11:06:41.0008 0192 RasAgileVpn - ok 11:06:41.0033 0192 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 11:06:41.0043 0192 RasAuto - ok 11:06:41.0060 0192 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 11:06:41.0063 0192 Rasl2tp - ok 11:06:41.0118 0192 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 11:06:41.0127 0192 RasMan - ok 11:06:41.0149 0192 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 11:06:41.0154 0192 RasPppoe - ok 11:06:41.0179 0192 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 11:06:41.0192 0192 RasSstp - ok 11:06:41.0242 0192 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 11:06:41.0250 0192 rdbss - ok 11:06:41.0276 0192 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 11:06:41.0281 0192 rdpbus - ok 11:06:41.0322 0192 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 11:06:41.0324 0192 RDPCDD - ok 11:06:41.0371 0192 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 11:06:41.0375 0192 RDPENCDD - ok 11:06:41.0400 0192 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 11:06:41.0403 0192 RDPREFMP - ok 11:06:41.0480 0192 [ 65375DF758CA1872AB7EBBBA457FD5E6 ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys 11:06:41.0485 0192 RdpVideoMiniport - ok 11:06:41.0560 0192 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 11:06:41.0580 0192 RDPWD - ok 11:06:41.0632 0192 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 11:06:41.0639 0192 rdyboost - ok 11:06:41.0763 0192 [ 636AAFAD77BEABE192D01E7E74F4A45B ] RegSrvc C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe 11:06:41.0799 0192 RegSrvc - ok 11:06:41.0826 0192 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 11:06:41.0834 0192 RemoteAccess - ok 11:06:41.0862 0192 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 11:06:41.0872 0192 RemoteRegistry - ok 11:06:41.0928 0192 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys 11:06:41.0942 0192 RFCOMM - ok 11:06:41.0984 0192 [ F2993908BE03181C781228DAADC55230 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys 11:06:41.0989 0192 rimsptsk - ok 11:06:42.0004 0192 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 11:06:42.0012 0192 RpcEptMapper - ok 11:06:42.0037 0192 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 11:06:42.0040 0192 RpcLocator - ok 11:06:42.0065 0192 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 11:06:42.0071 0192 RpcSs - ok 11:06:42.0119 0192 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 11:06:42.0132 0192 rspndr - ok 11:06:42.0217 0192 [ 79C8488DFA2AA377441645123CB73845 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIV.sys 11:06:42.0225 0192 RTHDMIAzAudService - ok 11:06:42.0285 0192 [ DF1970AB067B4BA4221F0AD0AB9EBB30 ] RtkAudioService C:\Windows\RtkAudioService.exe 11:06:42.0309 0192 RtkAudioService - ok 11:06:42.0333 0192 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 11:06:42.0336 0192 SamSs - ok 11:06:42.0386 0192 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 11:06:42.0404 0192 sbp2port - ok 11:06:42.0634 0192 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe 11:06:42.0664 0192 SBSDWSCService - ok 11:06:42.0705 0192 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 11:06:42.0710 0192 SCardSvr - ok 11:06:42.0728 0192 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 11:06:42.0730 0192 scfilter - ok 11:06:42.0789 0192 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 11:06:42.0813 0192 Schedule - ok 11:06:42.0838 0192 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 11:06:42.0840 0192 SCPolicySvc - ok 11:06:42.0902 0192 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys 11:06:42.0907 0192 sdbus - ok 11:06:42.0953 0192 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 11:06:42.0963 0192 SDRSVC - ok 11:06:43.0009 0192 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 11:06:43.0027 0192 secdrv - ok 11:06:43.0058 0192 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 11:06:43.0063 0192 seclogon - ok 11:06:43.0078 0192 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll 11:06:43.0082 0192 SENS - ok 11:06:43.0111 0192 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 11:06:43.0116 0192 SensrSvc - ok 11:06:43.0130 0192 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 11:06:43.0132 0192 Serenum - ok 11:06:43.0178 0192 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 11:06:43.0181 0192 Serial - ok 11:06:43.0192 0192 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 11:06:43.0194 0192 sermouse - ok 11:06:43.0240 0192 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 11:06:43.0252 0192 SessionEnv - ok 11:06:43.0314 0192 [ 8B7C1768D2CDE2E02E09A66563DDFD16 ] SFEP C:\Windows\system32\DRIVERS\SFEP.sys 11:06:43.0316 0192 SFEP - ok 11:06:43.0353 0192 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys 11:06:43.0358 0192 sffdisk - ok 11:06:43.0373 0192 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 11:06:43.0375 0192 sffp_mmc - ok 11:06:43.0397 0192 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys 11:06:43.0399 0192 sffp_sd - ok 11:06:43.0414 0192 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 11:06:43.0416 0192 sfloppy - ok 11:06:43.0458 0192 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 11:06:43.0467 0192 SharedAccess - ok 11:06:43.0566 0192 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 11:06:43.0575 0192 ShellHWDetection - ok 11:06:43.0603 0192 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 11:06:43.0605 0192 sisagp - ok 11:06:43.0639 0192 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 11:06:43.0644 0192 SiSRaid2 - ok 11:06:43.0667 0192 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 11:06:43.0672 0192 SiSRaid4 - ok 11:06:43.0890 0192 [ 388AE59FE75F1B959DFA0900923C61BB ] Skype C2C Service C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe 11:06:43.0939 0192 Skype C2C Service - ok 11:06:44.0008 0192 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 11:06:44.0076 0192 SkypeUpdate - ok 11:06:44.0115 0192 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 11:06:44.0117 0192 Smb - ok 11:06:44.0178 0192 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 11:06:44.0183 0192 SNMPTRAP - ok 11:06:44.0209 0192 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 11:06:44.0210 0192 spldr - ok 11:06:44.0254 0192 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 11:06:44.0269 0192 Spooler - ok 11:06:44.0375 0192 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 11:06:44.0425 0192 sppsvc - ok 11:06:44.0458 0192 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 11:06:44.0461 0192 sppuinotify - ok 11:06:44.0508 0192 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 11:06:44.0514 0192 srv - ok 11:06:44.0532 0192 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 11:06:44.0538 0192 srv2 - ok 11:06:44.0596 0192 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS 11:06:44.0604 0192 SrvHsfHDA - ok 11:06:44.0666 0192 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS 11:06:44.0691 0192 SrvHsfV92 - ok 11:06:44.0725 0192 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS 11:06:44.0737 0192 SrvHsfWinac - ok 11:06:44.0756 0192 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 11:06:44.0759 0192 srvnet - ok 11:06:44.0792 0192 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 11:06:44.0798 0192 SSDPSRV - ok 11:06:44.0867 0192 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 11:06:44.0868 0192 ssmdrv - ok 11:06:44.0884 0192 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 11:06:44.0894 0192 SstpSvc - ok 11:06:44.0926 0192 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 11:06:44.0927 0192 stexstor - ok 11:06:44.0989 0192 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 11:06:45.0001 0192 StiSvc - ok 11:06:45.0042 0192 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 11:06:45.0044 0192 swenum - ok 11:06:45.0064 0192 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 11:06:45.0074 0192 swprv - ok 11:06:45.0148 0192 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 11:06:45.0177 0192 SysMain - ok 11:06:45.0196 0192 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 11:06:45.0201 0192 TabletInputService - ok 11:06:45.0250 0192 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 11:06:45.0257 0192 TapiSrv - ok 11:06:45.0288 0192 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 11:06:45.0294 0192 TBS - ok 11:06:45.0385 0192 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 11:06:45.0415 0192 Tcpip - ok 11:06:45.0461 0192 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 11:06:45.0471 0192 TCPIP6 - ok 11:06:45.0528 0192 [ 9B05AA8089F4EA1BC31208EDE33969F3 ] tcpipBM C:\Windows\system32\drivers\tcpipBM.sys 11:06:45.0530 0192 tcpipBM - ok 11:06:45.0577 0192 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 11:06:45.0581 0192 tcpipreg - ok 11:06:45.0634 0192 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 11:06:45.0637 0192 TDPIPE - ok 11:06:45.0679 0192 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 11:06:45.0682 0192 TDTCP - ok 11:06:45.0742 0192 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 11:06:45.0746 0192 tdx - ok 11:06:45.0779 0192 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 11:06:45.0783 0192 TermDD - ok 11:06:45.0847 0192 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 11:06:45.0866 0192 TermService - ok 11:06:45.0894 0192 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 11:06:45.0902 0192 Themes - ok 11:06:45.0925 0192 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 11:06:45.0932 0192 THREADORDER - ok 11:06:45.0955 0192 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 11:06:45.0965 0192 TrkWks - ok 11:06:46.0009 0192 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 11:06:46.0041 0192 TrustedInstaller - ok 11:06:46.0076 0192 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 11:06:46.0078 0192 tssecsrv - ok 11:06:46.0114 0192 [ 9CE253214ACAA5A7D323327D2055EFAA ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 11:06:46.0116 0192 TsUsbFlt - ok 11:06:46.0179 0192 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 11:06:46.0182 0192 tunnel - ok 11:06:46.0207 0192 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 11:06:46.0210 0192 uagp35 - ok 11:06:46.0249 0192 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 11:06:46.0257 0192 udfs - ok 11:06:46.0284 0192 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 11:06:46.0289 0192 UI0Detect - ok 11:06:46.0342 0192 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 11:06:46.0345 0192 uliagpkx - ok 11:06:46.0391 0192 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 11:06:46.0393 0192 umbus - ok 11:06:46.0435 0192 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 11:06:46.0437 0192 UmPass - ok 11:06:46.0474 0192 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 11:06:46.0482 0192 upnphost - ok 11:06:46.0560 0192 [ 56B0B784E0ED3B6A9BEB67F63CD6D4A2 ] USB28xxBGA C:\Windows\system32\DRIVERS\emBDA.sys 11:06:46.0574 0192 USB28xxBGA - ok 11:06:46.0595 0192 [ D74634509E22EA69692EA173586DB8E6 ] USB28xxOEM C:\Windows\system32\DRIVERS\emOEM.sys 11:06:46.0597 0192 USB28xxOEM - ok 11:06:46.0640 0192 [ 8BF5D980CDCE35FB26F05047144BB57E ] USBAAPL C:\Windows\system32\Drivers\usbaapl.sys 11:06:46.0644 0192 USBAAPL - ok 11:06:46.0690 0192 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 11:06:46.0694 0192 usbccgp - ok 11:06:46.0740 0192 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 11:06:46.0745 0192 usbcir - ok 11:06:46.0762 0192 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys 11:06:46.0765 0192 usbehci - ok 11:06:46.0814 0192 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 11:06:46.0822 0192 usbhub - ok 11:06:46.0851 0192 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 11:06:46.0853 0192 usbohci - ok 11:06:46.0908 0192 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 11:06:46.0910 0192 usbprint - ok 11:06:46.0937 0192 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 11:06:46.0941 0192 USBSTOR - ok 11:06:46.0971 0192 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 11:06:46.0974 0192 usbuhci - ok 11:06:47.0026 0192 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 11:06:47.0033 0192 usbvideo - ok 11:06:47.0053 0192 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 11:06:47.0062 0192 UxSms - ok 11:06:47.0135 0192 [ 693A3FDD279C345105FFF9DDE277849B ] VAIO Event Service C:\Program Files\Sony\VAIO Event Service\VESMgr.exe 11:06:47.0141 0192 VAIO Event Service - ok 11:06:47.0250 0192 [ 2A6565981B46BBDBEDD7AE99C106DE87 ] VAIO Power Management C:\Program Files\Sony\VAIO Power Management\SPMService.exe 11:06:47.0261 0192 VAIO Power Management - ok 11:06:47.0284 0192 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 11:06:47.0286 0192 VaultSvc - ok 11:06:47.0329 0192 [ 3042933A8C350150A9EF48800746C0A3 ] VComm C:\Windows\system32\DRIVERS\VComm.sys 11:06:47.0331 0192 VComm - ok 11:06:47.0375 0192 [ 882F488458587CBAD92671E45259002A ] VcommMgr C:\Windows\system32\Drivers\VcommMgr.sys 11:06:47.0378 0192 VcommMgr - ok 11:06:47.0416 0192 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 11:06:47.0420 0192 vdrvroot - ok 11:06:47.0482 0192 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 11:06:47.0501 0192 vds - ok 11:06:47.0544 0192 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 11:06:47.0548 0192 vga - ok 11:06:47.0571 0192 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 11:06:47.0573 0192 VgaSave - ok 11:06:47.0611 0192 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 11:06:47.0614 0192 vhdmp - ok 11:06:47.0659 0192 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 11:06:47.0664 0192 viaagp - ok 11:06:47.0682 0192 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 11:06:47.0687 0192 ViaC7 - ok 11:06:47.0724 0192 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 11:06:47.0727 0192 viaide - ok 11:06:47.0766 0192 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 11:06:47.0771 0192 volmgr - ok 11:06:47.0798 0192 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 11:06:47.0808 0192 volmgrx - ok 11:06:47.0849 0192 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 11:06:47.0858 0192 volsnap - ok 11:06:47.0905 0192 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 11:06:47.0912 0192 vsmraid - ok 11:06:47.0987 0192 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 11:06:48.0019 0192 VSS - ok 11:06:48.0040 0192 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys 11:06:48.0042 0192 vwifibus - ok 11:06:48.0075 0192 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 11:06:48.0083 0192 W32Time - ok 11:06:48.0108 0192 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 11:06:48.0110 0192 WacomPen - ok 11:06:48.0154 0192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 11:06:48.0157 0192 WANARP - ok 11:06:48.0161 0192 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 11:06:48.0163 0192 Wanarpv6 - ok 11:06:48.0204 0192 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 11:06:48.0228 0192 wbengine - ok 11:06:48.0246 0192 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 11:06:48.0252 0192 WbioSrvc - ok 11:06:48.0295 0192 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 11:06:48.0310 0192 wcncsvc - ok 11:06:48.0328 0192 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 11:06:48.0332 0192 WcsPlugInService - ok 11:06:48.0348 0192 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 11:06:48.0350 0192 Wd - ok 11:06:48.0399 0192 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 11:06:48.0409 0192 Wdf01000 - ok 11:06:48.0428 0192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 11:06:48.0432 0192 WdiServiceHost - ok 11:06:48.0436 0192 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 11:06:48.0439 0192 WdiSystemHost - ok 11:06:48.0491 0192 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 11:06:48.0504 0192 WebClient - ok 11:06:48.0518 0192 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 11:06:48.0530 0192 Wecsvc - ok 11:06:48.0550 0192 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 11:06:48.0554 0192 wercplsupport - ok 11:06:48.0595 0192 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 11:06:48.0599 0192 WerSvc - ok 11:06:48.0640 0192 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 11:06:48.0642 0192 WfpLwf - ok 11:06:48.0656 0192 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 11:06:48.0657 0192 WIMMount - ok 11:06:48.0709 0192 [ 5A77AC34A0FFB70CE8B35B524FEDE9BA ] winachsf C:\Windows\system32\DRIVERS\HSX_CNXT.sys 11:06:48.0727 0192 winachsf - ok 11:06:48.0797 0192 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 11:06:48.0836 0192 WinDefend - ok 11:06:48.0842 0192 WinHttpAutoProxySvc - ok 11:06:48.0912 0192 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 11:06:48.0953 0192 Winmgmt - ok 11:06:49.0022 0192 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 11:06:49.0051 0192 WinRM - ok 11:06:49.0116 0192 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 11:06:49.0120 0192 WinUsb - ok 11:06:49.0177 0192 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 11:06:49.0204 0192 Wlansvc - ok 11:06:49.0393 0192 [ 5E7C103F8475C4289847D15E129C20F7 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 11:06:49.0420 0192 wlidsvc - ok 11:06:49.0459 0192 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 11:06:49.0462 0192 WmiAcpi - ok 11:06:49.0511 0192 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 11:06:49.0523 0192 wmiApSrv - ok 11:06:49.0632 0192 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 11:06:49.0660 0192 WMPNetworkSvc - ok 11:06:49.0686 0192 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 11:06:49.0690 0192 WPCSvc - ok 11:06:49.0727 0192 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 11:06:49.0732 0192 WPDBusEnum - ok 11:06:49.0765 0192 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 11:06:49.0768 0192 ws2ifsl - ok 11:06:49.0795 0192 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll 11:06:49.0805 0192 wscsvc - ok 11:06:49.0813 0192 WSearch - ok 11:06:49.0912 0192 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 11:06:49.0999 0192 wuauserv - ok 11:06:50.0081 0192 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 11:06:50.0149 0192 WudfPf - ok 11:06:50.0260 0192 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 11:06:50.0264 0192 WUDFRd - ok 11:06:50.0306 0192 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 11:06:50.0316 0192 wudfsvc - ok 11:06:50.0348 0192 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 11:06:50.0384 0192 WwanSvc - ok 11:06:50.0415 0192 [ 88AF537264F2B818DA15479CEEAF5D7C ] XAudio C:\Windows\system32\DRIVERS\xaudio.sys 11:06:50.0417 0192 XAudio - ok 11:06:50.0469 0192 [ 15A317674A08DF26BE65164D959E9203 ] XAudioService C:\Windows\system32\DRIVERS\xaudio.exe 11:06:50.0481 0192 XAudioService - ok 11:06:50.0535 0192 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys 11:06:50.0545 0192 yukonw7 - ok 11:06:50.0584 0192 ================ Scan global =============================== 11:06:50.0615 0192 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 11:06:50.0662 0192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 11:06:50.0684 0192 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 11:06:50.0721 0192 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 11:06:50.0746 0192 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 11:06:50.0754 0192 [Global] - ok 11:06:50.0754 0192 ================ Scan MBR ================================== 11:06:50.0771 0192 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0 11:06:51.0169 0192 \Device\Harddisk0\DR0 ( TDSS File System ) - warning 11:06:51.0170 0192 \Device\Harddisk0\DR0 - detected TDSS File System (1) 11:06:51.0170 0192 ================ Scan VBR ================================== 11:06:51.0206 0192 [ C0811C2CBF4C4D7752D9293A84863923 ] \Device\Harddisk0\DR0\Partition1 11:06:51.0210 0192 \Device\Harddisk0\DR0\Partition1 - ok 11:06:51.0228 0192 [ E55B4D65E3A25B179D5B0A9CC138DEDC ] \Device\Harddisk0\DR0\Partition2 11:06:51.0232 0192 \Device\Harddisk0\DR0\Partition2 - ok 11:06:51.0233 0192 ============================================================ 11:06:51.0233 0192 Scan finished 11:06:51.0233 0192 ============================================================ 11:06:51.0258 4272 Detected object count: 1 11:06:51.0258 4272 Actual detected object count: 1 11:07:00.0075 4272 \Device\Harddisk0\DR0 ( TDSS File System ) - skipped by user 11:07:00.0075 4272 \Device\Harddisk0\DR0 ( TDSS File System ) - User select action: Skip DDS Logfile: DDS Logfile: Code:
ATTFilter DDS (Ver_2012-11-20.01) - NTFS_x86 Internet Explorer: 9.0.8112.16464 BrowserJavaVersion: 10.15.2 Run by Phil at 11:10:56 on 2013-02-22 #Option MBR scan is disabled. Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.890 [GMT 1:00] . AV: Avira Desktop *Enabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Enabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . ============== Running Processes ================ . C:\Windows\system32\wininit.exe C:\Windows\system32\lsm.exe C:\Program Files\Emsisoft Anti-Malware\a2service.exe C:\Windows\system32\atiesrxx.exe C:\Windows\RtkAudioService.exe C:\Windows\system32\atieclxx.exe C:\Windows\system32\WLANExt.exe C:\Windows\system32\conhost.exe C:\Windows\System32\spoolsv.exe C:\Program Files\Avira\AntiVir Desktop\sched.exe C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe C:\Program Files\Avira\AntiVir Desktop\avguard.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe C:\Program Files\Intel\WiFi\bin\EvtEng.exe C:\Program Files\Sony\Network Utility\NSUService.exe C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe C:\Program Files\Sony\VAIO Event Service\VESMgr.exe C:\Program Files\Sony\VAIO Power Management\SPMService.exe C:\Windows\system32\DllHost.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE C:\Windows\system32\DRIVERS\xaudio.exe C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe C:\Program Files\Sony\VAIO Event Service\VESMgrSub.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\Dwm.exe C:\Windows\Explorer.EXE C:\Windows\system32\taskhost.exe C:\Program Files\Sony\VAIO Power Management\SPMgr.exe C:\Windows\system32\taskeng.exe C:\Program Files\Avira\AntiVir Desktop\avshadow.exe C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe C:\Program Files\Avira\AntiVir Desktop\avgnt.exe C:\Program Files\iTunes\iTunesHelper.exe C:\Program Files\Common Files\Java\Java Update\jusched.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\SearchIndexer.exe C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe C:\Windows\System32\alg.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\Windows Media Player\wmpnetwk.exe C:\Windows\System32\WUDFHost.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Windows\system32\DllHost.exe C:\Program Files\Sony\VAIO Update 5\VAIOUpdt.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\Google\Chrome\Application\chrome.exe C:\Program Files\OpenOffice.org 3\program\swriter.exe C:\Program Files\OpenOffice.org 3\program\soffice.exe C:\Program Files\OpenOffice.org 3\program\soffice.bin C:\Program Files\IVT Corporation\BlueSoleil\BtTray.exe C:\Windows\system32\conhost.exe C:\Windows\system32\wbem\wmiprvse.exe C:\Windows\system32\svchost.exe -k DcomLaunch C:\Windows\system32\svchost.exe -k RPCSS C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted C:\Windows\system32\svchost.exe -k netsvcs C:\Windows\system32\svchost.exe -k GPSvcGroup C:\Windows\system32\svchost.exe -k LocalService C:\Windows\system32\svchost.exe -k NetworkService C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork C:\Windows\system32\svchost.exe -k LocalServiceAndNoImpersonation C:\Windows\system32\svchost.exe -k imgsvc C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted C:\Windows\System32\svchost.exe -k LocalServicePeerNet C:\Windows\System32\svchost.exe -k secsvcs . ============== Pseudo HJT Report =============== . BHO: Adobe PDF Link Helper: {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\programdata\real\realplayer\browserrecordplugin\ie\rpbrowserrecordplugin.dll BHO: Spybot-S&D IE Protection: {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - c:\program files\java\jre7\bin\ssv.dll BHO: Windows Live ID Sign-in Helper: {9030D464-4C02-4ABF-8ECC-5164760863C6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll BHO: Skype Browser Helper: {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - c:\program files\java\jre7\bin\jp2ssv.dll uRun: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "c:\program files\google\chrome\application\chrome.exe" --no-startup-window mRun: [DataCardMonitor] c:\program files\t-mobile\web'n'walk manager\DataCardMonitor.exe mRun: [Smart File Advisor] "c:\program files\smart file advisor\sfa.exe" /checkassoc mRun: [avgnt] "c:\program files\avira\antivir desktop\avgnt.exe" /min mRun: [APSDaemon] "c:\program files\common files\apple\apple application support\APSDaemon.exe" mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe" mPolicies-System: EnableUIADesktopToggle = dword:0 IE: Free YouTube Download - c:\users\phil\appdata\roaming\dvdvideosoftiehelpers\freeytvdownloader.htm IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - c:\program files\windows live\writer\WriterBrowserExtension.dll IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll . INFO: HKCU has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . . INFO: HKLM has more than 50 listed domains. If you wish to scan all of them, select the 'Force scan all domains' option. . DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab TCP: NameServer = 192.168.178.1 TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438} : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\2445F40756E6A7F6E656 : DHCPNameServer = 192.168.22.22 192.168.22.23 TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\47D6F62696C656 : DHCPNameServer = 10.120.136.116 TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\64259445A51224F6870264F6E60275C414E40273134313 : DHCPNameServer = 192.168.178.1 TCP: Interfaces\{D99A74E3-B66E-4407-A494-D8A05138B438}\B4F4354554E4C4F435F575C414E4 : DHCPNameServer = 172.23.235.1 Handler: AutorunsDisabled - <Clsid value has no data> Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\program files\common files\skype\Skype4COM.dll Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - c:\program files\windows live\photo gallery\AlbumDownloadProtocolHandler.dll mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "c:\program files\google\chrome\application\24.0.1312.57\installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome Hosts: 127.0.0.1 www.spywareinfo.com . ============= SERVICES / DRIVERS =============== . R0 BtHidBus;Bluetooth HID Bus Service;c:\windows\system32\drivers\BtHidBus.sys [2009-9-24 19592] R1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\emsisoft anti-malware\a2ddax86.sys [2012-9-27 17904] R1 avkmgr;avkmgr;c:\windows\system32\drivers\avkmgr.sys [2012-11-11 36552] R2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\emsisoft anti-malware\a2service.exe [2012-9-27 3082640] R2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [2009-8-18 176128] R2 AntiVirSchedulerService;Avira Planer;c:\program files\avira\antivir desktop\sched.exe [2012-11-11 86752] R2 AntiVirService;Avira Echtzeit-Scanner;c:\program files\avira\antivir desktop\avguard.exe [2012-11-11 110816] R2 avgntflt;avgntflt;c:\windows\system32\drivers\avgntflt.sys [2012-11-11 83944] R2 BsMobileCS;BsMobileCS;c:\program files\ivt corporation\bluesoleil\BsMobileCS.exe [2010-3-9 143467] R2 NSUService;NSUService;c:\program files\sony\network utility\NSUService.exe [2009-12-20 299008] R2 RtkAudioService;Realtek Audio Service;c:\windows\RTKAUDIOSERVICE.EXE [2009-12-20 102400] R2 SBSDWSCService;SBSD Security Center Service;c:\program files\spybot - search & destroy\SDWinSec.exe [2011-4-14 1153368] R2 Skype C2C Service;Skype C2C Service;c:\programdata\skype\toolbars\skype c2c service\c2c_service.exe [2012-10-2 3064000] R2 VAIO Power Management;VAIO Power Management;c:\program files\sony\vaio power management\SPMService.exe [2009-12-20 411488] R3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\drivers\btnetBus.sys [2009-9-24 29192] R3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\drivers\IvtBtBus.sys [2009-8-26 25480] R3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\drivers\NETw5v32.sys [2009-5-28 4233728] R3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\drivers\SFEP.sys [2007-8-3 9344] R3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\drivers\yk62x86.sys [2009-10-21 315392] S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384] S2 SkypeUpdate;Skype Updater;c:\program files\skype\updater\Updater.exe [2013-1-8 161536] S3 a2acc;a2acc;c:\program files\emsisoft anti-malware\a2accx86.sys [2012-9-27 54072] S3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\drivers\b57nd60x.sys [2009-7-13 229888] S3 fssfltr;fssfltr;c:\windows\system32\drivers\fssfltr.sys [2012-11-23 49664] S3 fsssvc;Windows Live Family Safety Service;c:\program files\windows live\family safety\fsssvc.exe [2012-9-12 1512448] S3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [2012-11-23 14848] S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\drivers\VSTAZL3.SYS [2009-7-13 207360] S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\drivers\VSTDPV3.SYS [2009-7-13 980992] S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\drivers\VSTCNXT3.SYS [2009-7-13 661504] S3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\TsUsbFlt.sys [2012-11-23 49664] . =============== File Associations =============== . FileExt: .scr: AutoCADScriptFile=c:\windows\system32\notepad.exe "%1" FileExt: .txt: opendocument.WriterDocument.1="c:\program files\openoffice.org 3\program\swriter.exe" -o "%1" [UserChoice] . =============== Created Last 30 ================ . 2013-02-21 23:13:02 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-21 23:13:01 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-21 23:13:01 194048 ----a-w- c:\program files\internet explorer\IEShims.dll 2013-02-21 23:13:01 149528 ----a-w- c:\program files\internet explorer\sqmapi.dll 2013-02-21 23:13:00 194560 ----a-w- c:\program files\internet explorer\ieproxy.dll 2013-02-21 23:13:00 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-21 23:13:00 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 23:12:59 757280 ----a-w- c:\program files\internet explorer\iexplore.exe 2013-02-21 23:12:59 678912 ----a-w- c:\program files\internet explorer\iedvtool.dll 2013-02-21 23:12:59 387584 ----a-w- c:\program files\internet explorer\jsdbgui.dll 2013-02-21 23:12:59 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 23:12:59 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-21 23:12:51 768000 ----a-w- c:\program files\common files\microsoft shared\vgx\VGX.dll 2013-02-21 22:06:20 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-21 17:52:26 -------- d-----w- c:\program files\iPod 2013-02-21 17:52:25 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 17:52:25 -------- d-----w- c:\program files\iTunes 2013-02-21 17:50:26 60872 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38790f8-9c51-4adb-8e9c-fc632d26ff60}\offreg.dll 2013-02-21 17:38:39 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-21 17:38:38 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-21 17:38:28 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-21 17:38:28 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-21 17:38:23 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-21 17:36:28 6991832 ----a-w- c:\programdata\microsoft\windows defender\definition updates\{a38790f8-9c51-4adb-8e9c-fc632d26ff60}\mpengine.dll 2013-02-13 05:48:36 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-01-24 21:42:18 1783056 ----a-w- c:\windows\system32\WavesLib.dll 2013-01-24 21:41:59 91488 ----a-w- c:\windows\system32\R4EEA32A.dll 2013-01-24 21:29:29 -------- d-----w- c:\program files\AMD APP 2013-01-24 21:27:52 -------- d-----w- C:\AMD . ==================== Find3M ==================== . 2013-02-21 22:06:13 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-21 22:03:05 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-21 22:03:05 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-06 18:13:41 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-17 00:28:58 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-19 14:45:04 180224 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 14:44:42 65536 ----a-w- c:\windows\system32\OpenVideo.dll 2012-12-19 14:44:32 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-12-19 14:38:48 28732928 ----a-w- c:\windows\system32\amdocl.dll 2012-12-19 14:34:38 50176 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-16 14:13:28 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13:20 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-11 12:36:00 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-07 12:26:17 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20:43 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-11-30 04:47:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 02:55:25 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38:59 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38:59 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38:59 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38:59 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . ============= FINISH: 11:11:47,82 =============== --- --- --- --- --- --- Code:
ATTFilter . UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG. IF REQUESTED, ZIP IT UP & ATTACH IT . DDS (Ver_2012-11-20.01) . Microsoft Windows 7 Home Premium Boot Device: \Device\HarddiskVolume1 Install Date: 19.12.2009 23:58:33 System Uptime: 22.02.2013 10:33:53 (1 hours ago) . Motherboard: Sony Corporation | | VAIO Processor: Intel(R) Core(TM)2 Duo CPU P8400 @ 2.26GHz | N/A | 793/266mhz . ==== Disk Partitions ========================= . C: is FIXED (NTFS) - 298 GiB total, 206,822 GiB free. D: is Removable E: is Removable G: is CDROM () . ==== Disabled Device Manager Items ============= . ==== System Restore Points =================== . RP456: 04.02.2013 18:53:23 - Geplanter Prüfpunkt RP457: 06.02.2013 19:12:44 - Installed Java 7 Update 13 RP458: 13.02.2013 08:02:45 - Windows Update RP459: 21.02.2013 18:35:29 - Windows Update RP460: 21.02.2013 23:04:52 - Installed Java 7 Update 15 RP461: 22.02.2013 00:10:15 - Windows Update . ==== Installed Programs ====================== . Adobe Flash Player 11 ActiveX Adobe Flash Player 11 Plugin Adobe Reader X (10.1.4) - Deutsch Adobe Shockwave Player 12.0 Akamai NetSession Interface Akamai NetSession Interface Service AMD APP SDK Runtime Apple Application Support Apple Mobile Device Support Apple Software Update Autodesk Material Library 2011 Autodesk Material Library 2011 Base Image library Avira Free Antivirus Bing Maps 3D BlueSoleil 6.4.305.0 Bonjour CCleaner D3DX10 DivX Plus Media Foundation Components DivX Version Checker Dolby Control Center EA Download Manager Emsisoft Anti-Malware eType FIFA 11 Fotogalerie Free YouTube Download version 3.1.42.1212 Google Chrome Google Earth Google Update Helper HDAUDIO SoftV92 Data Fax Modem with SmartCP iCloud Intel PROSet Wireless Intel(R) PROSet/Wireless WiFi-Software IsoBuster 3.0 iTunes Java 7 Update 15 Java Auto Updater Junk Mail filter update Malwarebytes Anti-Malware Version 1.65.0.1400 Microsoft .NET Framework 4 Client Profile Microsoft .NET Framework 4 Client Profile DEU Language Pack Microsoft Application Error Reporting Microsoft Silverlight Microsoft SQL Server 2005 Compact Edition [ENU] Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 Microsoft Visual C++ 2005 Redistributable Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022.218 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 Movie Maker MSVCRT MSVCRT110 ooVoo OpenOffice.org 3.4 Photo Common Photo Gallery Printer Pro Desktop QuickTime RealNetworks - Microsoft Visual C++ 2008 Runtime RealPlayer Realtek HDMI Audio Driver for ATI Realtek High Definition Audio Driver RealUpgrade 1.1 Security Update for Microsoft .NET Framework 4 Client Profile (KB2446708) Security Update for Microsoft .NET Framework 4 Client Profile (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile (KB2518870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2539636) Security Update for Microsoft .NET Framework 4 Client Profile (KB2572078) Security Update for Microsoft .NET Framework 4 Client Profile (KB2604121) Security Update for Microsoft .NET Framework 4 Client Profile (KB2633870) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656351) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656368v2) Security Update for Microsoft .NET Framework 4 Client Profile (KB2656405) Security Update for Microsoft .NET Framework 4 Client Profile (KB2686827) Security Update for Microsoft .NET Framework 4 Client Profile (KB2729449) Security Update for Microsoft .NET Framework 4 Client Profile (KB2737019) Security Update for Microsoft .NET Framework 4 Client Profile (KB2742595) Security Update for Microsoft .NET Framework 4 Client Profile (KB2789642) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2478663) Security Update for Microsoft .NET Framework 4 Client Profile DEU Language Pack (KB2518870) Setting Utility Series Skype Click to Call Skype™ 6.1 Smart File Advisor 1.1.1 SopCast 3.4.8 Spelling Dictionaries Support For Adobe Reader 9 Spybot - Search & Destroy Sunny Design swMSM Update for Microsoft .NET Framework 4 Client Profile (KB2468871) Update for Microsoft .NET Framework 4 Client Profile (KB2533523) Update for Microsoft .NET Framework 4 Client Profile (KB2600217) Updater Service VAIO Control Center VAIO Energie Verwaltung VAIO Event Service VAIO Smart Network VAIO Update VC80CRTRedist - 8.0.50727.4053 Veetle TV 0.9.18 VLC media player 1.1.7 web'n'walk Manager Windows Driver Package - Broadcom Bluetooth (07/30/2009 6.2.0.9405) Windows Driver Package - Broadcom Bluetooth (09/11/2009 6.2.0.9407) Windows Driver Package - Broadcom HIDClass (07/28/2009 6.2.0.9800) Windows Live Communications Platform Windows Live Essentials Windows Live Family Safety Windows Live ID Sign-in Assistant Windows Live Installer Windows Live Mail Windows Live Messenger Windows Live MIME IFilter Windows Live Photo Common Windows Live PIMT Platform Windows Live SOXE Windows Live SOXE Definitions Windows Live Sync Windows Live UX Platform Windows Live UX Platform Language Pack Windows Live Writer Windows Live Writer Resources Windows Media Player Firefox Plugin WinRAR . ==== End Of File =========================== |
22.02.2013, 11:54 | #6 |
/// TB-Ausbilder | Trojaner Problem Bevor es weitergeht: Hattest du auf diesem Rechner schon mal eine Infektion? Ist dir da noch was bekannt?
__________________ --> Trojaner Problem |
22.02.2013, 12:44 | #7 |
| Trojaner Problem Ich hatte den Ukash/BKA-Trojaner vor 6 Monaten... Ansonsten nichts mit diesem System |
22.02.2013, 14:44 | #8 |
/// TB-Ausbilder | Trojaner Problem Hm, ich möchte dennoch auf Nummer "Sicher" gehen und brauche einen weiteren Scan. Scan mit Farbar's Recovery Scan Tool
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
22.02.2013, 15:17 | #9 |
| Trojaner Problem Vielen Dank nochmal an dieser Stelle für deine Unterstützung. Hier der Logfile... Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-02-2013 01 Ran by SYSTEM at 22-02-2013 15:10:54 Running from E:\ Windows 7 Home Premium (X86) OS Language: German Standard The current controlset is ControlSet001 ==================== Registry (Whitelisted) =================== HKLM\...\Run: [DataCardMonitor] C:\Program Files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe [253952 2010-04-29] (Huawei Technologies Co., Ltd.) HKLM\...\Run: [Smart File Advisor] "C:\Program Files\Smart File Advisor\sfa.exe" /checkassoc [280824 2011-04-04] (Filefacts.net) HKLM\...\Run: [avgnt] "C:\Program Files\Avira\AntiVir Desktop\avgnt.exe" /min [385248 2013-02-06] (Avira Operations GmbH & Co. KG) HKU\Default\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation) HKU\Default User\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation) HKU\Gast\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation) HKU\Gast\...\Run: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [1248208 2013-01-26] (Google Inc.) HKU\PhilundPepi\...\Run: [NSUFloatingUI] "C:\Program Files\Sony\Network Utility\LANUtil.exe" [262144 2008-11-05] (Sony Corporation) HKU\PhilundPepi\...\Run: [GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] "C:\Program Files\Google\Chrome\Application\chrome.exe" --no-startup-window [1248208 2013-01-26] (Google Inc.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Startup: C:\Users\PhilundPepi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk ShortcutTarget: OpenOffice.org 3.4.1.lnk -> X:\Program Files\OpenOffice.org 3\program\quickstart.exe (No File) ==================== Services (Whitelisted) =================== 2 a2AntiMalware; "C:\Program Files\Emsisoft Anti-Malware\a2service.exe" [3082640 2012-09-19] (Emsisoft GmbH) 2 AntiVirSchedulerService; "C:\Program Files\Avira\AntiVir Desktop\sched.exe" [86752 2013-02-06] (Avira Operations GmbH & Co. KG) 2 AntiVirService; "C:\Program Files\Avira\AntiVir Desktop\avguard.exe" [110816 2013-02-06] (Avira Operations GmbH & Co. KG) 2 BlueSoleilCS; C:\Program Files\IVT Corporation\BlueSoleil\BlueSoleilCS.exe [926720 2010-03-10] (IVT Corporation) 3 BsHelpCS; C:\Program Files\IVT Corporation\BlueSoleil\BsHelpCS.exe [102503 2010-03-08] (IVT Corporation) 2 BsMobileCS; C:\Program Files\IVT Corporation\BlueSoleil\BsMobileCS.exe [143467 2010-03-09] (IVT Corporation) 2 SBSDWSCService; C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [1153368 2009-01-26] (Safer Networking Ltd.) 2 Skype C2C Service; "C:\ProgramData\Skype\Toolbars\Skype C2C Service\c2c_service.exe" [3064000 2012-10-02] (Skype Technologies S.A.) 2 VAIO Event Service; C:\Program Files\Sony\VAIO Event Service\VESMgr.exe [182112 2008-07-10] (Sony Corporation) ==================== Drivers (Whitelisted) ==================== 3 a2acc; \??\C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\a2accx86.sys [54072 2012-04-30] (Emsisoft GmbH) 1 A2DDA; \??\C:\Program Files\Emsisoft Anti-Malware\a2ddax86.sys [17904 2011-05-19] (Emsi Software GmbH) 2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [83944 2012-12-11] (Avira Operations GmbH & Co. KG) 1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [134336 2012-12-11] (Avira Operations GmbH & Co. KG) 1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [36552 2012-11-13] (Avira Operations GmbH & Co. KG) 3 BT; C:\Windows\System32\DRIVERS\btnetdrv.sys [17928 2009-06-17] (IVT Corporation.) 3 Btcsrusb; C:\Windows\System32\Drivers\btcusb.sys [36616 2010-02-25] (IVT Corporation.) 0 BtHidBus; C:\Windows\System32\Drivers\BtHidBus.sys [19592 2009-09-24] (IVT Corporation.) 3 btnetBUs; C:\Windows\System32\Drivers\btnetBus.sys [29192 2009-09-24] () 3 IvtBtBUs; C:\Windows\System32\Drivers\IvtBtBus.sys [25480 2009-08-26] (IVT Corporation.) 3 RTHDMIAzAudService; C:\Windows\System32\drivers\RtHDMIV.sys [204432 2012-06-05] (Realtek Semiconductor Corp.) 1 ssmdrv; C:\Windows\System32\DRIVERS\ssmdrv.sys [28520 2012-08-27] (Avira GmbH) 3 USB28xxBGA; C:\Windows\System32\DRIVERS\emBDA.sys [476288 2007-08-08] (eMPIA Technology, Inc.) 3 USB28xxOEM; C:\Windows\System32\DRIVERS\emOEM.sys [38656 2007-08-08] (eMPIA Technology, Inc.) 3 VComm; C:\Windows\System32\DRIVERS\VComm.sys [14856 2009-08-26] (IVT Corporation.) 3 VcommMgr; C:\Windows\System32\Drivers\VcommMgr.sys [32392 2009-08-28] (IVT Corporation.) 3 yukonw7; C:\Windows\System32\DRIVERS\yk62x86.sys [315392 2009-12-20] () ==================== NetSvcs (Whitelisted) =================== ==================== One Month Created Files and Folders ======== 2013-02-22 14:55 - 2013-02-22 14:57 - 00001472 ____A C:\Users\PhilundPepi\Desktop\Scan.txt 2013-02-22 13:35 - 2013-02-22 13:35 - 00000000 ____D C:\Windows\LastGood 2013-02-22 11:33 - 2013-02-22 11:33 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk 2013-02-22 11:24 - 2013-02-22 11:26 - 152249762 ____A C:\Users\Phil\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe 2013-02-22 11:12 - 2013-02-22 11:12 - 00005914 ____A C:\Users\Phil\Desktop\attach.txt 2013-02-22 11:12 - 2013-02-22 11:11 - 00015776 ____A C:\Users\Phil\Desktop\dds.txt 2013-02-22 11:05 - 2013-02-22 11:05 - 00002122 ____A C:\Users\Phil\Desktop\aswMBR.txt 2013-02-22 11:05 - 2013-02-22 11:05 - 00000512 ____A C:\Users\Phil\Desktop\MBR.dat 2013-02-22 10:36 - 2013-02-22 10:36 - 00000470 ____A C:\Users\Phil\Downloads\defogger_disable.log 2013-02-22 10:25 - 2013-02-22 10:26 - 04732416 ____A (AVAST Software) C:\Users\Phil\Desktop\aswMBR.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Phil\Downloads\tdsskiller.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 00700783 ____R (Swearware) C:\Users\Phil\Downloads\dds+.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 00050477 ____A C:\Users\Phil\Downloads\Defogger.exe 2013-02-22 10:19 - 2013-02-22 10:19 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Phil\Downloads\Shockwave_Installer_Slim.exe 2013-02-22 08:30 - 2013-02-22 08:30 - 00000512 ____A C:\Users\Phil\Downloads\MBR.dat 2013-02-22 00:13 - 2013-01-08 23:03 - 01129472 ____A (Microsoft Corporation) C:\Windows\System32\wininet.dll 2013-02-22 00:13 - 2013-01-08 23:00 - 00065024 ____A (Microsoft Corporation) C:\Windows\System32\jsproxy.dll 2013-02-22 00:13 - 2013-01-08 22:59 - 00142848 ____A (Microsoft Corporation) C:\Windows\System32\ieUnatt.exe 2013-02-22 00:13 - 2013-01-08 22:58 - 00717824 ____A (Microsoft Corporation) C:\Windows\System32\jscript.dll 2013-02-22 00:13 - 2013-01-08 22:58 - 00420864 ____A (Microsoft Corporation) C:\Windows\System32\vbscript.dll 2013-02-22 00:13 - 2013-01-08 22:57 - 00607744 ____A (Microsoft Corporation) C:\Windows\System32\msfeeds.dll 2013-02-22 00:13 - 2013-01-08 22:56 - 02382848 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.tlb 2013-02-22 00:13 - 2013-01-08 22:56 - 00073216 ____A (Microsoft Corporation) C:\Windows\System32\mshtmled.dll 2013-02-22 00:13 - 2013-01-08 22:53 - 00176640 ____A (Microsoft Corporation) C:\Windows\System32\ieui.dll 2013-02-22 00:12 - 2013-01-08 23:23 - 12321280 ____A (Microsoft Corporation) C:\Windows\System32\mshtml.dll 2013-02-22 00:12 - 2013-01-08 23:11 - 01800704 ____A (Microsoft Corporation) C:\Windows\System32\jscript9.dll 2013-02-22 00:12 - 2013-01-08 23:09 - 09738240 ____A (Microsoft Corporation) C:\Windows\System32\ieframe.dll 2013-02-22 00:12 - 2013-01-08 23:03 - 01427968 ____A (Microsoft Corporation) C:\Windows\System32\inetcpl.cpl 2013-02-22 00:12 - 2013-01-08 23:03 - 01103872 ____A (Microsoft Corporation) C:\Windows\System32\urlmon.dll 2013-02-22 00:12 - 2013-01-08 23:01 - 00231936 ____A (Microsoft Corporation) C:\Windows\System32\url.dll 2013-02-22 00:12 - 2013-01-08 22:56 - 01796096 ____A (Microsoft Corporation) C:\Windows\System32\iertutil.dll 2013-02-21 23:13 - 2013-02-21 23:14 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\vlc 2013-02-21 23:06 - 2013-02-21 23:07 - 07781072 ____A (Adobe Systems Inc.) C:\Users\PhilundPepi\Desktop\Shockwave_Installer_Slim.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-02-21 22:03 - 2013-02-21 22:04 - 00700783 ____R (Swearware) C:\Users\PhilundPepi\Desktop\dds+.exe 2013-02-21 21:09 - 2013-02-21 21:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\PhilundPepi\Desktop\tdsskiller.exe 2013-02-21 21:06 - 2013-02-22 07:46 - 00000470 ____A C:\Users\PhilundPepi\Desktop\defogger_disable.log 2013-02-21 21:06 - 2013-02-21 21:06 - 00000000 ____A C:\Users\Phil\defogger_reenable 2013-02-21 21:02 - 2013-02-21 21:03 - 04732416 ____A (AVAST Software) C:\Users\PhilundPepi\Desktop\aswMBR.exe 2013-02-21 21:00 - 2013-02-21 21:00 - 00050477 ____A C:\Users\PhilundPepi\Desktop\Defogger.exe 2013-02-21 18:53 - 2013-02-21 18:53 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-02-21 18:52 - 2013-02-21 18:53 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 18:52 - 2013-02-21 18:53 - 00000000 ____D C:\Program Files\iTunes 2013-02-21 18:52 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iPod 2013-02-21 18:38 - 2013-01-05 06:00 - 03967848 ____A (Microsoft Corporation) C:\Windows\System32\ntkrnlpa.exe 2013-02-21 18:38 - 2013-01-05 06:00 - 03913064 ____A (Microsoft Corporation) C:\Windows\System32\ntoskrnl.exe 2013-02-21 18:38 - 2013-01-04 05:50 - 00169984 ____A (Microsoft Corporation) C:\Windows\System32\winsrv.dll 2013-02-21 18:38 - 2013-01-03 06:05 - 01293672 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\tcpip.sys 2013-02-21 18:38 - 2013-01-03 06:04 - 00187752 ____A (Microsoft Corporation) C:\Windows\System32\Drivers\FWPKCLNT.SYS 2013-02-21 18:15 - 2013-02-21 18:15 - 00000000 ____D C:\Users\PhilundPepi\Desktop\Nikolakis 2013-02-15 22:41 - 2013-02-18 08:04 - 00027648 ____A C:\Users\PhilundPepi\Desktop\Aufsichtsplan_März 2013.xls 2013-02-13 06:48 - 2013-01-04 04:00 - 02347008 ____A (Microsoft Corporation) C:\Windows\System32\win32k.sys 2013-02-11 18:38 - 2013-02-16 17:57 - 00015872 ____A C:\Users\PhilundPepi\Desktop\Klausuraufsichten 1.+ 2. Sem. WS 12 - Prüf.2 (Einteilung).xls 2013-02-06 06:27 - 2013-02-21 23:01 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Mozilla Firefox 2013-01-27 11:13 - 2013-01-27 11:13 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk 2013-01-27 11:13 - 2013-01-27 11:13 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-01-27 09:44 - 2012-12-28 08:56 - 00445037 ____A C:\Windows\System32\Drivers\etc\hosts.20130127-094456.backup 2013-01-26 18:58 - 2013-01-26 18:58 - 00000000 ____D C:\Program Files\Common Files\Java 2013-01-24 23:33 - 2013-01-24 23:33 - 04189792 ____A (Piriform Ltd) C:\Users\Phil\Downloads\ccsetup327.exe 2013-01-24 22:50 - 2012-06-05 13:45 - 00204432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RtHDMIV.sys 2013-01-24 22:50 - 2012-05-17 11:29 - 07161696 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP32H.dll 2013-01-24 22:50 - 2012-05-17 11:29 - 00351072 ____A (Dolby Laboratories) C:\Windows\System32\R4EED32H.dll 2013-01-24 22:50 - 2012-05-17 11:29 - 00105824 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL32H.dll 2013-01-24 22:50 - 2012-05-17 11:29 - 00091488 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA32H.dll 2013-01-24 22:50 - 2012-05-17 11:29 - 00061792 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG32H.dll 2013-01-24 22:50 - 2011-12-02 14:20 - 03320936 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkHDMI.dll 2013-01-24 22:50 - 2011-09-27 14:04 - 02275432 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHDMIExt.dll 2013-01-24 22:50 - 2011-07-06 13:27 - 00076392 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RHCoInst.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00357720 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32H.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DHT32.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RH3DAA32.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00170840 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32H.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00076120 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32H.dll 2013-01-24 22:50 - 2010-11-08 07:31 - 00064856 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32H.dll 2013-01-24 22:42 - 2012-06-19 16:54 - 03240400 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\Drivers\RTKVHDA.sys 2013-01-24 22:42 - 2012-06-19 13:30 - 00293889 ____A C:\Windows\System32\Drivers\RTAIODAT.DAT 2013-01-24 22:42 - 2012-06-08 16:18 - 03173008 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkAPO.dll 2013-01-24 22:42 - 2012-06-06 10:44 - 00645776 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkApoApi.dll 2013-01-24 22:42 - 2012-06-01 09:37 - 02417808 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkPgExt.dll 2013-01-24 22:42 - 2012-05-31 18:08 - 00087696 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoInstII.dll 2013-01-24 22:42 - 2012-02-21 19:45 - 01725784 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesGUILib.dll 2013-01-24 22:42 - 2012-01-30 11:42 - 00819648 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo2.dll 2013-01-24 22:42 - 2012-01-10 10:20 - 00058264 ____A (TOSHIBA CORPORATION.) C:\Windows\System32\TepeqAPO.dll 2013-01-24 22:42 - 2011-12-20 05:43 - 00192104 ____A (Sony Corporation) C:\Windows\System32\SFSS_APO.dll 2013-01-24 22:42 - 2011-12-13 16:58 - 01497704 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RTSndMgr.cpl 2013-01-24 22:42 - 2011-11-22 16:28 - 00013416 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RtkCoLDR.dll 2013-01-24 22:42 - 2011-09-02 14:21 - 00214368 ____A (Synopsys, Inc.) C:\Windows\System32\SFNHK.dll 2013-01-24 22:42 - 2011-09-02 14:21 - 00074080 ____A (Synopsys, Inc.) C:\Windows\System32\SFCOM.dll 2013-01-24 22:42 - 2011-09-02 14:21 - 00068960 ____A (Synopsys, Inc.) C:\Windows\System32\SFAPO.dll 2013-01-24 22:42 - 2011-03-17 12:16 - 01379760 ____A (TOSHIBA Corporation) C:\Windows\System32\tosade.dll 2013-01-24 22:42 - 2011-03-07 17:03 - 00134584 ____A (TOSHIBA Corporation) C:\Windows\System32\tadefxapo.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00359768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEP32A.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DHT32.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00295768 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RP3DAA32.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00170840 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEED32A.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00078680 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEL32A.dll 2013-01-24 22:42 - 2010-11-08 07:31 - 00064856 ____A (Dolby Laboratories, Inc.) C:\Windows\System32\RTEEG32A.dll 2013-01-24 22:42 - 2009-11-24 09:55 - 00345328 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSXT.dll 2013-01-24 22:42 - 2009-11-24 09:55 - 00185584 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSTSHD.dll 2013-01-24 22:42 - 2009-11-24 09:55 - 00173296 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSHP360.dll 2013-01-24 22:42 - 2009-11-24 09:55 - 00140528 ____A (SRS Labs, Inc.) C:\Windows\System32\SRSWOW.dll 2013-01-24 22:42 - 2009-11-18 18:42 - 01783056 ____A (Waves Audio Ltd.) C:\Windows\System32\WavesLib.dll 2013-01-24 22:41 - 2012-06-14 13:43 - 05096448 ____A (Realtek Semiconductor Corp.) C:\Windows\System32\RCoRes.dat 2013-01-24 22:41 - 2012-05-17 11:29 - 07161696 ____A (Dolby Laboratories) C:\Windows\System32\R4EEP32A.dll 2013-01-24 22:41 - 2012-05-17 11:29 - 00351072 ____A (Dolby Laboratories) C:\Windows\System32\R4EED32A.dll 2013-01-24 22:41 - 2012-05-17 11:29 - 00105824 ____A (Dolby Laboratories) C:\Windows\System32\R4EEL32A.dll 2013-01-24 22:41 - 2012-05-17 11:29 - 00091488 ____A (Dolby Laboratories) C:\Windows\System32\R4EEA32A.dll 2013-01-24 22:41 - 2012-05-17 11:29 - 00061792 ____A (Dolby Laboratories) C:\Windows\System32\R4EEG32A.dll 2013-01-24 22:41 - 2012-04-10 14:40 - 02193472 ____A (Fortemedia Corporation) C:\Windows\System32\FMAPO.dll 2013-01-24 22:41 - 2012-04-03 18:41 - 01185112 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek2.dll 2013-01-24 22:41 - 2012-04-03 18:41 - 00709976 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPOShell.dll 2013-01-24 22:41 - 2012-03-08 11:47 - 00176736 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTACap.dll 2013-01-24 22:41 - 2012-03-08 11:47 - 00095840 ____A (Andrea Electronics Corporation) C:\Windows\System32\AERTARen.dll 2013-01-24 22:41 - 2012-02-17 15:54 - 00350552 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxVolumeSDAPO.dll 2013-01-24 22:41 - 2012-02-13 22:36 - 07783768 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioRealtek.dll 2013-01-24 22:41 - 2012-01-23 22:28 - 00421744 ____A (DTS) C:\Windows\System32\DTSU2PLFX32.dll 2013-01-24 22:41 - 2012-01-23 22:28 - 00398192 ____A (DTS) C:\Windows\System32\DTSU2PGFX32.dll 2013-01-24 22:41 - 2012-01-23 22:28 - 00335216 ____A (DTS) C:\Windows\System32\DTSU2PREC32.dll 2013-01-24 22:41 - 2011-12-18 17:57 - 01836376 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioEQ.dll 2013-01-24 22:41 - 2011-08-23 17:00 - 00357712 ____A (Knowles Acoustics ) C:\Windows\System32\KAAPORT.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 01509480 ____A (DTS) C:\Windows\System32\DTSS2SpeakerDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 01292904 ____A (DTS) C:\Windows\System32\DTSS2HeadphoneDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 01220200 ____A (DTS) C:\Windows\System32\DTSBoostDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00654952 ____A (DTS) C:\Windows\System32\DTSBassEnhancementDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00631400 ____A (DTS) C:\Windows\System32\DTSSymmetryDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00601704 ____A (DTS) C:\Windows\System32\DTSVoiceClarityDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00458344 ____A (DTS) C:\Windows\System32\DTSNeoPCDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00389736 ____A (DTS) C:\Windows\System32\DTSGainCompensatorDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00375400 ____A (DTS) C:\Windows\System32\DTSLimiterDLL.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPONS.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00218728 ____A (DTS) C:\Windows\System32\DTSGFXAPO.dll 2013-01-24 22:41 - 2011-05-31 09:42 - 00218216 ____A (DTS) C:\Windows\System32\DTSLFXAPO.dll 2013-01-24 22:41 - 2010-10-03 13:45 - 00259928 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO30.dll 2013-01-24 22:41 - 2010-09-27 09:34 - 00232792 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO20.dll 2013-01-24 22:41 - 2009-12-04 15:43 - 00132368 ____A (Waves Audio Ltd.) C:\Windows\System32\MaxxAudioAPO.dll 2013-01-24 22:29 - 2013-01-24 22:29 - 00000000 ____D C:\Program Files\AMD APP 2013-01-24 22:27 - 2013-01-24 22:27 - 00000000 ____D C:\AMD ==================== One Month Modified Files and Folders ======== 2013-02-22 15:02 - 2012-08-14 20:48 - 00000884 ____A C:\Windows\Tasks\Adobe Flash Player Updater.job 2013-02-22 15:02 - 2011-12-14 09:39 - 01845353 ____A C:\Windows\WindowsUpdate.log 2013-02-22 14:57 - 2013-02-22 14:55 - 00001472 ____A C:\Users\PhilundPepi\Desktop\Scan.txt 2013-02-22 14:50 - 2009-12-20 00:02 - 01498506 ____A C:\Windows\System32\PerfStringBackup.INI 2013-02-22 14:48 - 2013-01-01 14:08 - 00018249 ____A C:\Windows\setupact.log 2013-02-22 14:47 - 2012-09-18 18:40 - 00001098 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job 2013-02-22 13:35 - 2013-02-22 13:35 - 00000000 ____D C:\Windows\LastGood 2013-02-22 11:41 - 2012-09-18 18:40 - 00001094 ____A C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job 2013-02-22 11:40 - 2012-08-15 22:10 - 00064024 ____A C:\Users\PhilundPepi\AppData\Local\GDIPFONTCACHEV1.DAT 2013-02-22 11:37 - 2009-12-28 17:58 - 00000000 ____D C:\Windows\pss 2013-02-22 11:33 - 2013-02-22 11:33 - 00001130 ____A C:\Users\Public\Desktop\OpenOffice.org 3.4.1.lnk 2013-02-22 11:33 - 2009-12-20 13:46 - 00000000 ____D C:\Program Files\OpenOffice.org 3 2013-02-22 11:26 - 2013-02-22 11:24 - 152249762 ____A C:\Users\Phil\Downloads\Apache_OpenOffice_incubating_3.4.1_Win_x86_install_de.exe 2013-02-22 11:20 - 2012-11-23 23:14 - 00000000 ____D C:\Users\Phil\AppData\Local\Windows Live 2013-02-22 11:12 - 2013-02-22 11:12 - 00005914 ____A C:\Users\Phil\Desktop\attach.txt 2013-02-22 11:11 - 2013-02-22 11:12 - 00015776 ____A C:\Users\Phil\Desktop\dds.txt 2013-02-22 11:05 - 2013-02-22 11:05 - 00002122 ____A C:\Users\Phil\Desktop\aswMBR.txt 2013-02-22 11:05 - 2013-02-22 11:05 - 00000512 ____A C:\Users\Phil\Desktop\MBR.dat 2013-02-22 10:42 - 2009-07-14 05:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 2013-02-22 10:42 - 2009-07-14 05:34 - 00014608 ___AH C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 2013-02-22 10:36 - 2013-02-22 10:36 - 00000470 ____A C:\Users\Phil\Downloads\defogger_disable.log 2013-02-22 10:35 - 2010-12-18 18:50 - 00000435 ____A C:\Windows\System32\Drivers\etc\hosts.ics 2013-02-22 10:34 - 2010-03-10 08:45 - 00001206 ____A C:\Windows\System32\bscs.ini 2013-02-22 10:34 - 2009-07-14 05:53 - 00000006 ___AH C:\Windows\Tasks\SA.DAT 2013-02-22 10:26 - 2013-02-22 10:25 - 04732416 ____A (AVAST Software) C:\Users\Phil\Desktop\aswMBR.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\Phil\Downloads\tdsskiller.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 00700783 ____R (Swearware) C:\Users\Phil\Downloads\dds+.exe 2013-02-22 10:22 - 2013-02-22 10:22 - 00050477 ____A C:\Users\Phil\Downloads\Defogger.exe 2013-02-22 10:19 - 2013-02-22 10:19 - 07781072 ____A (Adobe Systems Inc.) C:\Users\Phil\Downloads\Shockwave_Installer_Slim.exe 2013-02-22 09:57 - 2012-11-26 09:58 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Windows Live 2013-02-22 08:50 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\Microsoft.NET 2013-02-22 08:30 - 2013-02-22 08:30 - 00000512 ____A C:\Users\Phil\Downloads\MBR.dat 2013-02-22 07:46 - 2013-02-21 21:06 - 00000470 ____A C:\Users\PhilundPepi\Desktop\defogger_disable.log 2013-02-22 00:14 - 2009-12-20 00:01 - 67823584 ____A (Microsoft Corporation) C:\Windows\System32\MRT.exe 2013-02-21 23:14 - 2013-02-21 23:13 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\vlc 2013-02-21 23:07 - 2013-02-21 23:06 - 07781072 ____A (Adobe Systems Inc.) C:\Users\PhilundPepi\Desktop\Shockwave_Installer_Slim.exe 2013-02-21 23:07 - 2011-07-08 19:20 - 00000000 ____D C:\Windows\System32\Adobe 2013-02-21 23:06 - 2013-02-21 23:06 - 00262560 ____A (Oracle Corporation) C:\Windows\System32\javaws.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\javaw.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00174496 ____A (Oracle Corporation) C:\Windows\System32\java.exe 2013-02-21 23:06 - 2013-02-21 23:06 - 00094112 ____A (Oracle Corporation) C:\Windows\System32\WindowsAccessBridge.dll 2013-02-21 23:06 - 2011-01-04 07:25 - 00782240 ____A (Oracle Corporation) C:\Windows\System32\deployJava1.dll 2013-02-21 23:03 - 2012-03-31 09:14 - 00691568 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerApp.exe 2013-02-21 23:03 - 2011-07-08 19:20 - 00071024 ____A (Adobe Systems Incorporated) C:\Windows\System32\FlashPlayerCPLApp.cpl 2013-02-21 23:02 - 2009-12-20 13:44 - 00000000 ____D C:\ProgramData\Adobe 2013-02-21 23:01 - 2013-02-06 06:27 - 00000000 ____D C:\Users\PhilundPepi\AppData\Local\Mozilla Firefox 2013-02-21 22:04 - 2013-02-21 22:03 - 00700783 ____R (Swearware) C:\Users\PhilundPepi\Desktop\dds+.exe 2013-02-21 21:09 - 2013-02-21 21:09 - 02237968 ____A (Kaspersky Lab ZAO) C:\Users\PhilundPepi\Desktop\tdsskiller.exe 2013-02-21 21:06 - 2013-02-21 21:06 - 00000000 ____A C:\Users\Phil\defogger_reenable 2013-02-21 21:06 - 2009-12-19 23:58 - 00000000 ____D C:\users\Phil 2013-02-21 21:03 - 2013-02-21 21:02 - 04732416 ____A (AVAST Software) C:\Users\PhilundPepi\Desktop\aswMBR.exe 2013-02-21 21:00 - 2013-02-21 21:00 - 00050477 ____A C:\Users\PhilundPepi\Desktop\Defogger.exe 2013-02-21 18:53 - 2013-02-21 18:53 - 00001753 ____A C:\Users\Public\Desktop\iTunes.lnk 2013-02-21 18:53 - 2013-02-21 18:52 - 00000000 ____D C:\ProgramData\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 18:53 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iTunes 2013-02-21 18:52 - 2013-02-21 18:52 - 00000000 ____D C:\Program Files\iPod 2013-02-21 18:52 - 2009-12-28 17:52 - 00000000 ____D C:\Program Files\Common Files\Apple 2013-02-21 18:48 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\DriverStore 2013-02-21 18:29 - 2009-07-14 05:33 - 00295272 ____A C:\Windows\System32\FNTCACHE.DAT 2013-02-21 18:27 - 2012-08-15 22:10 - 00000000 ____D C:\users\PhilundPepi 2013-02-21 18:27 - 2011-04-14 06:22 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy 2013-02-21 18:27 - 2010-04-08 16:35 - 00000000 ____D C:\Users\Phil\AppData\Local\bluesoleil 2013-02-21 18:27 - 2009-12-23 09:22 - 00000000 ____D C:\users\Gast 2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\System32\wfp 2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\AppCompat 2013-02-21 18:27 - 2009-07-14 03:37 - 00000000 ____D C:\Program Files\Common Files\microsoft shared 2013-02-21 18:26 - 2009-07-14 03:37 - 00000000 ____D C:\Windows\registration 2013-02-21 18:24 - 2012-08-16 07:39 - 00000000 ____D C:\Users\PhilundPepi\AppData\Roaming\Skype 2013-02-21 18:24 - 2010-01-10 21:44 - 00000000 ____D C:\ProgramData\Real 2013-02-21 18:15 - 2013-02-21 18:15 - 00000000 ____D C:\Users\PhilundPepi\Desktop\Nikolakis 2013-02-20 11:35 - 2009-12-28 17:55 - 00000000 ____D C:\Users\Phil\AppData\Roaming\Apple Computer 2013-02-18 08:04 - 2013-02-15 22:41 - 00027648 ____A C:\Users\PhilundPepi\Desktop\Aufsichtsplan_März 2013.xls 2013-02-16 17:57 - 2013-02-11 18:38 - 00015872 ____A C:\Users\PhilundPepi\Desktop\Klausuraufsichten 1.+ 2. Sem. WS 12 - Prüf.2 (Einteilung).xls 2013-02-06 19:13 - 2012-08-14 07:47 - 00861088 ____A (Oracle Corporation) C:\Windows\System32\npDeployJava1.dll 2013-02-01 05:59 - 2013-01-02 06:22 - 00004236 ____A C:\Windows\PFRO.log 2013-01-27 21:04 - 2012-09-27 21:18 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware 2013-01-27 11:14 - 2009-12-26 09:18 - 00000000 ____D C:\ProgramData\Skype 2013-01-27 11:13 - 2013-01-27 11:13 - 00002505 ____A C:\Users\Public\Desktop\Skype.lnk 2013-01-27 11:13 - 2013-01-27 11:13 - 00000000 ____D C:\Program Files\Common Files\Skype 2013-01-27 11:13 - 2009-12-26 09:18 - 00000000 ___RD C:\Program Files\Skype 2013-01-26 18:58 - 2013-01-26 18:58 - 00000000 ____D C:\Program Files\Common Files\Java 2013-01-25 07:59 - 2012-11-23 23:45 - 00000000 ____D C:\Users\PhilundPepi\Tracing 2013-01-24 23:37 - 2010-01-19 18:23 - 00000000 ____D C:\Program Files\CCleaner 2013-01-24 23:33 - 2013-01-24 23:33 - 04189792 ____A (Piriform Ltd) C:\Users\Phil\Downloads\ccsetup327.exe 2013-01-24 22:42 - 2009-12-20 11:03 - 00000000 ____D C:\Windows\System32\RTCOM 2013-01-24 22:29 - 2013-01-24 22:29 - 00000000 ____D C:\Program Files\AMD APP 2013-01-24 22:27 - 2013-01-24 22:27 - 00000000 ____D C:\AMD ==================== Known DLLs (Whitelisted) ================= ==================== Bamital & volsnap Check ================= C:\Windows\explorer.exe => MD5 is legit C:\Windows\System32\winlogon.exe => MD5 is legit C:\Windows\System32\wininit.exe => MD5 is legit C:\Windows\System32\svchost.exe => MD5 is legit C:\Windows\System32\services.exe => MD5 is legit C:\Windows\System32\User32.dll => MD5 is legit C:\Windows\System32\userinit.exe => MD5 is legit C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit ==================== EXE ASSOCIATION ===================== HKLM\...\.exe: exefile => OK HKLM\...\exefile\DefaultIcon: %1 => OK HKLM\...\exefile\open\command: "%1" %* => OK ==================== Restore Points ========================= Restore point made on: 2013-02-13 08:03:01 Restore point made on: 2013-02-21 18:36:08 Restore point made on: 2013-02-21 23:05:12 Restore point made on: 2013-02-22 00:10:30 Restore point made on: 2013-02-22 11:31:23 ==================== Memory info =========================== Percentage of memory in use: 21% Total physical RAM: 2046.04 MB Available physical RAM: 1603.89 MB Total Pagefile: 2046.04 MB Available Pagefile: 1600.89 MB Total Virtual: 2047.88 MB Available Virtual: 1960.7 MB ==================== Partitions ============================= 1 Drive c: () (Fixed) (Total:297.99 GB) (Free:208.37 GB) NTFS 2 Drive e: () (Removable) (Total:7.37 GB) (Free:0.94 GB) FAT32 4 Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS 5 Drive y: () (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)] Datentr„ger ### Status Gr”áe Frei Dyn GPT --------------- ------------- ------- ------- --- --- Datentr„ger 0 Online 298 GB 0 B Datentr„ger 1 Online 7560 MB 0 B Partitions of Disk 0: =============== Datentr„ger-ID: 7D7AD924 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 100 MB 1024 KB Partition 2 Prim„r 297 GB 101 MB ========================================================= Disk: 0 Partition 1 Typ : 07 Versteckt: Nein Aktiv : Ja Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 1 Y NTFS Partition 100 MB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 297 GB Fehlerfre ========================================================= Disk: 0 Partition 2 Typ : 07 Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 2 C NTFS Partition 297 GB Fehlerfre ========================================================= Partitions of Disk 1: =============== Datentr„ger-ID: C3072E18 Partition ### Typ Gr”áe Offset ------------- ---------------- ------- ------- Partition 1 Prim„r 7558 MB 1308 KB ========================================================= Disk: 1 Partition 1 Typ : 0C Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Wechselmed 7558 MB Fehlerfre ========================================================= Disk: 1 Partition 1 Typ : 0C Versteckt: Nein Aktiv : Nein Volume ### Bst Bezeichnung DS Typ Gr”áe Status Info ---------- --- ----------- ----- ---------- ------- --------- -------- * Volume 3 E FAT32 Wechselmed 7558 MB Fehlerfre ========================================================= Last Boot: 2013-02-13 17:19 ==================== End Of Log ============================ Geändert von conqui (22.02.2013 um 15:24 Uhr) |
22.02.2013, 15:54 | #10 |
/// TB-Ausbilder | Trojaner Problem Lass dich von Avira nicht verwirren. Das meldet oft nicht richtig an Windows ob es funktioniert oder nicht. Wir hier bei TB empfehlen es eher nicht mehr. Jetzt führe bitte TDSSKiller nochmals aus wie beschrieben und lass das TDSS File System entfernen. Dann bitte ein Neustart. Danach bitte nochmals ein neues Logfile mit TDSSKiller.
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
22.02.2013, 21:33 | #11 |
| Trojaner Problem Hallo, ich habe eben nochmal den TDSSKiller scannen lassen und TDSS File System entfernt. Nun ist das Logfile so groß, dass ich es nicht posten kann, auch nicht als Anhang. Packen kann ich es auch nicht, da schreibgeschützt. Es ist 277kB groß, während das alte nur ca 135kB groß war...was soll ich tun? |
22.02.2013, 21:35 | #12 |
| Trojaner Problem Mit deiner Erlaubnis, hab ich ein PDF draus gemacht... |
22.02.2013, 21:42 | #13 |
/// TB-Ausbilder | Trojaner Problem Puh! Gut Dann hat das schon mal geklappt und wir können jetzt mit dem Rest weiter machen. Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Deinstallation von Programmen Schritt 2: AdwCleaner: Werbeprogramme suchen und löschen Downloade Dir bitte AdwCleaner auf deinen Desktop.Schritt 3: Temporäre Dateien löschen mit TFC Schritt 4: Scan mit Combofix
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
22.02.2013, 22:37 | #14 |
| Trojaner Problem Alle Schritte wurden der Reihe nach akribisch durchgeführt. Die beiden Logfiles: Schritt 2 Code:
ATTFilter # AdwCleaner v2.112 - Datei am 22/02/2013 um 22:02:48 erstellt # Aktualisiert am 10/02/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : Phil - PHIL-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\Phil\Desktop\adwcleaner0.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\extensions\{5a95a9e0-59dd-4314-bd84-4d18ca83a0e2}.xpi Ordner Gelöscht : C:\ProgramData\IBUpdaterService Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\eType Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\eType Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\extensions\staged Ordner Gelöscht : C:\Users\Phil\AppData\Roaming\PerformerSoft ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\Crossrider Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\SmartBar Schlüssel Gelöscht : HKCU\Software\Conduit Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{A6174F27-1FFF-E1D6-A93F-BA48AD5DD448} Schlüssel Gelöscht : HKCU\Software\Softonic Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\Savings Sidekick_RASMANCS Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASAPI32 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\WajamUpdater_RASMANCS Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Updater Service Schlüssel Gelöscht : HKLM\Software\ResearchNow ***** [Internet Browser] ***** -\\ Internet Explorer v9.0.8112.16464 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v [Version kann nicht ermittelt werden] Datei : C:\Users\Phil\AppData\Roaming\Mozilla\Firefox\Profiles\zertviwk.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\PhilundPepi\AppData\Roaming\Mozilla\Firefox\Profiles\lwh4h64n.default\prefs.js [OK] Die Datei ist sauber. Datei : C:\Users\Gast\AppData\Roaming\Mozilla\Firefox\Profiles\3y48bae2.default\prefs.js [OK] Die Datei ist sauber. -\\ Google Chrome v24.0.1312.57 Datei : C:\Users\Phil\AppData\Local\Google\Chrome\User Data\Default\Preferences Gelöscht [l.38] : keyword = "startsear.ch", Gelöscht [l.41] : search_url = "hxxp://startsear.ch/?aff=1&q={searchTerms}", Datei : C:\Users\PhilundPepi\AppData\Local\Google\Chrome\User Data\Default\Preferences [OK] Die Datei ist sauber. ************************* AdwCleaner[S2].txt - [2813 octets] - [22/02/2013 22:02:48] ########## EOF - C:\AdwCleaner[S2].txt - [2873 octets] ########## Code:
ATTFilter ComboFix 13-02-22.01 - Phil 22.02.2013 22:20:46.1.2 - x86 Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.2046.886 [GMT 1:00] ausgeführt von:: c:\users\Phil\Desktop\ComboFix.exe AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C} SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691} SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . (((((((((((((((((((((((((((((((((((( Weitere Löschungen )))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\Roaming c:\users\Phil\AppData\Roaming\AcroIEHelpe.txt . . ((((((((((((((((((((((( Dateien erstellt von 2013-01-22 bis 2013-02-22 )))))))))))))))))))))))))))))) . . 2013-02-22 20:17 . 2013-02-22 20:17 -------- d-----w- C:\TDSSKiller_Quarantine 2013-02-22 14:19 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{903F4B5B-705E-4B87-B874-E3299C5209ED}\mpengine.dll 2013-02-22 14:10 . 2013-02-22 14:10 -------- d-----w- C:\FRST 2013-02-21 23:13 . 2013-01-08 21:56 2382848 ----a-w- c:\windows\system32\mshtml.tlb 2013-02-21 23:13 . 2013-01-08 22:42 149528 ----a-w- c:\program files\Internet Explorer\sqmapi.dll 2013-02-21 23:13 . 2013-01-08 22:00 194048 ----a-w- c:\program files\Internet Explorer\IEShims.dll 2013-02-21 23:13 . 2013-01-08 21:58 420864 ----a-w- c:\windows\system32\vbscript.dll 2013-02-21 23:13 . 2013-01-08 22:03 1129472 ----a-w- c:\windows\system32\wininet.dll 2013-02-21 23:13 . 2013-01-08 22:00 194560 ----a-w- c:\program files\Internet Explorer\ieproxy.dll 2013-02-21 23:13 . 2013-01-08 21:59 142848 ----a-w- c:\windows\system32\ieUnatt.exe 2013-02-21 23:12 . 2013-01-08 22:42 757280 ----a-w- c:\program files\Internet Explorer\iexplore.exe 2013-02-21 23:12 . 2013-01-08 22:11 1800704 ----a-w- c:\windows\system32\jscript9.dll 2013-02-21 23:12 . 2013-01-08 22:05 678912 ----a-w- c:\program files\Internet Explorer\iedvtool.dll 2013-02-21 23:12 . 2013-01-08 22:04 387584 ----a-w- c:\program files\Internet Explorer\jsdbgui.dll 2013-02-21 23:12 . 2013-01-08 22:03 1427968 ----a-w- c:\windows\system32\inetcpl.cpl 2013-02-21 23:12 . 2013-01-08 22:01 768000 ----a-w- c:\program files\Common Files\Microsoft Shared\VGX\VGX.dll 2013-02-21 22:13 . 2013-02-21 22:14 -------- d-----w- c:\users\PhilundPepi\AppData\Roaming\vlc 2013-02-21 22:06 . 2013-02-21 22:06 94112 ----a-w- c:\windows\system32\WindowsAccessBridge.dll 2013-02-21 17:52 . 2013-02-21 17:52 -------- d-----w- c:\program files\iPod 2013-02-21 17:52 . 2013-02-21 17:53 -------- d-----w- c:\programdata\188F1432-103A-4ffb-80F1-36B633C5C9E1 2013-02-21 17:52 . 2013-02-21 17:53 -------- d-----w- c:\program files\iTunes 2013-02-21 17:38 . 2013-01-05 05:00 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe 2013-02-21 17:38 . 2013-01-05 05:00 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe 2013-02-21 17:38 . 2013-01-03 05:05 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys 2013-02-21 17:38 . 2013-01-03 05:04 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS 2013-02-21 17:38 . 2013-01-04 04:50 169984 ----a-w- c:\windows\system32\winsrv.dll 2013-02-13 05:48 . 2013-01-04 03:00 2347008 ----a-w- c:\windows\system32\win32k.sys 2013-02-06 05:27 . 2013-02-21 22:01 -------- d-----w- c:\users\PhilundPepi\AppData\Local\Mozilla Firefox 2013-01-27 10:13 . 2013-01-27 10:13 -------- d-----w- c:\program files\Common Files\Skype 2013-01-26 17:58 . 2013-01-26 17:58 -------- d-----w- c:\program files\Common Files\Java 2013-01-24 21:42 . 2009-11-18 17:42 1783056 ----a-w- c:\windows\system32\WavesLib.dll 2013-01-24 21:41 . 2012-06-14 12:43 5096448 ----a-w- c:\windows\system32\RCoRes.dat 2013-01-24 21:29 . 2013-01-24 21:29 -------- d-----w- c:\program files\AMD APP 2013-01-24 21:27 . 2013-01-24 21:27 -------- d-----w- C:\AMD . . . (((((((((((((((((((((((((((((((((((( Find3M Bericht )))))))))))))))))))))))))))))))))))))))))))))))))))))) . 2013-02-21 22:06 . 2011-01-04 06:25 782240 ----a-w- c:\windows\system32\deployJava1.dll 2013-02-21 22:03 . 2012-03-31 08:14 691568 ----a-w- c:\windows\system32\FlashPlayerApp.exe 2013-02-21 22:03 . 2011-07-08 18:20 71024 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl 2013-02-06 18:13 . 2012-08-14 06:47 861088 ----a-w- c:\windows\system32\npDeployJava1.dll 2013-01-17 00:28 . 2009-12-19 23:02 232336 ------w- c:\windows\system32\MpSigStub.exe 2012-12-19 14:45 . 2012-12-19 14:45 180224 ----a-w- c:\windows\system32\clinfo.exe 2012-12-19 14:44 . 2012-12-19 14:44 65536 ----a-w- c:\windows\system32\OpenVideo.dll 2012-12-19 14:44 . 2012-12-19 14:44 56320 ----a-w- c:\windows\system32\OVDecode.dll 2012-12-19 14:38 . 2012-12-19 14:38 28732928 ----a-w- c:\windows\system32\amdocl.dll 2012-12-19 14:34 . 2012-12-19 14:34 50176 ----a-w- c:\windows\system32\OpenCL.dll 2012-12-16 14:13 . 2012-12-21 19:26 295424 ----a-w- c:\windows\system32\atmfd.dll 2012-12-16 14:13 . 2012-12-21 19:26 34304 ----a-w- c:\windows\system32\atmlib.dll 2012-12-13 12:50 . 2012-12-13 12:50 6112864 ----a-w- c:\windows\system32\usbaaplrc.dll 2012-12-13 12:50 . 2012-12-13 12:50 45056 ----a-w- c:\windows\system32\drivers\usbaapl.sys 2012-12-11 12:36 . 2012-11-11 11:36 134336 ----a-w- c:\windows\system32\drivers\avipbb.sys 2012-12-11 12:36 . 2012-11-11 11:36 83944 ----a-w- c:\windows\system32\drivers\avgntflt.sys 2012-12-07 12:26 . 2013-01-09 04:45 308736 ----a-w- c:\windows\system32\Wpc.dll 2012-12-07 12:20 . 2013-01-09 04:45 2576384 ----a-w- c:\windows\system32\gameux.dll 2012-12-07 10:46 . 2013-01-09 04:45 43520 ----a-w- c:\windows\system32\csrr.rs 2012-12-07 10:46 . 2013-01-09 04:45 30720 ----a-w- c:\windows\system32\usk.rs 2012-12-07 10:46 . 2013-01-09 04:45 45568 ----a-w- c:\windows\system32\oflc-nz.rs 2012-12-07 10:46 . 2013-01-09 04:45 44544 ----a-w- c:\windows\system32\pegibbfc.rs 2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi-pt.rs 2012-12-07 10:46 . 2013-01-09 04:45 23552 ----a-w- c:\windows\system32\oflc.rs 2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi-fi.rs 2012-12-07 10:46 . 2013-01-09 04:45 46592 ----a-w- c:\windows\system32\fpb.rs 2012-12-07 10:46 . 2013-01-09 04:45 20480 ----a-w- c:\windows\system32\pegi.rs 2012-12-07 10:46 . 2013-01-09 04:45 21504 ----a-w- c:\windows\system32\grb.rs 2012-12-07 10:46 . 2013-01-09 04:45 40960 ----a-w- c:\windows\system32\cob-au.rs 2012-12-07 10:46 . 2013-01-09 04:45 15360 ----a-w- c:\windows\system32\djctq.rs 2012-12-07 10:46 . 2013-01-09 04:45 55296 ----a-w- c:\windows\system32\cero.rs 2012-12-07 10:46 . 2013-01-09 04:45 51712 ----a-w- c:\windows\system32\esrb.rs 2012-11-30 04:47 . 2013-01-09 04:45 293376 ----a-w- c:\windows\system32\KernelBase.dll 2012-11-30 04:45 . 2013-01-09 04:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-synch-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-misc-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 4096 ---ha-w- c:\windows\system32\api-ms-win-core-localization-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-memory-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-heap-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-string-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-profile-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-io-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 5120 ---ha-w- c:\windows\system32\api-ms-win-core-file-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-handle-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-debug-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll 2012-11-30 04:45 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-console-l1-1-0.dll 2012-11-30 02:55 . 2013-01-09 04:45 271360 ----a-w- c:\windows\system32\conhost.exe 2012-11-30 02:38 . 2013-01-09 04:45 6144 ---ha-w- c:\windows\system32\api-ms-win-security-base-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 04:45 4608 ---ha-w- c:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 04:45 3584 ---ha-w- c:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll 2012-11-30 02:38 . 2013-01-09 04:45 3072 ---ha-w- c:\windows\system32\api-ms-win-core-util-l1-1-0.dll . . (((((((((((((((((((((((((((( Autostartpunkte der Registrierung )))))))))))))))))))))))))))))))))))))))) . . *Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt. REGEDIT4 . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9"="c:\program files\Google\Chrome\Application\chrome.exe" [2013-01-26 1248208] . [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "DataCardMonitor"="c:\program files\T-Mobile\web'n'walk Manager\DataCardMonitor.exe" [2010-04-29 253952] "Smart File Advisor"="c:\program files\Smart File Advisor\sfa.exe" [2011-04-04 280824] "avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-02-06 385248] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "EnableUIADesktopToggle"= 0 (0x0) . [HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.1.lnk] path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk backup=c:\windows\pss\OpenOffice.org 3.1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.1.lnk] path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk backup=c:\windows\pss\OpenOffice.org 3.4.1.lnk.Startup backupExtension=.Startup . [HKLM\~\startupfolder\C:^Users^Phil^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^OpenOffice.org 3.4.lnk] path=c:\users\Phil\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.lnk backup=c:\windows\pss\OpenOffice.org 3.4.lnk.Startup backupExtension=.Startup . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe ARM] 2012-07-27 20:51 919008 ----a-w- c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher] 2012-07-27 20:51 35768 ----a-w- c:\program files\Adobe\Reader 10.0\Reader\reader_sl.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Akamai NetSession Interface] 2011-11-14 23:39 3303000 ----a-w- c:\users\Phil\AppData\Local\Akamai\netsession_win.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\APSDaemon] 2013-01-28 12:08 59720 ----a-w- c:\program files\Common Files\Apple\Apple Application Support\APSDaemon.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BtTray] 2010-03-08 12:16 319574 ----a-w- c:\program files\IVT Corporation\BlueSoleil\BtTray.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\emsisoft anti-malware] 2012-09-19 03:33 3363240 ----a-w- c:\program files\Emsisoft Anti-Malware\a2guard.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GoogleChromeAutoLaunch_3C063AA4110F43C4A83767362D40A1E9] 2013-01-26 02:35 1248208 ----a-w- c:\program files\Google\Chrome\Application\chrome.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper] 2013-02-20 11:35 152392 ----a-w- c:\program files\iTunes\iTunesHelper.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ Malwarebytes Anti-Malware (reboot)] 2012-09-07 15:04 981656 ----a-w- c:\program files\Malwarebytes' Anti-Malware\mbam.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ooVoo.exe] 2011-08-14 10:02 21975120 ----a-w- c:\program files\ooVoo\ooVoo.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PrinterProDesktop] 2012-02-02 16:22 2132992 ----a-w- c:\program files\Printer Pro Desktop\PrinterProDesktop.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task] 2012-10-25 02:12 421888 ----a-w- c:\program files\QuickTime\QTTask.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Skype] 2013-01-08 11:59 18705664 ----a-r- c:\program files\Skype\Phone\Skype.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched] 2012-07-03 08:04 252848 ----a-w- c:\program files\Common Files\Java\Java Update\jusched.exe . [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe] 2012-08-14 06:54 296096 ----a-w- c:\program files\Real\RealPlayer\Update\realsched.exe . R2 Skype C2C Service;Skype C2C Service;c:\programdata\Skype\Toolbars\Skype C2C Service\c2c_service.exe [x] R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x] R3 a2acc;a2acc;c:\program files\EMSISOFT ANTI-MALWARE\a2accx86.sys [x] R3 RdpVideoMiniport;Remote Desktop Video Miniport Driver;c:\windows\system32\drivers\rdpvideominiport.sys [x] R3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x] R3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x] R3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x] R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x] S0 BtHidBus;Bluetooth HID Bus Service;c:\windows\System32\Drivers\BtHidBus.sys [x] S1 A2DDA;A2 Direct Disk Access Support Driver;c:\program files\Emsisoft Anti-Malware\a2ddax86.sys [x] S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x] S2 a2AntiMalware;Emsisoft Anti-Malware 6.6 - Service;c:\program files\Emsisoft Anti-Malware\a2service.exe [x] S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x] S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x] S2 BsMobileCS;BsMobileCS;c:\program files\IVT Corporation\BlueSoleil\BsMobileCS.exe [x] S2 NSUService;NSUService;c:\program files\Sony\Network Utility\NSUService.exe [x] S2 RtkAudioService;Realtek Audio Service;c:\windows\RtkAudioService.exe [x] S2 VAIO Power Management;VAIO Power Management;c:\program files\Sony\VAIO Power Management\SPMService.exe [x] S3 btnetBUs;Bluetooth PAN Bus Service;c:\windows\system32\Drivers\btnetBus.sys [x] S3 IvtBtBUs;IVT Bluetooth Bus Service;c:\windows\system32\Drivers\IvtBtBus.sys [x] S3 netw5v32;Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows Vista 32 Bit;c:\windows\system32\DRIVERS\netw5v32.sys [x] S3 SFEP;Sony Firmware Extension Parser;c:\windows\system32\DRIVERS\SFEP.sys [x] S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x] . . [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] Akamai REG_MULTI_SZ Akamai GPSvcGroup REG_MULTI_SZ GPSvc . [HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}] 2013-01-31 09:42 1607120 ----a-w- c:\program files\Google\Chrome\Application\24.0.1312.57\Installer\chrmstp.exe . Inhalt des "geplante Tasks" Ordners . 2013-02-22 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-03-31 22:03] . 2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:51] . 2013-02-22 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job - c:\program files\Google\Update\GoogleUpdate.exe [2010-01-08 06:51] . . ------- Zusätzlicher Suchlauf ------- . uStart Page = IE: Free YouTube Download - c:\users\Phil\AppData\Roaming\DVDVideoSoftIEHelpers\freeytvdownloader.htm TCP: DhcpNameServer = 192.168.178.1 . . ------- Dateityp-Verknüpfung ------- . .scr=AutoCADScriptFile . - - - - Entfernte verwaiste Registrierungseinträge - - - - . ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) MSConfigStartUp-Acrobat Assistant 8 - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe MSConfigStartUp-Adobe Acrobat Speed Launcher - c:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe MSConfigStartUp-EA Core - c:\program files\Electronic Arts\EADM\Core.exe MSConfigStartUp-eType - c:\users\Phil\AppData\Roaming\eType\eType.exe MSConfigStartUp-SpybotSD TeaTimer - c:\program files\Spybot - Search & Destroy\TeaTimer.exe MSConfigStartUp-SpywareTerminatorUpdate - c:\program files\Spyware Terminator\SpywareTerminatorUpdate.exe MSConfigStartUp-Userinit - c:\users\Phil\AppData\Roaming\appconf32.exe MSConfigStartUp-VeohPlugin - c:\program files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe MSConfigStartUp-{71C53565-4DB3-C671-5C01-C994463D4DC6} - c:\users\Phil\AppData\Roaming\Xeodby\asdae.exe AddRemove-eType - c:\users\Phil\AppData\Roaming\eType\eTypeUninstall.exe . . . --------------------- Gesperrte Registrierungsschluessel --------------------- . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) . Zeit der Fertigstellung: 2013-02-22 22:32:00 ComboFix-quarantined-files.txt 2013-02-22 21:32 . Vor Suchlauf: 13 Verzeichnis(se), 223.987.011.584 Bytes frei Nach Suchlauf: 18 Verzeichnis(se), 223.496.523.776 Bytes frei . - - End Of File - - 5AD44E103BC95BF5F3652767CCE79912 |
23.02.2013, 09:57 | #15 |
/// TB-Ausbilder | Trojaner Problem Sehr schön, das müßte es gewesen sein! Schritt 1: (Erinnerung: Antworte mir erst, wenn du alle Schritte abgearbeitet hast!) Windows-Defender abschalten Da du einen anderen Virenscanner benutzt solltest du dringend den windowseigenen Scanner abschalten:
Schritt 2: Hinweis: Der Scan kann sehr lange (einige Stunden) dauern! Schritt 3: Scan mit SecurityCheck Downloade Dir bitte SecurityCheck und:
__________________ Digitale Freibeuter gegen Malware! Keine Hilfe per PM! |
Themen zu Trojaner Problem |
allgemein, antivir, bessere, dvd, fehlermeldung, festplatte, funktioniert, geräusche, gestartet, heute, internet, natürlich, neustart, nutzen, platte, plötzlich, problem, rechner, stark, system, systemwiederherstellung, trojaner, trojaner problem, wahrscheinlich, windows 7 |