| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht?Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
27.03.2013, 21:59
| #1 |
 |  PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hallo ins Forum! Ich bin leider nicht ganz so bewandert mit den Details meines PC, bitte entschuldigt, falls ich etwas falsch beschreibe. Ich habe seit ca. 4 Monaten erfolgreich Windows 8 laufen, und als Virenschutz den Windows Defender laufen. Vor ein paar Tagen bekam ich die Meldung, dass mein Defender ein Schadprogramm gefunden hat, welches zum entfernen ein Neustart benötigt. Dies habe ich auch einige Male versucht (Neustart, Aus-/ Einschalten), jedoch kam die Meldung immer wieder. Da ich noch einen 2. PC habe, welcher eine aktive Lizens von Norton Internet Security nutzt, habe ich mir über meinen Norton Account die Software Norton Power Eraser heruntergeladen und per USB- Stick auf mein Notebook installiert. Diese Software hat auch erfolgreich die Schadsoftware erkannt und entfernt, das Protokoll habe ich angehangen. Danach habe ich noch einmal den Defender laufen lassen, kein neuer Fund. Deswegen habe ich auch im Verlauf des Defender auf "alle entfernen" geklickt um einen sauberen PC zu haben - kein erneuter Eintrag mehr... Am nächsten Tag habe ich davon auf Arbeit berichtet - und mein Freund hat mir geraten, lieber alles neu aufzusetzen und noch mal genau im Netz danach zu suchen. In diesem Forum habe ich schon einige Beiträge dazu gelesen, diese Malware scheint doch tiefgründiger zu sein als gedacht, in dem gefundenen Thema wurde auch geraten, nicht einfach die empfohlenen Programme herunter zu laden und die Anleitung 1:1 nachzumachen sondern lieber ein neues Thema zu starten da es einer individuellen Lösung bedarf. Ich habe leider nicht mehr die Meldung aus dem Defender, jedoch habe ich die Rückmeldung von der Windows "PC-Probleme- Lösung": PWS:Win32/Zbot malware was found on your PC Windows found and removed PWS:Win32/Zbot from your PC. PWS:Win32/Zbot is malware that is designed to steal passwords. Hier meine Frage: Reicht der Power Eraser aus und hat er ganze Arbeit geleistet? Ist es notwendig die ganze lange Prozedur (mit den verschiedenen Programmen/ Postings) zu machen um sicher zu gehen? Oder doch lieber gleich neu Win8 aufsetzen? (oh je, daran habe ich damals schon 4 Tage incl. aller weiteren Programme gesessen...) Aktuell läuft mein Notebook prima, auch während des Befalles konnte ich keine Mängel feststellen, ausser dass es einige Male nicht mehr reagierte und nur noch "hart" auszuschalten ging (nachdem ich den Grafiktreiber installiert hatte, dies habe ich über die Systemwiederherstellung schon zurück gestellt, die Grafik ist immer noch nicht so fix wie unter Win 7, kann jedoch auch am Treiber liegen... Ich freue mich auf jede Hilfe, vielen Dank vorab! Rudi Geändert von Rudi75 (27.03.2013 um 22:39 Uhr) |
|
27.03.2013, 23:11
| #2 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Tut mir leid, ich habe ja 1 Anhang vergessen, leider kann ich nicht mehr editieren, daher hier schnell interher...
__________________ |
|
01.04.2013, 12:11
| #3 |
| /// Winkelfunktion /// TB-Süch-Tiger™   | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hallo und
__________________ Hast du noch weitere Logs (mit Funden)? Malwarebytes und/oder andere Virenscanner? Ich frage deswegen nach => http://www.trojaner-board.de/125889-...tml#post941520 Bitte keine neuen Virenscans machen sondern erst nur schon vorhandene Logs posten!  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
01.04.2013, 18:43
| #4 | |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht?Zitat:
Bei dem MS Defender habe ich leider (aus Unwissenheit) die bösen Virenfunde aus der History gelöscht, da ich dort noch nicht wusste, dass ich diese noch benötigen kann - und ich mich ohne diesen roten Warnhinweis besser gefühlt habe  Malwarebytes habe ich mir jetzt auch noch herunter geladen und den Quickscan, den vollständigen Suchlauf sowie den Flashscan durchlaufen lassen - jeweils ohne Fund. Nach dem Einsatz dieses Power Erasers (Norton) habe ich keine Funde mehr, weder mit diesem Power Eraser, noch dem MS Defender noch mit Malwarebytes. P.S.: Versprochen, ich mache keine weiteren unaufgeforderten Scans mehr, ich brauchte den PC die Tage und habe vorab noch mal zur Sicherheit geguckt... Kann sich dies damit doch schon erledigt haben? *hoffnungsvoll drein schau* Vielen Dank für Deine Hilfe! |
|
01.04.2013, 23:16
| #5 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Bitte die drei Tools MBAR / aswMBR / TDSSkiller nun ausführen und die Logs in CODE-Tags posten MBAR (Malwarebytes Anti-Rootkit) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten  |
|
02.04.2013, 00:35
| #6 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? So, na dann an die Arbeit ;o) : (also ich)  )zu Step 1: hat super geklappt, keine Funde: Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.01.09
Windows 8 x64 NTFS
Internet Explorer 10.0.9200.16519
***** :: ASUS-NOTEBOOK [administrator]
02.04.2013 00:55:59
mbar-log-2013-04-02 (00-55-59).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 29838
Time elapsed: 4 minute(s), 36 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
Ich habe aswMBR vom Desktop gestartet, die aktuelle Definition geladen, dann WLan und Defender abgeschaltet, alles andere (ausser meinen Firefox- Browser mit der Anleitung) geschlossen: 1. Scan mit "AV Scan: Quickscan" ist abgebrochen nach 2,5 Minuten bei "Scanning: Service WinDefend C:\Program Files" mit der Windows- Meldung: "avast! Antirootkit funktioniert nicht mehr, Das Programm wird aufgrund eines Problems nicht mehr richtig ausgeführt. Das Programm wird geschlossen und sie werden benachrichtigt, wenn eine Lösung verfügbar ist." 2. Scan mit "AV Scan: None" war genauso, ist wieder mit der gleichen Meldung abgebrochen. Danach wieder Defender und WLan zugeschaltet. 3. Step: TDSS-Killer hat auch super geklappt, 1 Fund: Code:
ATTFilter 01:13:40.0821 2684 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
01:13:41.0102 2684 ============================================================
01:13:41.0102 2684 Current date / time: 2013/04/02 01:13:41.0102
01:13:41.0102 2684 SystemInfo:
01:13:41.0102 2684
01:13:41.0102 2684 OS Version: 6.2.9200 ServicePack: 0.0
01:13:41.0102 2684 Product type: Workstation
01:13:41.0102 2684 ComputerName: ASUS-NOTEBOOK
01:13:41.0102 2684 UserName: *****
01:13:41.0102 2684 Windows directory: C:\Windows
01:13:41.0102 2684 System windows directory: C:\Windows
01:13:41.0102 2684 Running under WOW64
01:13:41.0102 2684 Processor architecture: Intel x64
01:13:41.0102 2684 Number of processors: 8
01:13:41.0102 2684 Page size: 0x1000
01:13:41.0102 2684 Boot type: Normal boot
01:13:41.0102 2684 ============================================================
01:13:41.0726 2684 Drive \Device\Harddisk0\DR0 - Size: 0x3B9E656000 (238.47 Gb), SectorSize: 0x200, Cylinders: 0x799A, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:13:42.0070 2684 Drive \Device\Harddisk1\DR1 - Size: 0x7470C06000 (465.76 Gb), SectorSize: 0x200, Cylinders: 0xED81, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000040
01:13:42.0070 2684 Drive \Device\Harddisk2\DR2 - Size: 0x1D9C00000 (7.40 Gb), SectorSize: 0x200, Cylinders: 0x3C6, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'W'
01:13:42.0085 2684 ============================================================
01:13:42.0085 2684 \Device\Harddisk0\DR0:
01:13:42.0085 2684 MBR partitions:
01:13:42.0085 2684 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0xAF000
01:13:42.0085 2684 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0xAF800, BlocksNum 0x1DC42800
01:13:42.0085 2684 \Device\Harddisk1\DR1:
01:13:42.0085 2684 MBR partitions:
01:13:42.0085 2684 \Device\Harddisk1\DR1\Partition1: MBR, Type 0x7, StartLBA 0x1D4B800, BlocksNum 0x3863A000
01:13:42.0085 2684 \Device\Harddisk2\DR2:
01:13:42.0085 2684 MBR partitions:
01:13:42.0085 2684 \Device\Harddisk2\DR2\Partition1: MBR, Type 0x7, StartLBA 0x2000, BlocksNum 0xECC000
01:13:42.0085 2684 ============================================================
01:13:42.0101 2684 C: <-> \Device\Harddisk0\DR0\Partition2
01:13:42.0132 2684 F: <-> \Device\Harddisk1\DR1\Partition1
01:13:42.0132 2684 ============================================================
01:13:42.0132 2684 Initialize success
01:13:42.0132 2684 ============================================================
01:14:18.0075 1388 ============================================================
01:14:18.0075 1388 Scan started
01:14:18.0075 1388 Mode: Manual; SigCheck; TDLFS;
01:14:18.0075 1388 ============================================================
01:14:18.0621 1388 ================ Scan system memory ========================
01:14:18.0621 1388 System memory - ok
01:14:18.0621 1388 ================ Scan services =============================
01:14:18.0668 1388 [ E890C46E4754F0DF51BAFCC8D2E07498 ] 1394ohci C:\Windows\System32\drivers\1394ohci.sys
01:14:18.0714 1388 1394ohci - ok
01:14:18.0714 1388 [ 4F18D4C7EA14F11A7211F60D553C03DB ] 3ware C:\Windows\system32\drivers\3ware.sys
01:14:18.0730 1388 3ware - ok
01:14:18.0730 1388 [ 975AABEB243B800C23626D6B652C5A9C ] ACPI C:\Windows\system32\drivers\ACPI.sys
01:14:18.0745 1388 ACPI - ok
01:14:18.0761 1388 [ DC968C37822117E576B933F34A2D130C ] acpiex C:\Windows\system32\Drivers\acpiex.sys
01:14:18.0761 1388 acpiex - ok
01:14:18.0777 1388 [ 0CA9F7C3A78227C21A0A7854E245CFB2 ] acpipagr C:\Windows\System32\drivers\acpipagr.sys
01:14:18.0777 1388 acpipagr - ok
01:14:18.0777 1388 [ 8EB8DA03B142D3DD1EB9ED8107A76C43 ] AcpiPmi C:\Windows\System32\drivers\acpipmi.sys
01:14:18.0792 1388 AcpiPmi - ok
01:14:18.0792 1388 [ CBCE725C5D86ABA7D2604E22951AA9B8 ] acpitime C:\Windows\System32\drivers\acpitime.sys
01:14:18.0808 1388 acpitime - ok
01:14:18.0808 1388 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
01:14:18.0823 1388 AdobeARMservice - ok
01:14:18.0823 1388 [ 93C6388592B99925C1D1576E465BC80F ] adp94xx C:\Windows\system32\drivers\adp94xx.sys
01:14:18.0839 1388 adp94xx - ok
01:14:18.0855 1388 [ D27763E0247292654E7F7D16444C7C72 ] adpahci C:\Windows\system32\drivers\adpahci.sys
01:14:18.0870 1388 adpahci - ok
01:14:18.0870 1388 [ 67B90070FF48F794AF19F9FCF0080D75 ] adpu320 C:\Windows\system32\drivers\adpu320.sys
01:14:18.0886 1388 adpu320 - ok
01:14:18.0901 1388 [ 974AE60BF5B90E31412D93596C968E5B ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
01:14:18.0901 1388 AeLookupSvc - ok
01:14:18.0917 1388 [ 36D6A3201721558A8AFBCC09C2DA4C2C ] AFD C:\Windows\system32\drivers\afd.sys
01:14:18.0933 1388 AFD - ok
01:14:18.0933 1388 [ 01590377A5AB19E792528C628A2A68F9 ] agp440 C:\Windows\system32\drivers\agp440.sys
01:14:18.0948 1388 agp440 - ok
01:14:18.0948 1388 [ D1BE8E6E5B3AF23A4393AF1BF867977A ] ALG C:\Windows\System32\alg.exe
01:14:18.0964 1388 ALG - ok
01:14:18.0979 1388 [ 025E8C755BE293E50854D26D1BBE5133 ] AllUserInstallAgent C:\Windows\system32\AUInstallAgent.dll
01:14:18.0995 1388 AllUserInstallAgent - ok
01:14:18.0995 1388 [ 5A81054B824004B1ECC04F0034A1CDF9 ] AmdK8 C:\Windows\System32\drivers\amdk8.sys
01:14:19.0011 1388 AmdK8 - ok
01:14:19.0104 1388 [ 8DC532B5BF820E48194C6AFC8862FCBC ] amdkmdag C:\Windows\system32\DRIVERS\atikmdag.sys
01:14:19.0276 1388 amdkmdag - ok
01:14:19.0291 1388 [ AA48FEABA50C2DED9C485DFDBA044E40 ] amdkmdap C:\Windows\system32\DRIVERS\atikmpag.sys
01:14:19.0323 1388 amdkmdap - ok
01:14:19.0323 1388 [ B849D453E644FAB9BC8EF6DC8CA9C4C6 ] AmdPPM C:\Windows\System32\drivers\amdppm.sys
01:14:19.0338 1388 AmdPPM - ok
01:14:19.0338 1388 [ 35A0EB5AECB0FA3C41A2FB514A562304 ] amdsata C:\Windows\system32\drivers\amdsata.sys
01:14:19.0338 1388 amdsata - ok
01:14:19.0354 1388 [ 00452671904F5EE94B50BF0219C97164 ] amdsbs C:\Windows\system32\drivers\amdsbs.sys
01:14:19.0369 1388 amdsbs - ok
01:14:19.0369 1388 [ EA3FFE53E92E59C87E3ECA9BEB20D9B7 ] amdxata C:\Windows\system32\drivers\amdxata.sys
01:14:19.0369 1388 amdxata - ok
01:14:19.0385 1388 [ 83B3682CE922FB0F415734B26D9D6233 ] AppID C:\Windows\system32\drivers\appid.sys
01:14:19.0401 1388 AppID - ok
01:14:19.0401 1388 [ CE2BEAD7F31816FF0AC490D048C969F9 ] AppIDSvc C:\Windows\System32\appidsvc.dll
01:14:19.0416 1388 AppIDSvc - ok
01:14:19.0416 1388 [ D64C4AFEE8277F35EF729A2B924666B0 ] Appinfo C:\Windows\System32\appinfo.dll
01:14:19.0432 1388 Appinfo - ok
01:14:19.0432 1388 [ A5299D04ED225D64CF07A568A3E1BF8C ] Apple Mobile Device C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
01:14:19.0447 1388 Apple Mobile Device - ok
01:14:19.0447 1388 [ 2D14788C5D0836292BEB27BBE109BE56 ] AppMgmt C:\Windows\System32\appmgmts.dll
01:14:19.0463 1388 AppMgmt - ok
01:14:19.0463 1388 [ E933401B392387F4BE34DE8BAF1722A7 ] arc C:\Windows\system32\drivers\arc.sys
01:14:19.0479 1388 arc - ok
01:14:19.0479 1388 [ 07CA323EF2E8247A568AB0F3662AD644 ] arcsas C:\Windows\system32\drivers\arcsas.sys
01:14:19.0494 1388 arcsas - ok
01:14:19.0494 1388 [ 18E5C2F937F9DEB8C282DF66A3761925 ] ASLDRService C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe
01:14:19.0510 1388 ASLDRService - ok
01:14:19.0525 1388 [ 74DBAEC35366C4EE7670428808715A6A ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
01:14:19.0541 1388 AsyncMac - ok
01:14:19.0541 1388 [ A721FF570C2387E383BDDEA9632863C9 ] atapi C:\Windows\system32\drivers\atapi.sys
01:14:19.0541 1388 atapi - ok
01:14:19.0572 1388 [ DECE3E2832F125A41A02FB59F4C54EEA ] athr C:\Windows\system32\DRIVERS\athrx.sys
01:14:19.0635 1388 athr - ok
01:14:19.0635 1388 [ 810ED88782952228AF9C0985FB7D259E ] AudioEndpointBuilder C:\Windows\System32\AudioEndpointBuilder.dll
01:14:19.0650 1388 AudioEndpointBuilder - ok
01:14:19.0666 1388 [ 25CA8B87479A374919563B3EE7136F32 ] Audiosrv C:\Windows\System32\Audiosrv.dll
01:14:19.0681 1388 Audiosrv - ok
01:14:19.0681 1388 [ 89491EF71D5EA011127832C588002853 ] AxInstSV C:\Windows\System32\AxInstSV.dll
01:14:19.0697 1388 AxInstSV - ok
01:14:19.0697 1388 [ 87AB5BB072A3F128541D5B815F82FFDD ] b06bdrv C:\Windows\system32\drivers\bxvbda.sys
01:14:19.0728 1388 b06bdrv - ok
01:14:19.0728 1388 [ 81703BC5D68DEDBB086C2368FBE7B334 ] BasicDisplay C:\Windows\System32\drivers\BasicDisplay.sys
01:14:19.0728 1388 BasicDisplay - ok
01:14:19.0744 1388 [ 5EC68164E14D25675C98BBB5F09E8606 ] BasicRender C:\Windows\System32\drivers\BasicRender.sys
01:14:19.0744 1388 BasicRender - ok
01:14:19.0759 1388 [ 89143A7BA7850F5C7E61B43BB44B6418 ] BDESVC C:\Windows\System32\bdesvc.dll
01:14:19.0759 1388 BDESVC - ok
01:14:19.0775 1388 [ 9E7AEA59776D904607985AFFE7E5E183 ] Beep C:\Windows\system32\drivers\Beep.sys
01:14:19.0775 1388 Beep - ok
01:14:19.0791 1388 [ 9E6A544F465C582AB42444A217CF04DC ] BFE C:\Windows\System32\bfe.dll
01:14:19.0806 1388 BFE - ok
01:14:19.0822 1388 [ D598C44A7072D3108D8D8102EC5E07F7 ] BITS C:\Windows\System32\qmgr.dll
01:14:19.0853 1388 BITS - ok
01:14:19.0853 1388 [ EBBCD5DFBB1DE70E8F4AF8FA59E401FD ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe
01:14:19.0869 1388 Bonjour Service - ok
01:14:19.0869 1388 [ B17AC10B47C7FCB44D22A1F06415840E ] bowser C:\Windows\system32\DRIVERS\bowser.sys
01:14:19.0884 1388 bowser - ok
01:14:19.0884 1388 [ 975398A3D2C1FEA73FC93931978DF354 ] BrokerInfrastructure C:\Windows\System32\bisrv.dll
01:14:19.0900 1388 BrokerInfrastructure - ok
01:14:19.0900 1388 [ 310068BDA80B1D55C36580FD8A873FAF ] Browser C:\Windows\System32\browser.dll
01:14:19.0915 1388 Browser - ok
01:14:19.0931 1388 [ DB109DA005B6FE2A350C5DD7CA768DFD ] BrYNSvc C:\Program Files (x86)\Browny02\BrYNSvc.exe
01:14:20.0025 1388 BrYNSvc ( UnsignedFile.Multi.Generic ) - warning
01:14:20.0025 1388 BrYNSvc - detected UnsignedFile.Multi.Generic (1)
01:14:20.0025 1388 [ F17DEEAC7D51D44CF1BFF8DD4F0A2B6D ] BthAvrcpTg C:\Windows\System32\drivers\BthAvrcpTg.sys
01:14:20.0040 1388 BthAvrcpTg - ok
01:14:20.0056 1388 [ A8B20D852B07AE19A13B5D47EC4E4C3B ] BthEnum C:\Windows\System32\drivers\BthEnum.sys
01:14:20.0056 1388 BthEnum - ok
01:14:20.0071 1388 [ 616EB8748C988AEE98D93DA141C3D3B4 ] BthHFEnum C:\Windows\System32\drivers\bthhfenum.sys
01:14:20.0087 1388 BthHFEnum - ok
01:14:20.0087 1388 [ DCB4EBD928A6FB368BE6CAE522412DE1 ] bthhfhid C:\Windows\System32\drivers\BthHFHid.sys
01:14:20.0103 1388 bthhfhid - ok
01:14:20.0118 1388 [ 033916CE8784A848B9A3D686B7F66D97 ] BTHMODEM C:\Windows\System32\drivers\bthmodem.sys
01:14:20.0134 1388 BTHMODEM - ok
01:14:20.0134 1388 [ 091BB978E9504D0AD14586929431A957 ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
01:14:20.0149 1388 BthPan - ok
01:14:20.0165 1388 [ B2FD839F9AF51B8580C02B89AC6C6C89 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
01:14:20.0181 1388 BTHPORT - ok
01:14:20.0181 1388 [ A4387C3D271959313E2577DB7BE8BA7A ] bthserv C:\Windows\system32\bthserv.dll
01:14:20.0196 1388 bthserv - ok
01:14:20.0196 1388 [ 1F715957F5236D30B6020A19A4271F6A ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
01:14:20.0212 1388 BTHUSB - ok
01:14:20.0212 1388 [ 990B1BABE6E81FB18E65A87EBEFB1772 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
01:14:20.0227 1388 cdfs - ok
01:14:20.0227 1388 [ 339BFF85D788268752DA8C9644B188EE ] cdrom C:\Windows\System32\drivers\cdrom.sys
01:14:20.0243 1388 cdrom - ok
01:14:20.0243 1388 [ BAF8F0F55BC300E5F882E521F054E345 ] CertPropSvc C:\Windows\System32\certprop.dll
01:14:20.0259 1388 CertPropSvc - ok
01:14:20.0274 1388 [ F64B7D1A37CC1D5F421D5359EEC81E2E ] circlass C:\Windows\System32\drivers\circlass.sys
01:14:20.0290 1388 circlass - ok
01:14:20.0290 1388 [ 9905168708DB68849B879B5548F68AB3 ] CLFS C:\Windows\system32\drivers\CLFS.sys
01:14:20.0305 1388 CLFS - ok
01:14:20.0321 1388 [ 2DC8538A2260647484A6C921CA837313 ] CmBatt C:\Windows\System32\drivers\CmBatt.sys
01:14:20.0337 1388 CmBatt - ok
01:14:20.0337 1388 [ E708BFF0473EC6B271EA46B65B16CA56 ] CNG C:\Windows\system32\Drivers\cng.sys
01:14:20.0352 1388 CNG - ok
01:14:20.0368 1388 [ 0E5B1E9E7122EDAAF1F6CE047965CA92 ] CompositeBus C:\Windows\System32\drivers\CompositeBus.sys
01:14:20.0383 1388 CompositeBus - ok
01:14:20.0383 1388 COMSysApp - ok
01:14:20.0399 1388 [ D9CB0782AF819548072AA45B70F8B22D ] condrv C:\Windows\system32\drivers\condrv.sys
01:14:20.0399 1388 condrv - ok
01:14:20.0415 1388 [ F0E78B119D12BA81F163D48C0FF30B9A ] CryptSvc C:\Windows\system32\cryptsvc.dll
01:14:20.0415 1388 CryptSvc - ok
01:14:20.0430 1388 [ F2C69C3D98249DE14D4B2832516D4FD5 ] CSC C:\Windows\system32\drivers\csc.sys
01:14:20.0446 1388 CSC - ok
01:14:20.0461 1388 [ 22CCB6AFF617AAC6121DF6CDA5ABF3F4 ] CscService C:\Windows\System32\cscsvc.dll
01:14:20.0477 1388 CscService - ok
01:14:20.0477 1388 [ C4D01BD86D6B207275FC143EEA951D75 ] dam C:\Windows\system32\drivers\dam.sys
01:14:20.0493 1388 dam - ok
01:14:20.0493 1388 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] DcomLaunch C:\Windows\system32\rpcss.dll
01:14:20.0524 1388 DcomLaunch - ok
01:14:20.0524 1388 [ C8650D1F61149AA546BDBC99172EBBC1 ] defragsvc C:\Windows\System32\defragsvc.dll
01:14:20.0555 1388 defragsvc - ok
01:14:20.0555 1388 [ 5EAEF67AE2AF4D2DC664B649DB7B2E16 ] DeviceAssociationService C:\Windows\system32\das.dll
01:14:20.0571 1388 DeviceAssociationService - ok
01:14:20.0586 1388 [ 799BE46D45D486704CE0F37CA5385262 ] DeviceInstall C:\Windows\system32\umpnpmgr.dll
01:14:20.0586 1388 DeviceInstall - ok
01:14:20.0602 1388 [ 09D9EB9E7898F8E6561473A20CC808B9 ] Dfsc C:\Windows\system32\Drivers\dfsc.sys
01:14:20.0602 1388 Dfsc - ok
01:14:20.0617 1388 [ 9E0E72222264745ADEB0E5AC680B0ED6 ] Dhcp C:\Windows\system32\dhcpcore.dll
01:14:20.0633 1388 Dhcp - ok
01:14:20.0633 1388 [ 3C736FAE17BA6F91BA37594AAB139CD0 ] discache C:\Windows\system32\drivers\discache.sys
01:14:20.0649 1388 discache - ok
01:14:20.0649 1388 [ 560495FF4CA22E1D9B1972FA18F43B6F ] disk C:\Windows\system32\drivers\disk.sys
01:14:20.0664 1388 disk - ok
01:14:20.0664 1388 [ 82A7C72593793FE1EADA7A305BD1567A ] dmvsc C:\Windows\System32\drivers\dmvsc.sys
01:14:20.0680 1388 dmvsc - ok
01:14:20.0680 1388 [ 066B9710B36AB550E01EEFCA52155968 ] Dnscache C:\Windows\System32\dnsrslvr.dll
01:14:20.0695 1388 Dnscache - ok
01:14:20.0711 1388 [ 9949AD2ABA168A618D46C799D6CC898C ] dot3svc C:\Windows\System32\dot3svc.dll
01:14:20.0727 1388 dot3svc - ok
01:14:20.0727 1388 [ 109FC3F80BF4F4DC5A071058074F13C1 ] DPS C:\Windows\system32\dps.dll
01:14:20.0742 1388 DPS - ok
01:14:20.0742 1388 [ 9C7C183F937951AE17C5B8B3259CF3FF ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
01:14:20.0758 1388 drmkaud - ok
01:14:20.0758 1388 [ BF48F32EE248C3D371DA5DC93BBEADA7 ] DsmSvc C:\Windows\System32\DeviceSetupManager.dll
01:14:20.0773 1388 DsmSvc - ok
01:14:20.0789 1388 [ ED120AA770A78B5079F8C7BB5AF8A035 ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
01:14:20.0836 1388 DXGKrnl - ok
01:14:20.0836 1388 [ 58BA473DD88F5FC1932282BA683AA03E ] Eaphost C:\Windows\System32\eapsvc.dll
01:14:20.0851 1388 Eaphost - ok
01:14:20.0883 1388 [ 5AB97B3282D7D6114949D1EB5C8598E4 ] ebdrv C:\Windows\system32\drivers\evbda.sys
01:14:20.0945 1388 ebdrv - ok
01:14:20.0961 1388 [ F702AB6181513303AB0FC8D59E52708B ] EFS C:\Windows\System32\lsass.exe
01:14:20.0976 1388 EFS - ok
01:14:20.0976 1388 [ 66D60BD9A4C05616ABECA2A901475098 ] EhStorClass C:\Windows\system32\drivers\EhStorClass.sys
01:14:20.0976 1388 EhStorClass - ok
01:14:20.0992 1388 [ A61D0F543024E458C0FE32352E1978E2 ] EhStorTcgDrv C:\Windows\system32\drivers\EhStorTcgDrv.sys
01:14:20.0992 1388 EhStorTcgDrv - ok
01:14:21.0007 1388 [ D790D058D67582DB9C84C2D33695FE6B ] ErrDev C:\Windows\System32\drivers\errdev.sys
01:14:21.0007 1388 ErrDev - ok
01:14:21.0023 1388 [ 06C94BE9D9E1E6411429433A64A76936 ] ETD C:\Windows\system32\DRIVERS\ETD.sys
01:14:21.0039 1388 ETD - ok
01:14:21.0054 1388 [ F9E01C2D9F8BC049E04CF5DC24A5F638 ] EventSystem C:\Windows\system32\es.dll
01:14:21.0070 1388 EventSystem - ok
01:14:21.0070 1388 [ 7A4D6FEB8C52B3FE855E4DCDF9107E03 ] exfat C:\Windows\system32\drivers\exfat.sys
01:14:21.0085 1388 exfat - ok
01:14:21.0085 1388 [ 60996602A7111FD2D086E803F33E4282 ] fastfat C:\Windows\system32\drivers\fastfat.sys
01:14:21.0101 1388 fastfat - ok
01:14:21.0117 1388 [ F0E7F8382ED5E138B0DFA4CB5058BCFE ] Fax C:\Windows\system32\fxssvc.exe
01:14:21.0132 1388 Fax - ok
01:14:21.0132 1388 [ 73B2D11DF0B6E03A0CB0323218ACB3E4 ] fdc C:\Windows\System32\drivers\fdc.sys
01:14:21.0148 1388 fdc - ok
01:14:21.0148 1388 [ 0828E3E7BD77C89149EAD3232BFD38DB ] fdPHost C:\Windows\system32\fdPHost.dll
01:14:21.0163 1388 fdPHost - ok
01:14:21.0163 1388 [ 872506AAB591E8908DF4461475AF92DF ] FDResPub C:\Windows\system32\fdrespub.dll
01:14:21.0179 1388 FDResPub - ok
01:14:21.0179 1388 [ 0588950D93A426F97C7AAADB1A9B0458 ] fhsvc C:\Windows\system32\fhsvc.dll
01:14:21.0195 1388 fhsvc - ok
01:14:21.0195 1388 [ 88A9EBACD1058ABB237A6B4E96E7F397 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
01:14:21.0210 1388 FileInfo - ok
01:14:21.0210 1388 [ 9E4EE3A0B00FF7D5F42A4AF9744CBA02 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
01:14:21.0226 1388 Filetrace - ok
01:14:21.0241 1388 [ B1D4C168FF7B8579E3745888658FFB1D ] flpydisk C:\Windows\System32\drivers\flpydisk.sys
01:14:21.0241 1388 flpydisk - ok
01:14:21.0257 1388 [ B33EC133AE4E6C1881D2302D93D2467D ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
01:14:21.0273 1388 FltMgr - ok
01:14:21.0288 1388 [ 0BCDC0FF11B984162B0CF0FF6E9E0146 ] FontCache C:\Windows\system32\FntCache.dll
01:14:21.0304 1388 FontCache - ok
01:14:21.0319 1388 [ 0B56259F5611787222A04A8F254E51D4 ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
01:14:21.0319 1388 FontCache3.0.0.0 - ok
01:14:21.0319 1388 [ A5F7873A39E4E9FAAAE59B7E9E36B705 ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
01:14:21.0335 1388 FsDepends - ok
01:14:21.0335 1388 [ A6DD7D491F587F4BC13FB972977DC8E8 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
01:14:21.0351 1388 Fs_Rec - ok
01:14:21.0351 1388 [ FA228F4BB10DC7ED7E7D131C034E2331 ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
01:14:21.0366 1388 fvevol - ok
01:14:21.0382 1388 [ A969D92973DFA895E7776B4BFE36DBB2 ] FxPPM C:\Windows\System32\drivers\fxppm.sys
01:14:21.0382 1388 FxPPM - ok
01:14:21.0382 1388 [ 52BC441E07A827EBAB70CDC7EAEDB28D ] gagp30kx C:\Windows\system32\drivers\gagp30kx.sys
01:14:21.0397 1388 gagp30kx - ok
01:14:21.0397 1388 [ 8E98D21EE06192492A5671A6144D092F ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys
01:14:21.0413 1388 GEARAspiWDM - ok
01:14:21.0413 1388 [ 721F8EEF5E9747F32670DEFF7FB92541 ] gencounter C:\Windows\System32\drivers\vmgencounter.sys
01:14:21.0413 1388 gencounter - ok
01:14:21.0429 1388 [ CA18ECFCFFDD638ECE80799A9056B238 ] GPIOClx0101 C:\Windows\system32\Drivers\msgpioclx.sys
01:14:21.0429 1388 GPIOClx0101 - ok
01:14:21.0444 1388 [ 5358678C6370F2ADC5291849F6503262 ] gpsvc C:\Windows\System32\gpsvc.dll
01:14:21.0475 1388 gpsvc - ok
01:14:21.0491 1388 [ C2504AA983B5D411F7D31402E8B57725 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
01:14:21.0491 1388 HdAudAddService - ok
01:14:21.0507 1388 [ 7D87B5B6C7188D553E11B59DC7F0B111 ] HDAudBus C:\Windows\System32\drivers\HDAudBus.sys
01:14:21.0507 1388 HDAudBus - ok
01:14:21.0522 1388 [ B6AC71AAA2B10848F57FC49D55A651AF ] HECIx64 C:\Windows\System32\drivers\HECIx64.sys
01:14:21.0522 1388 HECIx64 - ok
01:14:21.0522 1388 [ 3F76BBA53D65E85A7F53E7A71082082C ] HidBatt C:\Windows\System32\drivers\HidBatt.sys
01:14:21.0538 1388 HidBatt - ok
01:14:21.0538 1388 [ A25BAE8C1F2830C8E5625EC7E4E968BE ] HidBth C:\Windows\System32\drivers\hidbth.sys
01:14:21.0553 1388 HidBth - ok
01:14:21.0569 1388 [ CC4A07E51D89575CAB6F4EB590D87CD4 ] hidi2c C:\Windows\System32\drivers\hidi2c.sys
01:14:21.0569 1388 hidi2c - ok
01:14:21.0585 1388 [ DC96F7DACB777CDEAEF9958A50BFDA06 ] HidIr C:\Windows\System32\drivers\hidir.sys
01:14:21.0600 1388 HidIr - ok
01:14:21.0600 1388 [ FAC37D7B3D6354A5A5E19A45B50B4008 ] hidserv C:\Windows\system32\hidserv.dll
01:14:21.0616 1388 hidserv - ok
01:14:21.0616 1388 [ 590B6F71BCDA4368B4BF7D8DF22B60F7 ] HidUsb C:\Windows\System32\drivers\hidusb.sys
01:14:21.0631 1388 HidUsb - ok
01:14:21.0631 1388 [ 43F884B61A24377567CD0FEB35236334 ] hkmsvc C:\Windows\system32\kmsvc.dll
01:14:21.0647 1388 hkmsvc - ok
01:14:21.0663 1388 [ 33DFC14DFDCCFA7AA10E392F6A8EC1CF ] HomeGroupListener C:\Windows\system32\ListSvc.dll
01:14:21.0663 1388 HomeGroupListener - ok
01:14:21.0678 1388 [ E0D9F6FE18FA7F53ADD29AF719CE2B7E ] HomeGroupProvider C:\Windows\system32\provsvc.dll
01:14:21.0694 1388 HomeGroupProvider - ok
01:14:21.0694 1388 [ 64DB7A8D97CA53DCCF93D0A1E08342CF ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
01:14:21.0709 1388 HpSAMD - ok
01:14:21.0725 1388 [ 29CB98187BB5711F7759540976D295FC ] HTTP C:\Windows\system32\drivers\HTTP.sys
01:14:21.0741 1388 HTTP - ok
01:14:21.0741 1388 [ 2A98301068801700906C06649860FE94 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
01:14:21.0756 1388 hwpolicy - ok
01:14:21.0756 1388 [ DC76901D82097C9E297F20C287CB9A27 ] hyperkbd C:\Windows\System32\drivers\hyperkbd.sys
01:14:21.0756 1388 hyperkbd - ok
01:14:21.0772 1388 [ 716413AB3CA12DE0A7222D28C1C9352C ] HyperVideo C:\Windows\system32\DRIVERS\HyperVideo.sys
01:14:21.0772 1388 HyperVideo - ok
01:14:21.0787 1388 [ C9E9CBF73AFFBFE3E801EFB516787BA3 ] i8042prt C:\Windows\System32\drivers\i8042prt.sys
01:14:21.0787 1388 i8042prt - ok
01:14:21.0803 1388 [ 5E394EBD26FD68AA9300332C46BEDD62 ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
01:14:21.0819 1388 iaStorV - ok
01:14:21.0819 1388 [ 24847A06B84339FEEDE5CABF3D27D320 ] iirsp C:\Windows\system32\drivers\iirsp.sys
01:14:21.0834 1388 iirsp - ok
01:14:21.0834 1388 [ 531B5A98145DA689741A0AC18F14EA94 ] IKEEXT C:\Windows\System32\ikeext.dll
01:14:21.0865 1388 IKEEXT - ok
01:14:21.0897 1388 [ DCF6AFBA140AF3F880A427C2656BE44D ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHD64.sys
01:14:21.0928 1388 IntcAzAudAddService - ok
01:14:21.0928 1388 [ 4F37726CF764CA18A8A84F85EF3A7F24 ] intelide C:\Windows\system32\drivers\intelide.sys
01:14:21.0943 1388 intelide - ok
01:14:21.0943 1388 [ E15CDF68DD73423F15D4AC404793AF0D ] intelppm C:\Windows\System32\drivers\intelppm.sys
01:14:21.0959 1388 intelppm - ok
01:14:21.0959 1388 [ 8FCA66234A0933D796BB780B7953BAB9 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
01:14:21.0975 1388 IpFilterDriver - ok
01:14:21.0975 1388 [ C217B8D2E58C57A319B16125C3D4B69C ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
01:14:22.0006 1388 iphlpsvc - ok
01:14:22.0006 1388 [ 6E98A046A12AA113F8898AA5D612BD6E ] IPMIDRV C:\Windows\System32\drivers\IPMIDrv.sys
01:14:22.0021 1388 IPMIDRV - ok
01:14:22.0021 1388 [ 3969B9C218DD3FAA9F4ED2FFC3651C02 ] IPNAT C:\Windows\system32\drivers\ipnat.sys
01:14:22.0037 1388 IPNAT - ok
01:14:22.0053 1388 [ 0F261EC4F514926177C70C1832374231 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe
01:14:22.0068 1388 iPod Service - ok
01:14:22.0068 1388 [ 25CD7C4BB2863FFC2B0B311F0AEBF77C ] IRENUM C:\Windows\system32\drivers\irenum.sys
01:14:22.0084 1388 IRENUM - ok
01:14:22.0084 1388 [ D940C5BB9DC92E588533C19ABCC3D2C2 ] isapnp C:\Windows\system32\drivers\isapnp.sys
01:14:22.0084 1388 isapnp - ok
01:14:22.0099 1388 [ 69C8BF0BC2B0EA10F130F4D3104DC2EF ] iScsiPrt C:\Windows\System32\drivers\msiscsi.sys
01:14:22.0115 1388 iScsiPrt - ok
01:14:22.0115 1388 [ 8FBD94B69D6423E20ABCD59D86368B21 ] kbdclass C:\Windows\System32\drivers\kbdclass.sys
01:14:22.0115 1388 kbdclass - ok
01:14:22.0131 1388 [ E88C932ABDF8185A62C8F2FC7B051FB6 ] kbdhid C:\Windows\System32\drivers\kbdhid.sys
01:14:22.0131 1388 kbdhid - ok
01:14:22.0131 1388 [ FB6C185092E18011EF49989425C2AA87 ] kdnic C:\Windows\system32\DRIVERS\kdnic.sys
01:14:22.0146 1388 kdnic - ok
01:14:22.0146 1388 [ F702AB6181513303AB0FC8D59E52708B ] KeyIso C:\Windows\system32\lsass.exe
01:14:22.0162 1388 KeyIso - ok
01:14:22.0162 1388 [ DFA480F6DED551464F3A5B959F437800 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
01:14:22.0177 1388 KSecDD - ok
01:14:22.0177 1388 [ 127FB0AAD232BAAD2C9BBACD374F4FC5 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
01:14:22.0193 1388 KSecPkg - ok
01:14:22.0193 1388 [ 81492FEEBF2F26455B00EE8DBAE8A1B0 ] ksthunk C:\Windows\system32\drivers\ksthunk.sys
01:14:22.0209 1388 ksthunk - ok
01:14:22.0209 1388 [ 5825DBACEDC3812B5CF8D40B997BF210 ] KtmRm C:\Windows\system32\msdtckrm.dll
01:14:22.0224 1388 KtmRm - ok
01:14:22.0224 1388 [ 39918DB0EFCF045A1CE6FABBF339F975 ] L1C C:\Windows\system32\DRIVERS\L1C62x64.sys
01:14:22.0240 1388 L1C - ok
01:14:22.0255 1388 [ 256EE31588257E8A555DBFAA13F1908E ] LanmanServer C:\Windows\system32\srvsvc.dll
01:14:22.0271 1388 LanmanServer - ok
01:14:22.0271 1388 [ 16650912BE5A94B40E0B3B4C39652B56 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
01:14:22.0287 1388 LanmanWorkstation - ok
01:14:22.0287 1388 [ CEEFD29FC551F289810B0B9381B321DC ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
01:14:22.0302 1388 lltdio - ok
01:14:22.0318 1388 [ BCF53485E0A94722CDE3C4A93CD8EB8C ] lltdsvc C:\Windows\System32\lltdsvc.dll
01:14:22.0333 1388 lltdsvc - ok
01:14:22.0333 1388 [ 5A2F7F1CBC2E631A497DAD16164E06D2 ] lmhosts C:\Windows\System32\lmhsvc.dll
01:14:22.0333 1388 lmhosts - ok
01:14:22.0349 1388 [ 022CDD12161B063D7852B1075BF3FFF2 ] LSI_SAS C:\Windows\system32\drivers\lsi_sas.sys
01:14:22.0349 1388 LSI_SAS - ok
01:14:22.0365 1388 [ 07AD59D669B996F29F91817F0ECFA34F ] LSI_SAS2 C:\Windows\system32\drivers\lsi_sas2.sys
01:14:22.0365 1388 LSI_SAS2 - ok
01:14:22.0380 1388 [ 216FB796AA4E252ACCE93B1BCB80B5EC ] LSI_SCSI C:\Windows\system32\drivers\lsi_scsi.sys
01:14:22.0380 1388 LSI_SCSI - ok
01:14:22.0396 1388 [ 5E80530AF37102488EE980B4A92AF99F ] LSI_SSS C:\Windows\system32\drivers\lsi_sss.sys
01:14:22.0396 1388 LSI_SSS - ok
01:14:22.0411 1388 [ A57BA284F5996FFD32DCDBC41A4657DB ] LSM C:\Windows\System32\lsm.dll
01:14:22.0427 1388 LSM - ok
01:14:22.0427 1388 [ 2BDC5D711FA61307CE6190D47C956368 ] luafv C:\Windows\system32\drivers\luafv.sys
01:14:22.0443 1388 luafv - ok
01:14:22.0443 1388 [ 92EB844D90615CB266F84C3202B8786E ] MBAMProtector C:\Windows\system32\drivers\mbam.sys
01:14:22.0458 1388 MBAMProtector - ok
01:14:22.0458 1388 [ 1ACAA67676E9E7BDA5E0C41B6E0DECAF ] MBAMScheduler C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe
01:14:22.0474 1388 MBAMScheduler - ok
01:14:22.0474 1388 [ 916B8954AC3E06DC9E898AFFB41F3FB6 ] MBAMService C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe
01:14:22.0489 1388 MBAMService - ok
01:14:22.0505 1388 [ 9B0D829C3BE4E7472DB9DD2B79908E3C ] megasas C:\Windows\system32\drivers\megasas.sys
01:14:22.0505 1388 megasas - ok
01:14:22.0521 1388 [ ECC3F54C7AFC318271C4F0B4606D8DB0 ] MegaSR C:\Windows\system32\drivers\MegaSR.sys
01:14:22.0536 1388 MegaSR - ok
01:14:22.0536 1388 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] MMCSS C:\Windows\system32\mmcss.dll
01:14:22.0536 1388 MMCSS - ok
01:14:22.0552 1388 [ 780098AD5DA8A4822E2563984C85EF7B ] Modem C:\Windows\system32\drivers\modem.sys
01:14:22.0567 1388 Modem - ok
01:14:22.0567 1388 [ 83EB0BF7E6EBD5B1AAC97F9DBD5EB935 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
01:14:22.0567 1388 monitor - ok
01:14:22.0583 1388 [ 618446B98C79776654340CE27C73485E ] mouclass C:\Windows\System32\drivers\mouclass.sys
01:14:22.0583 1388 mouclass - ok
01:14:22.0583 1388 [ CB2527B8B87D83E56FBF3944BBB6F606 ] mouhid C:\Windows\System32\drivers\mouhid.sys
01:14:22.0599 1388 mouhid - ok
01:14:22.0599 1388 [ 89D263DBF08119CE16273991C120D6DD ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
01:14:22.0614 1388 mountmgr - ok
01:14:22.0614 1388 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe
01:14:22.0630 1388 MozillaMaintenance - ok
01:14:22.0630 1388 [ 0D1609DD82C7440F5D5BF21A9D4D5C0C ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
01:14:22.0645 1388 mpsdrv - ok
01:14:22.0661 1388 [ 3031573A739DBEE8923851929D0AF423 ] MpsSvc C:\Windows\system32\mpssvc.dll
01:14:22.0677 1388 MpsSvc - ok
01:14:22.0677 1388 [ 3D70147F55F1EC84EB9139ED7FFE48BC ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
01:14:22.0692 1388 MRxDAV - ok
01:14:22.0692 1388 [ 93179D48066918323628CB016D8C94DC ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
01:14:22.0723 1388 mrxsmb - ok
01:14:22.0739 1388 [ 06D5F2FA3C61E8EA91648EA8E9F99FD3 ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
01:14:22.0739 1388 mrxsmb10 - ok
01:14:22.0755 1388 [ 5C7DD2E5759FFCCD2C7341C1B90F2B26 ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
01:14:22.0770 1388 mrxsmb20 - ok
01:14:22.0770 1388 [ 98487487D6B3797CA927E9D7B030AE13 ] MsBridge C:\Windows\system32\DRIVERS\bridge.sys
01:14:22.0786 1388 MsBridge - ok
01:14:22.0801 1388 [ 4A07458EB4F17573BD39F22029A991C1 ] MSDTC C:\Windows\System32\msdtc.exe
01:14:22.0801 1388 MSDTC - ok
01:14:22.0817 1388 [ 3886F1F2A4D2900ABAA7E4486BEEE6A2 ] Msfs C:\Windows\system32\drivers\Msfs.sys
01:14:22.0817 1388 Msfs - ok
01:14:22.0833 1388 [ C32A7A39B960A42BA9D4FBE47213CA03 ] msgpiowin32 C:\Windows\System32\drivers\msgpiowin32.sys
01:14:22.0833 1388 msgpiowin32 - ok
01:14:22.0848 1388 [ D3857A767B91A061B408CCAB02DA4F40 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
01:14:22.0848 1388 mshidkmdf - ok
01:14:22.0848 1388 [ 839B48910FB1E887635C48F3EC11A05E ] mshidumdf C:\Windows\System32\drivers\mshidumdf.sys
01:14:22.0864 1388 mshidumdf - ok
01:14:22.0864 1388 [ 55C0DB741E3AB7463242B185B1C2997C ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
01:14:22.0879 1388 msisadrv - ok
01:14:22.0879 1388 [ 216C6B035A4BA5560E1255BD8E5BB89F ] MSiSCSI C:\Windows\system32\iscsiexe.dll
01:14:22.0895 1388 MSiSCSI - ok
01:14:22.0895 1388 msiserver - ok
01:14:22.0895 1388 [ 509809566E49F4411055864EA8D437CD ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
01:14:22.0911 1388 MSKSSRV - ok
01:14:22.0911 1388 [ 63145201D6458E4958E572E7D6FC2604 ] MsLldp C:\Windows\system32\DRIVERS\mslldp.sys
01:14:22.0926 1388 MsLldp - ok
01:14:22.0926 1388 [ 99D526E803DB6D7FF290FD98B6204641 ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
01:14:22.0942 1388 MSPCLOCK - ok
01:14:22.0942 1388 [ 06FA77C3E2A491ADCD704C5E73006269 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
01:14:22.0942 1388 MSPQM - ok
01:14:22.0957 1388 [ E134EC4DE11CF78CB01432D180710D84 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
01:14:22.0973 1388 MsRPC - ok
01:14:22.0973 1388 [ B5AECF12F09DEE97C9FCAA5BA016CE1E ] mssmbios C:\Windows\System32\drivers\mssmbios.sys
01:14:22.0989 1388 mssmbios - ok
01:14:22.0989 1388 [ 72D66A05E0F99F2528F6C6204FD22AA1 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
01:14:23.0004 1388 MSTEE - ok
01:14:23.0004 1388 [ 8AAAE399FC255FA105D4158CBA289001 ] MTConfig C:\Windows\System32\drivers\MTConfig.sys
01:14:23.0004 1388 MTConfig - ok
01:14:23.0020 1388 [ A523D9F6AEB152C4480D754DF7FA9F7F ] MTsensor C:\Windows\system32\DRIVERS\ATK64AMD.sys
01:14:23.0020 1388 MTsensor - ok
01:14:23.0035 1388 [ 3BCB702F3E6CC622DCAFCAA45D7CDE0A ] Mup C:\Windows\system32\Drivers\mup.sys
01:14:23.0035 1388 Mup - ok
01:14:23.0035 1388 [ 3A1E095277BBD406CEA8EA6B76950664 ] mvumis C:\Windows\system32\drivers\mvumis.sys
01:14:23.0051 1388 mvumis - ok
01:14:23.0051 1388 [ 4B18840511D720BA118D3017E8165875 ] napagent C:\Windows\system32\qagentRT.dll
01:14:23.0082 1388 napagent - ok
01:14:23.0082 1388 [ 43D7388A90A4C6EA346A4D6FF0377479 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
01:14:23.0098 1388 NativeWifiP - ok
01:14:23.0098 1388 [ 6A0C3996DA7DAE6D6939676D786EEEC4 ] NcaSvc C:\Windows\System32\ncasvc.dll
01:14:23.0113 1388 NcaSvc - ok
01:14:23.0113 1388 [ C982FE4CC91DECE2259F494FCEB4030F ] NcdAutoSetup C:\Windows\System32\NcdAutoSetup.dll
01:14:23.0129 1388 NcdAutoSetup - ok
01:14:23.0145 1388 [ 03CFE4108D1DE16D6C59455B5C73319C ] NDIS C:\Windows\system32\drivers\ndis.sys
01:14:23.0176 1388 NDIS - ok
01:14:23.0176 1388 [ 39C8A1D9D46F5E83A016BCAB72455284 ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
01:14:23.0191 1388 NdisCap - ok
01:14:23.0191 1388 [ 762941932B7E4C588E48A577BA9D6440 ] NdisImPlatform C:\Windows\system32\DRIVERS\NdisImPlatform.sys
01:14:23.0207 1388 NdisImPlatform - ok
01:14:23.0207 1388 [ 7A6F8A6D0E01432EBA294EF29CDD0FA7 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
01:14:23.0223 1388 NdisTapi - ok
01:14:23.0223 1388 [ 79AB68BB3FFF974AD4F41FA559F4EC67 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
01:14:23.0238 1388 Ndisuio - ok
01:14:23.0238 1388 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
01:14:23.0254 1388 NdisWan - ok
01:14:23.0254 1388 [ 62C7DBF4F9301F76CF87D4B9D8F57BF8 ] NDISWANLEGACY C:\Windows\system32\DRIVERS\ndiswan.sys
01:14:23.0269 1388 NDISWANLEGACY - ok
01:14:23.0269 1388 [ CE6EBC0AD38CC6482D8FBB744FF15CE2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
01:14:23.0285 1388 NDProxy - ok
01:14:23.0285 1388 [ D3F60A4345FCA9C1BE68AD7D0D6DE770 ] Ndu C:\Windows\system32\drivers\Ndu.sys
01:14:23.0301 1388 Ndu - ok
01:14:23.0301 1388 [ 7C203A76394F9AE68F69EEE5F9612C4A ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
01:14:23.0316 1388 NetBIOS - ok
01:14:23.0316 1388 [ 7CEC25C682D319D484630B3952C31A11 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
01:14:23.0332 1388 NetBT - ok
01:14:23.0347 1388 [ F702AB6181513303AB0FC8D59E52708B ] Netlogon C:\Windows\system32\lsass.exe
01:14:23.0347 1388 Netlogon - ok
01:14:23.0363 1388 [ 89519D29CBEC2121CA65CC29C4D345E0 ] Netman C:\Windows\System32\netman.dll
01:14:23.0379 1388 Netman - ok
01:14:23.0379 1388 [ 5FF52E13C72838D87DAF228EC9E92C89 ] netprofm C:\Windows\System32\netprofmsvc.dll
01:14:23.0394 1388 netprofm - ok
01:14:23.0410 1388 [ 5243CFC2E7161C91C2B355240035B9E4 ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
01:14:23.0425 1388 NetTcpPortSharing - ok
01:14:23.0425 1388 [ 12DD2800E4EEA37DC9AE256AD62423B4 ] nfrd960 C:\Windows\system32\drivers\nfrd960.sys
01:14:23.0441 1388 nfrd960 - ok
01:14:23.0441 1388 [ 80ABCD4C2DE9FD832477303AE0CA3BE5 ] NlaSvc C:\Windows\System32\nlasvc.dll
01:14:23.0457 1388 NlaSvc - ok
01:14:23.0457 1388 [ 17E19A742FB30C002F8B43575451DBE1 ] Npfs C:\Windows\system32\drivers\Npfs.sys
01:14:23.0472 1388 Npfs - ok
01:14:23.0472 1388 [ 8ED299C30792544264E558BEA79F0947 ] npsvctrig C:\Windows\System32\drivers\npsvctrig.sys
01:14:23.0488 1388 npsvctrig - ok
01:14:23.0488 1388 [ 832B5FDF0B5577713FD7F2465FCD0ACE ] nsi C:\Windows\system32\nsisvc.dll
01:14:23.0503 1388 nsi - ok
01:14:23.0503 1388 [ 689B3B1E95C70ABF7AFF29F9406EF1E0 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
01:14:23.0519 1388 nsiproxy - ok
01:14:23.0535 1388 [ 76929F4A69E425911A63B407E26C2589 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
01:14:23.0581 1388 Ntfs - ok
01:14:23.0597 1388 [ 4163ADE07DB51843AE31F65B94F5398D ] Null C:\Windows\system32\drivers\Null.sys
01:14:23.0597 1388 Null - ok
01:14:23.0597 1388 [ D6D34118263412D3AAA8348A9572B7F2 ] nvraid C:\Windows\system32\drivers\nvraid.sys
01:14:23.0613 1388 nvraid - ok
01:14:23.0613 1388 [ 27AFC428D1D32ABD04A86763A4EDDEA9 ] nvstor C:\Windows\system32\drivers\nvstor.sys
01:14:23.0628 1388 nvstor - ok
01:14:23.0628 1388 [ 051CFB5107BAAE510419BDC41F8C4036 ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
01:14:23.0644 1388 nv_agp - ok
01:14:23.0659 1388 [ 785F487A64950F3CB8E9F16253BA3B7B ] odserv C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE
01:14:23.0675 1388 odserv - ok
01:14:23.0675 1388 [ 5A432A042DAE460ABE7199B758E8606C ] ose C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
01:14:23.0675 1388 ose - ok
01:14:23.0691 1388 [ AB76700D764A342D7475FB8F47CAB18C ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
01:14:23.0706 1388 p2pimsvc - ok
01:14:23.0706 1388 [ 4319FD931DCD796435ECB5DB4A04FBA5 ] p2psvc C:\Windows\system32\p2psvc.dll
01:14:23.0722 1388 p2psvc - ok
01:14:23.0738 1388 [ 4563DAF8C6A740AD7F501E219BD10766 ] Parport C:\Windows\System32\drivers\parport.sys
01:14:23.0738 1388 Parport - ok
01:14:23.0738 1388 [ D6ACCF9F2EEEEA711C14EFD976E573F3 ] partmgr C:\Windows\system32\drivers\partmgr.sys
01:14:23.0753 1388 partmgr - ok
01:14:23.0769 1388 [ 4811D9EC53649105A5A8BEA661B0F936 ] PcaSvc C:\Windows\System32\pcasvc.dll
01:14:23.0769 1388 PcaSvc - ok
01:14:23.0784 1388 [ 4A003E8F718C1E6A2050CA98CD53E3E2 ] pci C:\Windows\system32\drivers\pci.sys
01:14:23.0800 1388 pci - ok
01:14:23.0800 1388 [ F9908D274D458220F91E89B54D78D837 ] pciide C:\Windows\system32\drivers\pciide.sys
01:14:23.0800 1388 pciide - ok
01:14:23.0815 1388 [ 84D19CB6102627932DCB5DFDF89FE269 ] pcmcia C:\Windows\system32\drivers\pcmcia.sys
01:14:23.0831 1388 pcmcia - ok
01:14:23.0831 1388 [ CEBBAD5391C2644560C55628A40BFD27 ] pcw C:\Windows\system32\drivers\pcw.sys
01:14:23.0831 1388 pcw - ok
01:14:23.0847 1388 [ AECC24430301DBC6A76916E3029B6B83 ] pdc C:\Windows\system32\drivers\pdc.sys
01:14:23.0847 1388 pdc - ok
01:14:23.0862 1388 [ 70DBB6A8B52B3830922F1C5789E1BEEB ] PEAUTH C:\Windows\system32\drivers\peauth.sys
01:14:23.0878 1388 PEAUTH - ok
01:14:23.0909 1388 [ DF0D9BDCB600913F40FF125BF8CE1979 ] PeerDistSvc C:\Windows\system32\peerdistsvc.dll
01:14:23.0940 1388 PeerDistSvc - ok
01:14:23.0987 1388 [ EB88FA19F0EA05DD04BE9C5FFEEFFE1A ] PerfHost C:\Windows\SysWow64\perfhost.exe
01:14:24.0003 1388 PerfHost - ok
01:14:24.0018 1388 [ 6E84BFF58F7643499277F29DFA2F8C8D ] pla C:\Windows\system32\pla.dll
01:14:24.0049 1388 pla - ok
01:14:24.0065 1388 [ 799BE46D45D486704CE0F37CA5385262 ] PlugPlay C:\Windows\system32\umpnpmgr.dll
01:14:24.0065 1388 PlugPlay - ok
01:14:24.0081 1388 [ 8E2414E818C26C4A9C70CB2B8567F04F ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
01:14:24.0081 1388 PNRPAutoReg - ok
01:14:24.0096 1388 [ AB76700D764A342D7475FB8F47CAB18C ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
01:14:24.0096 1388 PNRPsvc - ok
01:14:24.0112 1388 [ 0108C8E5176D590F242701EF5A62CC26 ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
01:14:24.0127 1388 PolicyAgent - ok
01:14:24.0127 1388 [ F1E067F56373F11EA4B785CAE823740A ] Power C:\Windows\system32\umpo.dll
01:14:24.0143 1388 Power - ok
01:14:24.0143 1388 [ 362D47E5B4D67270DE4B8606036F4ADD ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
01:14:24.0159 1388 PptpMiniport - ok
01:14:24.0190 1388 [ C2D3B3D0060619D5E03E696BD56FF59F ] PrintNotify C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll
01:14:24.0237 1388 PrintNotify - ok
01:14:24.0237 1388 [ DD979EB6A7212F60E4AFBE96EDC7AE6D ] Processor C:\Windows\System32\drivers\processr.sys
01:14:24.0252 1388 Processor - ok
01:14:24.0252 1388 [ 429E8502AD2227CF88F8840FC5BD590D ] ProfSvc C:\Windows\system32\profsvc.dll
01:14:24.0268 1388 ProfSvc - ok
01:14:24.0268 1388 [ EB8034147D4820CD31BFCB11A2A652DF ] Psched C:\Windows\system32\DRIVERS\pacer.sys
01:14:24.0284 1388 Psched - ok
01:14:24.0299 1388 [ 0AFBF333B6F87A2F598EAB379AF100B8 ] QWAVE C:\Windows\system32\qwave.dll
01:14:24.0315 1388 QWAVE - ok
01:14:24.0315 1388 [ 13D47BB0CCA2FC51BD15F8E85C6A078E ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
01:14:24.0315 1388 QWAVEdrv - ok
01:14:24.0330 1388 [ 873C60F8178100557740A832FCE10B5F ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
01:14:24.0330 1388 RasAcd - ok
01:14:24.0346 1388 [ 69B93F623B130976243ECA3D84CC99CA ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
01:14:24.0346 1388 RasAgileVpn - ok
01:14:24.0361 1388 [ 005F6E54C4A2DA4EBF68FB0392CE8BB0 ] RasAuto C:\Windows\System32\rasauto.dll
01:14:24.0377 1388 RasAuto - ok
01:14:24.0377 1388 [ A14D625C5AEE5FFE0F47D1A1D419FAAE ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
01:14:24.0393 1388 Rasl2tp - ok
01:14:24.0393 1388 [ C923C785A2DE0B396AD6D13ACAFF2DE9 ] RasMan C:\Windows\System32\rasmans.dll
01:14:24.0408 1388 RasMan - ok
01:14:24.0408 1388 [ 00695B9C2DB6111064499C529E90C042 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
01:14:24.0424 1388 RasPppoe - ok
01:14:24.0439 1388 [ A7F24D8CD1956B0A1FDCB86CC5114DE4 ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
01:14:24.0439 1388 RasSstp - ok
01:14:24.0455 1388 [ B72C33DBD5326B3864CF2091AF8B906B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
01:14:24.0471 1388 rdbss - ok
01:14:24.0471 1388 [ CA7DF5EC95D8DE0DD24BE7FF97369F68 ] rdpbus C:\Windows\System32\drivers\rdpbus.sys
01:14:24.0486 1388 rdpbus - ok
01:14:24.0486 1388 [ B2A3AD74FF2E2FFA73AF2567108231B3 ] RDPDR C:\Windows\system32\drivers\rdpdr.sys
01:14:24.0502 1388 RDPDR - ok
01:14:24.0502 1388 [ 57F4787E4602A3FCA719C0A33137C6DA ] RdpVideoMiniport C:\Windows\system32\drivers\rdpvideominiport.sys
01:14:24.0518 1388 RdpVideoMiniport - ok
01:14:24.0518 1388 [ B3CB0721E81E30419CE7D837EF4EA151 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
01:14:24.0533 1388 RDPWD - ok
01:14:24.0533 1388 [ 62C1F8A0685FE07E998AA296C4F697C4 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
01:14:24.0549 1388 rdyboost - ok
01:14:24.0549 1388 [ 3663CCF243EE0C04E9F6F91ED1737273 ] RemoteAccess C:\Windows\System32\mprdim.dll
01:14:24.0564 1388 RemoteAccess - ok
01:14:24.0564 1388 [ E80DD61E52EDFFF9DA1ED7260A68855B ] RemoteRegistry C:\Windows\system32\regsvc.dll
01:14:24.0595 1388 RemoteRegistry - ok
01:14:24.0595 1388 [ 17EF582CBC4809F96B9E6D0543480763 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
01:14:24.0611 1388 RFCOMM - ok
01:14:24.0627 1388 [ 4AAFFFA67AC4DFA3D9985D78573887E2 ] RimVSerPort C:\Windows\system32\DRIVERS\RimSerial_AMD64.sys
01:14:24.0627 1388 RimVSerPort - ok
01:14:24.0627 1388 [ FB582B72D33DCF1E6E4F2336E69160BF ] ROOTMODEM C:\Windows\system32\Drivers\RootMdm.sys
01:14:24.0642 1388 ROOTMODEM - ok
01:14:24.0642 1388 [ 73F2E030B5C24E4E41401B5F0D59E6FD ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
01:14:24.0658 1388 RpcEptMapper - ok
01:14:24.0658 1388 [ 10B21284B3D964AB3DC45490E57D422E ] RpcLocator C:\Windows\system32\locator.exe
01:14:24.0673 1388 RpcLocator - ok
01:14:24.0689 1388 [ 1EC6E533C954BDDF2A37E7851A7E58FD ] RpcSs C:\Windows\system32\rpcss.dll
01:14:24.0705 1388 RpcSs - ok
01:14:24.0705 1388 [ E04E770DD198B9399640717145E79EBF ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
01:14:24.0720 1388 rspndr - ok
01:14:24.0720 1388 [ 483C537E69FA97C77F7FE0E2E1C1F102 ] RTHDMIAzAudService C:\Windows\system32\drivers\RtHDMIVX.sys
01:14:24.0736 1388 RTHDMIAzAudService - ok
01:14:24.0736 1388 [ 752EC7DCD2F96871A3857EEE6AFE965A ] s3cap C:\Windows\System32\drivers\vms3cap.sys
01:14:24.0736 1388 s3cap - ok
01:14:24.0752 1388 [ F702AB6181513303AB0FC8D59E52708B ] SamSs C:\Windows\system32\lsass.exe
01:14:24.0752 1388 SamSs - ok
01:14:24.0752 1388 [ 9C7B28CE0D136DB226E24DB3BC817F92 ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
01:14:24.0767 1388 sbp2port - ok
01:14:24.0767 1388 [ 14316954FCE79C9DE5A0AFF9D42C83AA ] SCardSvr C:\Windows\System32\SCardSvr.dll
01:14:24.0783 1388 SCardSvr - ok
01:14:24.0798 1388 [ 5D7733A12756B267FCA021672B26BC9E ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
01:14:24.0814 1388 scfilter - ok
01:14:24.0814 1388 [ EDCDF4DB82EF825B94B190D544C8C58B ] Schedule C:\Windows\system32\schedsvc.dll
01:14:24.0845 1388 Schedule - ok
01:14:24.0861 1388 [ BAF8F0F55BC300E5F882E521F054E345 ] SCPolicySvc C:\Windows\System32\certprop.dll
01:14:24.0861 1388 SCPolicySvc - ok
01:14:24.0876 1388 [ 12F06525912BBEF67837DE47D87C60A9 ] sdbus C:\Windows\System32\drivers\sdbus.sys
01:14:24.0876 1388 sdbus - ok
01:14:24.0892 1388 [ 92968277ED491E4B3DDA361E3952361E ] SDRSVC C:\Windows\System32\SDRSVC.dll
01:14:24.0892 1388 SDRSVC - ok
01:14:24.0908 1388 [ BB107AA9980B0DA4E19A3A90C3BD4460 ] sdstor C:\Windows\System32\drivers\sdstor.sys
01:14:24.0908 1388 sdstor - ok
01:14:24.0908 1388 [ 3EA8A16169C26AFBEB544E0E48421186 ] secdrv C:\Windows\system32\drivers\secdrv.sys
01:14:24.0923 1388 secdrv - ok
01:14:24.0923 1388 [ CD282626738B6BC92B6E7CD0AAE95B63 ] seclogon C:\Windows\system32\seclogon.dll
01:14:24.0939 1388 seclogon - ok
01:14:24.0939 1388 [ 9C51620998F0763039DFA6BF68E475ED ] SENS C:\Windows\System32\sens.dll
01:14:24.0954 1388 SENS - ok
01:14:24.0970 1388 [ 0D50B4B860DAB65241628D04CD33ACAE ] SensrSvc C:\Windows\system32\sensrsvc.dll
01:14:24.0986 1388 SensrSvc - ok
01:14:24.0986 1388 [ 87C46B239A7EEF30FDFDD5E9BD46130C ] SerCx C:\Windows\system32\drivers\SerCx.sys
01:14:24.0986 1388 SerCx - ok
01:14:25.0001 1388 [ 7A1F9347C85FD55E39B8A76B3A25C5AD ] Serenum C:\Windows\System32\drivers\serenum.sys
01:14:25.0001 1388 Serenum - ok
01:14:25.0001 1388 [ F640A0A218BBF857F1D04A15D7D939F6 ] Serial C:\Windows\System32\drivers\serial.sys
01:14:25.0017 1388 Serial - ok
01:14:25.0017 1388 [ F1A5F56B2620B862CC28FF96A0A6DAAB ] sermouse C:\Windows\System32\drivers\sermouse.sys
01:14:25.0032 1388 sermouse - ok
01:14:25.0048 1388 [ CB60A60340788C8D6DE2A269D28086AB ] SessionEnv C:\Windows\system32\sessenv.dll
01:14:25.0048 1388 SessionEnv - ok
01:14:25.0064 1388 [ 7EE65419B29302C795714FF8073969A1 ] sfloppy C:\Windows\System32\drivers\sfloppy.sys
01:14:25.0064 1388 sfloppy - ok
01:14:25.0079 1388 [ 090AE16F79C8EAD04E6031F863DA85F3 ] SharedAccess C:\Windows\System32\ipnathlp.dll
01:14:25.0095 1388 SharedAccess - ok
01:14:25.0095 1388 [ A77F3ABE13FCC698511E5DEC7ACEBD5F ] ShellHWDetection C:\Windows\System32\shsvcs.dll
01:14:25.0126 1388 ShellHWDetection - ok
01:14:25.0142 1388 [ 2560721D6F16D5B611C36A3A9D28C1B2 ] SiSRaid2 C:\Windows\system32\drivers\SiSRaid2.sys
01:14:25.0142 1388 SiSRaid2 - ok
01:14:25.0157 1388 [ 3AA8FDE1DBF65BB8B88B053529554A0D ] SiSRaid4 C:\Windows\system32\drivers\sisraid4.sys
01:14:25.0157 1388 SiSRaid4 - ok
01:14:25.0173 1388 [ E660156A4588A84305CB772FD2C0DB21 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
01:14:25.0188 1388 SNMPTRAP - ok
01:14:25.0188 1388 [ 465F3C355CE5ED2779B8F460F14C5A78 ] spaceport C:\Windows\system32\drivers\spaceport.sys
01:14:25.0204 1388 spaceport - ok
01:14:25.0204 1388 [ 3D8679C8DF52EB26EB7583A4E0A29202 ] SpbCx C:\Windows\system32\drivers\SpbCx.sys
01:14:25.0220 1388 SpbCx - ok
01:14:25.0220 1388 [ 3F215BF2D4D8D6756298B25B579772C2 ] Spooler C:\Windows\System32\spoolsv.exe
01:14:25.0251 1388 Spooler - ok
01:14:25.0298 1388 [ EC84D961501054F87A6878EC5D53388F ] sppsvc C:\Windows\system32\sppsvc.exe
01:14:25.0360 1388 sppsvc - ok
01:14:25.0376 1388 [ 0F1FCD575A03ABDE13FCA9D0ADE4DDA6 ] srv C:\Windows\system32\DRIVERS\srv.sys
01:14:25.0376 1388 srv - ok
01:14:25.0391 1388 [ 9912FDF63EC78E1977083E20DEAE4889 ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
01:14:25.0422 1388 srv2 - ok
01:14:25.0422 1388 [ FD8B4F201B681C555A4AF41922C52557 ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
01:14:25.0454 1388 srvnet - ok
01:14:25.0454 1388 [ 7A20882D76D4A78240A5AC9F2C2EBA21 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
01:14:25.0469 1388 SSDPSRV - ok
01:14:25.0469 1388 [ D233B16999A8E626F6004BD7814C57EC ] SstpSvc C:\Windows\system32\sstpsvc.dll
01:14:25.0485 1388 SstpSvc - ok
01:14:25.0500 1388 [ 98CC6BDCB5F593394CE2000EC454AEE4 ] StarMoney 8.0 OnlineUpdate C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe
01:14:25.0563 1388 StarMoney 8.0 OnlineUpdate - ok
01:14:25.0563 1388 [ 4E85355B94CFCB67C135F6521A4895A7 ] stexstor C:\Windows\system32\drivers\stexstor.sys
01:14:25.0578 1388 stexstor - ok
01:14:25.0578 1388 [ F38F79114380246B6D40CD53FB2CA28D ] StillCam C:\Windows\system32\DRIVERS\serscan.sys
01:14:25.0594 1388 StillCam - ok
01:14:25.0594 1388 [ BAC8A721736AECC55A4F71523AEAB65F ] stisvc C:\Windows\System32\wiaservc.dll
01:14:25.0610 1388 stisvc - ok
01:14:25.0625 1388 [ C588BBD37B432CE3204E5765B459E6B2 ] storahci C:\Windows\system32\drivers\storahci.sys
01:14:25.0625 1388 storahci - ok
01:14:25.0641 1388 [ F74DBC95A57B1EE866D3732EB5F79BE2 ] storflt C:\Windows\system32\DRIVERS\vmstorfl.sys
01:14:25.0641 1388 storflt - ok
01:14:25.0641 1388 [ 5337E138B49ED1F44CCBA4073BC35C20 ] StorSvc C:\Windows\system32\storsvc.dll
01:14:25.0656 1388 StorSvc - ok
01:14:25.0656 1388 [ 543CD3CC0E05B8D8815E0D4F040B6F59 ] storvsc C:\Windows\system32\drivers\storvsc.sys
01:14:25.0672 1388 storvsc - ok
01:14:25.0672 1388 [ 1A36AC469140F87CDE62D7F8524E270C ] storvsp C:\Windows\System32\drivers\storvsp.sys
01:14:25.0688 1388 storvsp - ok
01:14:25.0688 1388 [ 8BC1C1ED6EF9C985A3FAA6A72F41679A ] svsvc C:\Windows\system32\svsvc.dll
01:14:25.0703 1388 svsvc - ok
01:14:25.0703 1388 [ 4AFD66AAE74FFB5986BC240744DC5FC9 ] swenum C:\Windows\System32\drivers\swenum.sys
01:14:25.0719 1388 swenum - ok
01:14:25.0719 1388 [ 502F9488540051F3E6C39889ECFA76BB ] swprv C:\Windows\System32\swprv.dll
01:14:25.0750 1388 swprv - ok
01:14:25.0766 1388 [ DC21E1F06343773D7E24362DCEF7944B ] SysMain C:\Windows\system32\sysmain.dll
01:14:25.0781 1388 SysMain - ok
01:14:25.0797 1388 [ E219BF7BCCFE4881B0C053C7E0B47ECC ] SystemEventsBroker C:\Windows\System32\SystemEventsBrokerServer.dll
01:14:25.0812 1388 SystemEventsBroker - ok
01:14:25.0812 1388 [ A6C06C45C44AD06C70AF8899AEC15BDC ] TabletInputService C:\Windows\System32\TabSvc.dll
01:14:25.0828 1388 TabletInputService - ok
01:14:25.0828 1388 [ 88B7721AB551C4325036B25A34A2BF7B ] TapiSrv C:\Windows\System32\tapisrv.dll
01:14:25.0844 1388 TapiSrv - ok
01:14:25.0875 1388 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] Tcpip C:\Windows\system32\drivers\tcpip.sys
01:14:25.0922 1388 Tcpip - ok
01:14:25.0953 1388 [ F4F78B7F39BD56BD0BFE4C4399398F6F ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
01:14:25.0984 1388 TCPIP6 - ok
01:14:26.0000 1388 [ 8F2A13A5DF99D72FDDE87F502A66F989 ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
01:14:26.0000 1388 tcpipreg - ok
01:14:26.0015 1388 [ 73DC722CE5DF26D7638CE2446F2655C7 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
01:14:26.0015 1388 tdx - ok
01:14:26.0062 1388 [ 6B1B2F8D62D606B200C2072564090104 ] TeamViewer8 C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe
01:14:26.0124 1388 TeamViewer8 - ok
01:14:26.0124 1388 [ F7C8AB5D8AFFAA318D6A21093D139BF4 ] terminpt C:\Windows\System32\drivers\terminpt.sys
01:14:26.0140 1388 terminpt - ok
01:14:26.0140 1388 [ 541EE228D0DEF392F7B2DFD885DD021B ] TermService C:\Windows\System32\termsrv.dll
01:14:26.0156 1388 TermService - ok
01:14:26.0171 1388 [ 519A6F672FFF56B7D8EE8C730CEC8ECD ] Themes C:\Windows\system32\themeservice.dll
01:14:26.0187 1388 Themes - ok
01:14:26.0187 1388 [ EEE908BE7143FCA48CF0CB87214E2AB8 ] THREADORDER C:\Windows\system32\mmcss.dll
01:14:26.0187 1388 THREADORDER - ok
01:14:26.0202 1388 [ FF4135424A79DCC2998276D8E39C9B4D ] TimeBroker C:\Windows\System32\TimeBrokerServer.dll
01:14:26.0202 1388 TimeBroker - ok
01:14:26.0218 1388 [ B44EFE254C0B3719E4037088D24FE4B5 ] TPM C:\Windows\system32\drivers\tpm.sys
01:14:26.0234 1388 TPM - ok
01:14:26.0234 1388 [ 8C8CF3041B27E7657ADD0EE17F6DBFCA ] TrkWks C:\Windows\System32\trkwks.dll
01:14:26.0249 1388 TrkWks - ok
01:14:26.0249 1388 [ 8D516AEF3C1DF980664CF17BB1FF6093 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
01:14:26.0249 1388 TrustedInstaller - ok
01:14:26.0265 1388 [ 4E7C5FB10A50435523DE0CAA37DE2BD3 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
01:14:26.0265 1388 TsUsbFlt - ok
01:14:26.0280 1388 [ 16D684A820872EE54F6370703AC0B513 ] TsUsbGD C:\Windows\System32\drivers\TsUsbGD.sys
01:14:26.0280 1388 TsUsbGD - ok
01:14:26.0280 1388 [ 78C9EE193AC2B4CBDBC48B620314D740 ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
01:14:26.0296 1388 tunnel - ok
01:14:26.0312 1388 [ 6D4F67CA56ACA2085DFA2CD89EAFBC1A ] uagp35 C:\Windows\system32\drivers\uagp35.sys
01:14:26.0312 1388 uagp35 - ok
01:14:26.0312 1388 [ 6FD6D03B7752C78712E5CFF29A305026 ] UASPStor C:\Windows\System32\drivers\uaspstor.sys
01:14:26.0327 1388 UASPStor - ok
01:14:26.0327 1388 [ 1ED222DFE6C13DA50FE081ABF90CAFE1 ] UCX01000 C:\Windows\System32\drivers\ucx01000.sys
01:14:26.0343 1388 UCX01000 - ok
01:14:26.0358 1388 [ DC5A461591C71AF7F19DC048A81E3F88 ] udfs C:\Windows\system32\DRIVERS\udfs.sys
01:14:26.0374 1388 udfs - ok
01:14:26.0374 1388 [ FB3475FEA1CCB0DAEA1EBE44D0E3BB7D ] UI0Detect C:\Windows\system32\UI0Detect.exe
01:14:26.0390 1388 UI0Detect - ok
01:14:26.0390 1388 [ 07FEBCDF24FABA0D47B635D85A0FFB7A ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
01:14:26.0405 1388 uliagpkx - ok
01:14:26.0405 1388 [ 02CEB3FE6152668A7BA420B93B664860 ] umbus C:\Windows\System32\drivers\umbus.sys
01:14:26.0421 1388 umbus - ok
01:14:26.0421 1388 [ 991EE6B5FC41EAEF99C8AF5B92F2CA09 ] UmPass C:\Windows\System32\drivers\umpass.sys
01:14:26.0436 1388 UmPass - ok
01:14:26.0436 1388 [ 43FEFB040A0CC30F795FBF544169594D ] UmRdpService C:\Windows\System32\umrdp.dll
01:14:26.0452 1388 UmRdpService - ok
01:14:26.0452 1388 [ 14D22C411854AA2560AFC94CD2D5E61F ] upnphost C:\Windows\System32\upnphost.dll
01:14:26.0468 1388 upnphost - ok
01:14:26.0483 1388 [ 43228F8EDD1B0BCDD3145AD246E63D39 ] USBAAPL64 C:\Windows\System32\Drivers\usbaapl64.sys
01:14:26.0483 1388 USBAAPL64 - ok
01:14:26.0499 1388 [ 2AF9F0E16D75B8F783A1ACE74EF51C9B ] usbccgp C:\Windows\System32\drivers\usbccgp.sys
01:14:26.0499 1388 usbccgp - ok
01:14:26.0514 1388 [ B395B62B62F28106218FA6FB17F4C797 ] usbcir C:\Windows\System32\drivers\usbcir.sys
01:14:26.0530 1388 usbcir - ok
01:14:26.0530 1388 [ 52F267AEE8CA5AA5CEB88C6A71EE1E86 ] usbehci C:\Windows\System32\drivers\usbehci.sys
01:14:26.0546 1388 usbehci - ok
01:14:26.0546 1388 [ ADBF89B8E0BB372FEFE2E4B84E1E20AE ] usbhub C:\Windows\System32\drivers\usbhub.sys
01:14:26.0577 1388 usbhub - ok
01:14:26.0577 1388 [ C5986337DE3BF63ABD9ED4D834D34B89 ] USBHUB3 C:\Windows\System32\drivers\UsbHub3.sys
01:14:26.0592 1388 USBHUB3 - ok
01:14:26.0592 1388 [ 325F6179009B5A7F6118951A5BA422AB ] usbohci C:\Windows\System32\drivers\usbohci.sys
01:14:26.0608 1388 usbohci - ok
01:14:26.0624 1388 [ BA3ABE0CD1C14B3295BAD0F076B84CAC ] usbprint C:\Windows\System32\drivers\usbprint.sys
01:14:26.0624 1388 usbprint - ok
01:14:26.0639 1388 [ F77177F6C95B2116EE7AD23B5EF57007 ] USBSTOR C:\Windows\System32\drivers\USBSTOR.SYS
01:14:26.0639 1388 USBSTOR - ok
01:14:26.0655 1388 [ D25EF4A6EC244C5DE85D88A05B7C149D ] usbuhci C:\Windows\System32\drivers\usbuhci.sys
01:14:26.0670 1388 usbuhci - ok
01:14:26.0670 1388 [ 09799E701B4327097E9F63D3FE221083 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
01:14:26.0686 1388 usbvideo - ok
01:14:26.0686 1388 [ 9CD4259AD15F84DE27B94A956C978D6C ] USBXHCI C:\Windows\System32\drivers\USBXHCI.SYS
01:14:26.0702 1388 USBXHCI - ok
01:14:26.0702 1388 [ F702AB6181513303AB0FC8D59E52708B ] VaultSvc C:\Windows\system32\lsass.exe
01:14:26.0717 1388 VaultSvc - ok
01:14:26.0717 1388 [ BACECBFF9C97F7627A60B0E0F1FE7EE8 ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
01:14:26.0733 1388 vdrvroot - ok
01:14:26.0733 1388 [ 8A8CDA9E3CF2E0B4C6CC19FBC6FB9A71 ] vds C:\Windows\System32\vds.exe
01:14:26.0764 1388 vds - ok
01:14:26.0764 1388 [ 74FA2D4368DE6F6CE14393EDF1F342BE ] VerifierExt C:\Windows\system32\drivers\VerifierExt.sys
01:14:26.0764 1388 VerifierExt - ok
01:14:26.0780 1388 [ 8628FA679F0EC4B709CCD1F6B6A3233B ] vhdmp C:\Windows\System32\drivers\vhdmp.sys
01:14:26.0795 1388 vhdmp - ok
01:14:26.0795 1388 [ F5B4A14B00E89250C50982AC762DDD1D ] viaide C:\Windows\system32\drivers\viaide.sys
01:14:26.0811 1388 viaide - ok
01:14:26.0811 1388 [ 0E43886F01C85B47BA0A3157274BCF59 ] Vid C:\Windows\System32\drivers\Vid.sys
01:14:26.0826 1388 Vid - ok
01:14:26.0826 1388 [ 78DB50F7329F6D1311658DABFFFC8BE0 ] vmbus C:\Windows\system32\drivers\vmbus.sys
01:14:26.0842 1388 vmbus - ok
01:14:26.0842 1388 [ ECFEE2F2BA3932C7880D1A8F67D68F91 ] VMBusHID C:\Windows\System32\drivers\VMBusHID.sys
01:14:26.0858 1388 VMBusHID - ok
01:14:26.0858 1388 [ B4F432A51826FFC66F4DF72A83E8E4B1 ] vmbusr C:\Windows\System32\drivers\vmbusr.sys
01:14:26.0873 1388 vmbusr - ok
01:14:26.0873 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicheartbeat C:\Windows\System32\ICSvc.dll
01:14:26.0889 1388 vmicheartbeat - ok
01:14:26.0889 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmickvpexchange C:\Windows\System32\ICSvc.dll
01:14:26.0904 1388 vmickvpexchange - ok
01:14:26.0904 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicrdv C:\Windows\System32\ICSvc.dll
01:14:26.0920 1388 vmicrdv - ok
01:14:26.0920 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicshutdown C:\Windows\System32\ICSvc.dll
01:14:26.0936 1388 vmicshutdown - ok
01:14:26.0936 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmictimesync C:\Windows\System32\ICSvc.dll
01:14:26.0951 1388 vmictimesync - ok
01:14:26.0951 1388 [ B8FF4248103E6EA47B9D85C55673ABA3 ] vmicvss C:\Windows\System32\ICSvc.dll
01:14:26.0967 1388 vmicvss - ok
01:14:26.0967 1388 [ CB60FAAED8B49B812EBBF77EB87D9B18 ] volmgr C:\Windows\system32\drivers\volmgr.sys
01:14:26.0982 1388 volmgr - ok
01:14:26.0982 1388 [ A74101DA9809251BCD0E5A26BAE0F824 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
01:14:26.0998 1388 volmgrx - ok
01:14:27.0014 1388 [ 2FB3CDFD5EAF4CD9D4AFAF96877D13AE ] volsnap C:\Windows\system32\drivers\volsnap.sys
01:14:27.0029 1388 volsnap - ok
01:14:27.0029 1388 [ A8DA1C1B52ECEA3726DEBED4FF1B700D ] vpci C:\Windows\System32\drivers\vpci.sys
01:14:27.0045 1388 vpci - ok
01:14:27.0045 1388 [ 0190AFFF28F600461C0164353CC7EE27 ] vpcivsp C:\Windows\System32\drivers\vpcivsp.sys
01:14:27.0060 1388 vpcivsp - ok
01:14:27.0060 1388 [ 38A60CD9C009C55C6D3B5586F8E6A353 ] vsmraid C:\Windows\system32\drivers\vsmraid.sys
01:14:27.0076 1388 vsmraid - ok
01:14:27.0092 1388 [ EA658570314042C914964FC72AB50E6B ] VSS C:\Windows\system32\vssvc.exe
01:14:27.0123 1388 VSS - ok
01:14:27.0123 1388 [ A0F6FE0FC2F647C22BBFD6BD4249DBCC ] VSTXRAID C:\Windows\system32\drivers\vstxraid.sys
01:14:27.0138 1388 VSTXRAID - ok
01:14:27.0138 1388 [ 62460A45435A26A334907E3F2EA45611 ] vwifibus C:\Windows\System32\drivers\vwifibus.sys
01:14:27.0154 1388 vwifibus - ok
01:14:27.0154 1388 [ 095E943D27025E4D588AF0A72CC2318F ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
01:14:27.0170 1388 vwififlt - ok
01:14:27.0170 1388 [ 73FA1A41A97A5C34ADC03B3577FF1A86 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
01:14:27.0185 1388 vwifimp - ok
01:14:27.0185 1388 [ F690B6EEAA94576727B24376D7ED3601 ] W32Time C:\Windows\system32\w32time.dll
01:14:27.0201 1388 W32Time - ok
01:14:27.0201 1388 [ 6B806E893714019969E2B50D7EF6A4D9 ] WacomPen C:\Windows\System32\drivers\wacompen.sys
01:14:27.0216 1388 WacomPen - ok
01:14:27.0216 1388 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarp C:\Windows\system32\DRIVERS\wanarp.sys
01:14:27.0232 1388 Wanarp - ok
01:14:27.0232 1388 [ 6081CEC9EF9EB145D8B46655C7708D51 ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
01:14:27.0248 1388 Wanarpv6 - ok
01:14:27.0263 1388 [ 42DF22F8C448E7CD219F6D63743505E2 ] wbengine C:\Windows\system32\wbengine.exe
01:14:27.0294 1388 wbengine - ok
01:14:27.0294 1388 [ 31D37B2F6069C631EF0557D322924812 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
01:14:27.0310 1388 WbioSrvc - ok
01:14:27.0310 1388 [ D9C1E82651BF19C6FF69CEC6FD400124 ] Wcmsvc C:\Windows\System32\wcmsvc.dll
01:14:27.0326 1388 Wcmsvc - ok
01:14:27.0341 1388 [ 5B5FEAB51172F5513C2CF7B39CFA6A01 ] wcncsvc C:\Windows\System32\wcncsvc.dll
01:14:27.0357 1388 wcncsvc - ok
01:14:27.0357 1388 [ E19556D414332E2BEBA1F368229006B4 ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
01:14:27.0372 1388 WcsPlugInService - ok
01:14:27.0372 1388 [ B3A4D918DAB90505B6BC7B70632913CB ] Wd C:\Windows\system32\drivers\wd.sys
01:14:27.0372 1388 Wd - ok
01:14:27.0388 1388 [ 6F4B5DDDC3B86091E94BC47347A78AF7 ] WdBoot C:\Windows\system32\drivers\WdBoot.sys
01:14:27.0388 1388 WdBoot - ok
01:14:27.0404 1388 [ 2ADC985B85A71BD7D99712EC0C24358B ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
01:14:27.0419 1388 Wdf01000 - ok
01:14:27.0435 1388 [ 99D404A9A0AFC4734E014EBEBAC13F8F ] WdFilter C:\Windows\system32\drivers\WdFilter.sys
01:14:27.0435 1388 WdFilter - ok
01:14:27.0450 1388 [ 240FC332484572227CD1DF82407F33E5 ] WdiServiceHost C:\Windows\system32\wdi.dll
01:14:27.0466 1388 WdiServiceHost - ok
01:14:27.0466 1388 [ 240FC332484572227CD1DF82407F33E5 ] WdiSystemHost C:\Windows\system32\wdi.dll
01:14:27.0482 1388 WdiSystemHost - ok
01:14:27.0482 1388 [ F2002DA5E6B78C15B2CD48CFF8F0FBB6 ] WebClient C:\Windows\System32\webclnt.dll
01:14:27.0497 1388 WebClient - ok
01:14:27.0513 1388 [ 35FD720943D4FCD75C3275BF062FF140 ] Wecsvc C:\Windows\system32\wecsvc.dll
01:14:27.0513 1388 Wecsvc - ok
01:14:27.0528 1388 [ 4D2612E3C462B68F499D840B1133263E ] wercplsupport C:\Windows\System32\wercplsupport.dll
01:14:27.0560 1388 wercplsupport - ok
01:14:27.0560 1388 [ 5F70EBFC1F75B487DE79501E3CCBDB54 ] WerSvc C:\Windows\System32\WerSvc.dll
01:14:27.0575 1388 WerSvc - ok
01:14:27.0591 1388 [ FE762D3498719C3A23471BBA62F747B4 ] WFPLWFS C:\Windows\system32\DRIVERS\wfplwfs.sys
01:14:27.0591 1388 WFPLWFS - ok
01:14:27.0606 1388 [ 60E0C220593DA4F7C289CB909D2DBAE0 ] WiaRpc C:\Windows\System32\wiarpc.dll
01:14:27.0606 1388 WiaRpc - ok
01:14:27.0622 1388 [ A3C7624A42A3447EF5EDD1ED37FE4E60 ] WIMMount C:\Windows\system32\drivers\wimmount.sys
01:14:27.0622 1388 WIMMount - ok
01:14:27.0622 1388 WinDefend - ok
01:14:27.0638 1388 [ 7911470B6018059A880469A63B65700A ] WinHttpAutoProxySvc C:\Windows\system32\winhttp.dll
01:14:27.0653 1388 WinHttpAutoProxySvc - ok
01:14:27.0669 1388 [ 3D6B518B71C75C8FA4115A33615C107A ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
01:14:27.0684 1388 Winmgmt - ok
01:14:27.0716 1388 [ 8E212A627F33F6FC3B5F3BB47212F66E ] WinRM C:\Windows\system32\WsmSvc.dll
01:14:27.0747 1388 WinRM - ok
01:14:27.0762 1388 [ BB20956C424531003F7FA6CD36F11D5D ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
01:14:27.0778 1388 WinUsb - ok
01:14:27.0794 1388 [ 6351724B8FA0255C2DBD970297F00B93 ] WlanSvc C:\Windows\System32\wlansvc.dll
01:14:27.0825 1388 WlanSvc - ok
01:14:27.0840 1388 [ B330CE47FB74A6BE9A3FFFF4B3F64D9B ] wlidsvc C:\Windows\system32\wlidsvc.dll
01:14:27.0872 1388 wlidsvc - ok
01:14:27.0872 1388 [ E2A596CACFC6504306CDB7B593B90084 ] WmiAcpi C:\Windows\System32\drivers\wmiacpi.sys
01:14:27.0887 1388 WmiAcpi - ok
01:14:27.0887 1388 [ D113499052C5E541906B727779F0F959 ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
01:14:27.0903 1388 wmiApSrv - ok
01:14:27.0903 1388 WMPNetworkSvc - ok
01:14:27.0918 1388 [ C6FF953D5D6F2EAE3B8883474D5076B3 ] wpcfltr C:\Windows\system32\DRIVERS\wpcfltr.sys
01:14:27.0918 1388 wpcfltr - ok
01:14:27.0934 1388 [ A6ED163169876BFD2437E872FE2F1509 ] WPCSvc C:\Windows\System32\wpcsvc.dll
01:14:27.0934 1388 WPCSvc - ok
01:14:27.0934 1388 [ 39D8AB837F91B729D12D32ED81E2062F ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
01:14:27.0950 1388 WPDBusEnum - ok
01:14:27.0950 1388 [ 0346CAFC181C91C6E2330332EB332ED6 ] WpdUpFltr C:\Windows\system32\drivers\WpdUpFltr.sys
01:14:27.0965 1388 WpdUpFltr - ok
01:14:27.0965 1388 [ BC8B5CB336E63BB25EAD1CE8EDD34B81 ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
01:14:27.0981 1388 ws2ifsl - ok
01:14:27.0981 1388 [ FB0C1B7F94FA08E72F19F6F2CE7210E1 ] wscsvc C:\Windows\System32\wscsvc.dll
01:14:27.0996 1388 wscsvc - ok
01:14:27.0996 1388 [ 74EFDA0526862C3D8D01A776182798EA ] WSDPrintDevice C:\Windows\System32\drivers\WSDPrint.sys
01:14:28.0012 1388 WSDPrintDevice - ok
01:14:28.0012 1388 [ FA07DF46070F0826139709EF4D31FB71 ] WSDScan C:\Windows\system32\DRIVERS\WSDScan.sys
01:14:28.0028 1388 WSDScan - ok
01:14:28.0028 1388 WSearch - ok
01:14:28.0043 1388 [ C10BFFEE7E0D7A1366E84F251796C51D ] WSService C:\Windows\System32\WSService.dll
01:14:28.0106 1388 WSService - ok
01:14:28.0137 1388 [ A8484C0CB54DB48180FB7CA00F1C3F8F ] wuauserv C:\Windows\system32\wuaueng.dll
01:14:28.0184 1388 wuauserv - ok
01:14:28.0199 1388 [ AB886378EEB55C6C75B4F2D14B6C869F ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
01:14:28.0199 1388 WudfPf - ok
01:14:28.0215 1388 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFRd C:\Windows\System32\drivers\WUDFRd.sys
01:14:28.0215 1388 WUDFRd - ok
01:14:28.0230 1388 [ B20F051B03A966392364C83F009F7D17 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
01:14:28.0230 1388 wudfsvc - ok
01:14:28.0246 1388 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdFs C:\Windows\system32\DRIVERS\WUDFRd.sys
01:14:28.0246 1388 WUDFWpdFs - ok
01:14:28.0246 1388 [ DDA4CAF29D8C0A297F886BFE561E6659 ] WUDFWpdMtp C:\Windows\system32\DRIVERS\WUDFRd.sys
01:14:28.0262 1388 WUDFWpdMtp - ok
01:14:28.0277 1388 [ F9D8D2E6ECE08B278621D5BF3A7240A6 ] WwanSvc C:\Windows\System32\wwansvc.dll
01:14:28.0277 1388 WwanSvc - ok
01:14:28.0293 1388 ================ Scan global ===============================
01:14:28.0293 1388 [ DDC1AFBF9DDF880CE9BD3896114D8DED ] C:\Windows\system32\basesrv.dll
01:14:28.0308 1388 [ E9343076AE704D20BB0D01F3AF3EFFEF ] C:\Windows\system32\winsrv.dll
01:14:28.0308 1388 [ BD7C6949984D19AAA609896B675E7357 ] C:\Windows\system32\sxssrv.dll
01:14:28.0324 1388 [ 8F226143046435C75C033B0C52E90FFE ] C:\Windows\system32\services.exe
01:14:28.0324 1388 [Global] - ok
01:14:28.0324 1388 ================ Scan MBR ==================================
01:14:28.0324 1388 [ A36C5E4F47E84449FF07ED3517B43A31 ] \Device\Harddisk0\DR0
01:14:28.0496 1388 \Device\Harddisk0\DR0 - ok
01:14:28.0776 1388 [ 5C616939100B85E558DA92B899A0FC36 ] \Device\Harddisk1\DR1
01:14:29.0291 1388 \Device\Harddisk1\DR1 - ok
01:14:29.0307 1388 [ 5FB38429D5D77768867C76DCBDB35194 ] \Device\Harddisk2\DR2
01:14:29.0525 1388 \Device\Harddisk2\DR2 - ok
01:14:29.0525 1388 ================ Scan VBR ==================================
01:14:29.0525 1388 [ 205223B58E166ACF3692990BD22F87EF ] \Device\Harddisk0\DR0\Partition1
01:14:29.0525 1388 \Device\Harddisk0\DR0\Partition1 - ok
01:14:29.0525 1388 [ D74607C9EE11921B02E25C35D001AB22 ] \Device\Harddisk0\DR0\Partition2
01:14:29.0525 1388 \Device\Harddisk0\DR0\Partition2 - ok
01:14:29.0541 1388 [ 369245EC184695564992FC6FCAE44529 ] \Device\Harddisk1\DR1\Partition1
01:14:29.0541 1388 \Device\Harddisk1\DR1\Partition1 - ok
01:14:29.0541 1388 [ 609CC2EA604F0BC736006A62CD8AAF19 ] \Device\Harddisk2\DR2\Partition1
01:14:29.0541 1388 \Device\Harddisk2\DR2\Partition1 - ok
01:14:29.0541 1388 ============================================================
01:14:29.0541 1388 Scan finished
01:14:29.0541 1388 ============================================================
01:14:29.0556 2152 Detected object count: 1
01:14:29.0556 2152 Actual detected object count: 1
01:15:41.0005 2152 BrYNSvc ( UnsignedFile.Multi.Generic ) - skipped by user
01:15:41.0005 2152 BrYNSvc ( UnsignedFile.Multi.Generic ) - User select action: Skip
01:15:46.0840 2088 Deinitialize success
|
|
02.04.2013, 09:37
| #7 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hm, normalerweise sollte aswMBR zumidnest über avscan=none dann klappen  Probier es bitte nochmal aus, am besten im abgesicherten Modus mit Netzwerktreibern
__________________ Logfiles bitte immer in CODE-Tags posten |
|
02.04.2013, 21:43
| #8 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hallo Cosinus, vielen Dank für Deine schnelle Rückmeldung. Ich habe gerade noch einmal versucht aswMBR im abgesicherten Modus mit Netzwerktreibern zu starten, mit Quickscan und None -> auch da die gleiche Fehlermeldung wie oben beschrieben, bei "Scanning: Service WinDefend C:\Program Files" kommt wieder die Fehler-/ Abbruchmeldung. Soll ich dieses Programm noch einmal komplett de-/ installieren und erneut versuchen? Gibt es noch eine andere Lösung, die ich probieren kann? |
|
03.04.2013, 11:05
| #9 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hm, ich glaube da war was mit Win8, AFAIK gab es da noch Probleme mit aswMBR JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 21:19
| #10 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hallo cosinus, so nun hier die nächsten Logfiles: zuerst vom JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.1 (04.03.2013:1)
OS: Windows 8 Pro x64
Ran by ***** on 03.04.2013 at 21:31:57,89
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
~~~ Registry Keys
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\e8a9x392.default\user.js
Emptied folder: C:\Users\*****\AppData\Roaming\mozilla\firefox\profiles\e8a9x392.default\minidumps [31 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 03.04.2013 at 21:38:21,42
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner Logfile: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 03/04/2013 um 21:46:17 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 8 Pro (64 bits)
# Benutzer : ***** - ASUS-NOTEBOOK
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\*****\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
***** [Registrierungsdatenbank] *****
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16519
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v19.0.2 (de)
Datei : C:\Users\*****\AppData\Roaming\Mozilla\Firefox\Profiles\e8a9x392.default\prefs.js
[OK] Die Datei ist sauber.
*************************
AdwCleaner[S1].txt - [711 octets] - [03/04/2013 21:46:17]
########## EOF - C:\AdwCleaner[S1].txt - [770 octets] ##########
Und hier die beiden Logs von OTL: otl.txt: OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.04.2013 21:55:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,99% Memory free 4,61 Gb Paging File | 3,33 Gb Available in Paging File | 72,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,13 Gb Total Space | 202,88 Gb Free Space | 85,20% Space Free | Partition Type: NTFS Drive D: | 7,40 Gb Total Space | 7,33 Gb Free Space | 99,11% Space Free | Partition Type: NTFS Drive F: | 451,11 Gb Total Space | 324,07 Gb Free Space | 71,84% Space Free | Partition Type: NTFS Computer Name: ASUS-NOTEBOOK | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\Tools&More\GhostWriter\GhostWriter.exe (Wirth New Media Sarl) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Driver Services (SafeList) ========== DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\Drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\Drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\Drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\Drivers\ATK64AMD.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C B1 B4 89 E7 E1 CD 01 [binary data] IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:13:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.24 17:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.03.08 22:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 22:13:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.08 22:12:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.08 22:12:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.08 22:12:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.08 22:12:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.08 22:12:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.08 22:12:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKU\S-1-5-21-254798843-3512868942-2475831698-1001..\Run: [GhostWriter] C:\Program Files (x86)\Tools&More\GhostWriter\GhostWriter.exe (Wirth New Media Sarl) O4 - HKU\S-1-5-21-254798843-3512868942-2475831698-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C9E092-EA2C-4C06-B5A8-BDD30F2D7BD4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 21:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.03 21:31:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.03 21:30:30 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\*****\Desktop\JRT.exe [2013.04.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\CrashDumps [2013.04.02 01:00:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe [2013.04.02 00:59:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe [2013.04.02 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\mbar [2013.03.28 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.03.28 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.28 22:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.28 22:33:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.28 22:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.27 23:12:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.03.27 21:48:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Emails [2013.03.26 22:48:57 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.26 22:48:56 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.24 16:32:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\NPE [2013.03.24 16:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.24 14:18:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Uzryr [2013.03.23 22:28:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 18:28:36 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.03.16 18:28:35 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.03.16 18:28:32 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.16 18:28:32 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.03.16 18:28:32 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.03.16 18:28:31 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.03.16 18:28:29 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.16 18:28:29 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.03.16 18:28:26 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.16 18:28:24 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.16 18:28:23 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.16 18:28:21 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.16 18:28:21 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.16 18:28:21 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.16 18:28:20 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.16 18:28:20 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.16 18:28:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.16 18:28:19 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.16 18:28:19 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.03.16 18:28:19 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.16 18:28:19 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.16 18:28:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.16 18:28:19 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.16 18:28:19 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.16 18:28:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.16 18:28:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.16 18:28:19 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.16 18:28:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.16 18:28:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.16 18:28:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.03.16 18:28:18 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.03.16 18:28:18 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.16 18:28:18 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.16 18:28:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.16 18:28:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.16 18:28:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.16 18:28:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.16 18:28:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.16 18:28:18 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.16 18:28:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.16 18:28:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.16 18:28:12 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.16 18:28:11 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.16 11:14:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.16 11:14:33 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.16 11:14:33 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.16 11:14:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.16 11:14:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.16 11:14:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.16 11:14:32 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.16 11:14:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.16 11:14:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.16 11:14:32 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.16 11:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.16 11:14:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.08 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 21:27:57 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.08 21:27:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.08 21:27:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.08 21:27:55 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.08 21:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.08 21:19:33 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.03.08 21:19:33 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013.03.08 21:19:33 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.03.08 18:42:24 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Brother ========== Files - Modified Within 30 Days ========== [2013.04.03 21:55:20 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 21:55:20 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 21:55:20 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 21:55:20 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 21:55:20 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 21:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 21:48:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.03 21:47:59 | 3372,654,592 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 21:45:28 | 000,613,083 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.04.03 21:30:34 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\*****\Desktop\JRT.exe [2013.04.02 01:01:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe [2013.04.02 01:00:34 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe [2013.03.30 02:05:24 | 000,058,624 | ---- | M] () -- C:\Users\*****\Desktop\Emils2.JPG [2013.03.29 22:21:43 | 000,022,365 | ---- | M] () -- C:\Users\*****\Desktop\Emils.JPG [2013.03.28 22:33:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.27 23:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.03.27 23:12:25 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.03.24 15:04:00 | 000,323,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.08 21:27:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.08 21:27:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.08 21:27:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.08 21:27:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.08 21:27:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.08 21:27:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 01:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.06 01:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.03 21:45:24 | 000,613,083 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.03.30 02:05:24 | 000,058,624 | ---- | C] () -- C:\Users\*****\Desktop\Emils2.JPG [2013.03.29 22:21:43 | 000,022,365 | ---- | C] () -- C:\Users\*****\Desktop\Emils.JPG [2013.03.28 22:33:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.27 23:12:25 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.03.24 15:03:57 | 000,323,264 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 17:37:46 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.24 16:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > sowie Extras.txt OTL Logfile: Code:
ATTFilter OTL logfile created on: 03.04.2013 21:55:27 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\*****\Desktop 64bit- Professional (Version = 6.2.9200) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16519) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 3,93 Gb Total Physical Memory | 2,71 Gb Available Physical Memory | 68,99% Memory free 4,61 Gb Paging File | 3,33 Gb Available in Paging File | 72,21% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files (x86) Drive C: | 238,13 Gb Total Space | 202,88 Gb Free Space | 85,20% Space Free | Partition Type: NTFS Drive D: | 7,40 Gb Total Space | 7,33 Gb Free Space | 99,11% Space Free | Partition Type: NTFS Drive F: | 451,11 Gb Total Space | 324,07 Gb Free Space | 71,84% Space Free | Partition Type: NTFS Computer Name: ASUS-NOTEBOOK | User Name: ***** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users | Include 64bit Scans Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\*****\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_11_6_602_180.exe (Adobe Systems, Inc.) PRC - C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\TeamViewer\Version8\tv_w32.exe (TeamViewer GmbH) PRC - C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) PRC - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) PRC - C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) PRC - C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ATKOSD.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) PRC - C:\Program Files (x86)\ASUS\ATK Hotkey\WDC.exe (ASUS) PRC - C:\Program Files (x86)\Tools&More\GhostWriter\GhostWriter.exe (Wirth New Media Sarl) ========== Modules (No Company Name) ========== MOD - C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () MOD - C:\Program Files (x86)\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll () ========== Services (SafeList) ========== SRV:64bit: - (netprofm) -- C:\Windows\SysNative\netprofmsvc.dll (Microsoft Corporation) SRV:64bit: - (wlidsvc) -- C:\Windows\SysNative\wlidsvc.dll (Microsoft Corporation) SRV:64bit: - (LSM) -- C:\Windows\SysNative\lsm.dll (Microsoft Corporation) SRV:64bit: - (TimeBroker) -- C:\Windows\SysNative\TimeBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (SystemEventsBroker) -- C:\Windows\SysNative\SystemEventsBrokerServer.dll (Microsoft Corporation) SRV:64bit: - (PrintNotify) -- C:\Windows\SysNative\spool\drivers\x64\3\PrintConfig.dll (Microsoft Corporation) SRV:64bit: - (AudioEndpointBuilder) -- C:\Windows\SysNative\AudioEndpointBuilder.dll (Microsoft Corporation) SRV:64bit: - (WSService) -- C:\Windows\SysNative\WSService.dll (Microsoft Corporation) SRV:64bit: - (fhsvc) -- C:\Windows\SysNative\fhsvc.dll (Microsoft Corporation) SRV:64bit: - (BrokerInfrastructure) -- C:\Windows\SysNative\bisrv.dll (Microsoft Corporation) SRV:64bit: - (WiaRpc) -- C:\Windows\SysNative\wiarpc.dll (Microsoft Corporation) SRV:64bit: - (Wcmsvc) -- C:\Windows\SysNative\wcmsvc.dll (Microsoft Corporation) SRV:64bit: - (VaultSvc) -- C:\Windows\SysNative\vaultsvc.dll (Microsoft Corporation) SRV:64bit: - (svsvc) -- C:\Windows\SysNative\svsvc.dll (Microsoft Corporation) SRV:64bit: - (Netlogon) -- C:\Windows\SysNative\netlogon.dll (Microsoft Corporation) SRV:64bit: - (NcaSvc) -- C:\Windows\SysNative\NcaSvc.dll (Microsoft Corporation) SRV:64bit: - (NcdAutoSetup) -- C:\Windows\SysNative\NcdAutoSetup.dll (Microsoft Corporation) SRV:64bit: - (KeyIso) -- C:\Windows\SysNative\keyiso.dll (Microsoft Corporation) SRV:64bit: - (EFS) -- C:\Windows\SysNative\efssvc.dll (Microsoft Corporation) SRV:64bit: - (DsmSvc) -- C:\Windows\SysNative\DeviceSetupManager.dll (Microsoft Corporation) SRV:64bit: - (DeviceAssociationService) -- C:\Windows\SysNative\das.dll (Microsoft Corporation) SRV:64bit: - (AllUserInstallAgent) -- C:\Windows\SysNative\AUInstallAgent.dll (Microsoft Corporation) SRV:64bit: - (AppMgmt) -- C:\Windows\SysNative\appmgmts.dll (Microsoft Corporation) SRV:64bit: - (vmicvss) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmictimesync) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicshutdown) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicrdv) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmickvpexchange) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV:64bit: - (vmicheartbeat) -- C:\Windows\SysNative\icsvc.dll (Microsoft Corporation) SRV - (MozillaMaintenance) -- C:\Program Files (x86)\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (TeamViewer8) -- C:\Program Files (x86)\TeamViewer\Version8\TeamViewer_Service.exe (TeamViewer GmbH) SRV - (StarMoney 8.0 OnlineUpdate) -- C:\Program Files (x86)\StarMoney 8.0\ouservice\StarMoneyOnlineUpdate.exe (Star Finanz - Software Entwicklung und Vertriebs GmbH) SRV - (AdobeARMservice) -- C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (MBAMService) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamservice.exe (Malwarebytes Corporation) SRV - (MBAMScheduler) -- C:\Program Files (x86)\Malwarebytes' Anti-Malware\mbamscheduler.exe (Malwarebytes Corporation) SRV - (PrintNotify) -- C:\Windows\system32\spool\DRIVERS\x64\3\PrintConfig.dll (Microsoft Corporation) SRV - (StorSvc) -- C:\Windows\SysWOW64\StorSvc.dll (Microsoft Corporation) SRV - (BrYNSvc) -- C:\Program Files (x86)\Browny02\BrYNSvc.exe (Brother Industries, Ltd.) SRV - (ASLDRService) -- C:\Program Files (x86)\ASUS\ATK Hotkey\ASLDRSrv.exe (ASUS) ========== Driver Services (SafeList) ========== DRV:64bit: - (L1C) -- C:\Windows\SysNative\Drivers\L1C62x64.sys (Atheros Communications, Inc.) DRV:64bit: - (pdc) -- C:\Windows\SysNative\Drivers\pdc.sys (Microsoft Corporation) DRV:64bit: - (USBHUB3) -- C:\Windows\SysNative\Drivers\USBHUB3.SYS (Microsoft Corporation) DRV:64bit: - (BthAvrcpTg) -- C:\Windows\SysNative\Drivers\BthAvrcpTg.sys (Microsoft Corporation) DRV:64bit: - (WdBoot) -- C:\Windows\SysNative\Drivers\WdBoot.sys (Microsoft Corporation) DRV:64bit: - (WdFilter) -- C:\Windows\SysNative\Drivers\WdFilter.sys (Microsoft Corporation) DRV:64bit: - (msgpiowin32) -- C:\Windows\SysNative\Drivers\msgpiowin32.sys (Microsoft Corporation) DRV:64bit: - (sdbus) -- C:\Windows\SysNative\Drivers\sdbus.sys (Microsoft Corporation) DRV:64bit: - (ETD) -- C:\Windows\SysNative\Drivers\ETD.sys (ELAN Microelectronic Corp.) DRV:64bit: - (RTHDMIAzAudService) -- C:\Windows\SysNative\Drivers\RtHDMIVX.sys (Realtek Semiconductor Corp.) DRV:64bit: - (MBAMProtector) -- C:\Windows\SysNative\Drivers\mbam.sys (Malwarebytes Corporation) DRV:64bit: - (bthhfhid) -- C:\Windows\SysNative\Drivers\BthhfHid.sys (Microsoft Corporation) DRV:64bit: - (hidi2c) -- C:\Windows\SysNative\Drivers\hidi2c.sys (Microsoft Corporation) DRV:64bit: - (FxPPM) -- C:\Windows\SysNative\Drivers\fxppm.sys (Microsoft Corporation) DRV:64bit: - (RdpVideoMiniport) -- C:\Windows\SysNative\Drivers\rdpvideominiport.sys (Microsoft Corporation) DRV:64bit: - (sdstor) -- C:\Windows\SysNative\Drivers\sdstor.sys (Microsoft Corporation) DRV:64bit: - (dam) -- C:\Windows\SysNative\Drivers\dam.sys (Microsoft Corporation) DRV:64bit: - (WSDScan) -- C:\Windows\SysNative\Drivers\WSDScan.sys (Microsoft Corporation) DRV:64bit: - (StillCam) -- C:\Windows\SysNative\Drivers\serscan.sys (Microsoft Corporation) DRV:64bit: - (USBAAPL64) -- C:\Windows\SysNative\Drivers\usbaapl64.sys (Apple, Inc.) DRV:64bit: - (USBXHCI) -- C:\Windows\SysNative\Drivers\USBXHCI.SYS (Microsoft Corporation) DRV:64bit: - (UCX01000) -- C:\Windows\SysNative\Drivers\UCX01000.SYS (Microsoft Corporation) DRV:64bit: - (GPIOClx0101) -- C:\Windows\SysNative\Drivers\msgpioclx.sys (Microsoft Corporation) DRV:64bit: - (ebdrv) -- C:\Windows\SysNative\Drivers\evbda.sys (Broadcom Corporation) DRV:64bit: - (b06bdrv) -- C:\Windows\SysNative\Drivers\bxvbda.sys (Broadcom Corporation) DRV:64bit: - (TPM) -- C:\Windows\SysNative\Drivers\tpm.sys (Microsoft Corporation) DRV:64bit: - (GEARAspiWDM) -- C:\Windows\SysNative\Drivers\GEARAspiWDM.sys (GEAR Software Inc.) DRV:64bit: - (Fs_Rec) -- C:\Windows\SysNative\drivers\fs_rec.sys (Microsoft Corporation) DRV:64bit: - (condrv) -- C:\Windows\SysNative\Drivers\condrv.sys (Microsoft Corporation) DRV:64bit: - (VSTXRAID) -- C:\Windows\SysNative\Drivers\VSTXRAID.SYS (VIA Corporation) DRV:64bit: - (VerifierExt) -- C:\Windows\SysNative\Drivers\VerifierExt.sys (Microsoft Corporation) DRV:64bit: - (UASPStor) -- C:\Windows\SysNative\Drivers\uaspstor.sys (Microsoft Corporation) DRV:64bit: - (acpiex) -- C:\Windows\SysNative\Drivers\acpiex.sys (Microsoft Corporation) DRV:64bit: - (spaceport) -- C:\Windows\SysNative\Drivers\spaceport.sys (Microsoft Corporation) DRV:64bit: - (storahci) -- C:\Windows\SysNative\Drivers\storahci.sys (Microsoft Corporation) DRV:64bit: - (mvumis) -- C:\Windows\SysNative\Drivers\mvumis.sys (Marvell Semiconductor, Inc.) DRV:64bit: - (stexstor) -- C:\Windows\SysNative\Drivers\stexstor.sys (Promise Technology, Inc.) DRV:64bit: - (LSI_SAS2) -- C:\Windows\SysNative\Drivers\lsi_sas2.sys (LSI Corporation) DRV:64bit: - (LSI_SSS) -- C:\Windows\SysNative\Drivers\lsi_sss.sys (LSI Corporation) DRV:64bit: - (HpSAMD) -- C:\Windows\SysNative\Drivers\HpSAMD.sys (Hewlett-Packard Company) DRV:64bit: - (EhStorTcgDrv) -- C:\Windows\SysNative\Drivers\EhStorTcgDrv.sys (Microsoft Corporation) DRV:64bit: - (EhStorClass) -- C:\Windows\SysNative\Drivers\EhStorClass.sys (Microsoft Corporation) DRV:64bit: - (amdsbs) -- C:\Windows\SysNative\Drivers\amdsbs.sys (AMD Technologies Inc.) DRV:64bit: - (3ware) -- C:\Windows\SysNative\Drivers\3ware.sys (LSI) DRV:64bit: - (amdsata) -- C:\Windows\SysNative\Drivers\amdsata.sys (Advanced Micro Devices) DRV:64bit: - (amdxata) -- C:\Windows\SysNative\Drivers\amdxata.sys (Advanced Micro Devices) DRV:64bit: - (CLFS) -- C:\Windows\SysNative\Drivers\clfs.sys (Microsoft Corporation) DRV:64bit: - (WFPLWFS) -- C:\Windows\SysNative\Drivers\wfplwfs.sys (Microsoft Corporation) DRV:64bit: - (vpci) -- C:\Windows\SysNative\Drivers\vpci.sys (Microsoft Corporation) DRV:64bit: - (terminpt) -- C:\Windows\SysNative\Drivers\terminpt.sys (Microsoft Corporation) DRV:64bit: - (ROOTMODEM) -- C:\Windows\SysNative\Drivers\rootmdm.sys (Microsoft Corporation) DRV:64bit: - (WSDPrintDevice) -- C:\Windows\SysNative\Drivers\WSDPrint.sys (Microsoft Corporation) DRV:64bit: - (mshidumdf) -- C:\Windows\SysNative\Drivers\mshidumdf.sys (Microsoft Corporation) DRV:64bit: - (BasicDisplay) -- C:\Windows\SysNative\Drivers\BasicDisplay.sys (Microsoft Corporation) DRV:64bit: - (HyperVideo) -- C:\Windows\SysNative\Drivers\HyperVideo.sys (Microsoft Corporation) DRV:64bit: - (BasicRender) -- C:\Windows\SysNative\Drivers\BasicRender.sys (Microsoft Corporation) DRV:64bit: - (gencounter) -- C:\Windows\SysNative\Drivers\vmgencounter.sys (Microsoft Corporation) DRV:64bit: - (kdnic) -- C:\Windows\SysNative\Drivers\kdnic.sys (Microsoft Corporation) DRV:64bit: - (acpitime) -- C:\Windows\SysNative\Drivers\acpitime.sys (Microsoft Corporation) DRV:64bit: - (npsvctrig) -- C:\Windows\SysNative\Drivers\npsvctrig.sys (Microsoft Corporation) DRV:64bit: - (WpdUpFltr) -- C:\Windows\SysNative\Drivers\WpdUpFltr.sys (Microsoft Corporation) DRV:64bit: - (acpipagr) -- C:\Windows\SysNative\Drivers\acpipagr.sys (Microsoft Corporation) DRV:64bit: - (hyperkbd) -- C:\Windows\SysNative\Drivers\hyperkbd.sys (Microsoft Corporation) DRV:64bit: - (SerCx) -- C:\Windows\SysNative\Drivers\SerCx.sys (Microsoft Corporation) DRV:64bit: - (SpbCx) -- C:\Windows\SysNative\Drivers\SpbCx.sys (Microsoft Corporation) DRV:64bit: - (TsUsbGD) -- C:\Windows\SysNative\Drivers\TsUsbGD.sys (Microsoft Corporation) DRV:64bit: - (BthHFEnum) -- C:\Windows\SysNative\Drivers\bthhfenum.sys (Microsoft Corporation) DRV:64bit: - (dmvsc) -- C:\Windows\SysNative\Drivers\dmvsc.sys (Microsoft Corporation) DRV:64bit: - (TsUsbFlt) -- C:\Windows\SysNative\Drivers\TsUsbFlt.sys (Microsoft Corporation) DRV:64bit: - (Vid) -- C:\Windows\SysNative\Drivers\Vid.sys (Microsoft Corporation) DRV:64bit: - (storvsp) -- C:\Windows\SysNative\Drivers\storvsp.sys (Microsoft Corporation) DRV:64bit: - (wpcfltr) -- C:\Windows\SysNative\Drivers\wpcfltr.sys (Microsoft Corporation) DRV:64bit: - (vmbusr) -- C:\Windows\SysNative\Drivers\vmbusr.sys (Microsoft Corporation) DRV:64bit: - (vpcivsp) -- C:\Windows\SysNative\Drivers\vpcivsp.sys (Microsoft Corporation) DRV:64bit: - (NdisImPlatform) -- C:\Windows\SysNative\Drivers\NdisImPlatform.sys (Microsoft Corporation) DRV:64bit: - (MsLldp) -- C:\Windows\SysNative\Drivers\mslldp.sys (Microsoft Corporation) DRV:64bit: - (Ndu) -- C:\Windows\SysNative\Drivers\Ndu.sys (Microsoft Corporation) DRV:64bit: - (amdkmdag) -- C:\Windows\SysNative\Drivers\atikmdag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (amdkmdap) -- C:\Windows\SysNative\Drivers\atikmpag.sys (Advanced Micro Devices, Inc.) DRV:64bit: - (athr) -- C:\Windows\SysNative\Drivers\athrx.sys (Qualcomm Atheros Communications, Inc.) DRV:64bit: - (RimVSerPort) -- C:\Windows\SysNative\Drivers\RimSerial_AMD64.sys (Research in Motion Ltd) DRV:64bit: - (HECIx64) -- C:\Windows\SysNative\Drivers\HECIx64.sys (Intel Corporation) DRV:64bit: - (MTsensor) -- C:\Windows\SysNative\Drivers\ATK64AMD.sys () ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE:64bit: - HKLM\..\SearchScopes,DefaultScope = IE:64bit: - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\Windows\SysWOW64\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://t.de.msn.com/ IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = de-DE,de;q=0.8,en-US;q=0.5,en;q=0.3 IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 6C B1 B4 89 E7 E1 CD 01 [binary data] IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE10SR IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-254798843-3512868942-2475831698-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/" FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - user.js - File not found FF:64bit: - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF64_11_6_602_180.dll File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files (x86)\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.5: C:\Program Files (x86)\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@RIM.com/WebSLLauncher,version=1.0: C:\Program Files (x86)\Common Files\Research In Motion\BBWebSLLauncher\NPWebSLLauncher.dll () FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:13:06 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files (x86)\Mozilla Firefox\components [2013.03.08 22:13:06 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files (x86)\Mozilla Firefox\plugins [2012.12.24 17:04:32 | 000,000,000 | ---D | M] (No name found) -- C:\Users\*****\AppData\Roaming\mozilla\Extensions [2013.03.08 22:12:52 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files (x86)\mozilla firefox\extensions [2013.03.08 22:13:06 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files (x86)\mozilla firefox\components\browsercomps.dll [2013.03.08 22:12:54 | 000,001,392 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.03.08 22:12:54 | 000,002,465 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\bing.xml [2013.03.08 22:12:54 | 000,001,153 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\eBay-de.xml [2013.03.08 22:12:54 | 000,006,805 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\leo_ende_de.xml [2013.03.08 22:12:54 | 000,001,178 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\wikipedia-de.xml [2013.03.08 22:12:54 | 000,001,105 | ---- | M] () -- C:\Program Files (x86)\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2012.07.26 07:26:49 | 000,000,824 | ---- | M]) - C:\Windows\SysNative\Drivers\etc\hosts O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll File not found O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O4:64bit: - HKLM..\Run: [ETDWare] C:\Programme\Elantech\ETDCtrl.exe (ELAN Microelectronic Corp.) O4:64bit: - HKLM..\Run: [RtHDVCpl] C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor) O4 - HKLM..\Run: [APSDaemon] C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [BrStsMon00] C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [ControlCenter4] C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe (Brother Industries, Ltd.) O4 - HKLM..\Run: [HControlUser] C:\Program Files (x86)\ASUS\ATK Hotkey\HControlUser.exe (ASUS) O4 - HKLM..\Run: [RIMBBLaunchAgent.exe] C:\Program Files (x86)\Common Files\Research In Motion\USB Drivers\RIMBBLaunchAgent.exe (Research In Motion Limited) O4 - HKU\S-1-5-21-254798843-3512868942-2475831698-1001..\Run: [GhostWriter] C:\Program Files (x86)\Tools&More\GhostWriter\GhostWriter.exe (Wirth New Media Sarl) O4 - HKU\S-1-5-21-254798843-3512868942-2475831698-1001..\Run: [iCloudServices] C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe (Apple Inc.) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableCursorSuppression = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O8:64bit: - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O8 - Extra context menu item: Nach Microsoft E&xel exportieren - res://C:\PROGRA~2\MICROS~1\Office12\EXCEL.EXE/3000 File not found O9 - Extra Button: An OneNote senden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : An OneNote s&enden - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~2\MICROS~1\Office12\ONBttnIE.dll (Microsoft Corporation) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~2\MICROS~1\Office12\REFIEBAR.DLL (Microsoft Corporation) O10:64bit: - NameSpace_Catalog5\Catalog_Entries64\000000000008 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000008 [] - C:\Program Files (x86)\Bonjour\mdnsNSP.dll (Apple Inc.) O1364bit: - gopher Prefix: missing O13 - gopher Prefix: missing O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A5C9E092-EA2C-4C06-B5A8-BDD30F2D7BD4}: DhcpNameServer = 192.168.2.1 O18:64bit: - Protocol\Handler\ms-help - No CLSID value found O18:64bit: - Protocol\Handler\wlmailhtml - No CLSID value found O18:64bit: - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\PROGRA~2\COMMON~1\MICROS~1\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20:64bit: - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20:64bit: - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\SysNative\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\SysWow64\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (userinit.exe) - C:\Windows\SysWow64\userinit.exe (Microsoft Corporation) O21:64bit: - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O30 - LSA: Security Packages - (livessp) - File not found O32 - HKLM CDRom: AutoRun - 1 O34 - HKLM BootExecute: (autocheck autochk *) O35:64bit: - HKLM\..comfile [open] -- "%1" %* O35:64bit: - HKLM\..exefile [open] -- "%1" %* O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37:64bit: - HKLM\...com [@ = comfile] -- "%1" %* O37:64bit: - HKLM\...exe [@ = exefile] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.03 21:31:57 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.03 21:31:41 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.03 21:30:30 | 000,551,246 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\*****\Desktop\JRT.exe [2013.04.02 01:08:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\CrashDumps [2013.04.02 01:00:33 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe [2013.04.02 00:59:57 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe [2013.04.02 00:49:00 | 000,000,000 | ---D | C] -- C:\Users\*****\Desktop\mbar [2013.03.28 22:33:59 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Malwarebytes [2013.03.28 22:33:51 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.03.28 22:33:45 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.03.28 22:33:44 | 000,024,176 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\SysNative\drivers\mbam.sys [2013.03.28 22:33:44 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Malwarebytes' Anti-Malware [2013.03.27 23:12:39 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.03.27 21:48:44 | 000,000,000 | ---D | C] -- C:\Users\*****\Documents\Emails [2013.03.26 22:48:57 | 000,230,904 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdFilter.sys [2013.03.26 22:48:56 | 000,035,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\WdBoot.sys [2013.03.24 16:32:23 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Local\NPE [2013.03.24 16:32:23 | 000,000,000 | ---D | C] -- C:\ProgramData\Norton [2013.03.24 14:18:16 | 000,000,000 | ---D | C] -- C:\Users\*****\AppData\Roaming\Uzryr [2013.03.23 22:28:00 | 000,020,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\usb8023.sys [2013.03.16 18:28:36 | 010,115,072 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\twinui.dll [2013.03.16 18:28:35 | 008,856,576 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\twinui.dll [2013.03.16 18:28:32 | 002,302,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\authui.dll [2013.03.16 18:28:32 | 002,033,664 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\authui.dll [2013.03.16 18:28:32 | 000,069,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\pdc.sys [2013.03.16 18:28:31 | 002,146,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\actxprxy.dll [2013.03.16 18:28:29 | 000,468,992 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\MFMediaEngine.dll [2013.03.16 18:28:29 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\MFMediaEngine.dll [2013.03.16 18:28:26 | 013,643,264 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.UI.Xaml.dll [2013.03.16 18:28:24 | 010,792,448 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.UI.Xaml.dll [2013.03.16 18:28:23 | 005,977,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mstscax.dll [2013.03.16 18:28:21 | 005,090,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mstscax.dll [2013.03.16 18:28:21 | 000,729,600 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\duser.dll [2013.03.16 18:28:21 | 000,543,232 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wlroamextension.dll [2013.03.16 18:28:20 | 000,475,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\WWanAPI.dll [2013.03.16 18:28:20 | 000,467,456 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\netprofmsvc.dll [2013.03.16 18:28:20 | 000,385,024 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ncsi.dll [2013.03.16 18:28:19 | 000,731,648 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\win32spl.dll [2013.03.16 18:28:19 | 000,448,512 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\SettingSync.dll [2013.03.16 18:28:19 | 000,446,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\USBHUB3.SYS [2013.03.16 18:28:19 | 000,370,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\WWanAPI.dll [2013.03.16 18:28:19 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\Windows.Networking.Connectivity.dll [2013.03.16 18:28:19 | 000,260,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\hotspotauth.dll [2013.03.16 18:28:19 | 000,228,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\XpsRasterService.dll [2013.03.16 18:28:19 | 000,197,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\Windows.Networking.Connectivity.dll [2013.03.16 18:28:19 | 000,107,520 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\taskkill.exe [2013.03.16 18:28:19 | 000,037,632 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\BthAvrcpTg.sys [2013.03.16 18:28:18 | 000,611,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\wpd_ci.dll [2013.03.16 18:28:18 | 000,410,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\wlroamextension.dll [2013.03.16 18:28:18 | 000,356,352 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\SettingSync.dll [2013.03.16 18:28:18 | 000,329,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\storport.sys [2013.03.16 18:28:18 | 000,225,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\mbsmsapi.dll [2013.03.16 18:28:18 | 000,157,696 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\mbsmsapi.dll [2013.03.16 18:28:18 | 000,155,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\XpsRasterService.dll [2013.03.16 18:28:18 | 000,102,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\tasklist.exe [2013.03.16 18:28:18 | 000,082,944 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\hidclass.sys [2013.03.16 18:28:18 | 000,080,896 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\tasklist.exe [2013.03.16 18:28:18 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\taskkill.exe [2013.03.16 18:28:18 | 000,061,672 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\drivers\crashdmp.sys [2013.03.16 18:28:17 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmproxy.dll [2013.03.16 18:28:17 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\nlmsprep.dll [2013.03.16 18:28:12 | 001,690,624 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\GdiPlus.dll [2013.03.16 18:28:11 | 001,437,184 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\GdiPlus.dll [2013.03.16 11:14:34 | 000,690,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\jscript.dll [2013.03.16 11:14:33 | 003,966,464 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript9.dll [2013.03.16 11:14:33 | 000,907,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\uxtheme.dll [2013.03.16 11:14:33 | 000,603,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\msfeeds.dll [2013.03.16 11:14:33 | 000,136,704 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\iesysprep.dll [2013.03.16 11:14:33 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesysprep.dll [2013.03.16 11:14:32 | 000,854,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\jscript.dll [2013.03.16 11:14:32 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iesetup.dll [2013.03.16 11:14:32 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\UXInit.dll [2013.03.16 11:14:32 | 000,050,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ie4uinit.exe [2013.03.16 11:14:32 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\UXInit.dll [2013.03.16 11:14:32 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\iernonce.dll [2013.03.08 22:12:52 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Mozilla Firefox [2013.03.08 21:27:57 | 000,262,560 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.08 21:27:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.08 21:27:55 | 000,174,496 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.08 21:27:55 | 000,095,648 | ---- | C] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.08 21:27:50 | 000,000,000 | ---D | C] -- C:\Program Files (x86)\Java [2013.03.08 21:19:33 | 001,010,688 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\reseteng.dll [2013.03.08 21:19:33 | 000,443,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysNative\ReAgent.dll [2013.03.08 21:19:33 | 000,375,808 | ---- | C] (Microsoft Corporation) -- C:\Windows\SysWow64\ReAgent.dll [2013.03.08 18:42:24 | 000,000,000 | R--D | C] -- C:\Users\*****\AppData\Roaming\Brother ========== Files - Modified Within 30 Days ========== [2013.04.03 21:55:20 | 001,745,416 | ---- | M] () -- C:\Windows\SysNative\PerfStringBackup.INI [2013.04.03 21:55:20 | 000,753,134 | ---- | M] () -- C:\Windows\SysNative\perfh007.dat [2013.04.03 21:55:20 | 000,710,244 | ---- | M] () -- C:\Windows\SysNative\perfh009.dat [2013.04.03 21:55:20 | 000,155,826 | ---- | M] () -- C:\Windows\SysNative\perfc007.dat [2013.04.03 21:55:20 | 000,132,614 | ---- | M] () -- C:\Windows\SysNative\perfc009.dat [2013.04.03 21:50:05 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.03 21:48:02 | 268,435,456 | -HS- | M] () -- C:\swapfile.sys [2013.04.03 21:47:59 | 3372,654,592 | -HS- | M] () -- C:\hiberfil.sys [2013.04.03 21:45:28 | 000,613,083 | ---- | M] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.04.03 21:30:34 | 000,551,246 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\*****\Desktop\JRT.exe [2013.04.02 01:01:23 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\*****\Desktop\aswMBR.exe [2013.04.02 01:00:34 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\*****\Desktop\tdsskiller.exe [2013.03.30 02:05:24 | 000,058,624 | ---- | M] () -- C:\Users\*****\Desktop\Emils2.JPG [2013.03.29 22:21:43 | 000,022,365 | ---- | M] () -- C:\Users\*****\Desktop\Emils.JPG [2013.03.28 22:33:51 | 000,001,109 | ---- | M] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.27 23:12:40 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\*****\Desktop\OTL.exe [2013.03.27 23:12:25 | 000,000,000 | ---- | M] () -- C:\Users\*****\defogger_reenable [2013.03.24 15:04:00 | 000,323,264 | ---- | M] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.03.08 21:27:53 | 000,095,648 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\WindowsAccessBridge-32.dll [2013.03.08 21:27:52 | 000,262,560 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaws.exe [2013.03.08 21:27:51 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\npDeployJava1.dll [2013.03.08 21:27:51 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\deployJava1.dll [2013.03.08 21:27:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\javaw.exe [2013.03.08 21:27:51 | 000,174,496 | ---- | M] (Oracle Corporation) -- C:\Windows\SysWow64\java.exe [2013.03.06 01:07:25 | 000,692,568 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerApp.exe [2013.03.06 01:07:25 | 000,078,168 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\SysWow64\FlashPlayerCPLApp.cpl ========== Files Created - No Company Name ========== [2013.04.03 21:45:24 | 000,613,083 | ---- | C] () -- C:\Users\*****\Desktop\adwcleaner.exe [2013.03.30 02:05:24 | 000,058,624 | ---- | C] () -- C:\Users\*****\Desktop\Emils2.JPG [2013.03.29 22:21:43 | 000,022,365 | ---- | C] () -- C:\Users\*****\Desktop\Emils.JPG [2013.03.28 22:33:51 | 000,001,109 | ---- | C] () -- C:\Users\Public\Desktop\ Malwarebytes Anti-Malware .lnk [2013.03.27 23:12:25 | 000,000,000 | ---- | C] () -- C:\Users\*****\defogger_reenable [2013.03.24 15:03:57 | 000,323,264 | ---- | C] () -- C:\Windows\SysNative\FNTCACHE.DAT [2013.01.10 17:37:46 | 000,083,968 | ---- | C] () -- C:\Windows\SysWow64\OEMLicense.dll [2012.12.24 16:00:01 | 000,000,000 | ---- | C] () -- C:\Windows\ativpsrm.bin [2012.07.26 10:13:10 | 000,215,943 | ---- | C] () -- C:\Windows\SysWow64\dssec.dat [2012.07.26 10:13:09 | 000,000,741 | ---- | C] () -- C:\Windows\SysWow64\NOISE.DAT [2012.07.26 09:21:26 | 000,067,584 | --S- | C] () -- C:\Windows\bootstat.dat [2012.07.26 03:17:42 | 000,043,520 | ---- | C] () -- C:\Windows\SysWow64\BWContextHandler.dll [2012.07.25 22:37:29 | 000,043,131 | ---- | C] () -- C:\Windows\mib.bin [2012.07.25 22:28:31 | 000,364,544 | ---- | C] () -- C:\Windows\SysWow64\msjetoledb40.dll [2012.06.02 16:31:19 | 000,673,088 | ---- | C] () -- C:\Windows\SysWow64\mlang.dat ========== ZeroAccess Check ========== [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] /64 [HKEY_CURRENT_USER\Software\Classes\Wow6432node\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] /64 "" = C:\Windows\SysNative\shell32.dll -- [2013.01.10 01:23:07 | 019,791,360 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2013.01.10 01:26:23 | 017,560,576 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\fastprox.dll -- [2012.07.26 05:05:38 | 001,004,544 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2012.07.26 05:18:27 | 000,784,896 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] /64 "" = C:\Windows\SysNative\wbem\wbemess.dll -- [2012.07.26 05:07:41 | 000,455,680 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both [HKEY_LOCAL_MACHINE\Software\Wow6432Node\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] < End of report > Ich hoffe alles richtig gemacht zu haben. Kannst Du denn aus diesen ganzen Logs schon etwas heraus lesen? Ich habe auf meinem Notebook ein Bankprogramm, mache mir dort schon Gedanken und wage mich seither nicht mehr, es zu öffnen... Vielen Dank für Deine Hilfe! P.S.: Brauchst Du für die Auswertung die Info, dass meine Systemfestplatte C:\ eine SSD ist?! Geändert von Rudi75 (03.04.2013 um 21:30 Uhr) |
|
03.04.2013, 21:37
| #11 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht?Fixen mit OTL
Code:
ATTFilter :OTL
:Files
C:\Users\*****\AppData\Roaming\Uzryr
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[resethosts]
__________________ Logfiles bitte immer in CODE-Tags posten |
|
03.04.2013, 22:14
| #12 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Hallo, vielen Dank für die schnelle Antwort! Auch gleich durchgeführt: Code:
ATTFilter All processes killed
========== OTL ==========
========== FILES ==========
C:\Users\*****\AppData\Roaming\Uzryr folder moved successfully.
< ipconfig /flushdns /c >
Windows-IP-Konfiguration
Der DNS-Aufl”sungscache wurde geleert.
C:\Users\*****\Desktop\cmd.bat deleted successfully.
C:\Users\*****\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: All Users
User: Default
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: *****
->Temp folder emptied: 869592064 bytes
->Temporary Internet Files folder emptied: 98894145 bytes
->Java cache emptied: 108579 bytes
->FireFox cache emptied: 5533639 bytes
->Flash cache emptied: 492 bytes
User: Public
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32 (64bit) .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 5603160 bytes
%systemroot%\sysnative\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files folder emptied: 93498 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 934,00 mb
C:\Windows\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.69.0 log created on 04032013_230628
Files\Folders moved on Reboot...
C:\Users\*****\AppData\Local\Microsoft\Windows\Temporary Internet Files\counters.dat moved successfully.
PendingFileRenameOperations files...
Registry entries deleted on Reboot...
 |
|
04.04.2013, 09:52
| #13 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Quickscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
|
04.04.2013, 18:48
| #14 |
| | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? So, auch dies ist erledigt: 1. Malwarebytes: Code:
ATTFilter Malwarebytes Anti-Malware (Test) 1.70.0.1100 www.malwarebytes.org Datenbank Version: v2013.04.04.04 Windows 8 x64 NTFS Internet Explorer 10.0.9200.16519 ***** :: ASUS-NOTEBOOK [Administrator] Schutz: Aktiviert 04.04.2013 16:42:36 mbam-log-2013-04-04 (16-42-36).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 211078 Laufzeit: 1 Minute(n), 18 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) ... sowie ESET: Code:
ATTFilter ESETSmartInstaller@High as downloader log:
all ok
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.6920
# api_version=3.0.2
# EOSSerial=386c8f16e2ba3147897bb5608279f690
# engine=13551
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=false
# unsafe_checked=false
# antistealth_checked=true
# utc_time=2013-04-04 05:14:48
# local_time=2013-04-04 07:14:48 (+0100, Mitteleuropäische Sommerzeit)
# country="Germany"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode=5893 16776573 100 94 8756 5684787 0 0
# scanned=288031
# found=0
# cleaned=0
# scan_time=8588
Kann ich wieder mein Bankprogramm nutzen?  |
|
04.04.2013, 23:21
| #15 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
|
| Themen zu PWS:Win32/Zbot malware - mit Norton Power Eraser gelöscht? |
| aufsetzen, defender, entfernen, falsch, forum, frage, gelöscht, internet, lösung, malware, neustart, norton internet security, norton power eraser, notebook, prima, programme, rückmeldung, schutz, security, software, starten, stick, suche, systemwiederherstellung, usb- stick, virenschutz, windows |
Textbox. 
Linear-Darstellung
