| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit MalwarebytesWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
26.03.2013, 13:01
| #1 |
 |  EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Liebe Trojaner-Board-Member, meine Freundin hat mir aus dem Urlaub einen Kulturbeutel mit Schnurrbärten und ihren von Viren verseuchten Laptop mitgebracht. Ich könnte Hilfe gebrauchen! Ich habe mich hier etwas umgesehen und die zwei Themen unterhalb gefunden, die ähnlich klingen. Nur sind die Lösungen sehr unterschiedlich. Daher macht es wohl Sinn, neu zu posten. http://www.trojaner-board.de/124660-...8-5353-aj.html http://www.trojaner-board.de/123997-...r-langsam.html Zunächst habe ich mit Free Antivir gescannt: Code:
ATTFilter ��
Avira Free Antivirus
Erstellungsdatum der Reportdatei: Dienstag, 26. M�rz 2013 07:53
Das Programm l�uft als uneingeschr�nkte Vollversion.
Online-Dienste stehen zur Verf�gung.
Lizenznehmer : Avira Free Antivirus
Seriennummer : 0000149996-ADJIE-0000001
Plattform : Windows 7 Professional
Windowsversion : (Service Pack 1) [6.1.7601]
Boot Modus : Abgesicherter Modus
Benutzername : Fr Fee
Computername : FRFEE-PC
Versionsinformationen:
BUILD.DAT : 13.0.0.3499 49286 Bytes 19.03.2013 16:29:00
AVSCAN.EXE : 13.6.0.986 639712 Bytes 08.03.2013 14:58:40
AVSCANRC.DLL : 13.4.0.360 64800 Bytes 07.12.2012 08:39:19
LUKE.DLL : 13.6.0.902 67808 Bytes 04.03.2013 14:27:51
AVSCPLR.DLL : 13.6.0.986 94944 Bytes 08.03.2013 14:58:40
AVREG.DLL : 13.6.0.940 250592 Bytes 06.03.2013 15:13:27
avlode.dll : 13.6.2.940 434912 Bytes 06.03.2013 15:13:26
avlode.rdf : 13.0.0.44 15591 Bytes 19.03.2013 08:12:28
VBASE000.VDF : 7.10.0.0 19875328 Bytes 06.11.2009 14:50:29
VBASE001.VDF : 7.11.0.0 13342208 Bytes 14.12.2010 08:51:35
VBASE002.VDF : 7.11.19.170 14374912 Bytes 20.12.2011 08:51:41
VBASE003.VDF : 7.11.21.238 4472832 Bytes 01.02.2012 08:51:42
VBASE004.VDF : 7.11.26.44 4329472 Bytes 28.03.2012 08:51:44
VBASE005.VDF : 7.11.34.116 4034048 Bytes 29.06.2012 11:25:54
VBASE006.VDF : 7.11.41.250 4902400 Bytes 06.09.2012 11:25:56
VBASE007.VDF : 7.11.50.230 3904512 Bytes 22.11.2012 08:39:18
VBASE008.VDF : 7.11.60.10 6627328 Bytes 07.02.2013 13:15:26
VBASE009.VDF : 7.11.60.11 2048 Bytes 07.02.2013 13:15:26
VBASE010.VDF : 7.11.60.12 2048 Bytes 07.02.2013 13:15:26
VBASE011.VDF : 7.11.60.13 2048 Bytes 07.02.2013 13:15:26
VBASE012.VDF : 7.11.60.14 2048 Bytes 07.02.2013 13:15:26
VBASE013.VDF : 7.11.60.62 351232 Bytes 08.02.2013 13:15:26
VBASE014.VDF : 7.11.60.115 190976 Bytes 09.02.2013 13:15:26
VBASE015.VDF : 7.11.60.177 282624 Bytes 11.02.2013 13:15:26
VBASE016.VDF : 7.11.60.249 215552 Bytes 13.02.2013 15:47:36
VBASE017.VDF : 7.11.61.65 151040 Bytes 15.02.2013 15:47:36
VBASE018.VDF : 7.11.61.135 159232 Bytes 18.02.2013 15:47:36
VBASE019.VDF : 7.11.61.163 152064 Bytes 18.02.2013 15:47:36
VBASE020.VDF : 7.11.61.207 164352 Bytes 19.02.2013 15:47:36
VBASE021.VDF : 7.11.62.43 206336 Bytes 21.02.2013 15:47:36
VBASE022.VDF : 7.11.64.106 1510912 Bytes 11.03.2013 15:18:11
VBASE023.VDF : 7.11.64.107 2048 Bytes 11.03.2013 08:12:36
VBASE024.VDF : 7.11.64.108 2048 Bytes 11.03.2013 08:12:36
VBASE025.VDF : 7.11.64.109 2048 Bytes 11.03.2013 08:12:36
VBASE026.VDF : 7.11.64.110 2048 Bytes 11.03.2013 08:12:36
VBASE027.VDF : 7.11.64.111 2048 Bytes 11.03.2013 08:12:36
VBASE028.VDF : 7.11.64.112 2048 Bytes 11.03.2013 08:12:36
VBASE029.VDF : 7.11.64.113 2048 Bytes 11.03.2013 08:12:36
VBASE030.VDF : 7.11.64.114 2048 Bytes 11.03.2013 08:12:36
VBASE031.VDF : 7.11.64.154 126976 Bytes 12.03.2013 08:12:36
Engineversion : 8.2.12.14
AEVDF.DLL : 8.1.2.10 102772 Bytes 29.11.2012 11:25:33
AESCRIPT.DLL : 8.1.4.96 471420 Bytes 08.03.2013 14:58:35
AESCN.DLL : 8.1.10.0 131445 Bytes 25.01.2013 09:24:59
AESBX.DLL : 8.2.5.12 606578 Bytes 29.11.2012 11:25:33
AERDL.DLL : 8.2.0.88 643444 Bytes 25.01.2013 09:24:59
AEPACK.DLL : 8.3.2.0 827767 Bytes 08.03.2013 14:58:35
AEOFFICE.DLL : 8.1.2.56 205180 Bytes 08.03.2013 14:58:35
AEHEUR.DLL : 8.1.4.236 5833081 Bytes 08.03.2013 14:58:35
AEHELP.DLL : 8.1.25.2 258423 Bytes 29.11.2012 11:25:30
AEGEN.DLL : 8.1.6.16 434549 Bytes 25.01.2013 09:24:56
AEEXP.DLL : 8.4.0.10 192886 Bytes 08.03.2013 14:58:30
AEEMU.DLL : 8.1.3.2 393587 Bytes 29.11.2012 11:25:29
AECORE.DLL : 8.1.31.2 201080 Bytes 25.02.2013 15:47:15
AEBB.DLL : 8.1.1.4 53619 Bytes 29.11.2012 11:25:29
AVWINLL.DLL : 13.6.0.480 26480 Bytes 25.01.2013 09:25:06
AVPREF.DLL : 13.6.0.480 51056 Bytes 25.01.2013 09:25:03
AVREP.DLL : 13.6.0.480 178544 Bytes 25.01.2013 09:25:03
AVARKT.DLL : 13.6.0.902 260832 Bytes 04.03.2013 14:27:38
AVEVTLOG.DLL : 13.6.0.902 167648 Bytes 04.03.2013 14:27:40
SQLITE3.DLL : 3.7.0.1 397704 Bytes 25.01.2013 09:25:19
AVSMTP.DLL : 13.6.0.480 62832 Bytes 25.01.2013 09:25:04
NETNT.DLL : 13.6.0.480 16240 Bytes 25.01.2013 09:25:15
RCIMAGE.DLL : 13.4.0.360 4780832 Bytes 07.12.2012 08:39:21
RCTEXT.DLL : 13.6.0.976 69344 Bytes 08.03.2013 14:58:59
Konfiguration f�r den aktuellen Suchlauf:
Job Name..............................: Lokale Festplatten
Konfigurationsdatei...................: C:\Program Files\Avira\AntiVir Desktop\alldiscs.avp
Protokollierung.......................: standard
Prim�re Aktion........................: interaktiv
Sekund�re Aktion......................: ignorieren
Durchsuche Masterbootsektoren.........: ein
Durchsuche Bootsektoren...............: ein
Bootsektoren..........................: C:, D:,
Durchsuche aktive Programme...........: ein
Durchsuche Registrierung..............: ein
Suche nach Rootkits...................: aus
Integrit�tspr�fung von Systemdateien..: ein
Datei Suchmodus.......................: Alle Dateien
Durchsuche Archive....................: ein
Rekursionstiefe einschr�nken..........: 20
Archiv Smart Extensions...............: ein
Makrovirenheuristik...................: ein
Dateiheuristik........................: erweitert
Beginn des Suchlaufs: Dienstag, 26. M�rz 2013 07:53
Der Suchlauf �ber die Masterbootsektoren wird begonnen:
Masterbootsektor HD0
[INFO] Es wurde kein Virus gefunden!
Masterbootsektor HD1
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf �ber die Bootsektoren wird begonnen:
Bootsektor 'C:\'
[INFO] Es wurde kein Virus gefunden!
Bootsektor 'D:\'
[INFO] Es wurde kein Virus gefunden!
Der Suchlauf �ber gestartete Prozesse wird begonnen:
Durchsuche Prozess 'avscan.exe' - '105' Modul(e) wurden durchsucht
Durchsuche Prozess 'wmiprvse.exe' - '52' Modul(e) wurden durchsucht
Durchsuche Prozess 'avcenter.exe' - '111' Modul(e) wurden durchsucht
Durchsuche Prozess 'avgnt.exe' - '82' Modul(e) wurden durchsucht
Durchsuche Prozess 'ctfmon.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'Explorer.EXE' - '167' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '29' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '49' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '26' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '30' Modul(e) wurden durchsucht
Durchsuche Prozess 'svchost.exe' - '51' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsm.exe' - '18' Modul(e) wurden durchsucht
Durchsuche Prozess 'lsass.exe' - '59' Modul(e) wurden durchsucht
Durchsuche Prozess 'services.exe' - '31' Modul(e) wurden durchsucht
Durchsuche Prozess 'winlogon.exe' - '23' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'wininit.exe' - '21' Modul(e) wurden durchsucht
Durchsuche Prozess 'csrss.exe' - '16' Modul(e) wurden durchsucht
Durchsuche Prozess 'smss.exe' - '2' Modul(e) wurden durchsucht
Untersuchung der Systemdateien wird begonnen:
Signiert -> 'C:\Windows\system32\svchost.exe'
Signiert -> 'C:\Windows\system32\winlogon.exe'
Signiert -> 'C:\Windows\explorer.exe'
Signiert -> 'C:\Windows\system32\smss.exe'
Signiert -> 'C:\Windows\system32\wininet.DLL'
Signiert -> 'C:\Windows\system32\wsock32.DLL'
Signiert -> 'C:\Windows\system32\ws2_32.DLL'
Signiert -> 'C:\Windows\system32\services.exe'
Signiert -> 'C:\Windows\system32\lsass.exe'
Signiert -> 'C:\Windows\system32\csrss.exe'
Signiert -> 'C:\Windows\system32\drivers\kbdclass.sys'
Signiert -> 'C:\Windows\system32\spoolsv.exe'
Signiert -> 'C:\Windows\system32\alg.exe'
Signiert -> 'C:\Windows\system32\wuauclt.exe'
Signiert -> 'C:\Windows\system32\advapi32.DLL'
Signiert -> 'C:\Windows\system32\user32.DLL'
Signiert -> 'C:\Windows\system32\gdi32.DLL'
Signiert -> 'C:\Windows\system32\kernel32.DLL'
Signiert -> 'C:\Windows\system32\ntdll.DLL'
Signiert -> 'C:\Windows\system32\ntoskrnl.exe'
Signiert -> 'C:\Windows\system32\ctfmon.exe'
Die Systemdateien wurden durchsucht ('21' Dateien)
Der Suchlauf auf Verweise zu ausf�hrbaren Dateien (Registry) wird begonnen:
Die Registry wurde durchsucht ( '2968' Dateien ).
Der Suchlauf �ber die ausgew�hlten Dateien wird begonnen:
Beginne mit der Suche in 'C:\'
[0] Archivtyp: RSRC
--> C:\Users\Fr Fee\AppData\Local\Temp\jre-6u35-windows-i586-iftw.exe
[1] Archivtyp: Runtime Packed
--> C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da
[2] Archivtyp: ZIP
--> l_t_a/a2.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/l_t_e.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/CVE-2012-0507.BK
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/l_t_a.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/Blacole.FU.5
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/F.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/CVE-2012-0507.A.335
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/l_t_b.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/2012-0507.ED
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/l_t_d.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
--> l_t_a/l_t_c.class
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[WARNUNG] Infizierte Dateien in Archiven k�nnen nicht repariert werden
C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
Beginne mit der Suche in 'D:\' <RECOVERY>
Beginne mit der Desinfektion:
C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da
[FUND] Enth�lt Erkennungsmuster des Exploits EXP/JAVA.Ternub.Gen
[HINWEIS] Die Datei wurde ins Quarant�neverzeichnis unter dem Namen '56adcf74.qua' verschoben!
Ende des Suchlaufs: Dienstag, 26. M�rz 2013 08:48
Ben�tigte Zeit: 54:19 Minute(n)
Der Suchlauf wurde vollst�ndig durchgef�hrt.
25646 Verzeichnisse wurden �berpr�ft
273773 Dateien wurden gepr�ft
8 Viren bzw. unerw�nschte Programme wurden gefunden
0 Dateien wurden als verd�chtig eingestuft
0 Dateien wurden gel�scht
0 Viren bzw. unerw�nschte Programme wurden repariert
1 Dateien wurden in die Quarant�ne verschoben
0 Dateien wurden umbenannt
0 Dateien konnten nicht durchsucht werden
273765 Dateien ohne Befall
3983 Archive wurden durchsucht
7 Warnungen
1 Hinweise
Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.03.25.10 Windows 7 Service Pack 1 x86 FAT32 (Abgesichertenmodus) Internet Explorer 9.0.8112.16421 Fr Fee :: FRFEE-PC [Administrator] Schutz: Deaktiviert 26.03.2013 08:56:36 MBAM-log-2013-03-26 (09-46-31).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 328231 Laufzeit: 42 Minute(n), 33 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 2 HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\Run|{8B6E56F1-F72F-CA33-A75E-CBBC34E38F76} (Trojan.Ransom.ED) -> Daten: "C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe" -> Keine Aktion durchgeführt. HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (PUM.UserWLoad) -> Daten: c:\users\frfee~1\dxahap.exe -> Keine Aktion durchgeführt. Infizierte Dateiobjekte der Registrierung: 1 HKCU\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows|Load (Trojan.Ransom.ED) -> Bösartig: (c:\users\frfee~1\dxahap.exe) Gut: () -> Keine Aktion durchgeführt. Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 5 C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. C:\Users\Fr Fee\dxahap.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. C:\Users\Fr Fee\dxqmhhr.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. C:\Users\Fr Fee\dxygpfj.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe (Trojan.Ransom.ED) -> Keine Aktion durchgeführt. (Ende) Die übrigen Logfiles sind in der Zip-Datei. Ich hoffe sehr, damit könnt ihr etwas anfangen und freue mich über jede Hilfe! Beste Grüße, John Geändert von JVG (26.03.2013 um 13:25 Uhr) |
|
26.03.2013, 13:53
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Hallo und
__________________ Zitat:
Oder ist das rein zufällig ein Büro-/Firmen-PC bzw. ein Uni-Rechner?
__________________ |
|
26.03.2013, 14:44
| #3 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Warum da Win Prof. drauf ist kann ich Dir momentan leider nicht sagen. Das müsste ich sie bei Gelegenheit fragen. Ob das etwas bringt weiß ich aber nicht - sie hat noch weniger Ahnung von der Materie als ich. Allerdings kapiere ich auch nicht, was das mit dem Problem zu tun haben könnte? Kannst Du mir das erklären. Danke!
__________________ |
|
26.03.2013, 16:11
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Der Grund ist ganz einfach. Wenn ich ein Professional Windows sehe, liegt die Vermutung nahe, es könnte gewerbliche Nutzung vorliegen und dann müssen besondere Hinweise gepostet werden. Wird dieses System auch gewerblich genutzt?
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
26.03.2013, 17:54
| #5 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Ah, daher weht der Wind. Nee, das System ist rein Privat. Warum sie das drauf hat, weiß ich nicht, kann mir aber spontan sehr wohl Szenarien vorstellen, wie es dazu kommen kann. Beweisen kann ich Dir das jetzt natürlich nicht. Hab ich ehrlich gesagt auch wenig Böcke zu, hier gibt es nämlich ein tatsächliches Problem, das ich gerne lösen würde. Ich bin immer noch an Hilfe interessiert. Also, entweder Du glaubst mir einfach oder wir müssen die Sache eben bleiben lassen. Nichts für ungut, ihr habt hier sicher berechtigte Bedenken wegen gewerblicher Heinis, die euren Service nutzen wollen. Aber in diesem Fall ist die "Vermutung" eben verkehrt. Mehr kann ich dazu nicht sagen. |
|
26.03.2013, 22:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Na dann ist ja ok. Ich will nur späteres "rumgeheule" vermeiden, denn wir hatten schon Anfragen dass in mehrere Monate bis jahrealten Threads ja so sensible Daten stehen und die auf einmal alle gelöscht werden müssen.  Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ --> EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes |
|
27.03.2013, 10:19
| #7 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Cosinus, zuächst einmal danke für Deine Hilfe! Ich weiß das zu schätzen. MBAR het nichts ergeben: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.27.04
Windows 7 Service Pack 1 x86 NTFS (Safe Mode)
Internet Explorer 9.0.8112.16421
Fr Fee :: FRFEE-PC [administrator]
27.03.2013 08:17:32
mbar-log-2013-03-27 (08-17-32).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 24913
Time elapsed: 8 minute(s), 2 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-27 08:22:59
-----------------------------
08:22:59.733 OS Version: Windows 6.1.7601 Service Pack 1
08:22:59.733 Number of processors: 2 586 0xF0D
08:22:59.733 ComputerName: FRFEE-PC UserName: Fr Fee
08:23:00.123 Initialize success
08:24:06.376 AVAST engine defs: 13032601
08:24:43.707 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
08:24:43.707 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 11
08:24:43.816 Disk 0 MBR read successfully
08:24:43.816 Disk 0 MBR scan
08:24:43.832 Disk 0 Windows 7 default MBR code
08:24:43.832 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
08:24:43.847 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 208896
08:24:43.863 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139723 MB offset 21180416
08:24:43.863 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
08:24:43.925 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
08:24:43.925 Disk 0 scanning sectors +312578048
08:24:44.003 Disk 0 scanning C:\Windows\system32\drivers
08:24:54.315 Service scanning
08:25:13.441 Modules scanning
08:25:21.412 Disk 0 trace - called modules:
08:25:21.428 ntkrnlpa.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
08:25:21.443 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8556b2a8]
08:25:21.459 3 CLASSPNP.SYS[8a5d759e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP1T0L0-2[0x850e1908]
08:25:22.333 AVAST engine scan C:\Windows
08:25:23.986 AVAST engine scan C:\Windows\system32
08:28:18.301 AVAST engine scan C:\Windows\system32\drivers
08:28:34.634 AVAST engine scan C:\Users\Fr Fee
08:37:53.505 File: C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe **INFECTED** Win32:Malware-gen
08:38:11.118 File: C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe **INFECTED** Win32:Malware-gen
08:41:11.298 File: C:\Users\Fr Fee\dxahap.exe **INFECTED** Win32:Malware-gen
08:41:11.423 File: C:\Users\Fr Fee\dxqmhhr.exe **INFECTED** Win32:Malware-gen
08:41:11.532 File: C:\Users\Fr Fee\dxygpfj.exe **INFECTED** Win32:Malware-gen
08:51:36.875 AVAST engine scan C:\ProgramData
08:53:55.684 Scan finished successfully
08:55:07.959 Disk 0 MBR has been saved successfully to "C:\Users\Fr Fee\Desktop\MBR.dat"
08:55:07.974 The log file has been saved successfully to "C:\Users\Fr Fee\Desktop\aswMBR.txt"
08:55:27.771 Disk 0 MBR has been saved successfully to "F:\Log Files\MBR.dat"
08:55:29.143 The log file has been saved successfully to "F:\Log Files\aswMBR.txt"
Code:
ATTFilter 08:58:22.0545 1608 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
08:58:22.0576 1608 ============================================================
08:58:22.0576 1608 Current date / time: 2013/03/27 08:58:22.0576
08:58:22.0576 1608 SystemInfo:
08:58:22.0576 1608
08:58:22.0576 1608 OS Version: 6.1.7601 ServicePack: 1.0
08:58:22.0576 1608 Product type: Workstation
08:58:22.0576 1608 ComputerName: FRFEE-PC
08:58:22.0576 1608 UserName: Fr Fee
08:58:22.0576 1608 Windows directory: C:\Windows
08:58:22.0576 1608 System windows directory: C:\Windows
08:58:22.0576 1608 Processor architecture: Intel x86
08:58:22.0576 1608 Number of processors: 2
08:58:22.0576 1608 Page size: 0x1000
08:58:22.0576 1608 Boot type: Safe boot
08:58:22.0576 1608 ============================================================
08:58:24.0354 1608 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
08:58:24.0354 1608 Drive \Device\Harddisk1\DR1 - Size: 0x3D300000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
08:58:24.0354 1608 ============================================================
08:58:24.0354 1608 \Device\Harddisk0\DR0:
08:58:24.0354 1608 MBR partitions:
08:58:24.0354 1608 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1400000
08:58:24.0354 1608 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1433000, BlocksNum 0x110E5FF8
08:58:24.0385 1608 \Device\Harddisk1\DR1:
08:58:24.0385 1608 MBR partitions:
08:58:24.0385 1608 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E97B0
08:58:24.0385 1608 ============================================================
08:58:24.0432 1608 C: <-> \Device\Harddisk0\DR0\Partition2
08:58:24.0479 1608 D: <-> \Device\Harddisk0\DR0\Partition1
08:58:24.0479 1608 ============================================================
08:58:24.0479 1608 Initialize success
08:58:24.0479 1608 ============================================================
08:58:41.0202 1636 ============================================================
08:58:41.0202 1636 Scan started
08:58:41.0202 1636 Mode: Manual; SigCheck; TDLFS;
08:58:41.0202 1636 ============================================================
08:58:41.0857 1636 ================ Scan system memory ========================
08:58:41.0857 1636 System memory - ok
08:58:41.0857 1636 ================ Scan services =============================
08:58:42.0029 1636 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
08:58:42.0263 1636 1394ohci - ok
08:58:42.0294 1636 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
08:58:42.0310 1636 ACPI - ok
08:58:42.0357 1636 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
08:58:42.0419 1636 AcpiPmi - ok
08:58:42.0559 1636 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
08:58:42.0559 1636 AdobeARMservice - ok
08:58:42.0669 1636 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
08:58:42.0700 1636 AdobeFlashPlayerUpdateSvc - ok
08:58:42.0762 1636 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
08:58:42.0778 1636 adp94xx - ok
08:58:42.0809 1636 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
08:58:42.0825 1636 adpahci - ok
08:58:42.0840 1636 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
08:58:42.0856 1636 adpu320 - ok
08:58:42.0887 1636 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
08:58:43.0012 1636 AeLookupSvc - ok
08:58:43.0043 1636 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
08:58:43.0105 1636 AFD - ok
08:58:43.0121 1636 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
08:58:43.0137 1636 agp440 - ok
08:58:43.0168 1636 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
08:58:43.0183 1636 aic78xx - ok
08:58:43.0230 1636 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
08:58:43.0277 1636 ALG - ok
08:58:43.0293 1636 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
08:58:43.0308 1636 aliide - ok
08:58:43.0324 1636 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
08:58:43.0339 1636 amdagp - ok
08:58:43.0355 1636 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
08:58:43.0371 1636 amdide - ok
08:58:43.0402 1636 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
08:58:43.0433 1636 AmdK8 - ok
08:58:43.0449 1636 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
08:58:43.0495 1636 AmdPPM - ok
08:58:43.0527 1636 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
08:58:43.0542 1636 amdsata - ok
08:58:43.0605 1636 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
08:58:43.0620 1636 amdsbs - ok
08:58:43.0667 1636 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
08:58:43.0683 1636 amdxata - ok
08:58:43.0932 1636 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
08:58:43.0995 1636 AntiVirSchedulerService - ok
08:58:44.0057 1636 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
08:58:44.0073 1636 AntiVirService - ok
08:58:44.0104 1636 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
08:58:44.0151 1636 AppID - ok
08:58:44.0182 1636 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
08:58:44.0213 1636 AppIDSvc - ok
08:58:44.0244 1636 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
08:58:44.0291 1636 Appinfo - ok
08:58:44.0322 1636 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
08:58:44.0369 1636 AppMgmt - ok
08:58:44.0400 1636 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
08:58:44.0416 1636 arc - ok
08:58:44.0431 1636 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
08:58:44.0447 1636 arcsas - ok
08:58:44.0478 1636 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
08:58:44.0556 1636 AsyncMac - ok
08:58:44.0603 1636 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
08:58:44.0603 1636 atapi - ok
08:58:44.0665 1636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
08:58:44.0712 1636 AudioEndpointBuilder - ok
08:58:44.0728 1636 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
08:58:44.0743 1636 Audiosrv - ok
08:58:44.0821 1636 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
08:58:44.0868 1636 avgntflt - ok
08:58:44.0931 1636 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
08:58:44.0931 1636 avipbb - ok
08:58:44.0993 1636 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
08:58:45.0009 1636 avkmgr - ok
08:58:45.0055 1636 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
08:58:45.0118 1636 AxInstSV - ok
08:58:45.0383 1636 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
08:58:45.0461 1636 b06bdrv - ok
08:58:45.0570 1636 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
08:58:45.0586 1636 b57nd60x - ok
08:58:45.0711 1636 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
08:58:45.0820 1636 BCM43XX - ok
08:58:45.0882 1636 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
08:58:45.0945 1636 BDESVC - ok
08:58:46.0007 1636 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
08:58:46.0101 1636 Beep - ok
08:58:46.0210 1636 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
08:58:46.0257 1636 BFE - ok
08:58:46.0303 1636 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
08:58:46.0366 1636 BITS - ok
08:58:46.0397 1636 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
08:58:46.0428 1636 blbdrive - ok
08:58:46.0506 1636 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
08:58:46.0537 1636 bowser - ok
08:58:46.0569 1636 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
08:58:46.0631 1636 BrFiltLo - ok
08:58:46.0662 1636 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
08:58:46.0709 1636 BrFiltUp - ok
08:58:46.0725 1636 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
08:58:46.0771 1636 Browser - ok
08:58:46.0803 1636 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
08:58:46.0849 1636 Brserid - ok
08:58:46.0865 1636 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
08:58:46.0896 1636 BrSerWdm - ok
08:58:46.0912 1636 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
08:58:46.0943 1636 BrUsbMdm - ok
08:58:46.0974 1636 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
08:58:47.0021 1636 BrUsbSer - ok
08:58:47.0037 1636 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
08:58:47.0052 1636 BTHMODEM - ok
08:58:47.0115 1636 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
08:58:47.0161 1636 bthserv - ok
08:58:47.0177 1636 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
08:58:47.0208 1636 cdfs - ok
08:58:47.0255 1636 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
08:58:47.0271 1636 cdrom - ok
08:58:47.0317 1636 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
08:58:47.0349 1636 CertPropSvc - ok
08:58:47.0380 1636 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
08:58:47.0395 1636 circlass - ok
08:58:47.0427 1636 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
08:58:47.0442 1636 CLFS - ok
08:58:47.0520 1636 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
08:58:47.0536 1636 clr_optimization_v2.0.50727_32 - ok
08:58:47.0614 1636 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
08:58:47.0645 1636 clr_optimization_v4.0.30319_32 - ok
08:58:47.0661 1636 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
08:58:47.0692 1636 CmBatt - ok
08:58:47.0723 1636 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
08:58:47.0739 1636 cmdide - ok
08:58:47.0785 1636 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
08:58:47.0817 1636 CNG - ok
08:58:47.0848 1636 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
08:58:47.0848 1636 Compbatt - ok
08:58:47.0879 1636 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
08:58:47.0910 1636 CompositeBus - ok
08:58:47.0926 1636 COMSysApp - ok
08:58:47.0957 1636 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
08:58:47.0957 1636 crcdisk - ok
08:58:48.0004 1636 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
08:58:48.0066 1636 CryptSvc - ok
08:58:48.0113 1636 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
08:58:48.0160 1636 CSC - ok
08:58:48.0207 1636 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
08:58:48.0238 1636 CscService - ok
08:58:48.0285 1636 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
08:58:48.0331 1636 DcomLaunch - ok
08:58:48.0378 1636 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
08:58:48.0409 1636 defragsvc - ok
08:58:48.0456 1636 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
08:58:48.0487 1636 DfsC - ok
08:58:48.0519 1636 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
08:58:48.0581 1636 Dhcp - ok
08:58:48.0612 1636 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
08:58:48.0659 1636 discache - ok
08:58:48.0690 1636 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
08:58:48.0706 1636 Disk - ok
08:58:48.0737 1636 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
08:58:48.0784 1636 Dnscache - ok
08:58:48.0831 1636 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
08:58:48.0862 1636 dot3svc - ok
08:58:48.0909 1636 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
08:58:48.0955 1636 DPS - ok
08:58:48.0987 1636 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
08:58:49.0018 1636 drmkaud - ok
08:58:49.0065 1636 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
08:58:49.0080 1636 DXGKrnl - ok
08:58:49.0127 1636 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
08:58:49.0158 1636 EapHost - ok
08:58:49.0283 1636 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
08:58:49.0423 1636 ebdrv - ok
08:58:49.0455 1636 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
08:58:49.0486 1636 EFS - ok
08:58:49.0548 1636 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
08:58:49.0611 1636 ehRecvr - ok
08:58:49.0642 1636 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
08:58:49.0689 1636 ehSched - ok
08:58:49.0735 1636 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
08:58:49.0751 1636 elxstor - ok
08:58:49.0782 1636 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
08:58:49.0829 1636 ErrDev - ok
08:58:49.0876 1636 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
08:58:49.0923 1636 EventSystem - ok
08:58:49.0938 1636 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
08:58:49.0985 1636 exfat - ok
08:58:50.0032 1636 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
08:58:50.0079 1636 fastfat - ok
08:58:50.0125 1636 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
08:58:50.0172 1636 Fax - ok
08:58:50.0203 1636 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
08:58:50.0219 1636 fdc - ok
08:58:50.0250 1636 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
08:58:50.0297 1636 fdPHost - ok
08:58:50.0313 1636 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
08:58:50.0344 1636 FDResPub - ok
08:58:50.0375 1636 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
08:58:50.0391 1636 FileInfo - ok
08:58:50.0406 1636 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
08:58:50.0437 1636 Filetrace - ok
08:58:50.0453 1636 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
08:58:50.0500 1636 flpydisk - ok
08:58:50.0531 1636 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
08:58:50.0547 1636 FltMgr - ok
08:58:50.0625 1636 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
08:58:50.0703 1636 FontCache - ok
08:58:50.0765 1636 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
08:58:50.0781 1636 FontCache3.0.0.0 - ok
08:58:50.0796 1636 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
08:58:50.0812 1636 FsDepends - ok
08:58:50.0843 1636 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
08:58:50.0859 1636 Fs_Rec - ok
08:58:50.0905 1636 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
08:58:50.0921 1636 fvevol - ok
08:58:50.0968 1636 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
08:58:50.0983 1636 gagp30kx - ok
08:58:51.0046 1636 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
08:58:51.0093 1636 gpsvc - ok
08:58:51.0233 1636 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:51.0233 1636 gupdate - ok
08:58:51.0264 1636 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
08:58:51.0264 1636 gupdatem - ok
08:58:51.0295 1636 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
08:58:51.0311 1636 gusvc - ok
08:58:51.0327 1636 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
08:58:51.0373 1636 hcw85cir - ok
08:58:51.0420 1636 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
08:58:51.0451 1636 HdAudAddService - ok
08:58:51.0498 1636 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
08:58:51.0514 1636 HDAudBus - ok
08:58:51.0529 1636 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
08:58:51.0561 1636 HidBatt - ok
08:58:51.0576 1636 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
08:58:51.0607 1636 HidBth - ok
08:58:51.0639 1636 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
08:58:51.0670 1636 HidIr - ok
08:58:51.0701 1636 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
08:58:51.0732 1636 hidserv - ok
08:58:51.0763 1636 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
08:58:51.0810 1636 HidUsb - ok
08:58:51.0857 1636 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
08:58:51.0888 1636 hkmsvc - ok
08:58:51.0919 1636 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
08:58:51.0982 1636 HomeGroupListener - ok
08:58:52.0013 1636 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
08:58:52.0044 1636 HomeGroupProvider - ok
08:58:52.0091 1636 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
08:58:52.0107 1636 HpSAMD - ok
08:58:52.0169 1636 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
08:58:52.0200 1636 HTTP - ok
08:58:52.0216 1636 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
08:58:52.0231 1636 hwpolicy - ok
08:58:52.0247 1636 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
08:58:52.0278 1636 i8042prt - ok
08:58:52.0325 1636 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
08:58:52.0356 1636 iaStorV - ok
08:58:52.0419 1636 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
08:58:52.0465 1636 idsvc - ok
08:58:52.0606 1636 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
08:58:52.0762 1636 igfx - ok
08:58:52.0809 1636 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
08:58:52.0824 1636 iirsp - ok
08:58:52.0855 1636 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
08:58:52.0902 1636 IKEEXT - ok
08:58:52.0933 1636 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
08:58:52.0949 1636 intelide - ok
08:58:52.0980 1636 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
08:58:53.0011 1636 intelppm - ok
08:58:53.0027 1636 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
08:58:53.0074 1636 IPBusEnum - ok
08:58:53.0105 1636 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
08:58:53.0152 1636 IpFilterDriver - ok
08:58:53.0199 1636 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
08:58:53.0245 1636 iphlpsvc - ok
08:58:53.0277 1636 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
08:58:53.0292 1636 IPMIDRV - ok
08:58:53.0308 1636 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
08:58:53.0339 1636 IPNAT - ok
08:58:53.0370 1636 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
08:58:53.0401 1636 IRENUM - ok
08:58:53.0448 1636 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
08:58:53.0448 1636 isapnp - ok
08:58:53.0495 1636 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
08:58:53.0511 1636 iScsiPrt - ok
08:58:53.0542 1636 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
08:58:53.0557 1636 kbdclass - ok
08:58:53.0604 1636 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
08:58:53.0620 1636 kbdhid - ok
08:58:53.0635 1636 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
08:58:53.0651 1636 KeyIso - ok
08:58:53.0682 1636 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
08:58:53.0698 1636 KSecDD - ok
08:58:53.0713 1636 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
08:58:53.0729 1636 KSecPkg - ok
08:58:53.0760 1636 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
08:58:53.0807 1636 KtmRm - ok
08:58:53.0838 1636 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
08:58:53.0885 1636 LanmanServer - ok
08:58:53.0916 1636 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
08:58:53.0963 1636 LanmanWorkstation - ok
08:58:53.0994 1636 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
08:58:54.0041 1636 lltdio - ok
08:58:54.0072 1636 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
08:58:54.0119 1636 lltdsvc - ok
08:58:54.0150 1636 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
08:58:54.0181 1636 lmhosts - ok
08:58:54.0228 1636 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
08:58:54.0244 1636 LSI_FC - ok
08:58:54.0259 1636 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
08:58:54.0275 1636 LSI_SAS - ok
08:58:54.0291 1636 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
08:58:54.0306 1636 LSI_SAS2 - ok
08:58:54.0322 1636 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
08:58:54.0337 1636 LSI_SCSI - ok
08:58:54.0369 1636 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
08:58:54.0400 1636 luafv - ok
08:58:54.0447 1636 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
08:58:54.0462 1636 MBAMProtector - ok
08:58:54.0525 1636 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
08:58:54.0540 1636 MBAMScheduler - ok
08:58:54.0571 1636 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
08:58:54.0603 1636 MBAMService - ok
08:58:54.0743 1636 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
08:58:54.0759 1636 McComponentHostService - ok
08:58:54.0790 1636 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
08:58:54.0805 1636 Mcx2Svc - ok
08:58:54.0899 1636 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
08:58:54.0915 1636 MDM ( UnsignedFile.Multi.Generic ) - warning
08:58:54.0915 1636 MDM - detected UnsignedFile.Multi.Generic (1)
08:58:54.0961 1636 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
08:58:54.0961 1636 megasas - ok
08:58:55.0008 1636 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
08:58:55.0024 1636 MegaSR - ok
08:58:55.0039 1636 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
08:58:55.0086 1636 MMCSS - ok
08:58:55.0102 1636 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
08:58:55.0133 1636 Modem - ok
08:58:55.0164 1636 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
08:58:55.0195 1636 monitor - ok
08:58:55.0211 1636 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
08:58:55.0227 1636 mouclass - ok
08:58:55.0242 1636 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
08:58:55.0258 1636 mouhid - ok
08:58:55.0289 1636 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
08:58:55.0305 1636 mountmgr - ok
08:58:55.0383 1636 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
08:58:55.0398 1636 MozillaMaintenance - ok
08:58:55.0429 1636 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
08:58:55.0445 1636 mpio - ok
08:58:55.0461 1636 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
08:58:55.0539 1636 mpsdrv - ok
08:58:55.0585 1636 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
08:58:55.0632 1636 MpsSvc - ok
08:58:55.0679 1636 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
08:58:55.0710 1636 MRxDAV - ok
08:58:55.0741 1636 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
08:58:55.0773 1636 mrxsmb - ok
08:58:55.0819 1636 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
08:58:55.0835 1636 mrxsmb10 - ok
08:58:55.0851 1636 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
08:58:55.0866 1636 mrxsmb20 - ok
08:58:55.0882 1636 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
08:58:55.0897 1636 msahci - ok
08:58:55.0944 1636 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
08:58:55.0944 1636 msdsm - ok
08:58:55.0975 1636 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
08:58:56.0007 1636 MSDTC - ok
08:58:56.0053 1636 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
08:58:56.0085 1636 Msfs - ok
08:58:56.0085 1636 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
08:58:56.0116 1636 mshidkmdf - ok
08:58:56.0131 1636 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
08:58:56.0147 1636 msisadrv - ok
08:58:56.0194 1636 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
08:58:56.0241 1636 MSiSCSI - ok
08:58:56.0241 1636 msiserver - ok
08:58:56.0272 1636 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
08:58:56.0303 1636 MSKSSRV - ok
08:58:56.0319 1636 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
08:58:56.0350 1636 MSPCLOCK - ok
08:58:56.0365 1636 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
08:58:56.0397 1636 MSPQM - ok
08:58:56.0428 1636 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
08:58:56.0443 1636 MsRPC - ok
08:58:56.0443 1636 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
08:58:56.0459 1636 mssmbios - ok
08:58:56.0475 1636 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
08:58:56.0506 1636 MSTEE - ok
08:58:56.0521 1636 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
08:58:56.0537 1636 MTConfig - ok
08:58:56.0568 1636 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
08:58:56.0568 1636 Mup - ok
08:58:56.0615 1636 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
08:58:56.0646 1636 napagent - ok
08:58:56.0693 1636 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
08:58:56.0709 1636 NativeWifiP - ok
08:58:56.0755 1636 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
08:58:56.0787 1636 NDIS - ok
08:58:56.0818 1636 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
08:58:56.0865 1636 NdisCap - ok
08:58:56.0896 1636 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
08:58:56.0927 1636 NdisTapi - ok
08:58:56.0958 1636 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
08:58:56.0974 1636 Ndisuio - ok
08:58:57.0005 1636 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
08:58:57.0036 1636 NdisWan - ok
08:58:57.0067 1636 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
08:58:57.0114 1636 NDProxy - ok
08:58:57.0145 1636 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
08:58:57.0192 1636 NetBIOS - ok
08:58:57.0239 1636 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
08:58:57.0286 1636 NetBT - ok
08:58:57.0301 1636 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
08:58:57.0317 1636 Netlogon - ok
08:58:57.0364 1636 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
08:58:57.0411 1636 Netman - ok
08:58:57.0426 1636 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
08:58:57.0457 1636 netprofm - ok
08:58:57.0489 1636 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
08:58:57.0504 1636 NetTcpPortSharing - ok
08:58:57.0551 1636 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
08:58:57.0567 1636 nfrd960 - ok
08:58:57.0582 1636 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
08:58:57.0598 1636 NlaSvc - ok
08:58:57.0629 1636 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
08:58:57.0660 1636 Npfs - ok
08:58:57.0660 1636 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
08:58:57.0691 1636 nsi - ok
08:58:57.0707 1636 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
08:58:57.0754 1636 nsiproxy - ok
08:58:57.0801 1636 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
08:58:57.0863 1636 Ntfs - ok
08:58:57.0879 1636 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
08:58:57.0925 1636 Null - ok
08:58:57.0972 1636 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
08:58:57.0988 1636 nvraid - ok
08:58:58.0035 1636 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
08:58:58.0050 1636 nvstor - ok
08:58:58.0081 1636 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
08:58:58.0097 1636 nv_agp - ok
08:58:58.0175 1636 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
08:58:58.0191 1636 odserv - ok
08:58:58.0237 1636 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
08:58:58.0269 1636 ohci1394 - ok
08:58:58.0331 1636 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
08:58:58.0331 1636 ose - ok
08:58:58.0378 1636 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
08:58:58.0425 1636 p2pimsvc - ok
08:58:58.0471 1636 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
08:58:58.0487 1636 p2psvc - ok
08:58:58.0518 1636 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
08:58:58.0534 1636 Parport - ok
08:58:58.0565 1636 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
08:58:58.0581 1636 partmgr - ok
08:58:58.0596 1636 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
08:58:58.0612 1636 Parvdm - ok
08:58:58.0659 1636 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
08:58:58.0690 1636 PcaSvc - ok
08:58:58.0737 1636 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
08:58:58.0752 1636 pci - ok
08:58:58.0752 1636 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
08:58:58.0768 1636 pciide - ok
08:58:58.0783 1636 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
08:58:58.0799 1636 pcmcia - ok
08:58:58.0830 1636 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
08:58:58.0830 1636 pcw - ok
08:58:58.0877 1636 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
08:58:58.0924 1636 PEAUTH - ok
08:58:59.0002 1636 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
08:58:59.0064 1636 PeerDistSvc - ok
08:58:59.0127 1636 [ 021968ED24B4E44BABAF11FBF8C4FB86 ] phaudlwr C:\Windows\system32\DRIVERS\phaudlwr.sys
08:58:59.0142 1636 phaudlwr - ok
08:58:59.0220 1636 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
08:58:59.0298 1636 pla - ok
08:58:59.0329 1636 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
08:58:59.0345 1636 PlugPlay - ok
08:58:59.0423 1636 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
08:58:59.0439 1636 PNRPAutoReg - ok
08:58:59.0501 1636 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
08:58:59.0517 1636 PNRPsvc - ok
08:58:59.0548 1636 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
08:58:59.0595 1636 PolicyAgent - ok
08:58:59.0641 1636 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
08:58:59.0688 1636 Power - ok
08:58:59.0719 1636 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
08:58:59.0766 1636 PptpMiniport - ok
08:58:59.0797 1636 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
08:58:59.0829 1636 Processor - ok
08:58:59.0860 1636 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
08:58:59.0891 1636 ProfSvc - ok
08:58:59.0907 1636 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
08:58:59.0922 1636 ProtectedStorage - ok
08:58:59.0969 1636 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
08:59:00.0000 1636 Psched - ok
08:59:00.0063 1636 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
08:59:00.0125 1636 ql2300 - ok
08:59:00.0156 1636 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
08:59:00.0172 1636 ql40xx - ok
08:59:00.0219 1636 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
08:59:00.0250 1636 QWAVE - ok
08:59:00.0265 1636 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
08:59:00.0281 1636 QWAVEdrv - ok
08:59:00.0312 1636 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
08:59:00.0359 1636 RasAcd - ok
08:59:00.0406 1636 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
08:59:00.0437 1636 RasAgileVpn - ok
08:59:00.0468 1636 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
08:59:00.0484 1636 RasAuto - ok
08:59:00.0515 1636 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
08:59:00.0546 1636 Rasl2tp - ok
08:59:00.0609 1636 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
08:59:00.0640 1636 RasMan - ok
08:59:00.0655 1636 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
08:59:00.0687 1636 RasPppoe - ok
08:59:00.0718 1636 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
08:59:00.0765 1636 RasSstp - ok
08:59:00.0796 1636 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
08:59:00.0843 1636 rdbss - ok
08:59:00.0858 1636 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
08:59:00.0874 1636 rdpbus - ok
08:59:00.0905 1636 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
08:59:00.0952 1636 RDPCDD - ok
08:59:00.0983 1636 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
08:59:01.0030 1636 RDPDR - ok
08:59:01.0061 1636 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
08:59:01.0108 1636 RDPENCDD - ok
08:59:01.0123 1636 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
08:59:01.0170 1636 RDPREFMP - ok
08:59:01.0201 1636 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
08:59:01.0233 1636 RDPWD - ok
08:59:01.0279 1636 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
08:59:01.0295 1636 rdyboost - ok
08:59:01.0342 1636 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
08:59:01.0373 1636 RemoteAccess - ok
08:59:01.0404 1636 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
08:59:01.0451 1636 RemoteRegistry - ok
08:59:01.0482 1636 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
08:59:01.0513 1636 rimmptsk - ok
08:59:01.0529 1636 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
08:59:01.0560 1636 rimsptsk - ok
08:59:01.0591 1636 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
08:59:01.0623 1636 rismxdp - ok
08:59:01.0638 1636 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
08:59:01.0669 1636 RpcEptMapper - ok
08:59:01.0701 1636 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
08:59:01.0716 1636 RpcLocator - ok
08:59:01.0732 1636 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
08:59:01.0763 1636 RpcSs - ok
08:59:01.0810 1636 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
08:59:01.0857 1636 rspndr - ok
08:59:01.0888 1636 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
08:59:01.0919 1636 s3cap - ok
08:59:01.0950 1636 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
08:59:01.0950 1636 SamSs - ok
08:59:01.0997 1636 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
08:59:02.0013 1636 sbp2port - ok
08:59:02.0028 1636 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
08:59:02.0059 1636 SCardSvr - ok
08:59:02.0091 1636 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
08:59:02.0122 1636 scfilter - ok
08:59:02.0169 1636 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
08:59:02.0231 1636 Schedule - ok
08:59:02.0247 1636 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
08:59:02.0262 1636 SCPolicySvc - ok
08:59:02.0293 1636 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
08:59:02.0325 1636 sdbus - ok
08:59:02.0356 1636 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
08:59:02.0403 1636 SDRSVC - ok
08:59:02.0449 1636 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
08:59:02.0481 1636 secdrv - ok
08:59:02.0512 1636 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
08:59:02.0559 1636 seclogon - ok
08:59:02.0590 1636 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
08:59:02.0621 1636 SENS - ok
08:59:02.0668 1636 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
08:59:02.0699 1636 SensrSvc - ok
08:59:02.0715 1636 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
08:59:02.0730 1636 Serenum - ok
08:59:02.0746 1636 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
08:59:02.0793 1636 Serial - ok
08:59:02.0808 1636 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
08:59:02.0839 1636 sermouse - ok
08:59:02.0886 1636 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
08:59:02.0917 1636 SessionEnv - ok
08:59:02.0949 1636 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
08:59:02.0964 1636 sffdisk - ok
08:59:02.0995 1636 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
08:59:03.0011 1636 sffp_mmc - ok
08:59:03.0027 1636 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
08:59:03.0042 1636 sffp_sd - ok
08:59:03.0089 1636 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
08:59:03.0105 1636 sfloppy - ok
08:59:03.0151 1636 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
08:59:03.0183 1636 SharedAccess - ok
08:59:03.0229 1636 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
08:59:03.0276 1636 ShellHWDetection - ok
08:59:03.0292 1636 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
08:59:03.0292 1636 sisagp - ok
08:59:03.0323 1636 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
08:59:03.0339 1636 SiSRaid2 - ok
08:59:03.0354 1636 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
08:59:03.0370 1636 SiSRaid4 - ok
08:59:03.0448 1636 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
08:59:03.0463 1636 SkypeUpdate - ok
08:59:03.0510 1636 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
08:59:03.0557 1636 Smb - ok
08:59:03.0604 1636 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
08:59:03.0651 1636 SNMPTRAP - ok
08:59:03.0697 1636 [ 437198C0D349B0E0D4305D3081C5E912 ] SPC530 C:\Windows\system32\drivers\SPC530.sys
08:59:03.0744 1636 SPC530 - ok
08:59:03.0760 1636 [ 92E0CE241498B483404A957E709329CC ] SPC530m C:\Windows\system32\drivers\SPC530m.sys
08:59:03.0775 1636 SPC530m - ok
08:59:03.0791 1636 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
08:59:03.0807 1636 spldr - ok
08:59:03.0853 1636 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
08:59:03.0900 1636 Spooler - ok
08:59:04.0025 1636 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
08:59:04.0150 1636 sppsvc - ok
08:59:04.0181 1636 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
08:59:04.0212 1636 sppuinotify - ok
08:59:04.0243 1636 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
08:59:04.0290 1636 srv - ok
08:59:04.0337 1636 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
08:59:04.0368 1636 srv2 - ok
08:59:04.0399 1636 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
08:59:04.0431 1636 SrvHsfHDA - ok
08:59:04.0477 1636 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
08:59:04.0509 1636 SrvHsfV92 - ok
08:59:04.0540 1636 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
08:59:04.0555 1636 SrvHsfWinac - ok
08:59:04.0602 1636 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
08:59:04.0602 1636 srvnet - ok
08:59:04.0633 1636 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
08:59:04.0680 1636 SSDPSRV - ok
08:59:04.0727 1636 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
08:59:04.0743 1636 ssmdrv - ok
08:59:04.0774 1636 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
08:59:04.0821 1636 SstpSvc - ok
08:59:04.0852 1636 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
08:59:04.0867 1636 stexstor - ok
08:59:04.0914 1636 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
08:59:04.0961 1636 StiSvc - ok
08:59:04.0977 1636 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
08:59:04.0977 1636 storflt - ok
08:59:05.0008 1636 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
08:59:05.0039 1636 StorSvc - ok
08:59:05.0086 1636 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
08:59:05.0101 1636 storvsc - ok
08:59:05.0117 1636 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
08:59:05.0133 1636 swenum - ok
08:59:05.0179 1636 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
08:59:05.0211 1636 swprv - ok
08:59:05.0273 1636 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
08:59:05.0320 1636 SysMain - ok
08:59:05.0335 1636 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
08:59:05.0367 1636 TabletInputService - ok
08:59:05.0413 1636 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
08:59:05.0445 1636 TapiSrv - ok
08:59:05.0460 1636 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
08:59:05.0491 1636 TBS - ok
08:59:05.0569 1636 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
08:59:05.0632 1636 Tcpip - ok
08:59:05.0710 1636 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
08:59:05.0741 1636 TCPIP6 - ok
08:59:05.0772 1636 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
08:59:05.0803 1636 tcpipreg - ok
08:59:05.0835 1636 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
08:59:05.0850 1636 TDPIPE - ok
08:59:05.0881 1636 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
08:59:05.0897 1636 TDTCP - ok
08:59:05.0928 1636 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
08:59:05.0959 1636 tdx - ok
08:59:05.0975 1636 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
08:59:05.0991 1636 TermDD - ok
08:59:06.0006 1636 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
08:59:06.0069 1636 TermService - ok
08:59:06.0115 1636 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
08:59:06.0147 1636 Themes - ok
08:59:06.0162 1636 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
08:59:06.0193 1636 THREADORDER - ok
08:59:06.0209 1636 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
08:59:06.0240 1636 TrkWks - ok
08:59:06.0303 1636 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
08:59:06.0334 1636 TrustedInstaller - ok
08:59:06.0381 1636 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
08:59:06.0412 1636 tssecsrv - ok
08:59:06.0443 1636 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
08:59:06.0474 1636 TsUsbFlt - ok
08:59:06.0521 1636 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
08:59:06.0552 1636 tunnel - ok
08:59:06.0583 1636 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
08:59:06.0599 1636 uagp35 - ok
08:59:06.0615 1636 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
08:59:06.0661 1636 udfs - ok
08:59:06.0693 1636 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
08:59:06.0708 1636 UI0Detect - ok
08:59:06.0755 1636 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
08:59:06.0771 1636 uliagpkx - ok
08:59:06.0817 1636 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
08:59:06.0833 1636 umbus - ok
08:59:06.0849 1636 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
08:59:06.0880 1636 UmPass - ok
08:59:06.0927 1636 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
08:59:06.0942 1636 UmRdpService - ok
08:59:06.0989 1636 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
08:59:07.0020 1636 upnphost - ok
08:59:07.0051 1636 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
08:59:07.0083 1636 usbaudio - ok
08:59:07.0114 1636 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
08:59:07.0145 1636 usbccgp - ok
08:59:07.0176 1636 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
08:59:07.0192 1636 usbcir - ok
08:59:07.0223 1636 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
08:59:07.0239 1636 usbehci - ok
08:59:07.0301 1636 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
08:59:07.0317 1636 usbhub - ok
08:59:07.0348 1636 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
08:59:07.0379 1636 usbohci - ok
08:59:07.0395 1636 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
08:59:07.0395 1636 usbprint - ok
08:59:07.0441 1636 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
08:59:07.0473 1636 usbscan - ok
08:59:07.0504 1636 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
08:59:07.0535 1636 USBSTOR - ok
08:59:07.0566 1636 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
08:59:07.0582 1636 usbuhci - ok
08:59:07.0613 1636 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
08:59:07.0629 1636 UxSms - ok
08:59:07.0644 1636 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
08:59:07.0660 1636 VaultSvc - ok
08:59:07.0691 1636 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
08:59:07.0707 1636 vdrvroot - ok
08:59:07.0753 1636 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
08:59:07.0816 1636 vds - ok
08:59:07.0831 1636 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
08:59:07.0863 1636 vga - ok
08:59:07.0894 1636 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
08:59:07.0925 1636 VgaSave - ok
08:59:07.0956 1636 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
08:59:07.0972 1636 vhdmp - ok
08:59:08.0003 1636 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
08:59:08.0019 1636 viaagp - ok
08:59:08.0050 1636 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
08:59:08.0081 1636 ViaC7 - ok
08:59:08.0112 1636 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
08:59:08.0112 1636 viaide - ok
08:59:08.0143 1636 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
08:59:08.0159 1636 vmbus - ok
08:59:08.0175 1636 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
08:59:08.0190 1636 VMBusHID - ok
08:59:08.0206 1636 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
08:59:08.0221 1636 volmgr - ok
08:59:08.0268 1636 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
08:59:08.0299 1636 volmgrx - ok
08:59:08.0315 1636 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
08:59:08.0331 1636 volsnap - ok
08:59:08.0346 1636 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
08:59:08.0362 1636 vsmraid - ok
08:59:08.0424 1636 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
08:59:08.0502 1636 VSS - ok
08:59:08.0518 1636 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
08:59:08.0549 1636 vwifibus - ok
08:59:08.0580 1636 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
08:59:08.0596 1636 vwififlt - ok
08:59:08.0627 1636 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
08:59:08.0643 1636 vwifimp - ok
08:59:08.0674 1636 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
08:59:08.0721 1636 W32Time - ok
08:59:08.0752 1636 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
08:59:08.0783 1636 WacomPen - ok
08:59:08.0814 1636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
08:59:08.0845 1636 WANARP - ok
08:59:08.0845 1636 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
08:59:08.0877 1636 Wanarpv6 - ok
08:59:09.0001 1636 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
08:59:09.0079 1636 WatAdminSvc - ok
08:59:09.0142 1636 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
08:59:09.0220 1636 wbengine - ok
08:59:09.0251 1636 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
08:59:09.0267 1636 WbioSrvc - ok
08:59:09.0313 1636 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
08:59:09.0360 1636 wcncsvc - ok
08:59:09.0376 1636 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
08:59:09.0407 1636 WcsPlugInService - ok
08:59:09.0438 1636 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
08:59:09.0454 1636 Wd - ok
08:59:09.0501 1636 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
08:59:09.0532 1636 Wdf01000 - ok
08:59:09.0547 1636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
08:59:09.0594 1636 WdiServiceHost - ok
08:59:09.0610 1636 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
08:59:09.0625 1636 WdiSystemHost - ok
08:59:09.0657 1636 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
08:59:09.0688 1636 WebClient - ok
08:59:09.0703 1636 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
08:59:09.0735 1636 Wecsvc - ok
08:59:09.0750 1636 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
08:59:09.0797 1636 wercplsupport - ok
08:59:09.0828 1636 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
08:59:09.0859 1636 WerSvc - ok
08:59:09.0891 1636 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
08:59:09.0922 1636 WfpLwf - ok
08:59:09.0937 1636 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
08:59:09.0953 1636 WIMMount - ok
08:59:10.0031 1636 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
08:59:10.0078 1636 WinDefend - ok
08:59:10.0078 1636 WinHttpAutoProxySvc - ok
08:59:10.0140 1636 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
08:59:10.0187 1636 Winmgmt - ok
08:59:10.0249 1636 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
08:59:10.0312 1636 WinRM - ok
08:59:10.0374 1636 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
08:59:10.0390 1636 WinUsb - ok
08:59:10.0437 1636 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
08:59:10.0483 1636 Wlansvc - ok
08:59:10.0515 1636 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
08:59:10.0530 1636 WmiAcpi - ok
08:59:10.0561 1636 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
08:59:10.0593 1636 wmiApSrv - ok
08:59:10.0671 1636 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
08:59:10.0749 1636 WMPNetworkSvc - ok
08:59:10.0780 1636 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
08:59:10.0811 1636 WPCSvc - ok
08:59:10.0842 1636 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
08:59:10.0873 1636 WPDBusEnum - ok
08:59:10.0889 1636 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
08:59:10.0936 1636 ws2ifsl - ok
08:59:10.0951 1636 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
08:59:10.0967 1636 wscsvc - ok
08:59:10.0983 1636 WSearch - ok
08:59:11.0061 1636 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
08:59:11.0139 1636 wuauserv - ok
08:59:11.0185 1636 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
08:59:11.0217 1636 WudfPf - ok
08:59:11.0248 1636 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
08:59:11.0279 1636 WUDFRd - ok
08:59:11.0310 1636 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
08:59:11.0326 1636 wudfsvc - ok
08:59:11.0373 1636 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
08:59:11.0404 1636 WwanSvc - ok
08:59:11.0482 1636 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
08:59:11.0513 1636 yukonw7 - ok
08:59:11.0529 1636 ================ Scan global ===============================
08:59:11.0560 1636 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
08:59:11.0607 1636 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:59:11.0622 1636 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
08:59:11.0653 1636 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
08:59:11.0685 1636 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
08:59:11.0700 1636 [Global] - ok
08:59:11.0700 1636 ================ Scan MBR ==================================
08:59:11.0716 1636 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
08:59:12.0043 1636 \Device\Harddisk0\DR0 - ok
08:59:12.0043 1636 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
08:59:12.0153 1636 \Device\Harddisk1\DR1 - ok
08:59:12.0168 1636 ================ Scan VBR ==================================
08:59:12.0184 1636 [ E42E4169D9EA06558D6E391129529F43 ] \Device\Harddisk0\DR0\Partition1
08:59:12.0184 1636 \Device\Harddisk0\DR0\Partition1 - ok
08:59:12.0199 1636 [ 3F629D79619C37C742A8245805ECEC2D ] \Device\Harddisk0\DR0\Partition2
08:59:12.0199 1636 \Device\Harddisk0\DR0\Partition2 - ok
08:59:12.0199 1636 [ 367063298B82F90014A3C6330C521CC6 ] \Device\Harddisk1\DR1\Partition1
08:59:12.0199 1636 \Device\Harddisk1\DR1\Partition1 - ok
08:59:12.0199 1636 ============================================================
08:59:12.0199 1636 Scan finished
08:59:12.0199 1636 ============================================================
08:59:12.0231 1628 Detected object count: 1
08:59:12.0231 1628 Actual detected object count: 1
09:09:45.0264 1628 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
09:09:45.0264 1628 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
09:10:01.0629 1604 Deinitialize success
John |
|
27.03.2013, 13:43
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Wieso bist du die ganze Zeit im abgesicherten Modus? Läuft der normale nicht?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 13:58
| #9 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Reine Unkenntnis! =) Anfags hielt ich das für besser, weil ich nicht wusste, was mich erwartet. Meine Freundin hatte den Rechner einfach panisch ausgemacht, nachdem sie ihren Fehler bemerkte ("Post AG" Attachment geöffnet - ja wir haben dann darüber gesprochen!). Ich dachte schlicht das sei ungefährlicher... oder nicht? Also, kann ich auch Gefahrlos normal hochfahren? |
|
27.03.2013, 16:26
| #10 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Ja, bitte den normalem Modus verwenden und die Logs bitte nochmal machen.
__________________ Logfiles bitte immer in CODE-Tags posten |
|
27.03.2013, 19:34
| #11 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Sorry, war mir nicht klar, dass dadurch das Ergebnis verfälscht werden könnte. Es war insgesamt etwas schwieriger mit den Scans: aswMBR hat erst im 4. Anlauf geklappt. Möglicherweise lag das an Konflikten mit den Echtzeitscannern von Avira und Malwarbytes, die sich im Rahmen der Installationen breitgemacht hatten. Nach Ausschalten beider ging es dann. Zuvor haben sie aber fleißig Trojaner gefunden und in Quarantäne gepackt. Ich hänge die Logfiles ebenfalls an. Ich vermute, dass deswegen die Tools auch nichts mehr gefunden haben...? MBAR war wieder unauffällig: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1021
www.malwarebytes.org
Database version: v2013.03.27.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 9.0.8112.16421
Fr Fee :: FRFEE-PC [administrator]
27.03.2013 16:27:49
mbar-log-2013-03-27 (16-27-49).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 25254
Time elapsed: 12 minute(s), 1 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
aswMBR hat gezickt, dann aber das ausgespuckt: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-03-27 17:50:55
-----------------------------
17:50:55.028 OS Version: Windows 6.1.7601 Service Pack 1
17:50:55.028 Number of processors: 2 586 0xF0D
17:50:55.028 ComputerName: FRFEE-PC UserName: Fr Fee
17:50:55.917 Initialize success
17:51:12.484 AVAST engine defs: 13032601
17:51:20.003 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP1T0L0-2
17:51:20.003 Disk 0 Vendor: WDC_WD1600BEVT-75ZCT1 11.01A11 Size: 152627MB BusType: 11
17:51:20.175 Disk 0 MBR read successfully
17:51:20.190 Disk 0 MBR scan
17:51:20.206 Disk 0 Windows 7 default MBR code
17:51:20.206 Disk 0 Partition 1 00 DE Dell Utility Dell 8.0 101 MB offset 63
17:51:20.237 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 10240 MB offset 208896
17:51:20.253 Disk 0 Partition 3 80 (A) 07 HPFS/NTFS NTFS 139723 MB offset 21180416
17:51:20.268 Disk 0 Partition - 00 0F Extended LBA 2560 MB offset 307335168
17:51:20.331 Disk 0 Partition 4 00 DD MSDOS5.0 2559 MB offset 307337216
17:51:20.346 Disk 0 scanning sectors +312578048
17:51:20.409 Disk 0 scanning C:\Windows\system32\drivers
17:51:37.865 Service scanning
17:52:10.968 Modules scanning
17:52:20.500 Disk 0 trace - called modules:
17:52:20.516
17:52:21.545 AVAST engine scan C:\Windows
17:52:24.790 AVAST engine scan C:\Windows\system32
17:58:07.601 AVAST engine scan C:\Windows\system32\drivers
17:58:28.333 AVAST engine scan C:\Users\Fr Fee
18:26:06.664 AVAST engine scan C:\ProgramData
18:27:58.466 Scan finished successfully
18:29:06.795 Disk 0 MBR has been saved successfully to "F:\Log 2\MBR.dat"
18:29:06.826 The log file has been saved successfully to "F:\Log 2\aswMBR.txt"
TDSS-Killer: Code:
ATTFilter 17:35:31.0562 0936 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
17:35:31.0609 0936 ============================================================
17:35:31.0609 0936 Current date / time: 2013/03/27 17:35:31.0609
17:35:31.0609 0936 SystemInfo:
17:35:31.0609 0936
17:35:31.0609 0936 OS Version: 6.1.7601 ServicePack: 1.0
17:35:31.0609 0936 Product type: Workstation
17:35:31.0609 0936 ComputerName: FRFEE-PC
17:35:31.0609 0936 UserName: Fr Fee
17:35:31.0609 0936 Windows directory: C:\Windows
17:35:31.0609 0936 System windows directory: C:\Windows
17:35:31.0609 0936 Processor architecture: Intel x86
17:35:31.0609 0936 Number of processors: 2
17:35:31.0609 0936 Page size: 0x1000
17:35:31.0609 0936 Boot type: Normal boot
17:35:31.0609 0936 ============================================================
17:35:33.0185 0936 Drive \Device\Harddisk0\DR0 - Size: 0x25433D6000 (149.05 Gb), SectorSize: 0x200, Cylinders: 0x4C01, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
17:35:33.0200 0936 Drive \Device\Harddisk1\DR1 - Size: 0x3D300000 (0.96 Gb), SectorSize: 0x200, Cylinders: 0x7C, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
17:35:33.0200 0936 ============================================================
17:35:33.0200 0936 \Device\Harddisk0\DR0:
17:35:33.0200 0936 MBR partitions:
17:35:33.0200 0936 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x33000, BlocksNum 0x1400000
17:35:33.0200 0936 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1433000, BlocksNum 0x110E5FF8
17:35:33.0949 0936 \Device\Harddisk1\DR1:
17:35:33.0949 0936 MBR partitions:
17:35:33.0949 0936 \Device\Harddisk1\DR1\Partition1: MBR, Type 0xB, StartLBA 0x3F, BlocksNum 0x1E97B0
17:35:33.0949 0936 ============================================================
17:35:33.0980 0936 C: <-> \Device\Harddisk0\DR0\Partition2
17:35:34.0370 0936 D: <-> \Device\Harddisk0\DR0\Partition1
17:35:34.0370 0936 ============================================================
17:35:34.0370 0936 Initialize success
17:35:34.0370 0936 ============================================================
17:35:45.0509 3032 ============================================================
17:35:45.0509 3032 Scan started
17:35:45.0509 3032 Mode: Manual; SigCheck; TDLFS;
17:35:45.0509 3032 ============================================================
17:35:46.0928 3032 ================ Scan system memory ========================
17:35:46.0928 3032 System memory - ok
17:35:46.0928 3032 ================ Scan services =============================
17:35:47.0100 3032 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
17:35:47.0303 3032 1394ohci - ok
17:35:47.0350 3032 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
17:35:47.0396 3032 ACPI - ok
17:35:47.0428 3032 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
17:35:47.0521 3032 AcpiPmi - ok
17:35:47.0646 3032 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
17:35:47.0693 3032 AdobeARMservice - ok
17:35:47.0802 3032 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
17:35:47.0833 3032 AdobeFlashPlayerUpdateSvc - ok
17:35:47.0896 3032 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
17:35:47.0989 3032 adp94xx - ok
17:35:48.0020 3032 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
17:35:48.0067 3032 adpahci - ok
17:35:48.0083 3032 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
17:35:48.0130 3032 adpu320 - ok
17:35:48.0161 3032 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
17:35:48.0332 3032 AeLookupSvc - ok
17:35:48.0379 3032 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
17:35:48.0488 3032 AFD - ok
17:35:48.0520 3032 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
17:35:48.0566 3032 agp440 - ok
17:35:48.0613 3032 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
17:35:48.0691 3032 aic78xx - ok
17:35:48.0722 3032 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
17:35:48.0800 3032 ALG - ok
17:35:48.0832 3032 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
17:35:48.0863 3032 aliide - ok
17:35:48.0878 3032 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
17:35:48.0910 3032 amdagp - ok
17:35:48.0941 3032 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
17:35:48.0972 3032 amdide - ok
17:35:49.0019 3032 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
17:35:49.0097 3032 AmdK8 - ok
17:35:49.0112 3032 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
17:35:49.0190 3032 AmdPPM - ok
17:35:49.0237 3032 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
17:35:49.0268 3032 amdsata - ok
17:35:49.0300 3032 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
17:35:49.0331 3032 amdsbs - ok
17:35:49.0378 3032 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
17:35:49.0409 3032 amdxata - ok
17:35:51.0031 3032 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
17:35:51.0062 3032 AntiVirSchedulerService - ok
17:35:51.0156 3032 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
17:35:51.0187 3032 AntiVirService - ok
17:35:51.0234 3032 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
17:35:51.0312 3032 AppID - ok
17:35:51.0359 3032 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
17:35:51.0437 3032 AppIDSvc - ok
17:35:51.0499 3032 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
17:35:51.0577 3032 Appinfo - ok
17:35:51.0718 3032 [ A45D184DF6A8803DA13A0B329517A64A ] AppMgmt C:\Windows\System32\appmgmts.dll
17:35:51.0811 3032 AppMgmt - ok
17:35:51.0842 3032 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
17:35:51.0889 3032 arc - ok
17:35:51.0920 3032 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
17:35:51.0967 3032 arcsas - ok
17:35:51.0998 3032 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
17:35:52.0139 3032 AsyncMac - ok
17:35:52.0170 3032 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
17:35:52.0201 3032 atapi - ok
17:35:52.0264 3032 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
17:35:52.0357 3032 AudioEndpointBuilder - ok
17:35:52.0388 3032 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
17:35:52.0451 3032 Audiosrv - ok
17:35:52.0544 3032 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
17:35:52.0607 3032 avgntflt - ok
17:35:52.0700 3032 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
17:35:52.0732 3032 avipbb - ok
17:35:52.0794 3032 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
17:35:52.0841 3032 avkmgr - ok
17:35:52.0888 3032 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
17:35:52.0950 3032 AxInstSV - ok
17:35:52.0997 3032 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
17:35:53.0106 3032 b06bdrv - ok
17:35:53.0137 3032 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
17:35:53.0184 3032 b57nd60x - ok
17:35:53.0309 3032 [ F9CE9B5E049EFC66B8E6C73C18EE8438 ] BCM43XX C:\Windows\system32\DRIVERS\bcmwl6.sys
17:35:53.0418 3032 BCM43XX - ok
17:35:53.0449 3032 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
17:35:53.0512 3032 BDESVC - ok
17:35:53.0574 3032 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
17:35:53.0636 3032 Beep - ok
17:35:53.0699 3032 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
17:35:53.0777 3032 BFE - ok
17:35:53.0824 3032 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
17:35:53.0917 3032 BITS - ok
17:35:53.0933 3032 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
17:35:53.0980 3032 blbdrive - ok
17:35:54.0011 3032 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
17:35:54.0073 3032 bowser - ok
17:35:54.0120 3032 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
17:35:54.0214 3032 BrFiltLo - ok
17:35:54.0245 3032 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
17:35:54.0307 3032 BrFiltUp - ok
17:35:54.0338 3032 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
17:35:54.0401 3032 Browser - ok
17:35:54.0448 3032 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
17:35:54.0526 3032 Brserid - ok
17:35:54.0541 3032 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
17:35:54.0604 3032 BrSerWdm - ok
17:35:54.0619 3032 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
17:35:54.0666 3032 BrUsbMdm - ok
17:35:54.0697 3032 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
17:35:54.0760 3032 BrUsbSer - ok
17:35:54.0822 3032 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
17:35:54.0869 3032 BTHMODEM - ok
17:35:54.0931 3032 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
17:35:55.0009 3032 bthserv - ok
17:35:55.0087 3032 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
17:35:55.0150 3032 cdfs - ok
17:35:55.0228 3032 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
17:35:55.0274 3032 cdrom - ok
17:35:55.0306 3032 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
17:35:55.0399 3032 CertPropSvc - ok
17:35:55.0462 3032 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
17:35:55.0508 3032 circlass - ok
17:35:55.0540 3032 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
17:35:55.0586 3032 CLFS - ok
17:35:55.0742 3032 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
17:35:55.0789 3032 clr_optimization_v2.0.50727_32 - ok
17:35:55.0883 3032 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
17:35:55.0930 3032 clr_optimization_v4.0.30319_32 - ok
17:35:55.0992 3032 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
17:35:56.0039 3032 CmBatt - ok
17:35:56.0179 3032 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
17:35:56.0210 3032 cmdide - ok
17:35:56.0304 3032 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
17:35:56.0382 3032 CNG - ok
17:35:56.0444 3032 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
17:35:56.0476 3032 Compbatt - ok
17:35:56.0538 3032 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
17:35:56.0585 3032 CompositeBus - ok
17:35:56.0600 3032 COMSysApp - ok
17:35:56.0632 3032 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
17:35:56.0663 3032 crcdisk - ok
17:35:56.0725 3032 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
17:35:56.0803 3032 CryptSvc - ok
17:35:56.0881 3032 [ 3C2177A897B4CA2788C6FB0C3FD81D4B ] CSC C:\Windows\system32\drivers\csc.sys
17:35:56.0975 3032 CSC - ok
17:35:57.0068 3032 [ 15F93B37F6801943360D9EB42485D5D3 ] CscService C:\Windows\System32\cscsvc.dll
17:35:57.0131 3032 CscService - ok
17:35:57.0162 3032 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
17:35:57.0240 3032 DcomLaunch - ok
17:35:57.0302 3032 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
17:35:57.0552 3032 defragsvc - ok
17:35:57.0614 3032 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
17:35:57.0739 3032 DfsC - ok
17:35:57.0817 3032 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
17:35:57.0911 3032 Dhcp - ok
17:35:57.0942 3032 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
17:35:58.0020 3032 discache - ok
17:35:58.0051 3032 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
17:35:58.0098 3032 Disk - ok
17:35:58.0129 3032 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
17:35:58.0223 3032 Dnscache - ok
17:35:58.0270 3032 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
17:35:58.0348 3032 dot3svc - ok
17:35:58.0410 3032 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
17:35:58.0504 3032 DPS - ok
17:35:58.0550 3032 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
17:35:58.0597 3032 drmkaud - ok
17:35:58.0644 3032 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
17:35:58.0722 3032 DXGKrnl - ok
17:35:58.0800 3032 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
17:35:58.0878 3032 EapHost - ok
17:35:59.0018 3032 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
17:35:59.0299 3032 ebdrv - ok
17:35:59.0330 3032 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
17:35:59.0377 3032 EFS - ok
17:35:59.0455 3032 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
17:35:59.0549 3032 ehRecvr - ok
17:35:59.0627 3032 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
17:35:59.0674 3032 ehSched - ok
17:35:59.0736 3032 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
17:35:59.0798 3032 elxstor - ok
17:36:00.0110 3032 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
17:36:00.0188 3032 ErrDev - ok
17:36:00.0235 3032 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
17:36:00.0329 3032 EventSystem - ok
17:36:00.0376 3032 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
17:36:00.0500 3032 exfat - ok
17:36:00.0516 3032 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
17:36:00.0594 3032 fastfat - ok
17:36:00.0703 3032 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
17:36:00.0766 3032 Fax - ok
17:36:00.0797 3032 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
17:36:00.0844 3032 fdc - ok
17:36:00.0922 3032 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
17:36:01.0000 3032 fdPHost - ok
17:36:01.0046 3032 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
17:36:01.0140 3032 FDResPub - ok
17:36:01.0171 3032 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
17:36:01.0202 3032 FileInfo - ok
17:36:01.0265 3032 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
17:36:01.0343 3032 Filetrace - ok
17:36:01.0374 3032 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
17:36:01.0421 3032 flpydisk - ok
17:36:01.0452 3032 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
17:36:01.0514 3032 FltMgr - ok
17:36:01.0608 3032 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
17:36:01.0733 3032 FontCache - ok
17:36:01.0858 3032 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
17:36:01.0889 3032 FontCache3.0.0.0 - ok
17:36:01.0936 3032 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
17:36:01.0967 3032 FsDepends - ok
17:36:02.0029 3032 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
17:36:02.0060 3032 Fs_Rec - ok
17:36:02.0107 3032 [ 8A73E79089B282100B9393B644CB853B ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
17:36:02.0170 3032 fvevol - ok
17:36:02.0232 3032 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
17:36:02.0279 3032 gagp30kx - ok
17:36:02.0326 3032 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
17:36:02.0435 3032 gpsvc - ok
17:36:02.0560 3032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe
17:36:02.0591 3032 gupdate - ok
17:36:02.0622 3032 [ 506708142BC63DABA64F2D3AD1DCD5BF ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe
17:36:02.0638 3032 gupdatem - ok
17:36:02.0669 3032 [ C1B577B2169900F4CF7190C39F085794 ] gusvc C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
17:36:02.0762 3032 gusvc - ok
17:36:02.0809 3032 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
17:36:02.0856 3032 hcw85cir - ok
17:36:02.0934 3032 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
17:36:03.0012 3032 HdAudAddService - ok
17:36:03.0059 3032 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
17:36:03.0106 3032 HDAudBus - ok
17:36:03.0152 3032 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
17:36:03.0199 3032 HidBatt - ok
17:36:03.0215 3032 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
17:36:03.0277 3032 HidBth - ok
17:36:03.0308 3032 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
17:36:03.0371 3032 HidIr - ok
17:36:03.0402 3032 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
17:36:03.0496 3032 hidserv - ok
17:36:03.0558 3032 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\DRIVERS\hidusb.sys
17:36:03.0683 3032 HidUsb - ok
17:36:03.0776 3032 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
17:36:03.0839 3032 hkmsvc - ok
17:36:03.0948 3032 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
17:36:04.0073 3032 HomeGroupListener - ok
17:36:04.0104 3032 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
17:36:04.0151 3032 HomeGroupProvider - ok
17:36:04.0198 3032 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
17:36:04.0244 3032 HpSAMD - ok
17:36:04.0322 3032 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
17:36:04.0416 3032 HTTP - ok
17:36:04.0432 3032 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
17:36:04.0478 3032 hwpolicy - ok
17:36:04.0556 3032 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
17:36:04.0619 3032 i8042prt - ok
17:36:04.0712 3032 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
17:36:04.0790 3032 iaStorV - ok
17:36:04.0884 3032 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
17:36:05.0040 3032 idsvc - ok
17:36:05.0274 3032 [ 9467514EA189475A6E7FDC5D7BDE9D3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys
17:36:05.0586 3032 igfx - ok
17:36:05.0617 3032 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
17:36:05.0695 3032 iirsp - ok
17:36:05.0773 3032 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
17:36:05.0851 3032 IKEEXT - ok
17:36:05.0914 3032 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
17:36:05.0945 3032 intelide - ok
17:36:05.0976 3032 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
17:36:06.0007 3032 intelppm - ok
17:36:06.0038 3032 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
17:36:06.0116 3032 IPBusEnum - ok
17:36:06.0148 3032 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
17:36:06.0241 3032 IpFilterDriver - ok
17:36:06.0288 3032 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
17:36:06.0350 3032 iphlpsvc - ok
17:36:06.0382 3032 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
17:36:06.0460 3032 IPMIDRV - ok
17:36:06.0475 3032 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
17:36:06.0553 3032 IPNAT - ok
17:36:06.0569 3032 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
17:36:06.0647 3032 IRENUM - ok
17:36:06.0662 3032 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
17:36:06.0709 3032 isapnp - ok
17:36:06.0740 3032 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
17:36:06.0834 3032 iScsiPrt - ok
17:36:06.0881 3032 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys
17:36:06.0912 3032 kbdclass - ok
17:36:06.0990 3032 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys
17:36:07.0037 3032 kbdhid - ok
17:36:07.0052 3032 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
17:36:07.0084 3032 KeyIso - ok
17:36:07.0115 3032 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
17:36:07.0162 3032 KSecDD - ok
17:36:07.0193 3032 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
17:36:07.0240 3032 KSecPkg - ok
17:36:07.0271 3032 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
17:36:07.0396 3032 KtmRm - ok
17:36:07.0442 3032 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
17:36:07.0536 3032 LanmanServer - ok
17:36:07.0598 3032 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
17:36:07.0661 3032 LanmanWorkstation - ok
17:36:07.0708 3032 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
17:36:07.0786 3032 lltdio - ok
17:36:07.0817 3032 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
17:36:07.0942 3032 lltdsvc - ok
17:36:07.0973 3032 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
17:36:08.0066 3032 lmhosts - ok
17:36:08.0129 3032 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
17:36:08.0176 3032 LSI_FC - ok
17:36:08.0207 3032 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
17:36:08.0238 3032 LSI_SAS - ok
17:36:08.0269 3032 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
17:36:08.0316 3032 LSI_SAS2 - ok
17:36:08.0363 3032 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
17:36:08.0394 3032 LSI_SCSI - ok
17:36:08.0441 3032 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
17:36:08.0519 3032 luafv - ok
17:36:08.0566 3032 [ 629CABB0421668C9D3D402A3C3D77E14 ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
17:36:08.0597 3032 MBAMProtector - ok
17:36:08.0659 3032 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files\Malwarebytes' Anti-Malware\mbamscheduler.exe
17:36:08.0706 3032 MBAMScheduler - ok
17:36:08.0737 3032 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
17:36:08.0800 3032 MBAMService - ok
17:36:09.0127 3032 [ DDCC236009C707761D60E5C76D639176 ] McComponentHostService C:\Program Files\McAfee Security Scan\3.0.318\McCHSvc.exe
17:36:09.0174 3032 McComponentHostService - ok
17:36:09.0299 3032 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
17:36:09.0346 3032 Mcx2Svc - ok
17:36:09.0486 3032 [ 7CF1B716372B89568AE4C0FE769F5869 ] MDM C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\mdm.exe
17:36:09.0548 3032 MDM ( UnsignedFile.Multi.Generic ) - warning
17:36:09.0548 3032 MDM - detected UnsignedFile.Multi.Generic (1)
17:36:09.0580 3032 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
17:36:09.0626 3032 megasas - ok
17:36:09.0658 3032 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
17:36:09.0720 3032 MegaSR - ok
17:36:09.0736 3032 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
17:36:09.0829 3032 MMCSS - ok
17:36:09.0845 3032 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
17:36:09.0938 3032 Modem - ok
17:36:10.0016 3032 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
17:36:10.0048 3032 monitor - ok
17:36:10.0094 3032 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
17:36:10.0141 3032 mouclass - ok
17:36:10.0172 3032 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
17:36:10.0235 3032 mouhid - ok
17:36:10.0313 3032 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
17:36:10.0406 3032 mountmgr - ok
17:36:10.0484 3032 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
17:36:10.0531 3032 MozillaMaintenance - ok
17:36:10.0547 3032 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
17:36:10.0594 3032 mpio - ok
17:36:10.0687 3032 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
17:36:10.0796 3032 mpsdrv - ok
17:36:10.0890 3032 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
17:36:11.0015 3032 MpsSvc - ok
17:36:11.0046 3032 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
17:36:11.0140 3032 MRxDAV - ok
17:36:11.0186 3032 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
17:36:11.0249 3032 mrxsmb - ok
17:36:11.0296 3032 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
17:36:11.0358 3032 mrxsmb10 - ok
17:36:11.0389 3032 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
17:36:11.0498 3032 mrxsmb20 - ok
17:36:11.0576 3032 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
17:36:11.0608 3032 msahci - ok
17:36:11.0701 3032 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
17:36:11.0748 3032 msdsm - ok
17:36:11.0764 3032 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
17:36:11.0842 3032 MSDTC - ok
17:36:11.0888 3032 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
17:36:11.0951 3032 Msfs - ok
17:36:11.0966 3032 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
17:36:12.0060 3032 mshidkmdf - ok
17:36:12.0122 3032 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
17:36:12.0154 3032 msisadrv - ok
17:36:12.0200 3032 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
17:36:12.0294 3032 MSiSCSI - ok
17:36:12.0294 3032 msiserver - ok
17:36:12.0372 3032 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
17:36:12.0434 3032 MSKSSRV - ok
17:36:12.0497 3032 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
17:36:12.0575 3032 MSPCLOCK - ok
17:36:12.0590 3032 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
17:36:12.0731 3032 MSPQM - ok
17:36:12.0980 3032 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
17:36:13.0012 3032 MsRPC - ok
17:36:13.0058 3032 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
17:36:13.0090 3032 mssmbios - ok
17:36:13.0152 3032 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
17:36:13.0261 3032 MSTEE - ok
17:36:13.0339 3032 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
17:36:13.0402 3032 MTConfig - ok
17:36:13.0417 3032 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
17:36:13.0464 3032 Mup - ok
17:36:13.0526 3032 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
17:36:13.0620 3032 napagent - ok
17:36:13.0698 3032 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
17:36:13.0760 3032 NativeWifiP - ok
17:36:13.0838 3032 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
17:36:13.0885 3032 NDIS - ok
17:36:13.0963 3032 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
17:36:14.0041 3032 NdisCap - ok
17:36:14.0072 3032 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
17:36:14.0150 3032 NdisTapi - ok
17:36:14.0213 3032 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
17:36:14.0291 3032 Ndisuio - ok
17:36:14.0416 3032 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
17:36:14.0540 3032 NdisWan - ok
17:36:14.0603 3032 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
17:36:14.0743 3032 NDProxy - ok
17:36:14.0821 3032 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
17:36:14.0899 3032 NetBIOS - ok
17:36:14.0930 3032 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
17:36:15.0040 3032 NetBT - ok
17:36:15.0071 3032 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
17:36:15.0102 3032 Netlogon - ok
17:36:15.0149 3032 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
17:36:15.0227 3032 Netman - ok
17:36:15.0242 3032 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
17:36:15.0320 3032 netprofm - ok
17:36:15.0352 3032 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
17:36:15.0398 3032 NetTcpPortSharing - ok
17:36:15.0476 3032 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
17:36:15.0523 3032 nfrd960 - ok
17:36:15.0554 3032 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
17:36:15.0617 3032 NlaSvc - ok
17:36:15.0695 3032 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
17:36:15.0757 3032 Npfs - ok
17:36:15.0804 3032 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
17:36:15.0944 3032 nsi - ok
17:36:15.0960 3032 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
17:36:16.0054 3032 nsiproxy - ok
17:36:16.0132 3032 [ 0D87503986BB3DFED58E343FE39DDE13 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
17:36:16.0256 3032 Ntfs - ok
17:36:16.0303 3032 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
17:36:16.0381 3032 Null - ok
17:36:16.0459 3032 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
17:36:16.0537 3032 nvraid - ok
17:36:16.0615 3032 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
17:36:16.0662 3032 nvstor - ok
17:36:16.0709 3032 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
17:36:16.0756 3032 nv_agp - ok
17:36:17.0146 3032 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
17:36:17.0208 3032 odserv - ok
17:36:17.0270 3032 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
17:36:17.0333 3032 ohci1394 - ok
17:36:17.0395 3032 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE
17:36:17.0426 3032 ose - ok
17:36:17.0473 3032 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
17:36:17.0504 3032 p2pimsvc - ok
17:36:17.0567 3032 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
17:36:17.0707 3032 p2psvc - ok
17:36:17.0754 3032 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
17:36:17.0801 3032 Parport - ok
17:36:17.0832 3032 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
17:36:17.0863 3032 partmgr - ok
17:36:17.0972 3032 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
17:36:18.0113 3032 Parvdm - ok
17:36:18.0768 3032 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
17:36:18.0815 3032 PcaSvc - ok
17:36:18.0862 3032 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
17:36:18.0924 3032 pci - ok
17:36:18.0940 3032 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
17:36:18.0986 3032 pciide - ok
17:36:19.0018 3032 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
17:36:19.0049 3032 pcmcia - ok
17:36:19.0080 3032 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
17:36:19.0111 3032 pcw - ok
17:36:19.0174 3032 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
17:36:19.0298 3032 PEAUTH - ok
17:36:19.0392 3032 [ AF4D64D2A57B9772CF3801950B8058A6 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
17:36:19.0439 3032 PeerDistSvc - ok
17:36:19.0517 3032 [ 021968ED24B4E44BABAF11FBF8C4FB86 ] phaudlwr C:\Windows\system32\DRIVERS\phaudlwr.sys
17:36:19.0579 3032 phaudlwr - ok
17:36:19.0673 3032 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
17:36:19.0876 3032 pla - ok
17:36:19.0922 3032 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
17:36:20.0000 3032 PlugPlay - ok
17:36:20.0047 3032 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
17:36:20.0094 3032 PNRPAutoReg - ok
17:36:20.0125 3032 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
17:36:20.0156 3032 PNRPsvc - ok
17:36:20.0203 3032 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
17:36:20.0312 3032 PolicyAgent - ok
17:36:20.0390 3032 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
17:36:20.0468 3032 Power - ok
17:36:20.0546 3032 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
17:36:20.0749 3032 PptpMiniport - ok
17:36:20.0827 3032 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
17:36:20.0874 3032 Processor - ok
17:36:20.0936 3032 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
17:36:21.0124 3032 ProfSvc - ok
17:36:21.0358 3032 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
17:36:21.0389 3032 ProtectedStorage - ok
17:36:21.0623 3032 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
17:36:21.0685 3032 Psched - ok
17:36:21.0763 3032 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
17:36:21.0935 3032 ql2300 - ok
17:36:22.0013 3032 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
17:36:22.0060 3032 ql40xx - ok
17:36:22.0091 3032 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
17:36:22.0169 3032 QWAVE - ok
17:36:22.0184 3032 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
17:36:22.0231 3032 QWAVEdrv - ok
17:36:22.0372 3032 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
17:36:22.0543 3032 RasAcd - ok
17:36:22.0824 3032 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
17:36:22.0933 3032 RasAgileVpn - ok
17:36:22.0980 3032 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
17:36:23.0058 3032 RasAuto - ok
17:36:23.0120 3032 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
17:36:23.0198 3032 Rasl2tp - ok
17:36:23.0261 3032 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
17:36:23.0354 3032 RasMan - ok
17:36:23.0370 3032 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
17:36:23.0448 3032 RasPppoe - ok
17:36:23.0464 3032 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
17:36:23.0542 3032 RasSstp - ok
17:36:23.0573 3032 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
17:36:23.0666 3032 rdbss - ok
17:36:23.0698 3032 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
17:36:23.0729 3032 rdpbus - ok
17:36:23.0791 3032 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
17:36:23.0900 3032 RDPCDD - ok
17:36:23.0932 3032 [ B973FCFC50DC1434E1970A146F7E3885 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
17:36:23.0994 3032 RDPDR - ok
17:36:24.0025 3032 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
17:36:24.0103 3032 RDPENCDD - ok
17:36:24.0181 3032 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
17:36:24.0290 3032 RDPREFMP - ok
17:36:24.0337 3032 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
17:36:24.0400 3032 RDPWD - ok
17:36:24.0446 3032 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
17:36:24.0524 3032 rdyboost - ok
17:36:24.0556 3032 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
17:36:24.0665 3032 RemoteAccess - ok
17:36:24.0758 3032 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
17:36:24.0852 3032 RemoteRegistry - ok
17:36:24.0899 3032 [ DF672613FBBCD58C38BB0BC2694BCFB0 ] rimmptsk C:\Windows\system32\DRIVERS\rimmptsk.sys
17:36:24.0977 3032 rimmptsk - ok
17:36:25.0008 3032 [ 9BFB54D3559F2FF7301271D29D383564 ] rimsptsk C:\Windows\system32\DRIVERS\rimsptsk.sys
17:36:25.0055 3032 rimsptsk - ok
17:36:25.0086 3032 [ DCB87DA83CC1010CBC9FC4DC9E395BBC ] rismxdp C:\Windows\system32\DRIVERS\rixdptsk.sys
17:36:25.0133 3032 rismxdp - ok
17:36:25.0195 3032 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
17:36:25.0273 3032 RpcEptMapper - ok
17:36:25.0304 3032 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
17:36:25.0351 3032 RpcLocator - ok
17:36:25.0367 3032 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
17:36:25.0445 3032 RpcSs - ok
17:36:25.0523 3032 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
17:36:25.0679 3032 rspndr - ok
17:36:25.0710 3032 [ 7FA7F2E249A5DCBB7970630E15E1F482 ] s3cap C:\Windows\system32\drivers\vms3cap.sys
17:36:25.0960 3032 s3cap - ok
17:36:26.0287 3032 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
17:36:26.0318 3032 SamSs - ok
17:36:26.0365 3032 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
17:36:26.0396 3032 sbp2port - ok
17:36:26.0443 3032 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
17:36:26.0521 3032 SCardSvr - ok
17:36:26.0552 3032 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
17:36:26.0630 3032 scfilter - ok
17:36:26.0724 3032 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
17:36:26.0818 3032 Schedule - ok
17:36:26.0927 3032 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
17:36:26.0974 3032 SCPolicySvc - ok
17:36:27.0036 3032 [ 0328BE1C7F1CBA23848179F8762E391C ] sdbus C:\Windows\system32\drivers\sdbus.sys
17:36:27.0098 3032 sdbus - ok
17:36:27.0130 3032 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
17:36:27.0301 3032 SDRSVC - ok
17:36:27.0364 3032 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
17:36:27.0426 3032 secdrv - ok
17:36:27.0535 3032 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
17:36:27.0738 3032 seclogon - ok
17:36:27.0769 3032 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
17:36:27.0863 3032 SENS - ok
17:36:27.0910 3032 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
17:36:27.0988 3032 SensrSvc - ok
17:36:28.0019 3032 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
17:36:28.0081 3032 Serenum - ok
17:36:28.0097 3032 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
17:36:28.0159 3032 Serial - ok
17:36:28.0190 3032 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
17:36:28.0237 3032 sermouse - ok
17:36:28.0300 3032 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
17:36:28.0346 3032 SessionEnv - ok
17:36:28.0378 3032 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\DRIVERS\sffdisk.sys
17:36:28.0424 3032 sffdisk - ok
17:36:28.0440 3032 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
17:36:28.0487 3032 sffp_mmc - ok
17:36:28.0502 3032 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\DRIVERS\sffp_sd.sys
17:36:28.0534 3032 sffp_sd - ok
17:36:28.0596 3032 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
17:36:28.0721 3032 sfloppy - ok
17:36:28.0783 3032 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
17:36:28.0892 3032 SharedAccess - ok
17:36:28.0939 3032 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
17:36:29.0033 3032 ShellHWDetection - ok
17:36:29.0064 3032 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
17:36:29.0111 3032 sisagp - ok
17:36:29.0158 3032 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
17:36:29.0189 3032 SiSRaid2 - ok
17:36:29.0220 3032 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
17:36:29.0251 3032 SiSRaid4 - ok
17:36:29.0345 3032 [ 8C4F0DCC6A5100D48F9B2F950CDD220F ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe
17:36:29.0470 3032 SkypeUpdate - ok
17:36:29.0501 3032 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
17:36:29.0594 3032 Smb - ok
17:36:29.0704 3032 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
17:36:29.0766 3032 SNMPTRAP - ok
17:36:29.0813 3032 [ 437198C0D349B0E0D4305D3081C5E912 ] SPC530 C:\Windows\system32\drivers\SPC530.sys
17:36:29.0906 3032 SPC530 - ok
17:36:29.0922 3032 [ 92E0CE241498B483404A957E709329CC ] SPC530m C:\Windows\system32\drivers\SPC530m.sys
17:36:29.0953 3032 SPC530m - ok
17:36:29.0984 3032 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
17:36:30.0016 3032 spldr - ok
17:36:30.0062 3032 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
17:36:30.0156 3032 Spooler - ok
17:36:30.0296 3032 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
17:36:30.0421 3032 sppsvc - ok
17:36:30.0468 3032 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
17:36:30.0546 3032 sppuinotify - ok
17:36:30.0593 3032 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
17:36:30.0749 3032 srv - ok
17:36:30.0811 3032 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
17:36:30.0889 3032 srv2 - ok
17:36:30.0936 3032 [ E00FDFAFF025E94F9821153750C35A6D ] SrvHsfHDA C:\Windows\system32\DRIVERS\VSTAZL3.SYS
17:36:30.0983 3032 SrvHsfHDA - ok
17:36:31.0030 3032 [ CEB4E3B6890E1E42DCA6694D9E59E1A0 ] SrvHsfV92 C:\Windows\system32\DRIVERS\VSTDPV3.SYS
17:36:31.0139 3032 SrvHsfV92 - ok
17:36:31.0186 3032 [ BC0C7EA89194C299F051C24119000E17 ] SrvHsfWinac C:\Windows\system32\DRIVERS\VSTCNXT3.SYS
17:36:31.0264 3032 SrvHsfWinac - ok
17:36:31.0295 3032 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
17:36:31.0342 3032 srvnet - ok
17:36:31.0373 3032 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
17:36:31.0451 3032 SSDPSRV - ok
17:36:31.0498 3032 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
17:36:31.0529 3032 ssmdrv - ok
17:36:31.0576 3032 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
17:36:31.0654 3032 SstpSvc - ok
17:36:31.0700 3032 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
17:36:31.0732 3032 stexstor - ok
17:36:31.0778 3032 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
17:36:31.0872 3032 StiSvc - ok
17:36:31.0919 3032 [ 472AF0311073DCECEAA8FA18BA2BDF89 ] storflt C:\Windows\system32\drivers\vmstorfl.sys
17:36:31.0950 3032 storflt - ok
17:36:32.0012 3032 [ 0BF669F0A910BEDA4A32258D363AF2A5 ] StorSvc C:\Windows\system32\storsvc.dll
17:36:32.0059 3032 StorSvc - ok
17:36:32.0106 3032 [ DCAFFD62259E0BDB433DD67B5BB37619 ] storvsc C:\Windows\system32\drivers\storvsc.sys
17:36:32.0153 3032 storvsc - ok
17:36:32.0168 3032 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
17:36:32.0200 3032 swenum - ok
17:36:32.0262 3032 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
17:36:32.0356 3032 swprv - ok
17:36:32.0418 3032 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
17:36:32.0480 3032 SysMain - ok
17:36:32.0496 3032 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
17:36:32.0558 3032 TabletInputService - ok
17:36:32.0683 3032 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
17:36:32.0777 3032 TapiSrv - ok
17:36:32.0792 3032 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
17:36:32.0870 3032 TBS - ok
17:36:32.0948 3032 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
17:36:33.0120 3032 Tcpip - ok
17:36:33.0198 3032 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
17:36:33.0276 3032 TCPIP6 - ok
17:36:33.0323 3032 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
17:36:33.0370 3032 tcpipreg - ok
17:36:33.0416 3032 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
17:36:33.0494 3032 TDPIPE - ok
17:36:33.0526 3032 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
17:36:33.0557 3032 TDTCP - ok
17:36:33.0588 3032 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
17:36:33.0728 3032 tdx - ok
17:36:33.0775 3032 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
17:36:33.0822 3032 TermDD - ok
17:36:33.0869 3032 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
17:36:33.0962 3032 TermService - ok
17:36:34.0056 3032 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
17:36:34.0118 3032 Themes - ok
17:36:34.0150 3032 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
17:36:34.0196 3032 THREADORDER - ok
17:36:34.0259 3032 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
17:36:34.0337 3032 TrkWks - ok
17:36:34.0399 3032 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
17:36:34.0493 3032 TrustedInstaller - ok
17:36:34.0586 3032 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
17:36:34.0727 3032 tssecsrv - ok
17:36:34.0774 3032 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
17:36:34.0805 3032 TsUsbFlt - ok
17:36:34.0852 3032 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
17:36:34.0914 3032 tunnel - ok
17:36:34.0945 3032 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
17:36:34.0992 3032 uagp35 - ok
17:36:35.0008 3032 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
17:36:35.0101 3032 udfs - ok
17:36:35.0148 3032 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
17:36:35.0195 3032 UI0Detect - ok
17:36:35.0257 3032 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
17:36:35.0288 3032 uliagpkx - ok
17:36:35.0320 3032 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\DRIVERS\umbus.sys
17:36:35.0366 3032 umbus - ok
17:36:35.0413 3032 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
17:36:35.0476 3032 UmPass - ok
17:36:35.0507 3032 [ 409994A8EACEEE4E328749C0353527A0 ] UmRdpService C:\Windows\System32\umrdp.dll
17:36:35.0569 3032 UmRdpService - ok
17:36:35.0647 3032 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
17:36:35.0710 3032 upnphost - ok
17:36:35.0741 3032 [ 1D9F2BD026E8E2D45033A4DF3F16B78C ] usbaudio C:\Windows\system32\drivers\usbaudio.sys
17:36:35.0803 3032 usbaudio - ok
17:36:35.0881 3032 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
17:36:35.0959 3032 usbccgp - ok
17:36:36.0006 3032 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
17:36:36.0053 3032 usbcir - ok
17:36:36.0100 3032 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
17:36:36.0131 3032 usbehci - ok
17:36:36.0209 3032 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
17:36:36.0256 3032 usbhub - ok
17:36:36.0334 3032 [ A6FB7957EA7AFB1165991E54CE934B74 ] usbohci C:\Windows\system32\DRIVERS\usbohci.sys
17:36:36.0380 3032 usbohci - ok
17:36:36.0396 3032 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
17:36:36.0443 3032 usbprint - ok
17:36:36.0490 3032 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
17:36:36.0536 3032 usbscan - ok
17:36:36.0583 3032 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
17:36:36.0630 3032 USBSTOR - ok
17:36:36.0708 3032 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
17:36:36.0739 3032 usbuhci - ok
17:36:36.0770 3032 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
17:36:36.0817 3032 UxSms - ok
17:36:36.0895 3032 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
17:36:36.0926 3032 VaultSvc - ok
17:36:36.0958 3032 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
17:36:37.0004 3032 vdrvroot - ok
17:36:37.0051 3032 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
17:36:37.0176 3032 vds - ok
17:36:37.0207 3032 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
17:36:37.0270 3032 vga - ok
17:36:37.0285 3032 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
17:36:37.0348 3032 VgaSave - ok
17:36:37.0379 3032 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
17:36:37.0426 3032 vhdmp - ok
17:36:37.0472 3032 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
17:36:37.0504 3032 viaagp - ok
17:36:37.0535 3032 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
17:36:37.0582 3032 ViaC7 - ok
17:36:37.0613 3032 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
17:36:37.0644 3032 viaide - ok
17:36:37.0660 3032 [ C2F2911156FDC7817C52829C86DA494E ] vmbus C:\Windows\system32\drivers\vmbus.sys
17:36:37.0706 3032 vmbus - ok
17:36:37.0738 3032 [ D4D77455211E204F370D08F4963063CE ] VMBusHID C:\Windows\system32\drivers\VMBusHID.sys
17:36:37.0769 3032 VMBusHID - ok
17:36:37.0800 3032 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
17:36:37.0831 3032 volmgr - ok
17:36:37.0862 3032 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
17:36:37.0909 3032 volmgrx - ok
17:36:37.0940 3032 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
17:36:38.0003 3032 volsnap - ok
17:36:38.0034 3032 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
17:36:38.0081 3032 vsmraid - ok
17:36:38.0143 3032 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
17:36:38.0284 3032 VSS - ok
17:36:38.0299 3032 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
17:36:38.0346 3032 vwifibus - ok
17:36:38.0377 3032 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
17:36:38.0424 3032 vwififlt - ok
17:36:38.0471 3032 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
17:36:38.0502 3032 vwifimp - ok
17:36:38.0549 3032 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
17:36:38.0627 3032 W32Time - ok
17:36:38.0658 3032 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
17:36:38.0720 3032 WacomPen - ok
17:36:38.0752 3032 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
17:36:38.0814 3032 WANARP - ok
17:36:38.0830 3032 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
17:36:38.0876 3032 Wanarpv6 - ok
17:36:39.0017 3032 [ 353A04C273EC58475D8633E75CCD5604 ] WatAdminSvc C:\Windows\system32\Wat\WatAdminSvc.exe
17:36:39.0251 3032 WatAdminSvc - ok
17:36:39.0329 3032 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
17:36:39.0454 3032 wbengine - ok
17:36:39.0485 3032 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
17:36:39.0547 3032 WbioSrvc - ok
17:36:39.0578 3032 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
17:36:39.0656 3032 wcncsvc - ok
17:36:39.0672 3032 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
17:36:39.0719 3032 WcsPlugInService - ok
17:36:39.0766 3032 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
17:36:39.0797 3032 Wd - ok
17:36:39.0844 3032 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
17:36:39.0937 3032 Wdf01000 - ok
17:36:39.0953 3032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
17:36:40.0031 3032 WdiServiceHost - ok
17:36:40.0046 3032 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
17:36:40.0078 3032 WdiSystemHost - ok
17:36:40.0109 3032 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
17:36:40.0265 3032 WebClient - ok
17:36:40.0296 3032 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
17:36:40.0374 3032 Wecsvc - ok
17:36:40.0390 3032 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
17:36:40.0483 3032 wercplsupport - ok
17:36:40.0546 3032 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
17:36:40.0624 3032 WerSvc - ok
17:36:40.0686 3032 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
17:36:40.0748 3032 WfpLwf - ok
17:36:40.0780 3032 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
17:36:40.0811 3032 WIMMount - ok
17:36:40.0904 3032 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
17:36:40.0967 3032 WinDefend - ok
17:36:40.0982 3032 WinHttpAutoProxySvc - ok
17:36:41.0076 3032 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
17:36:41.0216 3032 Winmgmt - ok
17:36:41.0279 3032 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
17:36:41.0435 3032 WinRM - ok
17:36:41.0622 3032 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
17:36:41.0669 3032 WinUsb - ok
17:36:41.0747 3032 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
17:36:41.0856 3032 Wlansvc - ok
17:36:41.0903 3032 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
17:36:41.0934 3032 WmiAcpi - ok
17:36:41.0981 3032 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
17:36:42.0028 3032 wmiApSrv - ok
17:36:42.0184 3032 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
17:36:42.0277 3032 WMPNetworkSvc - ok
17:36:42.0324 3032 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
17:36:42.0371 3032 WPCSvc - ok
17:36:43.0026 3032 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
17:36:43.0073 3032 WPDBusEnum - ok
17:36:43.0229 3032 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
17:36:43.0307 3032 ws2ifsl - ok
17:36:43.0354 3032 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
17:36:43.0385 3032 wscsvc - ok
17:36:43.0400 3032 WSearch - ok
17:36:43.0525 3032 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
17:36:43.0619 3032 wuauserv - ok
17:36:43.0666 3032 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
17:36:43.0728 3032 WudfPf - ok
17:36:43.0822 3032 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
17:36:43.0884 3032 WUDFRd - ok
17:36:43.0978 3032 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
17:36:44.0009 3032 wudfsvc - ok
17:36:44.0071 3032 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
17:36:44.0149 3032 WwanSvc - ok
17:36:44.0258 3032 [ 30B73EB97218A16CBC6DE535782A1B35 ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
17:36:44.0368 3032 yukonw7 - ok
17:36:44.0383 3032 ================ Scan global ===============================
17:36:44.0414 3032 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
17:36:44.0461 3032 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:44.0477 3032 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
17:36:44.0570 3032 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
17:36:44.0602 3032 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
17:36:44.0602 3032 [Global] - ok
17:36:44.0602 3032 ================ Scan MBR ==================================
17:36:44.0695 3032 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
17:36:45.0366 3032 \Device\Harddisk0\DR0 - ok
17:36:45.0382 3032 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk1\DR1
17:36:45.0538 3032 \Device\Harddisk1\DR1 - ok
17:36:45.0538 3032 ================ Scan VBR ==================================
17:36:45.0553 3032 [ E42E4169D9EA06558D6E391129529F43 ] \Device\Harddisk0\DR0\Partition1
17:36:45.0569 3032 \Device\Harddisk0\DR0\Partition1 - ok
17:36:45.0631 3032 [ 3F629D79619C37C742A8245805ECEC2D ] \Device\Harddisk0\DR0\Partition2
17:36:45.0631 3032 \Device\Harddisk0\DR0\Partition2 - ok
17:36:45.0647 3032 [ EC41BB0909901CB1AB7BFFB0008D8FAF ] \Device\Harddisk1\DR1\Partition1
17:36:45.0647 3032 \Device\Harddisk1\DR1\Partition1 - ok
17:36:45.0647 3032 ============================================================
17:36:45.0647 3032 Scan finished
17:36:45.0647 3032 ============================================================
17:36:45.0662 3104 Detected object count: 1
17:36:45.0662 3104 Actual detected object count: 1
17:37:05.0194 3104 MDM ( UnsignedFile.Multi.Generic ) - skipped by user
17:37:05.0194 3104 MDM ( UnsignedFile.Multi.Generic ) - User select action: Skip
17:47:56.0917 1224 Deinitialize success
Hier der aktuelle Quarantäne Stand von Antivir: Code:
ATTFilter
Typ: Datei
Quelle: C:\Users\Fr Fee\dxygpfj.exe
Status: Infiziert
Quarantäne-Objekt: 5441981e.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.20
Virendefinitionsdatei: 7.11.67.116
Meldung: BDS/Androm.EB.69
Datum/Uhrzeit: 27.03.2013, 18:14
Typ: Datei
Quelle: C:\Users\Fr Fee\dxqmhhr.exe
Status: Infiziert
Quarantäne-Objekt: 56fd94eb.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.20
Virendefinitionsdatei: 7.11.67.116
Meldung: BDS/Androm.EB.69
Datum/Uhrzeit: 27.03.2013, 18:14
Typ: Datei
Quelle: C:\Users\Fr Fee\dxahap.exe
Status: Infiziert
Quarantäne-Objekt: 5dd58127.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.20
Virendefinitionsdatei: 7.11.67.116
Meldung: BDS/Androm.EB.69
Datum/Uhrzeit: 27.03.2013, 16:36
Typ: Datei
Quelle: C:\Users\Fr Fee\AppData\Roaming\Adlo\muuqwaa.exe
Status: Infiziert
Quarantäne-Objekt: 453eae9d.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.20
Virendefinitionsdatei: 7.11.67.116
Meldung: TR/Spy.ZBot.jvxg
Datum/Uhrzeit: 27.03.2013, 16:36
Typ: Datei
Quelle: C:\Users\Fr Fee\AppData\Local\Temp\1370819571.exe
Status: Infiziert
Quarantäne-Objekt: 538dbd75.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.20
Virendefinitionsdatei: 7.11.67.116
Meldung: TR/Spy.ZBot.jvxg
Datum/Uhrzeit: 27.03.2013, 16:27
Typ: Datei
Quelle: C:\Users\Fr Fee\AppData\LocalLow\Sun\Java\Deployment\cache\6.0\56\2fe23df8-41e999da
Status: Infiziert
Quarantäne-Objekt: 56adcf74.qua
Wiederhergestellt: NEIN
Zu Avira hochgeladen: NEIN
Betriebssystem: Windows XP/VISTA Workstation/Windows 7
Suchengine: 8.02.12.14
Virendefinitionsdatei: 7.11.64.154
Meldung: EXP/JAVA.Ternub.Gen
Datum/Uhrzeit: 26.03.2013, 08:48
Und Malwarebyte Protection hatte folgendes gefunden und in Quarantäne gepackt: Code:
ATTFilter 2013/03/27 07:21:33 GMT FRFEE-PC Fr Fee MESSAGE Starting protection
2013/03/27 07:21:33 GMT FRFEE-PC Fr Fee MESSAGE Protection started successfully
2013/03/27 07:21:33 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 07:21:50 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
2013/03/27 07:27:33 GMT FRFEE-PC Fr Fee MESSAGE Executing scheduled update: Daily
2013/03/27 07:27:33 GMT FRFEE-PC Fr Fee ERROR Scheduled update failed: No address found failed with error code 0
2013/03/27 07:50:30 GMT FRFEE-PC Fr Fee MESSAGE Starting database refresh
2013/03/27 07:50:30 GMT FRFEE-PC Fr Fee MESSAGE Stopping IP protection
2013/03/27 07:50:31 GMT FRFEE-PC Fr Fee MESSAGE IP Protection stopped successfully
2013/03/27 07:50:34 GMT FRFEE-PC Fr Fee MESSAGE Database refreshed successfully
2013/03/27 07:50:34 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 07:50:48 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
2013/03/27 16:00:21 GMT FRFEE-PC Fr Fee MESSAGE Starting protection
2013/03/27 16:00:21 GMT FRFEE-PC Fr Fee MESSAGE Protection started successfully
2013/03/27 16:00:21 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 16:00:40 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
2013/03/27 16:01:07 GMT FRFEE-PC Fr Fee DETECTION C:\Users\Fr Fee\AppData\Local\Temp\tmp812d3e06\23.exe Trojan.FakeMS.PRGen QUARANTINE
2013/03/27 16:10:08 GMT FRFEE-PC Fr Fee MESSAGE Starting database refresh
2013/03/27 16:10:08 GMT FRFEE-PC Fr Fee MESSAGE Stopping IP protection
2013/03/27 16:10:09 GMT FRFEE-PC Fr Fee MESSAGE IP Protection stopped successfully
2013/03/27 16:10:14 GMT FRFEE-PC Fr Fee MESSAGE Database refreshed successfully
2013/03/27 16:10:14 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 16:10:31 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
2013/03/27 16:34:14 GMT FRFEE-PC Fr Fee MESSAGE Starting protection
2013/03/27 16:34:14 GMT FRFEE-PC Fr Fee MESSAGE Protection started successfully
2013/03/27 16:34:14 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 16:34:34 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
2013/03/27 17:28:35 GMT FRFEE-PC Fr Fee MESSAGE Starting protection
2013/03/27 17:28:35 GMT FRFEE-PC Fr Fee MESSAGE Protection started successfully
2013/03/27 17:28:35 GMT FRFEE-PC Fr Fee MESSAGE Starting IP protection
2013/03/27 17:28:54 GMT FRFEE-PC Fr Fee MESSAGE IP Protection started successfully
|
|
28.03.2013, 12:10
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
28.03.2013, 22:59
| #13 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes Ok, Cosinus. Hier also das Combofix Logfile. Lief alles wie geschmiert: Code:
ATTFilter ComboFix 13-03-28.01 - Fr Fee 28.03.2013 19:24:44.1.2 - x86
Microsoft Windows 7 Professional 6.1.7601.1.1252.49.1031.18.3062.2121 [GMT 0:00]
ausgef¸hrt von:: c:\users\Fr Fee\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
* Neuer Wiederherstellungspunkt wurde erstellt
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-02-28 bis 2013-03-28 ))))))))))))))))))))))))))))))
.
.
2013-03-28 19:31 . 2013-03-28 19:31 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-03-28 06:58 . 2013-03-28 06:58 -------- d-----w- c:\users\Fr Fee\AppData\Roaming\Leadertech
2013-03-26 12:09 . 2013-03-26 12:09 -------- d-----w- c:\program files\7-Zip
2013-03-26 08:52 . 2013-03-26 08:52 -------- d-----w- c:\users\Fr Fee\AppData\Roaming\Malwarebytes
2013-03-26 08:52 . 2013-03-26 08:52 -------- d-----w- c:\programdata\Malwarebytes
2013-03-26 08:52 . 2013-03-26 08:52 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-03-26 08:52 . 2012-12-14 16:49 21104 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-03-26 08:51 . 2013-03-26 08:51 -------- d-----w- c:\users\Fr Fee\AppData\Local\Programs
2013-03-26 07:51 . 2013-03-26 07:51 -------- d-----w- c:\users\Fr Fee\AppData\Roaming\Avira
2013-03-26 07:50 . 2013-03-06 15:13 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-26 07:50 . 2013-02-27 12:22 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-26 07:50 . 2013-02-27 12:22 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-26 07:50 . 2013-03-26 07:50 -------- d-----w- c:\programdata\Avira
2013-03-26 07:50 . 2013-03-26 07:50 -------- d-----w- c:\program files\Avira
2013-03-26 07:21 . 2013-03-26 07:21 -------- d-----w- c:\program files\Kaspersky Lab
2013-03-21 16:35 . 2013-03-27 16:36 -------- d-----w- c:\users\Fr Fee\AppData\Roaming\Adlo
2013-03-21 16:35 . 2013-03-27 16:01 -------- d-----w- c:\users\Fr Fee\AppData\Roaming\Zov
2013-03-19 18:09 . 2013-02-08 00:45 6954968 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{2587A025-A59F-4219-B65D-86B4C0777BBE}\mpengine.dll
2013-03-14 19:07 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
2013-02-28 08:18 . 2013-01-13 19:53 187392 ----a-w- c:\windows\system32\UIAnimation.dll
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-13 21:23 . 2012-08-16 19:16 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-13 21:23 . 2011-06-07 21:22 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-02-12 04:48 . 2013-03-13 08:29 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-13 08:29 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-01-17 01:28 . 2011-03-25 16:20 232336 ------w- c:\windows\system32\MpSigStub.exe
2013-01-05 05:00 . 2013-02-13 13:31 3967848 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-01-05 05:00 . 2013-02-13 13:31 3913064 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-01-04 04:50 . 2013-02-13 13:31 169984 ----a-w- c:\windows\system32\winsrv.dll
2013-01-04 03:00 . 2013-02-13 13:32 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-01-03 05:05 . 2013-02-13 13:31 1293672 ----a-w- c:\windows\system32\drivers\tcpip.sys
2013-01-03 05:04 . 2013-02-13 13:31 187752 ----a-w- c:\windows\system32\drivers\FWPKCLNT.SYS
2013-03-08 09:55 . 2013-03-08 09:55 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Eintr‰ge & legitime Standardeintr‰ge werden nicht angezeigt.
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt1]
@="{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt2]
@="{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\DropboxExt3]
@="{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}"
[HKEY_CLASSES_ROOT\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}]
2012-11-13 23:32 129272 ----a-w- c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"EPLTarget\P0000000000000000"="c:\windows\system32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE" [2011-04-24 219008]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="c:\windows\system32\igfxpers.exe" [2009-09-23 150552]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2009-09-23 141848]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2009-09-23 173592]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2011-05-17 395144]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2012-01-18 254696]
"SweetIM"="c:\program files\SweetIM\Messenger\SweetIM.exe" [2012-05-29 115032]
"Sweetpacks Communicator"="c:\program files\SweetIM\Communicator\SweetPacksUpdateManager.exe" [2012-08-15 231768]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-19 345312]
.
c:\users\Fr Fee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Dropbox.lnk - c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe [2013-1-20 28539272]
.
c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
McAfee Security Scan Plus.lnk - c:\program files\McAfee Security Scan\3.0.318\SSScheduler.exe [2013-2-5 272248]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"ConsentPromptBehaviorUser"= 3 (0x3)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"mixer2"=wdmaud.drv
.
R2 MBAMService;MBAMService;c:\program files\Malwarebytes' Anti-Malware\mbamservice.exe [x]
R2 SkypeUpdate;Skype Updater;c:\program files\Skype\Updater\Updater.exe [x]
R3 McComponentHostService;McAfee Security Scan Component Host Service;c:\program files\McAfee Security Scan\3.0.318\McCHSvc.exe [x]
R3 phaudlwr;Philips Audio Filter;c:\windows\system32\DRIVERS\phaudlwr.sys [x]
R3 SPC530;Philips SPC530NC PC Camera;c:\windows\system32\drivers\SPC530.sys [x]
R3 SPC530m;Philips SPC530NC PC Cameram;c:\windows\system32\drivers\SPC530m.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
R3 WatAdminSvc;Windows-Aktivierungstechnologieservice;c:\windows\system32\Wat\WatAdminSvc.exe [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 MBAMScheduler;MBAMScheduler;c:\program files\Malwarebytes' Anti-Malware\mbamscheduler.exe [x]
S3 MBAMProtector;MBAMProtector;c:\windows\system32\drivers\mbam.sys [x]
S3 SrvHsfHDA;SrvHsfHDA;c:\windows\system32\DRIVERS\VSTAZL3.SYS [x]
S3 SrvHsfV92;SrvHsfV92;c:\windows\system32\DRIVERS\VSTDPV3.SYS [x]
S3 SrvHsfWinac;SrvHsfWinac;c:\windows\system32\DRIVERS\VSTCNXT3.SYS [x]
S3 yukonw7;NDIS6.2 Miniport Driver for Marvell Yukon Ethernet Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-03-28 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-08-16 21:23]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-25 16:03]
.
2013-03-28 c:\windows\Tasks\GoogleUpdateTaskMachineUA1cd64bc987ada46.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-05-25 16:03]
.
.
------- Zus‰tzlicher Suchlauf -------
.
uStart Page = hxxp://home.sweetim.com/?st=6&barid={896DC53A-F781-11E1-983E-001D0962ED65}
uDefault_Search_URL = hxxp://www.google.com/ie
mStart Page = hxxp://home.sweetim.com/?crg=3.1010000.10011&barid={896DC53A-F781-11E1-983E-001D0962ED65}
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Nach Microsoft E&xel exportieren - c:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
Trusted Zone: samsungsetup.com\www
TCP: DhcpNameServer = 192.168.1.1
TCP: Interfaces\{4D827BD6-16FE-4D66-9ED7-5624EB251094}: NameServer = 134.2.200.1,134.2.200.2
FF - ProfilePath - c:\users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\
FF - prefs.js: browser.search.defaulturl -
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.gmx.net/
FF - prefs.js: keyword.URL - hxxp://search.sweetim.com/search.asp?barid={896DC53A-F781-11E1-983E-001D0962ED65}&src=2&crg=3.1010000.10011&q=
FF - user.js: network.cookie.cookieBehavior - 0
FF - user.js: privacy.clearOnShutdown.cookies - false
FF - user.js: security.warn_viewing_mixed - false
FF - user.js: security.warn_viewing_mixed.show_once - false
FF - user.js: security.warn_submit_insecure - false
FF - user.js: security.warn_submit_insecure.show_once - false
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
--------------------- Durch laufende Prozesse gestartete DLLs ---------------------
.
- - - - - - - > 'Explorer.exe'(3632)
c:\users\Fr Fee\AppData\Roaming\Dropbox\bin\DropboxExt.17.dll
.
Zeit der Fertigstellung: 2013-03-28 19:34:29
ComboFix-quarantined-files.txt 2013-03-28 19:34
.
Vor Suchlauf: 8 Verzeichnis(se), 36.715.692.032 Bytes frei
Nach Suchlauf: 13 Verzeichnis(se), 37.841.174.528 Bytes frei
.
- - End Of File - - DCA73B2000098B42EB24F9E576E104AF
|
|
29.03.2013, 02:16
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
29.03.2013, 10:10
| #15 |
| | EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes So weit ich sehen konnte, lief wieder alles easy. JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.7.3 (03.23.2013:1)
OS: Windows 7 Professional x86
Ran by Fr Fee on 29.03.2013 at 8:22:54,29
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetim
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\sweetpacks communicator
Successfully repaired: [Registry Value] hkey_current_user\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\.default\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-18\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-19\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\s-1-5-20\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_users\S-1-5-21-4238205265-3827081884-3146971656-1000\software\microsoft\internet explorer\main\\Start Page
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\main\\Start Page
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_current_user\software\1clickdownload
Successfully deleted: [Registry Key] hkey_local_machine\software\iminent
Successfully deleted: [Registry Key] hkey_current_user\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\sweetim
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\1clicktorrentfile1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mediaplayer.graphicsutils.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\mgmediaplayer.gifanimator.1
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclick
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\oneclickmg
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\sim-packages
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\windows\currentversion\app paths\sweetim.exe
Successfully deleted: [Registry Key] hkey_current_user\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{eee6c360-6118-11dc-9c72-001320c79847}
~~~ Files
~~~ Folders
Successfully deleted: [Folder] "C:\ProgramData\sweetim"
Successfully deleted: [Folder] "C:\Program Files\sweetim"
~~~ FireFox
Successfully deleted: [File] C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\user.js
Successfully deleted the following from C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\prefs.js
user_pref("extensions.asktb.abar-war-timeout", "4000");
user_pref("extensions.asktb.cbid", "F4");
user_pref("extensions.asktb.config-updated", false);
user_pref("extensions.asktb.crumb", "2011.03.25+09.48.30-toolbar002iad-DE-U3R1dHRnYXJ0LEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://de.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}");
user_pref("extensions.asktb.dtid", "YYYYYYYYDE");
user_pref("extensions.asktb.dyn-weather-do-locid-lookup-weatherWidget", true);
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1354119086791");
user_pref("extensions.asktb.last-v", "3.11.3.100005");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.o", "101699");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "7");
user_pref("extensions.asktb.search-suggestions-enabled", false);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", true);
user_pref("extensions.asktb.socialmini-first", true);
user_pref("extensions.asktb.socialmini-interval", "1200000");
user_pref("extensions.asktb.socialmini-max-char-ticker", "33");
user_pref("extensions.asktb.socialmini-max-items", "30");
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.socialmini-speed", "5000");
user_pref("extensions.asktb.socialmini-transition-first-open", false);
user_pref("extensions.asktb.v", "3.11.3.100013");
user_pref("keyword.URL", "hxxp://search.sweetim.com/search.asp?barid={896DC53A-F781-11E1-983E-001D0962ED65}&src=2&crg=3.1010000.10011&q=");
Emptied folder: C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\minidumps [1042 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 29.03.2013 at 8:27:49,55
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Code:
ATTFilter # AdwCleaner v2.115 - Datei am 29/03/2013 um 08:29:53 erstellt
# Aktualisiert am 17/03/2013 von Xplode
# Betriebssystem : Windows 7 Professional Service Pack 1 (32 bits)
# Benutzer : Fr Fee - FRFEE-PC
# Bootmodus : Normal
# Ausgef¸hrt unter : C:\Users\Fr Fee\Desktop\adwcleaner.exe
# Option [Lˆschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Ordner Gelˆscht : C:\Program Files\1ClickDownload
Ordner Gelˆscht : C:\Program Files\Ask.com
Ordner Gelˆscht : C:\Users\Fr Fee\AppData\LocalLow\AskToolbar
Ordner Gelˆscht : C:\Users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\jetpack
Ordner Gelˆscht : C:\Windows\Installer\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Ordner Gelˆscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Ordner Gelˆscht : C:\Windows\Installer\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
***** [Registrierungsdatenbank] *****
Schl¸ssel Gelˆscht : HKCU\Software\APN
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\AskToolbarInfo
Schl¸ssel Gelˆscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schl¸ssel Gelˆscht : HKCU\Software\Ask.com
Schl¸ssel Gelˆscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\Software\APN
Schl¸ssel Gelˆscht : HKLM\Software\AskToolbar
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{608D3067-77E8-463D-9084-908966806826}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{BDB69379-802F-4EAF-B541-F8DE92DD98DB}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\AppID\{EA28B360-05E0-4F93-8150-02891F1D8D3C}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{82AC53B4-164C-4B07-A016-437A8388B81A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\CLSID\{A4A0CB15-8465-4F58-A7E5-73084EA2A064}
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Features\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Classes\Installer\Products\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{A439801C-961D-452C-AB42-7848E9CBD289}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C358-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C359-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{EEE6C35A-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\Interface\{F4EBB1E2-21F3-4786-8CF4-16EC5925867F}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Classes\TypeLib\{4D3B167E-5FD8-4276-8FD7-9DF19C1E4D19}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Google\Chrome\Extensions\pmlghpafmmnmmkjdhacccolfgnkiboco
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{EEE6C367-6118-11DC-9C72-001320C79847}
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\02F47BF73B948514FAACADD8CBBDF37D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\07D5290CDBDAE4242926B8E6CA650501
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\080D9F5E1E95FEE4794CE438E635239E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\08E33F7B61DEFF24BB9673ED7D467636
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E3D8A5B48622A445A7DF73FEFF32C3F
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\12BF94BD06C95F343A77631402B9556A
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1E264E0A5959A1C46BA9175A878B12EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2124D8A8CF720FD44866190AF560228E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\27A325ACED8CA4743A30127638591ADB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2E6768B6932D112438F047C54D180635
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\34EDDB1BFB3A2D448845F3EFD0F15A43
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\350D17402BD84234EAF7D32F08172D7C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\351716A953E21214898904032EAE2E81
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\397C771A7BCAC904697C3EC629ED33ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\3EE8C5F419057E1478A654868CEE60B5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\427EA997C413D1D47907CBFC7B2DB432
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4318DF19719275242801CBE292063A4C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\45FC115D1FEAEF849A4E1610D6EC8BF0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\46A5861A389ADB844AF89E31BC9DF0A1
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4735D908D66E1BA46B6C2D7185A12B2B
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49B0E1A6FF50BBE4289E4E23DE6EA0C7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\4CCCAC049F34D0540AAC13011398BEDB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5C4389D0BFB302C479DE4178BD5D9EBA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\5D2B09BDEF4FE54418E6F3373CDBC7AC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\61B65D3397A1FBF4CB1571B5E4F6B5B0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\68E8A05C60DD9254591DBD16C94EDDBF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\697E782CF574CC34CBB9566440BA12BC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\69D6A6B2ED56AF24EA6335EAD6E91CA4
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AE27A8613CF7EA4782F2886F67295E5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\75D5168E5E176C24981B4E5DBD991078
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\76D8378E2DDAED3428720A631F6E3BF0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7CE172051F585E04187BCB97570BFA74
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7FFA128C2B0FF414D805FC5627883401
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86A901BA5265452499DCBF719C378EE3
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\86EDC790504E1834DBC20C9A04328FD2
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\8724E58E6C7D00C48A0D4F3345EB2C26
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\88ABD1CD5C40EC84789A7F6EF86DAC5E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\97C3D0F82E712E241A2F969F45E3351C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\980289C22F80A7C4BB9323DC61255E4E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\98CC8BF5A4A6E6C4ABF7051DDAB8B058
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A001B259DB7D694E818BE29B973992C
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9A4B7EF3789F871419D9302583B20C15
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9E7F556BF224D804D96A96F0F6344789
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A189D17A469616C4688D23E192996267
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A6C53B0F76C44004A8F36716213017DB
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\AB676B0E1B9EFA049B9F7DDDA9645734
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B31BBB0B825EDEF45AB0FE7099C68C81
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B471D8D7319336B4CA89374ED0D7B806
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B59F2D8189784CC46A4597F2842480B0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BAE2EC163C6A68A48921573E0E7E199D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BC30043663AA2CA4DA1DAA9CA5FDCC75
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BD746FB95FB8E5B45BF66BE54D5FD91F
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BF4F885EDEE45644EB1E0C99E0162399
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\C06C6662FA5B04646829E4A460857770
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CCF399FCD6D2D3F46BF02A1378654FC9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CE21F3FD57B244142880EF15A165A156
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\CEEB3E14ABE8270419B0FD762E18F7C6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D149C1355C98DE24E82CEFBD996FE06A
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D15DAF33C220F91468A1D7D57C31ACD7
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D3BA76A44C779424889063D5098ED2D6
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D6D0EB9FDBD90C04D92A7E729058F10D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB59FDB786388EA4D897F3EE715683AC
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DB8DAD19CFBCC2049A4477183787E8C5
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E1C820A74ED67374BA048B52CB3C3804
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E4748F9A4181FCE46A23C13B517B9420
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EC65F200D112357449C8B1BC3CFA03D0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\ED1B5E9A3BDB51349BF96E842C062D98
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\F327D0C73C0973644A21E8CC852267A0
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FA96423FE2B98E248A3B23548D1E22D9
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FDC83385E6C239F4C876A77A37DF581D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\FECBC2BC14DA6CD459BD59A041709836
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\547B38670606DF14AA57B0BB83F3AE4D
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\9EE58E3C298524145B73CBBED3CAC4D3
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schl¸ssel Gelˆscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\EB6AF8AEEB922FA4392548F13812E50B
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{2F603A45-D956-496B-81B5-50D782424976}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{7683B745-6060-41FD-AA75-0BBB383FEAD4}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{889DF117-14D1-44EE-9F31-C5FB5D47F68B}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{B85C4CB2-B352-4BD8-818C-BCE353599107}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{C3E85EE9-5892-4142-B537-BCEB3DAC4C3D}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EA8FA6BE-29BE-4AF2-9352-841F83215EB0}
Schl¸ssel Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\1ClickDownload
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelperApp.exe]
Wert Gelˆscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SharedDLLs [C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarProxy.dll]
***** [Internet Browser] *****
-\\ Internet Explorer v9.0.8112.16470
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\Fr Fee\AppData\Roaming\Mozilla\Firefox\Profiles\eswjcej2.default\prefs.js
Gelˆscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
*************************
AdwCleaner[S1].txt - [18857 octets] - [29/03/2013 08:29:53]
########## EOF - C:\AdwCleaner[S1].txt - [18918 octets] ##########
Code:
ATTFilter OTL logfile created on: 29.03.2013 08:34:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fr Fee\Desktop Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.0.8112.16421) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,99 Gb Total Physical Memory | 2,20 Gb Available Physical Memory | 73,41% Memory free 5,98 Gb Paging File | 5,15 Gb Available in Paging File | 86,15% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 136,45 Gb Total Space | 35,02 Gb Free Space | 25,67% Space Free | Partition Type: NTFS Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,29% Space Free | Partition Type: NTFS Drive F: | 977,04 Mb Total Space | 821,32 Mb Free Space | 84,06% Space Free | Partition Type: FAT32 Computer Name: FRFEE-PC | User Name: Fr Fee | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Fr Fee\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\McAfee Security Scan\3.0.318\SSScheduler.exe (McAfee, Inc.) PRC - C:\Users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\spool\drivers\w32x86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Modules (No Company Name) ========== MOD - C:\Programme\WinRAR\RarExt.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (WatAdminSvc) -- C:\Windows\System32\Wat\WatAdminSvc.exe (Microsoft Corporation) SRV - (McComponentHostService) -- C:\Programme\McAfee Security Scan\3.0.318\McCHSvc.exe (McAfee, Inc.) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Programme\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Programme\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (odserv) -- C:\Programme\Common Files\microsoft shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\System32\StorSvc.dll (Microsoft Corporation) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (PeerDistSvc) -- C:\Windows\System32\PeerDistSvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (MDM) -- C:\Programme\Common Files\microsoft shared\VS7DEBUG\mdm.exe (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\FRFEE~1\AppData\Local\Temp\catchme.sys File not found DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (MBAMProtector) -- C:\Windows\System32\drivers\mbam.sys (Malwarebytes Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (vmbus) -- C:\Windows\System32\drivers\vmbus.sys (Microsoft Corporation) DRV - (storflt) -- C:\Windows\System32\drivers\vmstorfl.sys (Microsoft Corporation) DRV - (storvsc) -- C:\Windows\System32\drivers\storvsc.sys (Microsoft Corporation) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (VMBusHID) -- C:\Windows\System32\drivers\VMBusHID.sys (Microsoft Corporation) DRV - (s3cap) -- C:\Windows\System32\drivers\vms3cap.sys (Microsoft Corporation) DRV - (phaudlwr) -- C:\Windows\System32\drivers\phaudlwr.sys (Philips Applied Technologies) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys () DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (rimmptsk) -- C:\Windows\System32\drivers\rimmptsk.sys (REDC) DRV - (rismxdp) -- C:\Windows\System32\drivers\rixdptsk.sys (REDC) DRV - (rimsptsk) -- C:\Windows\System32\drivers\rimsptsk.sys (REDC) DRV - (SPC530) -- C:\Windows\System32\drivers\SPC530.sys ( ) DRV - (SPC530m) -- C:\Windows\System32\drivers\SPC530m.sys ( ) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 78 23 5F 14 04 C3 CD 01 [binary data] IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = hxxp://www.google.com/ie IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{53337977-395A-4D90-BFDD-FB881AF2296F}: "URL" = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultenginename: "" FF - prefs.js..browser.search.defaulturl: "" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.gmx.net/" FF - prefs.js..extensions.enabledAddons: %7B73a6fe31-595d-460b-a920-fcc0f8843232%7D:2.6.5.8 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: online_downloaden@example.net:1.0.0.0 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\Windows\system32\npdeployJava1.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.) FF - HKLM\Software\MozillaPlugins\@mcafee.com/McAfeeMssPlugin: C:\Program Files\McAfee Security Scan\3.0.318\npMcAfeeMss.dll (McAfee, Inc.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE: disabled File not found FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKCU\Software\MozillaPlugins\amazon.com/AmazonMP3DownloaderPlugin: C:\Program Files\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101714.dll (Amazon.com, Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:55:38 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.08 09:55:42 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.08 09:55:38 | 000,000,000 | ---D | M] [2011.03.25 16:14:02 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\Extensions [2013.03.05 13:29:25 | 000,000,000 | ---D | M] (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\Firefox\Profiles\eswjcej2.default\extensions [2013.01.30 21:31:03 | 000,204,940 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\OneClickDownload@OneClickDownload.com.xpi [2012.03.23 09:06:38 | 000,020,591 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}.xpi [2013.03.05 13:29:25 | 000,531,283 | ---- | M] () (No name found) -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2011.05.14 14:28:13 | 000,005,212 | ---- | M] () -- C:\Users\Fr Fee\AppData\Roaming\mozilla\firefox\profiles\eswjcej2.default\searchplugins\ecosia.xml [2013.03.08 09:55:37 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0034-ABCDEFFEDCBA} [2013.03.08 09:55:37 | 000,000,000 | ---D | M] (Java Console) -- C:\Programme\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} [2013.03.08 09:55:42 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.11.20 07:13:26 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.11.20 07:13:26 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.11.20 07:13:26 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.11.20 07:13:26 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.11.20 07:13:26 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.11.20 07:13:26 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2009.06.10 21:39:37 | 000,000,824 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O2 - BHO: (MSS+ Identifier) - {0E8A89AD-95D7-40EB-8D9D-083EF7066A01} - C:\Programme\McAfee Security Scan\3.0.318\McAfeeMSS_IE.dll (McAfee, Inc.) O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000..\Run: [EPLTarget\P0000000000000000] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_TATIHTU.EXE (SEIKO EPSON CORPORATION) O4 - Startup: C:\Users\Fr Fee\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk = C:\Users\Fr Fee\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\Windows\System32\GPhotos.scr (Google Inc.) O8 - Extra context menu item: Nach Microsoft E&xel exportieren - C:\Programme\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Programme\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKU\S-1-5-21-4238205265-3827081884-3146971656-1000\..Trusted Domains: samsungsetup.com ([www] http in Vertrauenswürdige Sites) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_35-windows-i586.cab (Java Plug-in 1.6.0_35) O16 - DPF: {F27237D7-93C8-44C2-AC6E-D6057B9A918F} https://juniper.net/dana-cached/sc/JuniperSetupClient.cab (JuniperSetupClientControl Class) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{4D827BD6-16FE-4D66-9ED7-5624EB251094}: NameServer = 134.2.200.1,134.2.200.2 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5C0BF6FE-326F-4C5C-B99E-EC07FBCAB99F}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 21:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.03.29 08:22:51 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.03.29 08:22:38 | 000,000,000 | ---D | C] -- C:\JRT [2013.03.29 08:22:19 | 000,550,069 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\Fr Fee\Desktop\JRT.exe [2013.03.28 19:34:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.03.28 19:33:08 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.03.28 19:22:23 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.03.28 19:22:23 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.03.28 19:22:23 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.03.28 19:22:00 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.03.28 19:21:37 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.03.28 19:20:34 | 005,044,813 | R--- | C] (Swearware) -- C:\Users\Fr Fee\Desktop\ComboFix.exe [2013.03.28 06:58:50 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Leadertech [2013.03.27 16:33:52 | 000,000,000 | ---D | C] -- C:\Windows\Minidump [2013.03.27 16:09:57 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth [2013.03.27 08:20:27 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\Fr Fee\Desktop\aswMBR.exe [2013.03.27 07:16:03 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Desktop\mbar [2013.03.27 07:15:03 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\Fr Fee\Desktop\tdsskiller.exe [2013.03.26 12:09:14 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip [2013.03.26 12:09:13 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip [2013.03.26 08:52:31 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Malwarebytes [2013.03.26 08:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.26 08:52:20 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.26 08:52:19 | 000,021,104 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.26 08:52:19 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.03.26 08:51:57 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Local\Programs [2013.03.26 08:51:43 | 010,156,344 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fr Fee\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 08:51:43 | 006,697,472 | ---- | C] (Malwarebytes Corporation ) -- C:\Users\Fr Fee\Desktop\mbam-rules.exe [2013.03.26 08:51:43 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\Fr Fee\Desktop\OTL.exe [2013.03.26 07:51:21 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Avira [2013.03.26 07:50:49 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.26 07:50:37 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.26 07:50:36 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.26 07:50:36 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.26 07:50:36 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.26 07:50:35 | 000,000,000 | ---D | C] -- C:\ProgramData\Avira [2013.03.26 07:50:35 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.26 07:21:49 | 000,000,000 | ---D | C] -- C:\Program Files\Kaspersky Lab [2013.03.21 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Zov [2013.03.21 16:35:44 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\AppData\Roaming\Adlo [2013.03.21 14:51:55 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Desktop\Vorzeiger [2013.03.20 12:51:14 | 000,000,000 | ---D | C] -- C:\Users\Fr Fee\Documents\Vikariat [2013.03.14 19:07:24 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.13 17:05:09 | 002,382,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.03.13 17:05:08 | 000,607,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.03.13 17:05:08 | 000,176,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.03.13 17:05:08 | 000,142,848 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.03.13 17:05:08 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.03.13 17:05:07 | 001,800,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.03.13 17:05:07 | 000,231,936 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.03.13 17:05:06 | 001,427,968 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.03.08 09:55:36 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.02.28 08:18:09 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.02.28 08:17:51 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.02.28 08:17:48 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.02.28 08:17:48 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.02.28 08:17:48 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.02.28 08:17:47 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.02.28 08:17:45 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.02.28 08:17:44 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.02.28 08:17:44 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.02.28 08:17:44 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.02.28 08:17:44 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.02.28 08:17:44 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.02.28 08:17:43 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.02.28 08:17:42 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.02.28 08:17:42 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.02.28 08:17:42 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.02.28 08:17:41 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.02.28 08:17:41 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.02.28 08:17:41 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.02.28 08:17:41 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.02.28 08:17:41 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.02.28 08:17:41 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.02.28 08:17:41 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.02.28 08:17:40 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.02.28 08:17:39 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.03.29 09:22:34 | 000,609,993 | ---- | M] () -- C:\Users\Fr Fee\Desktop\adwcleaner.exe [2013.03.29 09:22:12 | 000,550,069 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\Fr Fee\Desktop\JRT.exe [2013.03.29 08:39:07 | 000,016,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 08:39:07 | 000,016,720 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.03.29 08:38:05 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.03.29 08:38:05 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.03.29 08:38:05 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.03.29 08:38:05 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.03.29 08:31:30 | 000,001,094 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.03.29 08:31:22 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.03.29 08:31:14 | 2408,087,552 | -HS- | M] () -- C:\hiberfil.sys [2013.03.29 08:20:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.03.28 21:51:15 | 000,001,098 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA1cd64bc987ada46.job [2013.03.28 20:21:26 | 005,044,813 | R--- | M] (Swearware) -- C:\Users\Fr Fee\Desktop\ComboFix.exe [2013.03.27 16:33:43 | 268,513,542 | ---- | M] () -- C:\Windows\MEMORY.DMP [2013.03.27 08:55:07 | 000,000,512 | ---- | M] () -- C:\Users\Fr Fee\Desktop\MBR.dat [2013.03.27 08:14:46 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\Fr Fee\Desktop\aswMBR.exe [2013.03.27 08:13:58 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\Fr Fee\Desktop\tdsskiller.exe [2013.03.27 08:13:58 | 000,004,096 | -H-- | M] () -- C:\Users\Fr Fee\Desktop\._tdsskiller.exe [2013.03.27 08:13:28 | 000,004,096 | -H-- | M] () -- C:\Users\Fr Fee\Desktop\._aswMBR.exe [2013.03.27 08:13:04 | 013,786,977 | ---- | M] () -- C:\Users\Fr Fee\Desktop\mbar-1.01.0.1021.zip [2013.03.26 12:13:19 | 000,049,432 | ---- | M] () -- C:\Users\Fr Fee\Desktop\Desktop.zip [2013.03.26 09:55:49 | 000,000,000 | ---- | M] () -- C:\Users\Fr Fee\defogger_reenable [2013.03.26 09:43:50 | 000,377,856 | ---- | M] () -- C:\Users\Fr Fee\Desktop\gmer_2.1.19155.exe [2013.03.26 09:43:28 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\Fr Fee\Desktop\OTL.exe [2013.03.26 09:43:18 | 000,050,477 | ---- | M] () -- C:\Users\Fr Fee\Desktop\Defogger.exe [2013.03.26 09:35:18 | 006,697,472 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fr Fee\Desktop\mbam-rules.exe [2013.03.26 09:35:02 | 010,156,344 | ---- | M] (Malwarebytes Corporation ) -- C:\Users\Fr Fee\Desktop\mbam-setup-1.70.0.1100.exe [2013.03.26 08:52:20 | 000,001,071 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 07:50:49 | 000,002,016 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.16 18:36:25 | 000,037,545 | ---- | M] () -- C:\Users\Fr Fee\Desktop\the hat picture.jpg [2013.03.13 21:23:01 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.13 21:23:01 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.08 19:32:16 | 000,017,258 | ---- | M] () -- C:\Users\Fr Fee\Desktop\jot.boy.jpg [2013.03.06 15:13:37 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.02.27 12:22:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.02.27 12:22:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.03.29 08:22:08 | 000,609,993 | ---- | C] () -- C:\Users\Fr Fee\Desktop\adwcleaner.exe [2013.03.28 19:22:23 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.03.28 19:22:23 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.03.28 19:22:23 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.03.28 19:22:23 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.03.28 19:22:23 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.03.27 16:33:43 | 268,513,542 | ---- | C] () -- C:\Windows\MEMORY.DMP [2013.03.27 08:55:07 | 000,000,512 | ---- | C] () -- C:\Users\Fr Fee\Desktop\MBR.dat [2013.03.27 07:14:50 | 013,786,977 | ---- | C] () -- C:\Users\Fr Fee\Desktop\mbar-1.01.0.1021.zip [2013.03.27 07:14:02 | 000,004,096 | -H-- | C] () -- C:\Users\Fr Fee\Desktop\._tdsskiller.exe [2013.03.27 07:13:50 | 000,004,096 | -H-- | C] () -- C:\Users\Fr Fee\Desktop\._aswMBR.exe [2013.03.26 12:13:19 | 000,049,432 | ---- | C] () -- C:\Users\Fr Fee\Desktop\Desktop.zip [2013.03.26 09:55:49 | 000,000,000 | ---- | C] () -- C:\Users\Fr Fee\defogger_reenable [2013.03.26 08:52:20 | 000,001,071 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.26 08:51:43 | 000,377,856 | ---- | C] () -- C:\Users\Fr Fee\Desktop\gmer_2.1.19155.exe [2013.03.26 08:51:43 | 000,050,477 | ---- | C] () -- C:\Users\Fr Fee\Desktop\Defogger.exe [2013.03.26 07:50:49 | 000,002,016 | ---- | C] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.03.16 18:36:25 | 000,037,545 | ---- | C] () -- C:\Users\Fr Fee\Desktop\the hat picture.jpg [2013.03.08 13:58:14 | 000,017,258 | ---- | C] () -- C:\Users\Fr Fee\Desktop\jot.boy.jpg [2011.11.11 07:21:37 | 000,181,760 | ---- | C] () -- C:\Windows\System32\patchw32.dll [2011.11.11 07:21:37 | 000,081,920 | ---- | C] () -- C:\Windows\System32\bwplay.exe [2011.11.11 07:21:37 | 000,055,808 | ---- | C] () -- C:\Windows\System32\zlib1.dll [2011.11.11 07:21:36 | 001,982,464 | ---- | C] () -- C:\Windows\System32\bwbits70.dll [2011.11.11 07:21:36 | 000,116,736 | ---- | C] () -- C:\Windows\System32\patchw.dll [2011.06.13 16:28:03 | 000,486,912 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530.sys [2011.06.13 16:28:03 | 000,007,680 | ---- | C] ( ) -- C:\Windows\System32\drivers\SPC530m.sys [2011.05.08 11:34:02 | 000,155,136 | ---- | C] () -- C:\Windows\System32\BWBITS32.DLL [2011.05.08 11:34:02 | 000,144,288 | ---- | C] () -- C:\Windows\System32\BWBITS16.DLL [2011.05.08 11:34:02 | 000,020,992 | ---- | C] () -- C:\Windows\System32\BWNTSEND.DLL [2011.05.08 11:34:02 | 000,016,896 | ---- | C] () -- C:\Windows\System32\BWNTHOOK.DLL [2011.05.08 11:34:02 | 000,008,352 | ---- | C] () -- C:\Windows\System32\BWSEND.DLL [2011.05.08 11:34:02 | 000,006,496 | ---- | C] () -- C:\Windows\System32\BWSETUP.DLL [2011.05.08 11:34:02 | 000,004,288 | ---- | C] () -- C:\Windows\System32\BWKBHOOK.DLL [2011.03.28 20:39:10 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 04:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 04:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 03:19:04 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 01:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 29.03.2013 08:48:33 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Fr Fee\Desktop
Professional Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.0.8112.16421)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,99 Gb Total Physical Memory | 2,11 Gb Available Physical Memory | 70,64% Memory free
5,98 Gb Paging File | 5,05 Gb Available in Paging File | 84,46% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 136,45 Gb Total Space | 35,02 Gb Free Space | 25,66% Space Free | Partition Type: NTFS
Drive D: | 10,00 Gb Total Space | 5,73 Gb Free Space | 57,29% Space Free | Partition Type: NTFS
Drive F: | 977,04 Mb Total Space | 821,25 Mb Free Space | 84,05% Space Free | Partition Type: FAT32
Computer Name: FRFEE-PC | User Name: Fr Fee | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{026A61D3-10C4-494C-9A06-264024C2CFC9}" = lport=5355 | protocol=17 | dir=in | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{06ACD3C0-2437-4EA3-BD5E-FD0FFBD09875}" = lport=2869 | protocol=6 | dir=in | app=system |
"{1164B614-7F31-4564-8422-CF402D7EDCF0}" = rport=2177 | protocol=17 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{246616E7-1289-47EA-8E88-7235994895AF}" = rport=1900 | protocol=17 | dir=out | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{3BCC5486-B8D1-4B14-B3BD-6F36FE92BE3A}" = lport=139 | protocol=6 | dir=in | app=system |
"{3FE9DA33-CFBB-44BE-BD89-97C978C1C61C}" = rport=139 | protocol=6 | dir=out | app=system |
"{40169CE0-9093-4BA9-942C-AEB92958943A}" = lport=rpc-epmap | protocol=6 | dir=in | svc=rpcss | name=@firewallapi.dll,-28539 |
"{5A0410B3-35A6-44E9-B7C1-EF08DABFD603}" = rport=2177 | protocol=6 | dir=out | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{5F1D8D0B-CB86-41E7-AE23-1FDDB7E70538}" = lport=1900 | protocol=17 | dir=in | svc=ssdpsrv | app=%systemroot%\system32\svchost.exe |
"{7BA30A59-DE32-42A5-9B0F-67FCAA236C85}" = rport=445 | protocol=6 | dir=out | app=system |
"{7C50B7B3-AB59-4339-BF57-E2C8BC0AE15A}" = rport=138 | protocol=17 | dir=out | app=system |
"{877E1642-E9B3-4013-8E25-669938E92D89}" = lport=2177 | protocol=17 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{8C888988-DDFB-44BC-BA34-0EDFEC488217}" = lport=10243 | protocol=6 | dir=in | app=system |
"{8E87BAE0-96F0-4F21-8916-62B86004F59A}" = rport=10243 | protocol=6 | dir=out | app=system |
"{AC195BB3-382C-4CC1-94CC-21B0AD29D9CC}" = lport=445 | protocol=6 | dir=in | app=system |
"{CA1EB03D-F549-425D-B98D-833E0CFBADE5}" = lport=137 | protocol=17 | dir=in | app=system |
"{E899F091-C10C-42A1-AA0F-81624D39297F}" = rport=5355 | protocol=17 | dir=out | svc=dnscache | app=%systemroot%\system32\svchost.exe |
"{EB02C9E4-8758-4E66-8EB9-8E12AAB73C3D}" = lport=2177 | protocol=6 | dir=in | svc=qwave | app=%systemroot%\system32\svchost.exe |
"{ED0ADF28-8808-40B3-A6B8-34FA6F35496B}" = lport=rpc | protocol=6 | dir=in | svc=spooler | app=%systemroot%\system32\spoolsv.exe |
"{F1A3C1AE-CE4D-476C-8554-7D8C958AA2F6}" = lport=138 | protocol=17 | dir=in | app=system |
"{F4BB00AC-780B-45E2-A3F9-7437BF09E010}" = rport=137 | protocol=17 | dir=out | app=system |
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{033ED9B5-DFC6-49DF-928A-A41391D6F39D}" = protocol=1 | dir=in | name=@firewallapi.dll,-28543 |
"{06D31A64-C23B-4FA9-BB53-C8AE8A0BF2D1}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{0B31C8F6-6E28-4C1E-8BFC-55E1B8307DBD}" = protocol=58 | dir=in | name=@firewallapi.dll,-28545 |
"{10263D70-9450-4C5B-AF9C-818F4F59736F}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{10E30043-DD69-4A64-8F45-8B7236936D31}" = protocol=6 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe |
"{16C7DE37-3519-49D1-B502-11288A74C043}" = protocol=58 | dir=out | name=@firewallapi.dll,-28546 |
"{21D73F38-80BE-4B14-AB6B-AC8778943C1D}" = protocol=1 | dir=out | name=@firewallapi.dll,-28544 |
"{2C0D28B9-8BCA-40A8-83F7-7EDAC39DA5AD}" = protocol=6 | dir=out | app=system |
"{300C0FC1-3642-492F-BCCD-678EB12650E0}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{42AD624C-73BE-4CBF-B2C5-44B3E745E113}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{47C22302-C37F-4927-9293-A52F07233C90}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"{48554F34-AFAF-4B69-80C9-410418A784C5}" = dir=in | app=c:\program files\skype\phone\skype.exe |
"{561B3A7F-E5C7-4021-93FA-57218BF25FA0}" = protocol=6 | dir=out | svc=upnphost | app=%systemroot%\system32\svchost.exe |
"{69EBB9A0-50EC-455A-8552-DE1A5612B736}" = protocol=6 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{98A7EC8F-139E-4DF8-8B22-2B66A9522B97}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{A7D5B0E1-ABA4-47C4-A395-5E9E3BDC90B1}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmpnetwk.exe |
"{BD88400A-E96C-4A48-9ACC-AD9C08A15845}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{BE4D1B8E-50A0-416F-8D87-E3448CFC99F2}" = protocol=17 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe |
"{C2B49CBA-D409-40E3-8353-97A844EF869B}" = protocol=17 | dir=in | app=%programfiles%\windows media player\wmplayer.exe |
"{D34E5259-D1C4-4D5A-AB56-A89912EA9344}" = protocol=6 | dir=out | app=%programfiles%\windows media player\wmplayer.exe |
"{E7F38171-4654-40DA-9573-B65005235CC1}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{E87E4F3C-9E85-4443-B670-42AEA73FA48B}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F139ED8C-3001-410B-8C14-D39398237142}" = protocol=17 | dir=out | app=%programfiles%\windows media player\wmpnetwk.exe |
"TCP Query User{678AFF0E-0184-41DF-833C-EDD4F4A3FD40}C:\windows\system32\taskhost.exe" = protocol=6 | dir=in | app=c:\windows\system32\taskhost.exe |
"TCP Query User{BBC044CF-2380-48B3-AC50-90718D06EB9D}C:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=6 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{5B1A1542-326F-4925-9CCE-F9BCCEF3CAA0}C:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe" = protocol=17 | dir=in | app=c:\users\fr fee\appdata\roaming\dropbox\bin\dropbox.exe |
"UDP Query User{C6F5FCB1-BC1E-4BD7-B0EE-DD2405575830}C:\windows\system32\taskhost.exe" = protocol=17 | dir=in | app=c:\windows\system32\taskhost.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = Bing Bar
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216032FF}" = Java(TM) 6 Update 35
"{34B32B70-8081-11E2-89AF-B8AC6F98CCE3}" = Google Earth Plug-in
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E76FF7E-AEBA-4C87-B788-CD47E5425B9D}" = Skype™ 6.1
"{59F6A514-9813-47A3-948C-8A155460CC2A}" = RICOH R5U8xx Media Driver ver.3.62.02
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{90120000-0015-0407-0000-0000000FF1CE}" = Microsoft Office Access MUI (German) 2007
"{90120000-0015-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0016-0407-0000-0000000FF1CE}" = Microsoft Office Excel MUI (German) 2007
"{90120000-0016-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0018-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (German) 2007
"{90120000-0018-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0019-0407-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (German) 2007
"{90120000-0019-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2007
"{90120000-001A-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001B-0407-0000-0000000FF1CE}" = Microsoft Office Word MUI (German) 2007
"{90120000-001B-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0407-0000-0000000FF1CE}_ENTERPRISE_{928D7B99-2BEA-49F9-83B8-20FA57860643}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{1FF96026-A04A-4C3E-B50A-BB7022654D0F}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{71F055E8-E2C6-4214-BB3D-BFE03561B89E}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-001F-0410-0000-0000000FF1CE}_ENTERPRISE_{A23BFC95-4A73-410F-9248-4C2B48E38C49}" = Microsoft Office Proofing Tools 2007 Service Pack 3 (SP3)
"{90120000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-0044-0407-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (German) 2007
"{90120000-0044-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2007
"{90120000-006E-0407-0000-0000000FF1CE}_ENTERPRISE_{A6353E8F-5B8D-47CC-8737-DFF032ED3973}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00A1-0407-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (German) 2007
"{90120000-00A1-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90120000-00BA-0407-0000-0000000FF1CE}" = Microsoft Office Groove MUI (German) 2007
"{90120000-00BA-0407-0000-0000000FF1CE}_ENTERPRISE_{DB2ACBD1-65B1-4FC5-881E-4E75C668E7E2}" = Microsoft Office 2007 Service Pack 3 (SP3)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{942E0955-C67C-474C-8D4E-63C23E93C13A}" = BibleWorks 7
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1031-7B44-AA1000000001}" = Adobe Reader X (10.1.6) - Deutsch
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{F40BBEC7-C2A4-4A00-9B24-7A055A2C5262}" = Microsoft Office Live Add-in 1.5
"{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"7-Zip" = 7-Zip 9.20
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Amazon MP3-Downloader" = Amazon MP3-Downloader 1.0.17
"Avira AntiVir Desktop" = Avira Free Antivirus
"BibleWorksDeinstKey" = BibleWorks
"ENTERPRISE" = Microsoft Office Enterprise 2007
"EPSON BX535WD Series" = EPSON BX535WD Series Printer Uninstall
"Foxit Reader" = Foxit Reader
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"Juniper_Setup_Client Activex Control" = Juniper Networks Setup Client Activex Control
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.70.0.1100
"McAfee Security Scan" = McAfee Security Scan Plus
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack
"MozBackup" = MozBackup 1.5
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Picasa 3" = Picasa 3
"Samsung Printer Live Update" = Samsung Printer Live Update
"TVWiz" = Intel(R) TV Wizard
"WinRAR archiver" = WinRAR 4.10 Beta 3 (32-Bit)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-4238205265-3827081884-3146971656-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Dropbox" = Dropbox
"Juniper_Setup_Client" = Juniper Networks Setup Client
========== Last 20 Event Log Errors ==========
[ OSession Events ]
Error - 19.04.2012 03:59:21 | Computer Name = FrFee-PC | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.6612.1000, Microsoft Office Version: 12.0.6612.1000. This session lasted 6415
seconds with 4380 seconds of active time. This session ended with a crash.
< End of report >
Gruß, John |
|
| Themen zu EXP/JAVA.Ternub.Gen mit AVIRA gefunden / Trojan.Ransom.ED mit Malwarebytes |
| antivir, avira, exp/2012-0507.ed, exp/blacole.fu.5, exp/cve-2012-0507.a.335, exp/cve-2012-0507.bk, exp/java.ternub.gen, free, freundin, gefunde, gescannt, laptop, lösungen, neu, ntdll.dll, poste, pum.userwload, theme, themen, trojan.ransom.ed, verseuchte, viren, ähnlich |
WARNUNG an die MITLESER: 
Linear-Darstellung
