| |
| |||||||
Plagegeister aller Art und deren Bekämpfung: Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster)Windows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
 |
10.04.2013, 19:50
| #1 |
 |  Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Hallo in die Runde, ich denke bei mir hat sich leider ein Trojaner oder ein Virus eingenistet. Es fing damit an, dass ich vor ein paar Tagen, nachdem ich den Laptop angemacht und mich bei Windows angemeldet habe, einen schwarzen Bildschirm bekam. Zusatzlich erschien noch ein kleines Info-Fenster mit einer Fehlermeldung zur Webplattform. Dieses kam mir sehr komisch vor, also habe ich direkt mit meinem Virenprogramm (Avira) einen kompletten Suchlauf gestartet. Tatsächlich wurde dieses hier entdeckt: JS/Agent.alf. Diesen Virus (durch Javascript?) habe ich in die Quarantäne gepackt und anschließend gelöscht. Danach habe ich nochmal einen Suchlauf gestartet und zusätzlich "Spybot - Search & Destroy". Es wurde nichts mehr gefunden, also dachte ich, es sei alles okay. Die Java-Software habe ich auch deinstalliert, da gab es ja auch anscheinend einige Sicherheitslücken und ich habe gelesen, dass JS auf einen Javascript-Virus hindeutet. Als ich heute den PC angemacht habe, kam nach der Anmeldung bei Windows erneut ein Info-Fenster (Bildschirm war sonst normal), mit der Meldung das der Server ausgelastet sei. Da bekam ich dann doch leichte Panik und befürchte, dass sich bei mir noch irgendwas versteckt. Ich habe eben Malwarebytes runtergeladen und einen Scan gemacht, dort wurde auch was gefunden. Bevor ich hier jetzt irgendwelche Auswertungen poste, warte ich erstmal eure Antwort ab, was ich als erstes machen soll! Ich bedanke mich schonmal ganz herzlich für eure Hilfe - toll, dass es dieses Forum gibt!  VG, levon |
|
11.04.2013, 09:36
| #2 | |
| /// Winkelfunktion /// TB-Süch-Tiger™   | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Hallo und
__________________ Zitat:
 Solche Angaben reichen nicht, bitte poste die vollständigen Angaben/Logs der Virenscanner siehe http://www.trojaner-board.de/125889-...tml#post941520 Bitte alles nach Möglichkeit hier in CODE-Tags posten.  Lesestoff:Posten in CODE-Tags Die Logfiles anzuhängen oder sogar vorher in ein ZIP, RAR, 7Z-Archive zu packen erschwert mir massiv die Arbeit, es sei denn natürlich die Datei wäre ansonsten zu gross für das Forum. Um die Logfiles in eine CODE-Box zu stellen gehe so vor:
__________________ |
|
11.04.2013, 10:28
| #3 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Hallo cosinus,
__________________lieben Dank für deine Antwort! :-) Bitte entschuldige, dass ich diese noch nicht gepostet habe. Ich bin leider absoluter Laie was den PC angeht und war ein wenig unsicher, ob diese direkt als erstes wichtig sind.  Avira: Code:
ATTFilter
Exportierte Ereignisse:
08.04.2013 00:49 [System-Scanner] Malware gefunden
Die Datei 'D:\PRIVATE\Backup Set 2011-11-06 190004\Backup Files 2011-11-27
190005\Backup files 3.zip'
enthielt einen Virus oder unerwünschtes Programm 'JS/Agent.alf' [virus].
Durchgeführte Aktion(en):
Die Datei wurde ins Quarantäneverzeichnis unter dem Namen '56615634.qua'
verschoben!
Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.04.10.09 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 10.0.9200.16521 admin :: PRIVATE [Administrator] 10.04.2013 18:17:43 mbam-log-2013-04-10 (18-17-43).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|E:\|H:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 490260 Laufzeit: 2 Stunde(n), 10 Minute(n), 31 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 1 C:\Users\admin\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\OEXD7DH5\MyPhoneExplorer_v2_5185[1].exe (PUP.Adware.Agent) -> Erfolgreich gelöscht und in Quarantäne gestellt. (Ende) VG, levon |
|
11.04.2013, 10:42
| #4 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Bevor wir uns an die Arbeit machen, möchte ich dich bitten, folgende Punkte vollständig und aufmerksam zu lesen.
Note: Sollte ich drei Tage nichts von mir hören lassen, so melde dich bitte in diesem Strang => Erinnerung an meinem Thread. Nervige "Wann geht es weiter" Nachrichten enden mit Schließung deines Themas. Auch ich habe ein Leben abseits des Trojaner-Boards. Erstmal eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 11:10
| #5 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Hier die Auswertung: OTL.Txt: Code:
ATTFilter OTL logfile created on: 11.04.2013 11:50:34 - Run 1 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 64,42% Memory free 5,93 Gb Paging File | 4,75 Gb Available in Paging File | 80,06% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 59,48 Gb Free Space | 41,86% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PRIVATE | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Program Files\Ask.com\Updater\Updater.exe (Ask) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe () PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Mobile Partner\Mobile Partner.exe () MOD - C:\Program Files\Mobile Partner\XFramePlugin.dll () MOD - C:\Program Files\Mobile Partner\XCodec.dll () MOD - C:\Program Files\Mobile Partner\Win7Support.dll () MOD - C:\Program Files\Mobile Partner\QtGui4.dll () MOD - C:\Program Files\Mobile Partner\QtCore4.dll () MOD - C:\Program Files\Mobile Partner\QtNetwork4.dll () MOD - C:\Program Files\Mobile Partner\NDISAPI.dll () MOD - C:\Program Files\Mobile Partner\AddrBookPlugin.dll () MOD - C:\Program Files\Mobile Partner\SMSUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\SmsAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\PluginContainer.dll () MOD - C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll () MOD - C:\Program Files\Mobile Partner\DialupUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\USSDUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\core.dll () MOD - C:\Program Files\Mobile Partner\QtXml4.dll () MOD - C:\Program Files\Mobile Partner\Proxy.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll () MOD - C:\Program Files\Mobile Partner\DeviceAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetConnectPlugin.dll () MOD - C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\MenuMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\LiveUpdateInterface.dll () MOD - C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\sdk.dll () MOD - C:\Program Files\Mobile Partner\AtCodec.dll () MOD - C:\Program Files\Mobile Partner\NetSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\Common.dll () MOD - C:\Program Files\Mobile Partner\SmsSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\DialUpPlugin.dll () MOD - C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Mobile Partner\NDISPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\DataServicePlugin.dll () MOD - C:\Program Files\Mobile Partner\STKSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\USSDSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\Trace.dll () MOD - C:\Program Files\Mobile Partner\OSDialup.dll () MOD - C:\Program Files\Mobile Partner\OSNDIS.dll () MOD - C:\Program Files\Mobile Partner\ATR2SMgr.dll () MOD - C:\Program Files\Mobile Partner\LayoutPlugin.dll () MOD - C:\Program Files\Mobile Partner\OSAdapt.dll () MOD - C:\Program Files\Mobile Partner\NotifyServicePlugin.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll () MOD - C:\Program Files\Mobile Partner\OSPowerMgr.dll () MOD - C:\Program Files\Mobile Partner\OSCall.dll () MOD - C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll () MOD - C:\Program Files\Mobile Partner\mingwm10.dll () MOD - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Mobile Partner. RunOuc) -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe () SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?} IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\URLSearchHook: {00000000-6E41-4FD3-8538-502F5495E5FC} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{22F0B17F-A86E-4C0A-AA5C-6119E3002EBA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a52e595-6f8c-416f-a1d8-fac4f371e78f&apn_sauid=38AF023F-C93E-49BE-BAC0-5EF0E69E326B IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes,DefaultScope = {67A2568C-7A0A-4EED-AECC-B5405DE63B64} IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.defaultengine: "Ask.com" FF - prefs.js..browser.search.order.1: "Ask.com" FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledAddons: toolbar%40ask.com:3.15.18.100015 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:19.0.2 FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 19:56:50 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 23:02:51 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.03.19 19:56:50 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.03.20 23:02:51 | 000,000,000 | ---D | M] [2010.01.31 12:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2013.04.09 18:04:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions [2010.04.28 17:44:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.03.21 13:53:16 | 000,000,000 | ---D | M] ("Avira SearchFree Toolbar plus Web Protection") -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\toolbar@ask.com [2013.01.13 21:58:36 | 000,190,000 | ---- | M] () (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\{EEE6C361-6118-11DC-9C72-001320C79847}.xpi [2013.04.07 19:55:06 | 000,002,413 | ---- | M] () -- C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\searchplugins\askcom.xml [2013.03.19 19:56:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions [2013.03.19 19:56:50 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.12 20:50:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.12 20:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.12 20:50:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.12 20:50:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.12 20:50:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.12 20:50:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.07 20:39:35 | 000,446,350 | R--- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 www.007guard.com O1 - Hosts: 127.0.0.1 007guard.com O1 - Hosts: 127.0.0.1 008i.com O1 - Hosts: 127.0.0.1 www.008k.com O1 - Hosts: 127.0.0.1 008k.com O1 - Hosts: 127.0.0.1 www.00hq.com O1 - Hosts: 127.0.0.1 00hq.com O1 - Hosts: 127.0.0.1 010402.com O1 - Hosts: 127.0.0.1 www.032439.com O1 - Hosts: 127.0.0.1 032439.com O1 - Hosts: 127.0.0.1 www.0scan.com O1 - Hosts: 127.0.0.1 0scan.com O1 - Hosts: 127.0.0.1 www.1000gratisproben.com O1 - Hosts: 127.0.0.1 1000gratisproben.com O1 - Hosts: 127.0.0.1 www.1001namen.com O1 - Hosts: 127.0.0.1 1001namen.com O1 - Hosts: 127.0.0.1 www.100888290cs.com O1 - Hosts: 127.0.0.1 100888290cs.com O1 - Hosts: 127.0.0.1 www.100sexlinks.com O1 - Hosts: 127.0.0.1 100sexlinks.com O1 - Hosts: 127.0.0.1 10sek.com O1 - Hosts: 127.0.0.1 www.10sek.com O1 - Hosts: 127.0.0.1 1-2005-search.com O1 - Hosts: 127.0.0.1 www.1-2005-search.com O1 - Hosts: 127.0.0.1 123fporn.info O1 - Hosts: 15326 more lines... O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O2 - BHO: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKLM\..\Toolbar: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O3 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\Toolbar\WebBrowser: (Avira SearchFree Toolbar plus Web Protection) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask) O4 - HKLM..\Run: [] File not found O4 - HKLM..\Run: [ApnUpdater] C:\Program Files\Ask.com\Updater\Updater.exe (Ask) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKU\S-1-5-19..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - HKU\S-1-5-20..\RunOnce: [mctadmin] C:\Windows\System32\mctadmin.exe (Microsoft Corporation) O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O13 - gopher Prefix: missing O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225 O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.10.16 11:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O33 - MountPoints2\{131565f8-5a26-11e1-b43b-0c6076db69af}\Shell - "" = AutoRun O33 - MountPoints2\{131565f8-5a26-11e1-b43b-0c6076db69af}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{3870bd6a-384c-11e1-8dca-0c6076db69af}\Shell - "" = AutoRun O33 - MountPoints2\{3870bd6a-384c-11e1-8dca-0c6076db69af}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () O33 - MountPoints2\{7d5ecb83-0e4c-11df-9ac3-806e6f6e6963}\Shell - "" = AutoRun O33 - MountPoints2\{7d5ecb83-0e4c-11df-9ac3-806e6f6e6963}\Shell\AutoRun\command - "" = E:\SETUP.EXE O33 - MountPoints2\{9700b04f-0e52-11df-8eba-0c6076db69af}\Shell - "" = AutoRun O33 - MountPoints2\{9700b04f-0e52-11df-8eba-0c6076db69af}\Shell\AutoRun\command - "" = F:\setup.exe AUTORUN=1 O33 - MountPoints2\{d3c71fb3-4f25-11e1-b97e-001e101f9843}\Shell - "" = AutoRun O33 - MountPoints2\{d3c71fb3-4f25-11e1-b97e-001e101f9843}\Shell\AutoRun\command - "" = F:\AutoRun.exe -- [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = comfile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.10 22:11:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 22:11:10 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 22:11:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.10 22:11:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 22:11:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 22:11:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 22:11:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.10 22:11:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.10 22:11:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.10 22:11:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.10 18:14:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 18:14:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.10 18:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.10 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs [2013.04.10 18:05:04 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 18:05:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 18:05:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.10 18:04:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 18:04:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 18:04:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.05 23:43:49 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 23:43:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 23:43:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 23:43:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 23:43:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 23:43:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 23:43:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 23:43:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 23:43:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 23:43:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 23:43:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 23:43:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 23:43:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 23:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 23:43:49 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 23:43:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 23:43:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 23:43:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 23:43:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 23:43:48 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 23:43:48 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 23:43:48 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 23:43:48 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 23:43:48 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 23:43:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 23:43:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 23:42:46 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 23:42:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 23:42:46 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 23:42:46 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 23:42:46 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 23:42:46 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 23:42:46 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 23:42:46 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 23:42:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 23:42:46 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 23:42:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 23:42:46 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 23:42:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 23:42:46 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 23:42:46 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.04.05 23:42:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 23:42:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 23:42:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 23:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 23:42:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.31 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenOffice.org [2013.03.31 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira [2013.03.24 11:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.24 11:54:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.24 11:54:54 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.24 11:54:54 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.24 11:54:54 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.24 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.20 23:05:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys [2013.03.19 19:56:43 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.04.11 11:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 10:29:45 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 10:29:45 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.11 10:29:31 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.11 10:29:31 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.11 10:29:31 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.11 10:29:31 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.11 10:22:07 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.11 10:21:09 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2013.04.10 23:19:22 | 000,330,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.07 20:39:35 | 000,446,350 | R--- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.05 23:43:49 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 23:43:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 23:43:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 23:43:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 23:43:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 23:43:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 23:43:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 23:43:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 23:43:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 23:43:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 23:43:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 23:43:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 23:43:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 23:43:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 23:43:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 23:43:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 23:43:48 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 23:43:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 23:43:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 23:43:48 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 23:43:48 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 23:43:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 23:43:48 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 23:43:48 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 23:43:48 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 23:43:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.05 23:43:48 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 23:42:46 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 23:42:46 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 23:42:46 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 23:42:46 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 23:42:46 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 23:42:46 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 23:42:46 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 23:42:46 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 23:42:46 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 23:42:46 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 23:42:46 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 23:42:46 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 23:42:46 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 23:42:46 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 23:42:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.04.05 23:42:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 23:42:46 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 23:42:46 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 23:42:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 23:42:46 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.31 00:31:22 | 000,001,157 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.28 11:12:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.28 11:12:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.28 11:12:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.24 11:50:04 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.21 13:54:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.21 13:54:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.19 20:34:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.19 20:34:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2 C:\Windows\System32\*.tmp files -> C:\Windows\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.04.05 23:43:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.31 00:31:22 | 000,001,157 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.21 17:58:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.09.21 17:58:16 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.04.29 19:15:47 | 000,015,326 | ---- | C] () -- C:\Users\admin\AppData\Local\internal.grp ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Code:
ATTFilter OTL Extras logfile created on: 11.04.2013 11:50:34 - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,91 Gb Available Physical Memory | 64,42% Memory free
5,93 Gb Paging File | 4,75 Gb Available in Paging File | 80,06% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,48 Gb Free Space | 41,86% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27E75EEB-A94E-4D1F-8461-D2F1411F7B9D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{464D0401-2C66-4BB3-A2E8-A84BF952ED07}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{638EA069-B42F-4006-BA51-52739EB7889E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{766A7AEA-FEA6-4E7B-98C4-29BD878FFE34}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{8C3DAF3A-1D27-4342-9548-1671CDA331CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CF1B2582-3850-4169-BD4F-07C5F1A24855}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{DB6A46AB-61EA-4FF3-A96D-87E49571190B}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F542A838-0F15-4678-B6EB-5468758969A6}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{FA0336ED-FC52-46F1-B103-01DE328BC69B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BA8973F-35B0-448E-AC70-CEABA5FFAFFD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764143D0-CBA1-4699-B6D6-4D39A4DB75FB}" = Ulead PhotoImpact 7 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{82CED69E-C96D-401F-A6F3-1128C460712C}" = NetObjects Fusion 9.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99FFFFC6-1A78-4837-AFED-55FAA854AF1F}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E6AC9C-4C9A-430C-8CF2-896A6755B6E6}" = SiteStyles Volume 2
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 2.96
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 19.0.2 (x86 de)" = Mozilla Firefox 19.0.2 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Sarah’s Ranch" = Sarah’s Ranch
"Sarah’s Ranch 2" = Sarah’s Ranch 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ Application Events ]
Error - 29.03.2013 15:27:44 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 29.03.2013 15:29:39 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 31.03.2013 13:05:06 | Computer Name = PRIVATE | Source = Windows Backup | ID = 4104
Description =
Error - 02.04.2013 14:29:12 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 02.04.2013 14:30:47 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.04.2013 07:01:08 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842785
Description = Fehler beim Generieren des Aktivierungskontextes für "C:\Program Files\Samsung\BatteryLifeExtender\Drv\SABI2x64\KStartMem.exe.Manifest".
Die
abhängige Assemblierung "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="amd64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0""
konnte nicht gefunden werden. Verwenden Sie für eine detaillierte Diagnose das Programm
"sxstrace.exe".
Error - 07.04.2013 07:03:25 | Computer Name = PRIVATE | Source = SideBySide | ID = 16842815
Description = Fehler beim Generieren des Aktivierungskontextes für "c:\program files\spybot
- search & destroy\DelZip179.dll". Fehler in Manifest- oder Richtliniendatei "c:\program
files\spybot - search & destroy\DelZip179.dll" in Zeile 8. Der Wert "*" des "language"-Attributs
im assemblyIdentity-Element ist ungültig.
Error - 07.04.2013 14:08:41 | Computer Name = PRIVATE | Source = Windows Backup | ID = 4104
Description =
Error - 08.04.2013 09:55:03 | Computer Name = PRIVATE | Source = VSS | ID = 12310
Description =
Error - 08.04.2013 09:55:03 | Computer Name = PRIVATE | Source = VSS | ID = 12298
Description =
[ Media Center Events ]
Error - 28.12.2012 18:13:35 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 23:13:30 - Fehler beim Herstellen der Internetverbindung. 23:13:30
- Serververbindung konnte nicht hergestellt werden..
Error - 28.12.2012 19:13:44 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 00:13:43 - Fehler beim Herstellen der Internetverbindung. 00:13:43
- Serververbindung konnte nicht hergestellt werden..
Error - 09.01.2013 16:01:14 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 21:01:14 - Fehler beim Herstellen der Internetverbindung. 21:01:14
- Serververbindung konnte nicht hergestellt werden..
Error - 09.01.2013 16:01:28 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 21:01:19 - Fehler beim Herstellen der Internetverbindung. 21:01:19
- Serververbindung konnte nicht hergestellt werden..
Error - 23.01.2013 15:45:43 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:45:43 - Fehler beim Herstellen der Internetverbindung. 20:45:43
- Serververbindung konnte nicht hergestellt werden..
Error - 23.01.2013 15:45:57 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:45:49 - Fehler beim Herstellen der Internetverbindung. 20:45:49
- Serververbindung konnte nicht hergestellt werden..
Error - 27.01.2013 05:17:42 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 10:17:35 - Fehler beim Herstellen der Internetverbindung. 10:17:35
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2013 15:27:20 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:27:20 - Fehler beim Herstellen der Internetverbindung. 20:27:20
- Serververbindung konnte nicht hergestellt werden..
Error - 05.02.2013 15:27:30 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 20:27:25 - Fehler beim Herstellen der Internetverbindung. 20:27:25
- Serververbindung konnte nicht hergestellt werden..
Error - 28.02.2013 08:06:11 | Computer Name = PRIVATE | Source = MCUpdate | ID = 0
Description = 13:05:56 - Fehler beim Herstellen der Internetverbindung. 13:05:56
- Serververbindung konnte nicht hergestellt werden..
[ System Events ]
Error - 10.04.2013 14:36:35 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.04.2013 17:19:29 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 10.04.2013 17:19:29 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 10.04.2013 17:19:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 10.04.2013 17:19:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
Error - 10.04.2013 18:29:30 | Computer Name = PRIVATE | Source = DCOM | ID = 10010
Description =
Error - 11.04.2013 04:22:07 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 11.04.2013 04:22:07 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 11.04.2013 04:22:13 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 11.04.2013 04:22:13 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
11.04.2013, 12:37
| #6 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Rootkitscan mit GMER Bitte lade dir  GMER herunter: (Dateiname zufällig)
Tauchen Probleme auf?
Anschließend bitte MBAR ausführen: Malwarebytes Anti-Rootkit (MBAR) Downloade dir bitte  Malwarebytes Anti-Rootkit und speichere es auf deinem Desktop.
Starte keine andere Datei in diesem Ordner ohne Anweisung eines Helfers
__________________ --> Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) |
|
11.04.2013, 14:25
| #7 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) GMER: Code:
ATTFilter GMER 2.1.19163 - hxxp://www.gmer.net
Rootkit scan 2013-04-11 14:48:49
Windows 6.1.7601 Service Pack 1 \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0 SAMSUNG_HM320II rev.2AC101C4 298,09GB
Running: gmer_2.1.19163.exe; Driver: C:\Users\admin\AppData\Local\Temp\ugddapob.sys
---- System - GMER 2.1 ----
SSDT 932783A6 ZwCreateSection
SSDT 932783B0 ZwRequestWaitReplyPort
SSDT 932783AB ZwSetContextThread
SSDT 932783B5 ZwSetSecurityObject
SSDT 932783BA ZwSystemDebugControl
SSDT 93278347 ZwTerminateProcess
---- Kernel code sections - GMER 2.1 ----
.text ntoskrnl.exe!ZwRollbackEnlistment + 140D 830389A9 1 Byte [06]
.text ntoskrnl.exe!KiDispatchInterrupt + 5A2 830584F2 19 Bytes [E0, 0F, BA, F0, 07, 73, 09, ...] {LOOPNZ 0x11; MOV EDX, 0x97307f0; MOV CR4, EAX; OR AL, 0x80; MOV CR4, EAX; RET ; MOV ECX, CR3}
.text ntoskrnl.exe!KeRemoveQueueEx + 14BF 8305F894 4 Bytes [A6, 83, 27, 93] {CMPSB ; AND DWORD [EDI], -0x6d}
.text ntoskrnl.exe!KeRemoveQueueEx + 181B 8305FBF0 4 Bytes [B0, 83, 27, 93] {MOV AL, 0x83; DAA ; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 185F 8305FC34 4 Bytes [AB, 83, 27, 93] {STOSD ; AND DWORD [EDI], -0x6d}
.text ntoskrnl.exe!KeRemoveQueueEx + 18DB 8305FCB0 4 Bytes [B5, 83, 27, 93] {MOV CH, 0x83; DAA ; XCHG EBX, EAX}
.text ntoskrnl.exe!KeRemoveQueueEx + 192F 8305FD04 4 Bytes [BA, 83, 27, 93]
.text ...
.text C:\Windows\system32\DRIVERS\atikmdag.sys section is writeable [0x93C2D000, 0x2D5378, 0xE8000020]
---- Registry - GMER 2.1 ----
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af@001813315da0 0xCB 0xB2 0xBD 0xF2 ...
Reg HKLM\SYSTEM\CurrentControlSet\services\BTHPORT\Parameters\Keys\0c6076db69af@74a722875fc5 0x9E 0xBE 0x2A 0x52 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af (not active ControlSet)
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af@001813315da0 0xCB 0xB2 0xBD 0xF2 ...
Reg HKLM\SYSTEM\ControlSet002\services\BTHPORT\Parameters\Keys\0c6076db69af@74a722875fc5 0x9E 0xBE 0x2A 0x52 ...
---- Disk sectors - GMER 2.1 ----
Disk \Device\Harddisk0\DR0 unknown MBR code
---- EOF - GMER 2.1 ----
Congratulations, no cleanup is required! Scan Finished: No malware found! Code:
ATTFilter Malwarebytes Anti-Rootkit BETA 1.01.0.1022
www.malwarebytes.org
Database version: v2013.04.11.07
Windows 7 Service Pack 1 x86 NTFS
Internet Explorer 10.0.9200.16540
admin :: PRIVATE [administrator]
11.04.2013 15:17:06
mbar-log-2013-04-11 (15-17-06).txt
Scan type: Quick scan
Scan options enabled: Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken | PUP | PUM | P2P
Scan options disabled:
Objects scanned: 27798
Time elapsed: 8 minute(s), 58 second(s)
Memory Processes Detected: 0
(No malicious items detected)
Memory Modules Detected: 0
(No malicious items detected)
Registry Keys Detected: 0
(No malicious items detected)
Registry Values Detected: 0
(No malicious items detected)
Registry Data Items Detected: 0
(No malicious items detected)
Folders Detected: 0
(No malicious items detected)
Files Detected: 0
(No malicious items detected)
(end)
|
|
11.04.2013, 14:55
| #8 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) aswMBR Downloade dir bitte  aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte  TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 15:30
| #9 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) aswMBR.txt: Code:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software
Run date: 2013-04-11 16:00:01
-----------------------------
16:00:01.885 OS Version: Windows 6.1.7601 Service Pack 1
16:00:01.885 Number of processors: 2 586 0x170A
16:00:01.885 ComputerName: PRIVATE UserName: admin
16:00:02.384 Initialize success
16:04:53.441 AVAST engine defs: 13041100
16:05:32.738 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-0
16:05:32.738 Disk 0 Vendor: SAMSUNG_HM320II 2AC101C4 Size: 305245MB BusType: 11
16:05:32.894 Disk 0 MBR read successfully
16:05:32.909 Disk 0 MBR scan
16:05:32.925 Disk 0 unknown MBR code
16:05:32.940 Disk 0 Partition 1 00 27 Hidden NTFS WinRE NTFS 13312 MB offset 2048
16:05:32.972 Disk 0 Partition 2 80 (A) 07 HPFS/NTFS NTFS 145497 MB offset 27265024
16:05:33.018 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 146434 MB offset 325242880
16:05:33.034 Disk 0 scanning sectors +625139712
16:05:33.174 Disk 0 scanning C:\Windows\system32\drivers
16:05:52.160 Service scanning
16:06:19.382 Modules scanning
16:06:54.388 Disk 0 trace - called modules:
16:06:54.919 ntoskrnl.exe CLASSPNP.SYS disk.sys ataport.SYS halmacpi.dll PCIIDEX.SYS msahci.sys
16:06:54.919 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86479030]
16:06:54.934 3 CLASSPNP.SYS[8c28359e] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-0[0x86395030]
16:06:56.042 AVAST engine scan C:\Windows
16:07:00.207 AVAST engine scan C:\Windows\system32
16:10:42.398 AVAST engine scan C:\Windows\system32\drivers
16:11:00.635 AVAST engine scan C:\Users\admin
16:14:02.749 AVAST engine scan C:\ProgramData
16:15:47.535 Scan finished successfully
16:17:18.015 Disk 0 MBR has been saved successfully to "C:\Users\admin\Desktop\MBR.dat"
16:17:18.015 The log file has been saved successfully to "C:\Users\admin\Desktop\aswMBR.txt"
Code:
ATTFilter 16:19:47.0449 2504 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:19:49.0477 2504 ============================================================
16:19:49.0477 2504 Current date / time: 2013/04/11 16:19:49.0477
16:19:49.0477 2504 SystemInfo:
16:19:49.0477 2504
16:19:49.0477 2504 OS Version: 6.1.7601 ServicePack: 1.0
16:19:49.0477 2504 Product type: Workstation
16:19:49.0477 2504 ComputerName: PRIVATE
16:19:49.0477 2504 UserName: admin
16:19:49.0477 2504 Windows directory: C:\Windows
16:19:49.0477 2504 System windows directory: C:\Windows
16:19:49.0477 2504 Processor architecture: Intel x86
16:19:49.0477 2504 Number of processors: 2
16:19:49.0477 2504 Page size: 0x1000
16:19:49.0477 2504 Boot type: Normal boot
16:19:49.0477 2504 ============================================================
16:19:50.0694 2504 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:19:50.0709 2504 ============================================================
16:19:50.0709 2504 \Device\Harddisk0\DR0:
16:19:50.0709 2504 MBR partitions:
16:19:50.0709 2504 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
16:19:50.0709 2504 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
16:19:50.0709 2504 ============================================================
16:19:50.0756 2504 C: <-> \Device\Harddisk0\DR0\Partition1
16:19:50.0803 2504 D: <-> \Device\Harddisk0\DR0\Partition2
16:19:50.0803 2504 ============================================================
16:19:50.0803 2504 Initialize success
16:19:50.0803 2504 ============================================================
16:22:14.0261 3588 ============================================================
16:22:14.0261 3588 Scan started
16:22:14.0261 3588 Mode: Manual;
16:22:14.0261 3588 ============================================================
16:22:15.0088 3588 ================ Scan system memory ========================
16:22:15.0088 3588 System memory - ok
16:22:15.0088 3588 ================ Scan services =============================
16:22:15.0275 3588 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:22:15.0290 3588 1394ohci - ok
16:22:15.0337 3588 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:22:15.0337 3588 ACPI - ok
16:22:15.0368 3588 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:22:15.0368 3588 AcpiPmi - ok
16:22:15.0524 3588 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:22:15.0524 3588 AdobeARMservice - ok
16:22:15.0665 3588 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:22:15.0665 3588 AdobeFlashPlayerUpdateSvc - ok
16:22:15.0743 3588 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:22:15.0758 3588 adp94xx - ok
16:22:15.0758 3588 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:22:15.0774 3588 adpahci - ok
16:22:15.0790 3588 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:22:15.0790 3588 adpu320 - ok
16:22:15.0836 3588 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:22:15.0836 3588 AeLookupSvc - ok
16:22:15.0899 3588 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:22:15.0899 3588 AFD - ok
16:22:15.0930 3588 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:22:15.0930 3588 agp440 - ok
16:22:15.0977 3588 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:22:15.0977 3588 aic78xx - ok
16:22:16.0008 3588 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:22:16.0008 3588 ALG - ok
16:22:16.0024 3588 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:22:16.0024 3588 aliide - ok
16:22:16.0086 3588 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:22:16.0086 3588 AMD External Events Utility - ok
16:22:16.0102 3588 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:22:16.0102 3588 amdagp - ok
16:22:16.0117 3588 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:22:16.0117 3588 amdide - ok
16:22:16.0164 3588 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:22:16.0180 3588 AmdK8 - ok
16:22:16.0195 3588 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:22:16.0195 3588 AmdPPM - ok
16:22:16.0242 3588 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:22:16.0242 3588 amdsata - ok
16:22:16.0273 3588 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:22:16.0273 3588 amdsbs - ok
16:22:16.0304 3588 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:22:16.0304 3588 amdxata - ok
16:22:16.0351 3588 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
16:22:16.0351 3588 Andbus - ok
16:22:16.0398 3588 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
16:22:16.0398 3588 AndDiag - ok
16:22:16.0414 3588 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
16:22:16.0414 3588 AndGps - ok
16:22:16.0445 3588 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
16:22:16.0445 3588 ANDModem - ok
16:22:16.0601 3588 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:22:16.0616 3588 AntiVirSchedulerService - ok
16:22:16.0679 3588 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:22:16.0679 3588 AntiVirService - ok
16:22:16.0741 3588 [ 5A123AABB571AEA78AE63AF5E372F796 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:22:16.0757 3588 AntiVirWebService - ok
16:22:16.0788 3588 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:22:16.0788 3588 AppID - ok
16:22:16.0850 3588 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:22:16.0850 3588 AppIDSvc - ok
16:22:16.0897 3588 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:22:16.0913 3588 Appinfo - ok
16:22:16.0960 3588 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:22:16.0975 3588 arc - ok
16:22:16.0975 3588 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:22:16.0975 3588 arcsas - ok
16:22:17.0006 3588 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:22:17.0006 3588 AsyncMac - ok
16:22:17.0053 3588 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:22:17.0053 3588 atapi - ok
16:22:17.0131 3588 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
16:22:17.0147 3588 athr - ok
16:22:17.0318 3588 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:22:17.0443 3588 atikmdag - ok
16:22:17.0537 3588 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:22:17.0537 3588 AudioEndpointBuilder - ok
16:22:17.0552 3588 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:22:17.0552 3588 Audiosrv - ok
16:22:17.0615 3588 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:22:17.0615 3588 avgntflt - ok
16:22:17.0677 3588 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:22:17.0677 3588 avipbb - ok
16:22:17.0724 3588 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:22:17.0724 3588 avkmgr - ok
16:22:17.0771 3588 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:22:17.0771 3588 AxInstSV - ok
16:22:17.0833 3588 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:22:17.0833 3588 b06bdrv - ok
16:22:17.0864 3588 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:22:17.0880 3588 b57nd60x - ok
16:22:17.0927 3588 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:22:17.0927 3588 BDESVC - ok
16:22:17.0958 3588 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:22:17.0958 3588 Beep - ok
16:22:18.0020 3588 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:22:18.0020 3588 BFE - ok
16:22:18.0067 3588 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:22:18.0083 3588 BITS - ok
16:22:18.0098 3588 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:22:18.0098 3588 blbdrive - ok
16:22:18.0130 3588 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:22:18.0130 3588 bowser - ok
16:22:18.0161 3588 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:22:18.0161 3588 BrFiltLo - ok
16:22:18.0176 3588 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:22:18.0176 3588 BrFiltUp - ok
16:22:18.0208 3588 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:22:18.0208 3588 Browser - ok
16:22:18.0254 3588 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:22:18.0254 3588 Brserid - ok
16:22:18.0270 3588 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:22:18.0270 3588 BrSerWdm - ok
16:22:18.0301 3588 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:22:18.0301 3588 BrUsbMdm - ok
16:22:18.0301 3588 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:22:18.0301 3588 BrUsbSer - ok
16:22:18.0364 3588 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:22:18.0364 3588 BthEnum - ok
16:22:18.0379 3588 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:22:18.0379 3588 BTHMODEM - ok
16:22:18.0426 3588 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:22:18.0426 3588 BthPan - ok
16:22:18.0457 3588 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:22:18.0457 3588 BTHPORT - ok
16:22:18.0504 3588 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:22:18.0504 3588 bthserv - ok
16:22:18.0535 3588 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:22:18.0535 3588 BTHUSB - ok
16:22:18.0566 3588 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:22:18.0582 3588 cdfs - ok
16:22:18.0644 3588 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:22:18.0644 3588 cdrom - ok
16:22:18.0691 3588 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:22:18.0707 3588 CertPropSvc - ok
16:22:18.0754 3588 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:22:18.0754 3588 circlass - ok
16:22:18.0785 3588 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:22:18.0800 3588 CLFS - ok
16:22:18.0878 3588 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:22:18.0894 3588 clr_optimization_v2.0.50727_32 - ok
16:22:18.0988 3588 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:22:18.0988 3588 clr_optimization_v4.0.30319_32 - ok
16:22:19.0003 3588 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:22:19.0003 3588 CmBatt - ok
16:22:19.0019 3588 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:22:19.0019 3588 cmdide - ok
16:22:19.0081 3588 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:22:19.0081 3588 CNG - ok
16:22:19.0097 3588 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:22:19.0097 3588 Compbatt - ok
16:22:19.0144 3588 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:22:19.0144 3588 CompositeBus - ok
16:22:19.0159 3588 COMSysApp - ok
16:22:19.0206 3588 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:22:19.0206 3588 crcdisk - ok
16:22:19.0284 3588 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:22:19.0284 3588 CryptSvc - ok
16:22:19.0331 3588 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:22:19.0346 3588 DcomLaunch - ok
16:22:19.0378 3588 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:22:19.0378 3588 defragsvc - ok
16:22:19.0424 3588 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:22:19.0440 3588 DfsC - ok
16:22:19.0456 3588 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:22:19.0471 3588 Dhcp - ok
16:22:19.0502 3588 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:22:19.0518 3588 discache - ok
16:22:19.0549 3588 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:22:19.0549 3588 Disk - ok
16:22:19.0596 3588 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:22:19.0596 3588 Dnscache - ok
16:22:19.0643 3588 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:22:19.0643 3588 dot3svc - ok
16:22:19.0690 3588 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:22:19.0690 3588 DPS - ok
16:22:19.0736 3588 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:22:19.0736 3588 drmkaud - ok
16:22:19.0783 3588 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:22:19.0799 3588 DXGKrnl - ok
16:22:19.0846 3588 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:22:19.0846 3588 EapHost - ok
16:22:19.0970 3588 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:22:20.0002 3588 ebdrv - ok
16:22:20.0033 3588 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:22:20.0033 3588 EFS - ok
16:22:20.0095 3588 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:22:20.0111 3588 ehRecvr - ok
16:22:20.0142 3588 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:22:20.0142 3588 ehSched - ok
16:22:20.0204 3588 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:22:20.0204 3588 elxstor - ok
16:22:20.0220 3588 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:22:20.0220 3588 ErrDev - ok
16:22:20.0298 3588 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:22:20.0298 3588 EventSystem - ok
16:22:20.0360 3588 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:22:20.0360 3588 ewusbmbb - ok
16:22:20.0423 3588 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:22:20.0423 3588 ew_hwusbdev - ok
16:22:20.0438 3588 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:22:20.0438 3588 exfat - ok
16:22:20.0454 3588 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:22:20.0454 3588 fastfat - ok
16:22:20.0516 3588 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:22:20.0516 3588 Fax - ok
16:22:20.0548 3588 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:22:20.0548 3588 fdc - ok
16:22:20.0594 3588 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:22:20.0594 3588 fdPHost - ok
16:22:20.0610 3588 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:22:20.0610 3588 FDResPub - ok
16:22:20.0626 3588 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:22:20.0641 3588 FileInfo - ok
16:22:20.0657 3588 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:22:20.0657 3588 Filetrace - ok
16:22:20.0672 3588 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:22:20.0672 3588 flpydisk - ok
16:22:20.0704 3588 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:22:20.0704 3588 FltMgr - ok
16:22:20.0766 3588 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:22:20.0782 3588 FontCache - ok
16:22:20.0860 3588 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:22:20.0860 3588 FontCache3.0.0.0 - ok
16:22:20.0875 3588 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:22:20.0875 3588 FsDepends - ok
16:22:20.0922 3588 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:22:20.0922 3588 Fs_Rec - ok
16:22:20.0984 3588 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:22:20.0984 3588 fvevol - ok
16:22:21.0031 3588 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:22:21.0031 3588 gagp30kx - ok
16:22:21.0094 3588 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:22:21.0094 3588 GEARAspiWDM - ok
16:22:21.0156 3588 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:22:21.0172 3588 gpsvc - ok
16:22:21.0203 3588 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:22:21.0203 3588 hcw85cir - ok
16:22:21.0281 3588 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:22:21.0281 3588 HdAudAddService - ok
16:22:21.0359 3588 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:22:21.0359 3588 HDAudBus - ok
16:22:21.0374 3588 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:22:21.0374 3588 HidBatt - ok
16:22:21.0421 3588 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:22:21.0421 3588 HidBth - ok
16:22:21.0452 3588 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:22:21.0452 3588 HidIr - ok
16:22:21.0484 3588 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:22:21.0499 3588 hidserv - ok
16:22:21.0546 3588 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:22:21.0546 3588 HidUsb - ok
16:22:21.0608 3588 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:22:21.0640 3588 hkmsvc - ok
16:22:21.0764 3588 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:22:21.0827 3588 HomeGroupListener - ok
16:22:21.0889 3588 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:22:21.0889 3588 HomeGroupProvider - ok
16:22:21.0936 3588 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:22:21.0936 3588 HpSAMD - ok
16:22:22.0014 3588 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:22:22.0030 3588 HTTP - ok
16:22:22.0076 3588 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:22:22.0076 3588 huawei_enumerator - ok
16:22:22.0139 3588 [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:22:22.0154 3588 hwdatacard - ok
16:22:22.0248 3588 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:22:22.0248 3588 HWDeviceService.exe - ok
16:22:22.0310 3588 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:22:22.0310 3588 hwpolicy - ok
16:22:22.0388 3588 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:22:22.0388 3588 i8042prt - ok
16:22:22.0435 3588 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:22:22.0451 3588 iaStorV - ok
16:22:22.0513 3588 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:22:22.0529 3588 idsvc - ok
16:22:22.0576 3588 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:22:22.0576 3588 iirsp - ok
16:22:22.0654 3588 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:22:22.0654 3588 IKEEXT - ok
16:22:22.0716 3588 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:22:22.0716 3588 intelide - ok
16:22:22.0747 3588 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:22:22.0747 3588 intelppm - ok
16:22:22.0778 3588 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:22:22.0778 3588 IPBusEnum - ok
16:22:22.0810 3588 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:22:22.0810 3588 IpFilterDriver - ok
16:22:22.0856 3588 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:22:22.0856 3588 iphlpsvc - ok
16:22:22.0903 3588 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:22:22.0903 3588 IPMIDRV - ok
16:22:22.0919 3588 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:22:22.0919 3588 IPNAT - ok
16:22:22.0966 3588 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:22:22.0966 3588 IRENUM - ok
16:22:22.0997 3588 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:22:22.0997 3588 isapnp - ok
16:22:23.0012 3588 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:22:23.0028 3588 iScsiPrt - ok
16:22:23.0059 3588 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:22:23.0059 3588 kbdclass - ok
16:22:23.0090 3588 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:22:23.0090 3588 kbdhid - ok
16:22:23.0122 3588 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:22:23.0122 3588 KeyIso - ok
16:22:23.0153 3588 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:22:23.0153 3588 KSecDD - ok
16:22:23.0215 3588 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:22:23.0215 3588 KSecPkg - ok
16:22:23.0262 3588 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:22:23.0262 3588 KtmRm - ok
16:22:23.0293 3588 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:22:23.0293 3588 LanmanServer - ok
16:22:23.0309 3588 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:22:23.0309 3588 LanmanWorkstation - ok
16:22:23.0371 3588 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:22:23.0371 3588 lltdio - ok
16:22:23.0418 3588 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:22:23.0434 3588 lltdsvc - ok
16:22:23.0449 3588 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:22:23.0449 3588 lmhosts - ok
16:22:23.0496 3588 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:22:23.0496 3588 LSI_FC - ok
16:22:23.0496 3588 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:22:23.0496 3588 LSI_SAS - ok
16:22:23.0512 3588 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:22:23.0527 3588 LSI_SAS2 - ok
16:22:23.0543 3588 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:22:23.0543 3588 LSI_SCSI - ok
16:22:23.0558 3588 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:22:23.0558 3588 luafv - ok
16:22:23.0590 3588 massfilter - ok
16:22:23.0590 3588 massfilter_hs - ok
16:22:23.0621 3588 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:22:23.0636 3588 Mcx2Svc - ok
16:22:23.0668 3588 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:22:23.0668 3588 megasas - ok
16:22:23.0683 3588 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:22:23.0683 3588 MegaSR - ok
16:22:23.0730 3588 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:22:23.0730 3588 MMCSS - ok
16:22:23.0839 3588 [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:22:23.0839 3588 Mobile Partner. RunOuc - ok
16:22:23.0855 3588 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:22:23.0855 3588 Modem - ok
16:22:23.0886 3588 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:22:23.0886 3588 monitor - ok
16:22:23.0917 3588 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:22:23.0933 3588 mouclass - ok
16:22:23.0948 3588 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:22:23.0948 3588 mouhid - ok
16:22:23.0980 3588 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:22:23.0995 3588 mountmgr - ok
16:22:24.0058 3588 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:22:24.0058 3588 MozillaMaintenance - ok
16:22:24.0089 3588 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:22:24.0089 3588 mpio - ok
16:22:24.0104 3588 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:22:24.0120 3588 mpsdrv - ok
16:22:24.0167 3588 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:22:24.0182 3588 MpsSvc - ok
16:22:24.0214 3588 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:22:24.0214 3588 MRxDAV - ok
16:22:24.0276 3588 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:22:24.0276 3588 mrxsmb - ok
16:22:24.0323 3588 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:22:24.0338 3588 mrxsmb10 - ok
16:22:24.0354 3588 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:22:24.0354 3588 mrxsmb20 - ok
16:22:24.0385 3588 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:22:24.0385 3588 msahci - ok
16:22:24.0432 3588 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:22:24.0448 3588 msdsm - ok
16:22:24.0463 3588 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:22:24.0463 3588 MSDTC - ok
16:22:24.0510 3588 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:22:24.0510 3588 Msfs - ok
16:22:24.0541 3588 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:22:24.0541 3588 mshidkmdf - ok
16:22:24.0557 3588 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:22:24.0557 3588 msisadrv - ok
16:22:24.0604 3588 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:22:24.0604 3588 MSiSCSI - ok
16:22:24.0619 3588 msiserver - ok
16:22:24.0650 3588 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:22:24.0650 3588 MSKSSRV - ok
16:22:24.0682 3588 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:22:24.0682 3588 MSPCLOCK - ok
16:22:24.0697 3588 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:22:24.0697 3588 MSPQM - ok
16:22:24.0713 3588 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:22:24.0713 3588 MsRPC - ok
16:22:24.0760 3588 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:22:24.0760 3588 mssmbios - ok
16:22:24.0775 3588 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:22:24.0791 3588 MSTEE - ok
16:22:24.0791 3588 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:22:24.0791 3588 MTConfig - ok
16:22:24.0822 3588 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:22:24.0822 3588 Mup - ok
16:22:24.0869 3588 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:22:24.0884 3588 napagent - ok
16:22:24.0916 3588 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:22:24.0916 3588 NativeWifiP - ok
16:22:24.0978 3588 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:22:24.0978 3588 NDIS - ok
16:22:25.0009 3588 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:22:25.0009 3588 NdisCap - ok
16:22:25.0025 3588 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:22:25.0025 3588 NdisTapi - ok
16:22:25.0072 3588 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:22:25.0087 3588 Ndisuio - ok
16:22:25.0134 3588 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:22:25.0134 3588 NdisWan - ok
16:22:25.0150 3588 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:22:25.0150 3588 NDProxy - ok
16:22:25.0165 3588 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:22:25.0165 3588 NetBIOS - ok
16:22:25.0212 3588 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:22:25.0228 3588 NetBT - ok
16:22:25.0259 3588 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:22:25.0259 3588 Netlogon - ok
16:22:25.0321 3588 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:22:25.0337 3588 Netman - ok
16:22:25.0368 3588 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:22:25.0368 3588 netprofm - ok
16:22:25.0415 3588 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:22:25.0415 3588 NetTcpPortSharing - ok
16:22:25.0462 3588 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:22:25.0462 3588 nfrd960 - ok
16:22:25.0508 3588 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:22:25.0508 3588 NlaSvc - ok
16:22:25.0524 3588 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:22:25.0524 3588 Npfs - ok
16:22:25.0571 3588 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:22:25.0571 3588 nsi - ok
16:22:25.0586 3588 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:22:25.0586 3588 nsiproxy - ok
16:22:25.0664 3588 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:22:25.0680 3588 Ntfs - ok
16:22:25.0711 3588 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:22:25.0711 3588 Null - ok
16:22:25.0742 3588 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:22:25.0742 3588 nvraid - ok
16:22:25.0774 3588 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:22:25.0789 3588 nvstor - ok
16:22:25.0805 3588 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:22:25.0820 3588 nv_agp - ok
16:22:25.0836 3588 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:22:25.0836 3588 ohci1394 - ok
16:22:25.0883 3588 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:22:25.0883 3588 p2pimsvc - ok
16:22:25.0914 3588 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:22:25.0930 3588 p2psvc - ok
16:22:25.0961 3588 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:22:25.0976 3588 Parport - ok
16:22:26.0023 3588 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:22:26.0023 3588 partmgr - ok
16:22:26.0039 3588 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:22:26.0039 3588 Parvdm - ok
16:22:26.0054 3588 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:22:26.0070 3588 PcaSvc - ok
16:22:26.0101 3588 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:22:26.0117 3588 pci - ok
16:22:26.0132 3588 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:22:26.0132 3588 pciide - ok
16:22:26.0148 3588 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:22:26.0148 3588 pcmcia - ok
16:22:26.0164 3588 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:22:26.0164 3588 pcw - ok
16:22:26.0210 3588 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:22:26.0210 3588 PEAUTH - ok
16:22:26.0304 3588 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:22:26.0320 3588 pla - ok
16:22:26.0382 3588 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:22:26.0382 3588 PlugPlay - ok
16:22:26.0444 3588 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:22:26.0444 3588 PNRPAutoReg - ok
16:22:26.0460 3588 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:22:26.0460 3588 PNRPsvc - ok
16:22:26.0491 3588 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:22:26.0491 3588 PolicyAgent - ok
16:22:26.0538 3588 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:22:26.0538 3588 Power - ok
16:22:26.0585 3588 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:22:26.0585 3588 PptpMiniport - ok
16:22:26.0616 3588 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:22:26.0616 3588 Processor - ok
16:22:26.0663 3588 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:22:26.0678 3588 ProfSvc - ok
16:22:26.0694 3588 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:22:26.0694 3588 ProtectedStorage - ok
16:22:26.0725 3588 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:22:26.0741 3588 Psched - ok
16:22:26.0772 3588 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:22:26.0788 3588 ql2300 - ok
16:22:26.0819 3588 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:22:26.0819 3588 ql40xx - ok
16:22:26.0850 3588 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:22:26.0850 3588 QWAVE - ok
16:22:26.0897 3588 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:22:26.0897 3588 QWAVEdrv - ok
16:22:26.0912 3588 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:22:26.0912 3588 RasAcd - ok
16:22:26.0959 3588 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:22:26.0959 3588 RasAgileVpn - ok
16:22:26.0975 3588 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:22:26.0990 3588 RasAuto - ok
16:22:27.0022 3588 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:22:27.0037 3588 Rasl2tp - ok
16:22:27.0084 3588 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:22:27.0100 3588 RasMan - ok
16:22:27.0115 3588 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:22:27.0115 3588 RasPppoe - ok
16:22:27.0146 3588 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:22:27.0146 3588 RasSstp - ok
16:22:27.0193 3588 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:22:27.0193 3588 rdbss - ok
16:22:27.0209 3588 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:22:27.0209 3588 rdpbus - ok
16:22:27.0256 3588 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:22:27.0256 3588 RDPCDD - ok
16:22:27.0302 3588 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:22:27.0302 3588 RDPENCDD - ok
16:22:27.0318 3588 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:22:27.0318 3588 RDPREFMP - ok
16:22:27.0365 3588 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:22:27.0365 3588 RDPWD - ok
16:22:27.0427 3588 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:22:27.0427 3588 rdyboost - ok
16:22:27.0458 3588 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:22:27.0474 3588 RemoteAccess - ok
16:22:27.0505 3588 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:22:27.0521 3588 RemoteRegistry - ok
16:22:27.0552 3588 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:22:27.0568 3588 RFCOMM - ok
16:22:27.0583 3588 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:22:27.0583 3588 RpcEptMapper - ok
16:22:27.0614 3588 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:22:27.0630 3588 RpcLocator - ok
16:22:27.0661 3588 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:22:27.0661 3588 RpcSs - ok
16:22:27.0739 3588 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:22:27.0739 3588 rspndr - ok
16:22:27.0802 3588 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys
16:22:27.0802 3588 SABI - ok
16:22:27.0817 3588 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:22:27.0817 3588 SamSs - ok
16:22:27.0848 3588 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:22:27.0848 3588 sbp2port - ok
16:22:27.0958 3588 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:22:27.0989 3588 SBSDWSCService - ok
16:22:28.0020 3588 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:22:28.0036 3588 SCardSvr - ok
16:22:28.0067 3588 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:22:28.0067 3588 scfilter - ok
16:22:28.0129 3588 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:22:28.0145 3588 Schedule - ok
16:22:28.0160 3588 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:22:28.0160 3588 SCPolicySvc - ok
16:22:28.0192 3588 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:22:28.0207 3588 SDRSVC - ok
16:22:28.0254 3588 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:22:28.0254 3588 secdrv - ok
16:22:28.0270 3588 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:22:28.0270 3588 seclogon - ok
16:22:28.0316 3588 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:22:28.0332 3588 SENS - ok
16:22:28.0379 3588 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:22:28.0379 3588 SensrSvc - ok
16:22:28.0394 3588 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:22:28.0394 3588 Serenum - ok
16:22:28.0441 3588 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:22:28.0441 3588 Serial - ok
16:22:28.0457 3588 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:22:28.0457 3588 sermouse - ok
16:22:28.0504 3588 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:22:28.0519 3588 SessionEnv - ok
16:22:28.0550 3588 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:22:28.0550 3588 sffdisk - ok
16:22:28.0566 3588 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:22:28.0566 3588 sffp_mmc - ok
16:22:28.0582 3588 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:22:28.0582 3588 sffp_sd - ok
16:22:28.0613 3588 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:22:28.0613 3588 sfloppy - ok
16:22:28.0675 3588 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:22:28.0675 3588 SharedAccess - ok
16:22:28.0722 3588 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:22:28.0738 3588 ShellHWDetection - ok
16:22:28.0753 3588 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:22:28.0753 3588 sisagp - ok
16:22:28.0816 3588 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:22:28.0816 3588 SiSRaid2 - ok
16:22:28.0831 3588 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:22:28.0831 3588 SiSRaid4 - ok
16:22:28.0878 3588 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:22:28.0878 3588 Smb - ok
16:22:28.0940 3588 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:22:28.0940 3588 SNMPTRAP - ok
16:22:28.0956 3588 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:22:28.0956 3588 spldr - ok
16:22:29.0003 3588 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:22:29.0003 3588 Spooler - ok
16:22:29.0112 3588 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:22:29.0159 3588 sppsvc - ok
16:22:29.0206 3588 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:22:29.0206 3588 sppuinotify - ok
16:22:29.0284 3588 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:22:29.0284 3588 srv - ok
16:22:29.0346 3588 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:22:29.0346 3588 srv2 - ok
16:22:29.0362 3588 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:22:29.0377 3588 srvnet - ok
16:22:29.0408 3588 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:22:29.0424 3588 SSDPSRV - ok
16:22:29.0486 3588 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:22:29.0486 3588 ssmdrv - ok
16:22:29.0502 3588 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:22:29.0518 3588 SstpSvc - ok
16:22:29.0549 3588 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:22:29.0549 3588 stexstor - ok
16:22:29.0627 3588 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:22:29.0642 3588 StiSvc - ok
16:22:29.0689 3588 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:22:29.0689 3588 swenum - ok
16:22:29.0752 3588 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:22:29.0752 3588 swprv - ok
16:22:29.0814 3588 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:22:29.0845 3588 SysMain - ok
16:22:29.0861 3588 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:22:29.0876 3588 TabletInputService - ok
16:22:29.0908 3588 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:22:29.0923 3588 TapiSrv - ok
16:22:29.0939 3588 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:22:29.0939 3588 TBS - ok
16:22:30.0001 3588 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:22:30.0032 3588 Tcpip - ok
16:22:30.0048 3588 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:22:30.0064 3588 TCPIP6 - ok
16:22:30.0095 3588 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:22:30.0095 3588 tcpipreg - ok
16:22:30.0142 3588 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:22:30.0142 3588 TDPIPE - ok
16:22:30.0173 3588 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:22:30.0173 3588 TDTCP - ok
16:22:30.0220 3588 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:22:30.0220 3588 tdx - ok
16:22:30.0235 3588 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:22:30.0235 3588 TermDD - ok
16:22:30.0298 3588 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:22:30.0298 3588 TermService - ok
16:22:30.0344 3588 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:22:30.0344 3588 Themes - ok
16:22:30.0360 3588 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:22:30.0360 3588 THREADORDER - ok
16:22:30.0391 3588 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:22:30.0391 3588 TrkWks - ok
16:22:30.0438 3588 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:22:30.0438 3588 TrustedInstaller - ok
16:22:30.0485 3588 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:22:30.0485 3588 tssecsrv - ok
16:22:30.0532 3588 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:22:30.0532 3588 TsUsbFlt - ok
16:22:30.0594 3588 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:22:30.0594 3588 tunnel - ok
16:22:30.0641 3588 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:22:30.0641 3588 uagp35 - ok
16:22:30.0688 3588 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:22:30.0688 3588 udfs - ok
16:22:30.0719 3588 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:22:30.0719 3588 UI0Detect - ok
16:22:30.0750 3588 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:22:30.0766 3588 uliagpkx - ok
16:22:30.0781 3588 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:22:30.0797 3588 umbus - ok
16:22:30.0812 3588 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:22:30.0812 3588 UmPass - ok
16:22:30.0828 3588 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:22:30.0844 3588 upnphost - ok
16:22:30.0890 3588 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:22:30.0890 3588 usbccgp - ok
16:22:30.0937 3588 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:22:30.0953 3588 usbcir - ok
16:22:30.0968 3588 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:22:30.0968 3588 usbehci - ok
16:22:31.0015 3588 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:22:31.0031 3588 usbhub - ok
16:22:31.0046 3588 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:22:31.0046 3588 usbohci - ok
16:22:31.0109 3588 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:22:31.0109 3588 usbprint - ok
16:22:31.0140 3588 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:22:31.0156 3588 usbscan - ok
16:22:31.0171 3588 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:22:31.0171 3588 USBSTOR - ok
16:22:31.0187 3588 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:22:31.0187 3588 usbuhci - ok
16:22:31.0234 3588 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:22:31.0249 3588 usbvideo - ok
16:22:31.0280 3588 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:22:31.0280 3588 UxSms - ok
16:22:31.0312 3588 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:22:31.0312 3588 VaultSvc - ok
16:22:31.0327 3588 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:22:31.0327 3588 vdrvroot - ok
16:22:31.0374 3588 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:22:31.0390 3588 vds - ok
16:22:31.0421 3588 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:22:31.0421 3588 vga - ok
16:22:31.0452 3588 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:22:31.0452 3588 VgaSave - ok
16:22:31.0483 3588 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:22:31.0483 3588 vhdmp - ok
16:22:31.0514 3588 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:22:31.0514 3588 viaagp - ok
16:22:31.0546 3588 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:22:31.0546 3588 ViaC7 - ok
16:22:31.0561 3588 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:22:31.0561 3588 viaide - ok
16:22:31.0592 3588 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:22:31.0592 3588 volmgr - ok
16:22:31.0624 3588 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:22:31.0624 3588 volmgrx - ok
16:22:31.0639 3588 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:22:31.0655 3588 volsnap - ok
16:22:31.0686 3588 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:22:31.0686 3588 vsmraid - ok
16:22:31.0748 3588 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:22:31.0764 3588 VSS - ok
16:22:31.0795 3588 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:22:31.0795 3588 vwifibus - ok
16:22:31.0795 3588 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:22:31.0795 3588 vwififlt - ok
16:22:31.0842 3588 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:22:31.0842 3588 vwifimp - ok
16:22:31.0873 3588 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:22:31.0904 3588 W32Time - ok
16:22:31.0967 3588 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:22:32.0014 3588 WacomPen - ok
16:22:32.0092 3588 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:22:32.0123 3588 WANARP - ok
16:22:32.0138 3588 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:22:32.0138 3588 Wanarpv6 - ok
16:22:32.0201 3588 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:22:32.0216 3588 wbengine - ok
16:22:32.0248 3588 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:22:32.0248 3588 WbioSrvc - ok
16:22:32.0279 3588 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:22:32.0294 3588 wcncsvc - ok
16:22:32.0310 3588 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:22:32.0310 3588 WcsPlugInService - ok
16:22:32.0357 3588 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:22:32.0357 3588 Wd - ok
16:22:32.0404 3588 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:22:32.0419 3588 Wdf01000 - ok
16:22:32.0435 3588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:22:32.0435 3588 WdiServiceHost - ok
16:22:32.0435 3588 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:22:32.0450 3588 WdiSystemHost - ok
16:22:32.0482 3588 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:22:32.0497 3588 WebClient - ok
16:22:32.0528 3588 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:22:32.0544 3588 Wecsvc - ok
16:22:32.0560 3588 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:22:32.0560 3588 wercplsupport - ok
16:22:32.0591 3588 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:22:32.0606 3588 WerSvc - ok
16:22:32.0622 3588 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:22:32.0622 3588 WfpLwf - ok
16:22:32.0653 3588 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:22:32.0653 3588 WIMMount - ok
16:22:32.0731 3588 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:22:32.0747 3588 WinDefend - ok
16:22:32.0762 3588 WinHttpAutoProxySvc - ok
16:22:32.0840 3588 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:22:32.0840 3588 Winmgmt - ok
16:22:32.0903 3588 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:22:32.0918 3588 WinRM - ok
16:22:32.0996 3588 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:22:32.0996 3588 WinUsb - ok
16:22:33.0043 3588 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:22:33.0059 3588 Wlansvc - ok
16:22:33.0246 3588 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:22:33.0277 3588 wlidsvc - ok
16:22:33.0324 3588 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:22:33.0324 3588 WmiAcpi - ok
16:22:33.0371 3588 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:22:33.0371 3588 wmiApSrv - ok
16:22:33.0449 3588 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:22:33.0464 3588 WMPNetworkSvc - ok
16:22:33.0496 3588 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:22:33.0496 3588 WPCSvc - ok
16:22:33.0527 3588 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:22:33.0542 3588 WPDBusEnum - ok
16:22:33.0589 3588 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:22:33.0589 3588 ws2ifsl - ok
16:22:33.0605 3588 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:22:33.0605 3588 wscsvc - ok
16:22:33.0605 3588 WSearch - ok
16:22:33.0698 3588 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:22:33.0730 3588 wuauserv - ok
16:22:33.0776 3588 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:22:33.0776 3588 WudfPf - ok
16:22:33.0839 3588 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:22:33.0839 3588 WUDFRd - ok
16:22:33.0886 3588 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:22:33.0901 3588 wudfsvc - ok
16:22:33.0932 3588 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:22:33.0948 3588 WwanSvc - ok
16:22:33.0995 3588 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:22:33.0995 3588 yukonw7 - ok
16:22:34.0010 3588 ZTEusbmdm6k - ok
16:22:34.0042 3588 ZTEusbnmea - ok
16:22:34.0057 3588 ZTEusbser6k - ok
16:22:34.0135 3588 ================ Scan global ===============================
16:22:34.0166 3588 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:22:34.0213 3588 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:22:34.0229 3588 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:22:34.0260 3588 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:22:34.0322 3588 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:22:34.0322 3588 [Global] - ok
16:22:34.0322 3588 ================ Scan MBR ==================================
16:22:34.0338 3588 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
16:22:34.0666 3588 \Device\Harddisk0\DR0 - ok
16:22:34.0681 3588 ================ Scan VBR ==================================
16:22:34.0681 3588 [ 8052CBDE7584F5ECDD48AA0F291F7799 ] \Device\Harddisk0\DR0\Partition1
16:22:34.0681 3588 \Device\Harddisk0\DR0\Partition1 - ok
16:22:34.0697 3588 [ 78A4A76261EC67649EBE7FF84F5652D7 ] \Device\Harddisk0\DR0\Partition2
16:22:34.0697 3588 \Device\Harddisk0\DR0\Partition2 - ok
16:22:34.0697 3588 ============================================================
16:22:34.0697 3588 Scan finished
16:22:34.0697 3588 ============================================================
16:22:34.0712 0608 Detected object count: 0
16:22:34.0712 0608 Actual detected object count: 0
16:24:36.0869 4088 Deinitialize success
|
|
11.04.2013, 15:42
| #10 | |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster)Zitat:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 15:47
| #11 | |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster)Zitat:
TDSS-Killer: Code:
ATTFilter 16:42:00.0938 4064 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42
16:42:02.0966 4064 ============================================================
16:42:02.0966 4064 Current date / time: 2013/04/11 16:42:02.0966
16:42:02.0966 4064 SystemInfo:
16:42:02.0966 4064
16:42:02.0966 4064 OS Version: 6.1.7601 ServicePack: 1.0
16:42:02.0966 4064 Product type: Workstation
16:42:02.0966 4064 ComputerName: PRIVATE
16:42:02.0966 4064 UserName: admin
16:42:02.0966 4064 Windows directory: C:\Windows
16:42:02.0966 4064 System windows directory: C:\Windows
16:42:02.0966 4064 Processor architecture: Intel x86
16:42:02.0966 4064 Number of processors: 2
16:42:02.0966 4064 Page size: 0x1000
16:42:02.0966 4064 Boot type: Normal boot
16:42:02.0966 4064 ============================================================
16:42:04.0167 4064 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050
16:42:04.0167 4064 ============================================================
16:42:04.0167 4064 \Device\Harddisk0\DR0:
16:42:04.0167 4064 MBR partitions:
16:42:04.0167 4064 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x1A00800, BlocksNum 0x11C2C800
16:42:04.0167 4064 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x1362D000, BlocksNum 0x11E01000
16:42:04.0167 4064 ============================================================
16:42:04.0198 4064 C: <-> \Device\Harddisk0\DR0\Partition1
16:42:04.0292 4064 D: <-> \Device\Harddisk0\DR0\Partition2
16:42:04.0292 4064 ============================================================
16:42:04.0292 4064 Initialize success
16:42:04.0292 4064 ============================================================
16:43:13.0353 1804 ============================================================
16:43:13.0353 1804 Scan started
16:43:13.0353 1804 Mode: Manual; SigCheck; TDLFS;
16:43:13.0353 1804 ============================================================
16:43:13.0758 1804 ================ Scan system memory ========================
16:43:13.0758 1804 System memory - ok
16:43:13.0758 1804 ================ Scan services =============================
16:43:13.0946 1804 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys
16:43:14.0070 1804 1394ohci - ok
16:43:14.0117 1804 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys
16:43:14.0133 1804 ACPI - ok
16:43:14.0164 1804 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys
16:43:14.0242 1804 AcpiPmi - ok
16:43:14.0398 1804 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe
16:43:14.0429 1804 AdobeARMservice - ok
16:43:14.0570 1804 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe
16:43:14.0585 1804 AdobeFlashPlayerUpdateSvc - ok
16:43:14.0663 1804 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys
16:43:14.0694 1804 adp94xx - ok
16:43:14.0710 1804 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys
16:43:14.0726 1804 adpahci - ok
16:43:14.0757 1804 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys
16:43:14.0772 1804 adpu320 - ok
16:43:14.0804 1804 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll
16:43:14.0866 1804 AeLookupSvc - ok
16:43:14.0913 1804 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys
16:43:15.0006 1804 AFD - ok
16:43:15.0038 1804 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys
16:43:15.0053 1804 agp440 - ok
16:43:15.0100 1804 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys
16:43:15.0131 1804 aic78xx - ok
16:43:15.0178 1804 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe
16:43:15.0240 1804 ALG - ok
16:43:15.0256 1804 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys
16:43:15.0272 1804 aliide - ok
16:43:15.0334 1804 [ B19505648F033393E907E2E419FDE8B3 ] AMD External Events Utility C:\Windows\system32\atiesrxx.exe
16:43:15.0428 1804 AMD External Events Utility - ok
16:43:15.0443 1804 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys
16:43:15.0474 1804 amdagp - ok
16:43:15.0490 1804 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys
16:43:15.0506 1804 amdide - ok
16:43:15.0552 1804 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys
16:43:15.0599 1804 AmdK8 - ok
16:43:15.0630 1804 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys
16:43:15.0646 1804 AmdPPM - ok
16:43:15.0708 1804 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys
16:43:15.0724 1804 amdsata - ok
16:43:15.0755 1804 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys
16:43:15.0771 1804 amdsbs - ok
16:43:15.0786 1804 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys
16:43:15.0802 1804 amdxata - ok
16:43:15.0849 1804 [ 3E59DF4984FBD6800D6621480B38A34E ] Andbus C:\Windows\system32\DRIVERS\lgandbus.sys
16:43:15.0896 1804 Andbus - ok
16:43:15.0942 1804 [ 8E0BF6F3B2C9C292BC7CE0DE727CDD56 ] AndDiag C:\Windows\system32\DRIVERS\lganddiag.sys
16:43:16.0005 1804 AndDiag - ok
16:43:16.0020 1804 [ 1D2C90E25483363D54B652898BBC8F2A ] AndGps C:\Windows\system32\DRIVERS\lgandgps.sys
16:43:16.0036 1804 AndGps - ok
16:43:16.0067 1804 [ B1B06A95DA2CAC7FA19832C60C348C85 ] ANDModem C:\Windows\system32\DRIVERS\lgandmodem.sys
16:43:16.0098 1804 ANDModem - ok
16:43:16.0223 1804 [ D9A92E6DD41C5ADC045AE485026AA40C ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe
16:43:16.0254 1804 AntiVirSchedulerService - ok
16:43:16.0301 1804 [ 66A7A38F7C439153B758548375EB9E5E ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe
16:43:16.0317 1804 AntiVirService - ok
16:43:16.0364 1804 [ 5A123AABB571AEA78AE63AF5E372F796 ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE
16:43:16.0379 1804 AntiVirWebService - ok
16:43:16.0426 1804 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys
16:43:16.0535 1804 AppID - ok
16:43:16.0582 1804 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll
16:43:16.0644 1804 AppIDSvc - ok
16:43:16.0676 1804 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll
16:43:16.0722 1804 Appinfo - ok
16:43:16.0769 1804 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys
16:43:16.0800 1804 arc - ok
16:43:16.0800 1804 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys
16:43:16.0816 1804 arcsas - ok
16:43:16.0847 1804 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys
16:43:16.0956 1804 AsyncMac - ok
16:43:17.0003 1804 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys
16:43:17.0003 1804 atapi - ok
16:43:17.0066 1804 [ 76BAB0C824E2D05B940C4DD40A9B08BF ] athr C:\Windows\system32\DRIVERS\athr.sys
16:43:17.0159 1804 athr - ok
16:43:17.0346 1804 [ 04F09923A393E4E0E8453A8F78361E73 ] atikmdag C:\Windows\system32\DRIVERS\atikmdag.sys
16:43:17.0440 1804 atikmdag - ok
16:43:17.0502 1804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll
16:43:17.0565 1804 AudioEndpointBuilder - ok
16:43:17.0580 1804 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll
16:43:17.0612 1804 Audiosrv - ok
16:43:17.0658 1804 [ 87425709A251386064C99B684BF96F72 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys
16:43:17.0690 1804 avgntflt - ok
16:43:17.0752 1804 [ D50FBA68163BC498F2C136E0E5BA8E2F ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys
16:43:17.0768 1804 avipbb - ok
16:43:17.0783 1804 [ CB8741CD7B126499FED40C9B197F6AC5 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys
16:43:17.0799 1804 avkmgr - ok
16:43:17.0846 1804 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll
16:43:17.0939 1804 AxInstSV - ok
16:43:18.0002 1804 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys
16:43:18.0048 1804 b06bdrv - ok
16:43:18.0095 1804 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys
16:43:18.0126 1804 b57nd60x - ok
16:43:18.0204 1804 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll
16:43:18.0267 1804 BDESVC - ok
16:43:18.0298 1804 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys
16:43:18.0345 1804 Beep - ok
16:43:18.0407 1804 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll
16:43:18.0470 1804 BFE - ok
16:43:18.0516 1804 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\System32\qmgr.dll
16:43:18.0579 1804 BITS - ok
16:43:18.0610 1804 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys
16:43:18.0626 1804 blbdrive - ok
16:43:18.0672 1804 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys
16:43:18.0704 1804 bowser - ok
16:43:18.0750 1804 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys
16:43:18.0797 1804 BrFiltLo - ok
16:43:18.0813 1804 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys
16:43:18.0844 1804 BrFiltUp - ok
16:43:18.0891 1804 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll
16:43:18.0938 1804 Browser - ok
16:43:18.0969 1804 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys
16:43:19.0016 1804 Brserid - ok
16:43:19.0031 1804 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys
16:43:19.0062 1804 BrSerWdm - ok
16:43:19.0094 1804 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys
16:43:19.0109 1804 BrUsbMdm - ok
16:43:19.0125 1804 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys
16:43:19.0156 1804 BrUsbSer - ok
16:43:19.0218 1804 [ 2865A5C8E98C70C605F417908CEBB3A4 ] BthEnum C:\Windows\system32\drivers\BthEnum.sys
16:43:19.0359 1804 BthEnum - ok
16:43:19.0390 1804 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys
16:43:19.0452 1804 BTHMODEM - ok
16:43:19.0499 1804 [ AD1872E5829E8A2C3B5B4B641C3EAB0E ] BthPan C:\Windows\system32\DRIVERS\bthpan.sys
16:43:19.0546 1804 BthPan - ok
16:43:19.0577 1804 [ 1153DE2E4F5941E10C399CB5592F78A1 ] BTHPORT C:\Windows\System32\Drivers\BTHport.sys
16:43:19.0624 1804 BTHPORT - ok
16:43:19.0686 1804 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll
16:43:19.0749 1804 bthserv - ok
16:43:19.0796 1804 [ C81E9413A25A439F436B1D4B6A0CF9E9 ] BTHUSB C:\Windows\System32\Drivers\BTHUSB.sys
16:43:19.0827 1804 BTHUSB - ok
16:43:19.0842 1804 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys
16:43:19.0889 1804 cdfs - ok
16:43:19.0952 1804 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys
16:43:19.0998 1804 cdrom - ok
16:43:20.0061 1804 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll
16:43:20.0108 1804 CertPropSvc - ok
16:43:20.0154 1804 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys
16:43:20.0201 1804 circlass - ok
16:43:20.0232 1804 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys
16:43:20.0264 1804 CLFS - ok
16:43:20.0357 1804 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe
16:43:20.0373 1804 clr_optimization_v2.0.50727_32 - ok
16:43:20.0451 1804 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe
16:43:20.0482 1804 clr_optimization_v4.0.30319_32 - ok
16:43:20.0498 1804 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys
16:43:20.0513 1804 CmBatt - ok
16:43:20.0529 1804 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys
16:43:20.0544 1804 cmdide - ok
16:43:20.0591 1804 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys
16:43:20.0622 1804 CNG - ok
16:43:20.0654 1804 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys
16:43:20.0669 1804 Compbatt - ok
16:43:20.0716 1804 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys
16:43:20.0747 1804 CompositeBus - ok
16:43:20.0778 1804 COMSysApp - ok
16:43:20.0810 1804 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys
16:43:20.0825 1804 crcdisk - ok
16:43:20.0872 1804 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll
16:43:20.0934 1804 CryptSvc - ok
16:43:20.0981 1804 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll
16:43:21.0028 1804 DcomLaunch - ok
16:43:21.0122 1804 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll
16:43:21.0215 1804 defragsvc - ok
16:43:21.0371 1804 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys
16:43:21.0418 1804 DfsC - ok
16:43:21.0480 1804 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll
16:43:21.0543 1804 Dhcp - ok
16:43:21.0590 1804 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys
16:43:21.0652 1804 discache - ok
16:43:21.0683 1804 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys
16:43:21.0714 1804 Disk - ok
16:43:21.0761 1804 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll
16:43:21.0824 1804 Dnscache - ok
16:43:21.0855 1804 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll
16:43:21.0902 1804 dot3svc - ok
16:43:21.0933 1804 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll
16:43:21.0980 1804 DPS - ok
16:43:22.0026 1804 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys
16:43:22.0073 1804 drmkaud - ok
16:43:22.0120 1804 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys
16:43:22.0151 1804 DXGKrnl - ok
16:43:22.0198 1804 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll
16:43:22.0276 1804 EapHost - ok
16:43:22.0385 1804 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys
16:43:22.0479 1804 ebdrv - ok
16:43:22.0510 1804 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe
16:43:22.0541 1804 EFS - ok
16:43:22.0604 1804 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe
16:43:22.0666 1804 ehRecvr - ok
16:43:22.0697 1804 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe
16:43:22.0728 1804 ehSched - ok
16:43:22.0806 1804 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys
16:43:22.0838 1804 elxstor - ok
16:43:22.0853 1804 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys
16:43:22.0900 1804 ErrDev - ok
16:43:22.0962 1804 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll
16:43:23.0009 1804 EventSystem - ok
16:43:23.0087 1804 [ 026F6D48CC5293C7B8A696376618B9D2 ] ewusbmbb C:\Windows\system32\DRIVERS\ewusbwwan.sys
16:43:23.0134 1804 ewusbmbb - ok
16:43:23.0181 1804 [ 57C171EA22F0A7F068FCB0CAEDD1E8E7 ] ew_hwusbdev C:\Windows\system32\DRIVERS\ew_hwusbdev.sys
16:43:23.0228 1804 ew_hwusbdev - ok
16:43:23.0243 1804 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys
16:43:23.0306 1804 exfat - ok
16:43:23.0337 1804 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys
16:43:23.0368 1804 fastfat - ok
16:43:23.0415 1804 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe
16:43:23.0508 1804 Fax - ok
16:43:23.0540 1804 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys
16:43:23.0571 1804 fdc - ok
16:43:23.0618 1804 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll
16:43:23.0649 1804 fdPHost - ok
16:43:23.0649 1804 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll
16:43:23.0711 1804 FDResPub - ok
16:43:23.0727 1804 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys
16:43:23.0742 1804 FileInfo - ok
16:43:23.0758 1804 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys
16:43:23.0789 1804 Filetrace - ok
16:43:23.0883 1804 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys
16:43:23.0898 1804 flpydisk - ok
16:43:23.0976 1804 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys
16:43:23.0992 1804 FltMgr - ok
16:43:24.0054 1804 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll
16:43:24.0195 1804 FontCache - ok
16:43:24.0273 1804 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
16:43:24.0288 1804 FontCache3.0.0.0 - ok
16:43:24.0304 1804 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys
16:43:24.0320 1804 FsDepends - ok
16:43:24.0366 1804 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys
16:43:24.0382 1804 Fs_Rec - ok
16:43:24.0444 1804 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys
16:43:24.0476 1804 fvevol - ok
16:43:24.0538 1804 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys
16:43:24.0554 1804 gagp30kx - ok
16:43:24.0616 1804 [ 4AC51459805264AFFD5F6FDFB9D9235F ] GEARAspiWDM C:\Windows\system32\Drivers\GEARAspiWDM.sys
16:43:24.0632 1804 GEARAspiWDM - ok
16:43:24.0678 1804 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll
16:43:24.0741 1804 gpsvc - ok
16:43:24.0772 1804 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys
16:43:24.0803 1804 hcw85cir - ok
16:43:24.0866 1804 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys
16:43:24.0912 1804 HdAudAddService - ok
16:43:24.0975 1804 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys
16:43:25.0022 1804 HDAudBus - ok
16:43:25.0022 1804 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys
16:43:25.0053 1804 HidBatt - ok
16:43:25.0068 1804 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys
16:43:25.0100 1804 HidBth - ok
16:43:25.0131 1804 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys
16:43:25.0162 1804 HidIr - ok
16:43:25.0209 1804 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\system32\hidserv.dll
16:43:25.0287 1804 hidserv - ok
16:43:25.0365 1804 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys
16:43:25.0412 1804 HidUsb - ok
16:43:25.0458 1804 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll
16:43:25.0505 1804 hkmsvc - ok
16:43:25.0536 1804 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll
16:43:25.0646 1804 HomeGroupListener - ok
16:43:25.0833 1804 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll
16:43:25.0880 1804 HomeGroupProvider - ok
16:43:25.0942 1804 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys
16:43:25.0958 1804 HpSAMD - ok
16:43:26.0036 1804 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys
16:43:26.0082 1804 HTTP - ok
16:43:26.0129 1804 [ F44461E66F1B7DD267957FE9BAA63ED0 ] huawei_enumerator C:\Windows\system32\DRIVERS\ew_jubusenum.sys
16:43:26.0176 1804 huawei_enumerator - ok
16:43:26.0238 1804 [ B50E1D8627354BA8E4DF83470F1272C8 ] hwdatacard C:\Windows\system32\DRIVERS\ewusbmdm.sys
16:43:26.0316 1804 hwdatacard - ok
16:43:26.0426 1804 [ 5EF3427AE503B5C03A48F7C9FF458B69 ] HWDeviceService.exe C:\ProgramData\DatacardService\HWDeviceService.exe
16:43:26.0457 1804 HWDeviceService.exe - ok
16:43:26.0504 1804 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys
16:43:26.0566 1804 hwpolicy - ok
16:43:26.0722 1804 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys
16:43:26.0753 1804 i8042prt - ok
16:43:26.0800 1804 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys
16:43:26.0831 1804 iaStorV - ok
16:43:26.0894 1804 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe
16:43:26.0940 1804 idsvc - ok
16:43:27.0003 1804 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys
16:43:27.0034 1804 iirsp - ok
16:43:27.0096 1804 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll
16:43:27.0159 1804 IKEEXT - ok
16:43:27.0190 1804 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys
16:43:27.0206 1804 intelide - ok
16:43:27.0237 1804 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys
16:43:27.0299 1804 intelppm - ok
16:43:27.0315 1804 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll
16:43:27.0393 1804 IPBusEnum - ok
16:43:27.0424 1804 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys
16:43:27.0486 1804 IpFilterDriver - ok
16:43:27.0549 1804 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll
16:43:27.0627 1804 iphlpsvc - ok
16:43:27.0658 1804 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys
16:43:27.0689 1804 IPMIDRV - ok
16:43:27.0705 1804 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys
16:43:27.0736 1804 IPNAT - ok
16:43:27.0783 1804 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys
16:43:27.0845 1804 IRENUM - ok
16:43:27.0876 1804 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys
16:43:27.0892 1804 isapnp - ok
16:43:27.0923 1804 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys
16:43:27.0939 1804 iScsiPrt - ok
16:43:27.0970 1804 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\DRIVERS\kbdclass.sys
16:43:27.0986 1804 kbdclass - ok
16:43:28.0032 1804 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\DRIVERS\kbdhid.sys
16:43:28.0064 1804 kbdhid - ok
16:43:28.0079 1804 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe
16:43:28.0110 1804 KeyIso - ok
16:43:28.0142 1804 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys
16:43:28.0157 1804 KSecDD - ok
16:43:28.0204 1804 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys
16:43:28.0220 1804 KSecPkg - ok
16:43:28.0266 1804 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll
16:43:28.0329 1804 KtmRm - ok
16:43:28.0344 1804 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\system32\srvsvc.dll
16:43:28.0391 1804 LanmanServer - ok
16:43:28.0422 1804 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll
16:43:28.0469 1804 LanmanWorkstation - ok
16:43:28.0532 1804 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys
16:43:28.0594 1804 lltdio - ok
16:43:28.0641 1804 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll
16:43:28.0719 1804 lltdsvc - ok
16:43:28.0734 1804 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll
16:43:28.0797 1804 lmhosts - ok
16:43:28.0828 1804 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys
16:43:28.0844 1804 LSI_FC - ok
16:43:28.0859 1804 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys
16:43:28.0875 1804 LSI_SAS - ok
16:43:28.0890 1804 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys
16:43:28.0906 1804 LSI_SAS2 - ok
16:43:28.0937 1804 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys
16:43:28.0953 1804 LSI_SCSI - ok
16:43:28.0984 1804 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys
16:43:29.0031 1804 luafv - ok
16:43:29.0062 1804 massfilter - ok
16:43:29.0062 1804 massfilter_hs - ok
16:43:29.0109 1804 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll
16:43:29.0124 1804 Mcx2Svc - ok
16:43:29.0156 1804 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys
16:43:29.0171 1804 megasas - ok
16:43:29.0187 1804 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys
16:43:29.0218 1804 MegaSR - ok
16:43:29.0265 1804 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll
16:43:29.0327 1804 MMCSS - ok
16:43:29.0436 1804 [ 1CE0621B591913C12BECAA5B50E88BB2 ] Mobile Partner. RunOuc C:\Program Files\Mobile Partner\UpdateDog\ouc.exe
16:43:29.0452 1804 Mobile Partner. RunOuc - ok
16:43:29.0483 1804 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys
16:43:29.0546 1804 Modem - ok
16:43:29.0608 1804 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys
16:43:29.0624 1804 monitor - ok
16:43:29.0655 1804 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\DRIVERS\mouclass.sys
16:43:29.0670 1804 mouclass - ok
16:43:29.0686 1804 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys
16:43:29.0733 1804 mouhid - ok
16:43:29.0764 1804 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys
16:43:29.0780 1804 mountmgr - ok
16:43:29.0842 1804 [ 8A7C8F4C713E70D73946833D76B77035 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe
16:43:29.0858 1804 MozillaMaintenance - ok
16:43:29.0889 1804 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys
16:43:29.0904 1804 mpio - ok
16:43:29.0920 1804 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys
16:43:29.0967 1804 mpsdrv - ok
16:43:30.0029 1804 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll
16:43:30.0092 1804 MpsSvc - ok
16:43:30.0123 1804 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys
16:43:30.0154 1804 MRxDAV - ok
16:43:30.0216 1804 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys
16:43:30.0279 1804 mrxsmb - ok
16:43:30.0326 1804 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys
16:43:30.0372 1804 mrxsmb10 - ok
16:43:30.0404 1804 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys
16:43:30.0419 1804 mrxsmb20 - ok
16:43:30.0450 1804 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys
16:43:30.0466 1804 msahci - ok
16:43:30.0513 1804 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys
16:43:30.0544 1804 msdsm - ok
16:43:30.0560 1804 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe
16:43:30.0606 1804 MSDTC - ok
16:43:30.0638 1804 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys
16:43:30.0700 1804 Msfs - ok
16:43:30.0716 1804 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys
16:43:30.0747 1804 mshidkmdf - ok
16:43:30.0794 1804 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys
16:43:30.0825 1804 msisadrv - ok
16:43:30.0856 1804 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll
16:43:30.0903 1804 MSiSCSI - ok
16:43:30.0918 1804 msiserver - ok
16:43:30.0950 1804 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys
16:43:31.0028 1804 MSKSSRV - ok
16:43:31.0043 1804 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys
16:43:31.0074 1804 MSPCLOCK - ok
16:43:31.0090 1804 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys
16:43:31.0121 1804 MSPQM - ok
16:43:31.0137 1804 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys
16:43:31.0168 1804 MsRPC - ok
16:43:31.0184 1804 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys
16:43:31.0199 1804 mssmbios - ok
16:43:31.0215 1804 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys
16:43:31.0246 1804 MSTEE - ok
16:43:31.0246 1804 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys
16:43:31.0277 1804 MTConfig - ok
16:43:31.0308 1804 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys
16:43:31.0324 1804 Mup - ok
16:43:31.0371 1804 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll
16:43:31.0402 1804 napagent - ok
16:43:31.0449 1804 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys
16:43:31.0464 1804 NativeWifiP - ok
16:43:31.0652 1804 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys
16:43:31.0714 1804 NDIS - ok
16:43:31.0730 1804 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys
16:43:31.0761 1804 NdisCap - ok
16:43:31.0792 1804 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys
16:43:31.0839 1804 NdisTapi - ok
16:43:31.0870 1804 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys
16:43:31.0901 1804 Ndisuio - ok
16:43:31.0948 1804 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys
16:43:31.0995 1804 NdisWan - ok
16:43:32.0026 1804 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys
16:43:32.0057 1804 NDProxy - ok
16:43:32.0073 1804 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys
16:43:32.0120 1804 NetBIOS - ok
16:43:32.0167 1804 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys
16:43:32.0229 1804 NetBT - ok
16:43:32.0245 1804 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe
16:43:32.0260 1804 Netlogon - ok
16:43:32.0323 1804 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll
16:43:32.0401 1804 Netman - ok
16:43:32.0432 1804 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll
16:43:32.0479 1804 netprofm - ok
16:43:32.0510 1804 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe
16:43:32.0525 1804 NetTcpPortSharing - ok
16:43:32.0588 1804 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys
16:43:32.0603 1804 nfrd960 - ok
16:43:32.0650 1804 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll
16:43:32.0666 1804 NlaSvc - ok
16:43:32.0681 1804 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys
16:43:32.0713 1804 Npfs - ok
16:43:32.0744 1804 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll
16:43:32.0775 1804 nsi - ok
16:43:32.0791 1804 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys
16:43:32.0837 1804 nsiproxy - ok
16:43:32.0884 1804 [ 9CDAEBE5160B9AF02AE17C62BDB6C4B5 ] Ntfs C:\Windows\system32\drivers\Ntfs.sys
16:43:32.0931 1804 Ntfs - ok
16:43:32.0947 1804 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys
16:43:33.0009 1804 Null - ok
16:43:33.0040 1804 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys
16:43:33.0056 1804 nvraid - ok
16:43:33.0103 1804 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys
16:43:33.0118 1804 nvstor - ok
16:43:33.0149 1804 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys
16:43:33.0165 1804 nv_agp - ok
16:43:33.0181 1804 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys
16:43:33.0212 1804 ohci1394 - ok
16:43:33.0259 1804 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll
16:43:33.0352 1804 p2pimsvc - ok
16:43:33.0368 1804 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll
16:43:33.0399 1804 p2psvc - ok
16:43:33.0430 1804 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys
16:43:33.0477 1804 Parport - ok
16:43:33.0508 1804 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys
16:43:33.0524 1804 partmgr - ok
16:43:33.0539 1804 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys
16:43:33.0586 1804 Parvdm - ok
16:43:33.0617 1804 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll
16:43:33.0680 1804 PcaSvc - ok
16:43:33.0711 1804 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys
16:43:33.0742 1804 pci - ok
16:43:33.0758 1804 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys
16:43:33.0773 1804 pciide - ok
16:43:33.0805 1804 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys
16:43:33.0820 1804 pcmcia - ok
16:43:33.0820 1804 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys
16:43:33.0836 1804 pcw - ok
16:43:33.0883 1804 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys
16:43:33.0945 1804 PEAUTH - ok
16:43:34.0039 1804 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll
16:43:34.0101 1804 pla - ok
16:43:34.0179 1804 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll
16:43:34.0226 1804 PlugPlay - ok
16:43:34.0273 1804 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll
16:43:34.0319 1804 PNRPAutoReg - ok
16:43:34.0351 1804 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll
16:43:34.0382 1804 PNRPsvc - ok
16:43:34.0429 1804 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll
16:43:34.0475 1804 PolicyAgent - ok
16:43:34.0538 1804 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll
16:43:34.0585 1804 Power - ok
16:43:34.0631 1804 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys
16:43:34.0663 1804 PptpMiniport - ok
16:43:34.0678 1804 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys
16:43:34.0709 1804 Processor - ok
16:43:34.0772 1804 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll
16:43:34.0850 1804 ProfSvc - ok
16:43:34.0865 1804 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe
16:43:34.0881 1804 ProtectedStorage - ok
16:43:34.0912 1804 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys
16:43:34.0959 1804 Psched - ok
16:43:35.0006 1804 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys
16:43:35.0037 1804 ql2300 - ok
16:43:35.0084 1804 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys
16:43:35.0099 1804 ql40xx - ok
16:43:35.0146 1804 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll
16:43:35.0177 1804 QWAVE - ok
16:43:35.0193 1804 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys
16:43:35.0209 1804 QWAVEdrv - ok
16:43:35.0240 1804 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys
16:43:35.0333 1804 RasAcd - ok
16:43:35.0380 1804 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys
16:43:35.0427 1804 RasAgileVpn - ok
16:43:35.0443 1804 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll
16:43:35.0489 1804 RasAuto - ok
16:43:35.0521 1804 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys
16:43:35.0599 1804 Rasl2tp - ok
16:43:35.0661 1804 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll
16:43:35.0708 1804 RasMan - ok
16:43:35.0739 1804 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys
16:43:35.0786 1804 RasPppoe - ok
16:43:35.0833 1804 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys
16:43:35.0879 1804 RasSstp - ok
16:43:35.0926 1804 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys
16:43:35.0989 1804 rdbss - ok
16:43:36.0020 1804 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys
16:43:36.0035 1804 rdpbus - ok
16:43:36.0082 1804 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys
16:43:36.0113 1804 RDPCDD - ok
16:43:36.0145 1804 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys
16:43:36.0191 1804 RDPENCDD - ok
16:43:36.0223 1804 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys
16:43:36.0254 1804 RDPREFMP - ok
16:43:36.0285 1804 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys
16:43:36.0332 1804 RDPWD - ok
16:43:36.0379 1804 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys
16:43:36.0394 1804 rdyboost - ok
16:43:36.0425 1804 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll
16:43:36.0472 1804 RemoteAccess - ok
16:43:36.0503 1804 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll
16:43:36.0535 1804 RemoteRegistry - ok
16:43:36.0597 1804 [ CB928D9E6DAF51879DD6BA8D02F01321 ] RFCOMM C:\Windows\system32\DRIVERS\rfcomm.sys
16:43:36.0628 1804 RFCOMM - ok
16:43:36.0659 1804 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll
16:43:36.0706 1804 RpcEptMapper - ok
16:43:36.0769 1804 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe
16:43:36.0862 1804 RpcLocator - ok
16:43:36.0893 1804 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll
16:43:36.0940 1804 RpcSs - ok
16:43:37.0003 1804 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys
16:43:37.0049 1804 rspndr - ok
16:43:37.0112 1804 [ 6E5FBB7CBAEC47038B945D5E9B144A64 ] SABI C:\Windows\system32\Drivers\SABI.sys
16:43:37.0143 1804 SABI - ok
16:43:37.0159 1804 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe
16:43:37.0174 1804 SamSs - ok
16:43:37.0190 1804 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys
16:43:37.0205 1804 sbp2port - ok
16:43:37.0330 1804 [ 794D4B48DFB6E999537C7C3947863463 ] SBSDWSCService C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
16:43:37.0361 1804 SBSDWSCService - ok
16:43:37.0408 1804 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll
16:43:37.0455 1804 SCardSvr - ok
16:43:37.0564 1804 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys
16:43:37.0627 1804 scfilter - ok
16:43:37.0689 1804 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll
16:43:37.0751 1804 Schedule - ok
16:43:37.0767 1804 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll
16:43:37.0798 1804 SCPolicySvc - ok
16:43:37.0845 1804 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll
16:43:37.0923 1804 SDRSVC - ok
16:43:37.0970 1804 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys
16:43:38.0079 1804 secdrv - ok
16:43:38.0141 1804 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll
16:43:38.0173 1804 seclogon - ok
16:43:38.0251 1804 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\System32\sens.dll
16:43:38.0313 1804 SENS - ok
16:43:38.0375 1804 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll
16:43:38.0578 1804 SensrSvc - ok
16:43:38.0609 1804 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys
16:43:38.0703 1804 Serenum - ok
16:43:38.0797 1804 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys
16:43:38.0890 1804 Serial - ok
16:43:38.0906 1804 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys
16:43:38.0937 1804 sermouse - ok
16:43:38.0984 1804 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll
16:43:39.0015 1804 SessionEnv - ok
16:43:39.0046 1804 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys
16:43:39.0062 1804 sffdisk - ok
16:43:39.0077 1804 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys
16:43:39.0109 1804 sffp_mmc - ok
16:43:39.0109 1804 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys
16:43:39.0140 1804 sffp_sd - ok
16:43:39.0155 1804 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys
16:43:39.0202 1804 sfloppy - ok
16:43:39.0280 1804 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll
16:43:39.0343 1804 SharedAccess - ok
16:43:39.0389 1804 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll
16:43:39.0421 1804 ShellHWDetection - ok
16:43:39.0467 1804 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys
16:43:39.0483 1804 sisagp - ok
16:43:39.0530 1804 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys
16:43:39.0545 1804 SiSRaid2 - ok
16:43:39.0561 1804 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys
16:43:39.0577 1804 SiSRaid4 - ok
16:43:39.0623 1804 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys
16:43:39.0670 1804 Smb - ok
16:43:39.0733 1804 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe
16:43:39.0764 1804 SNMPTRAP - ok
16:43:39.0795 1804 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys
16:43:39.0811 1804 spldr - ok
16:43:39.0842 1804 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe
16:43:39.0920 1804 Spooler - ok
16:43:40.0029 1804 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe
16:43:40.0123 1804 sppsvc - ok
16:43:40.0154 1804 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll
16:43:40.0201 1804 sppuinotify - ok
16:43:40.0247 1804 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys
16:43:40.0279 1804 srv - ok
16:43:40.0325 1804 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys
16:43:40.0372 1804 srv2 - ok
16:43:40.0403 1804 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys
16:43:40.0435 1804 srvnet - ok
16:43:40.0481 1804 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll
16:43:40.0528 1804 SSDPSRV - ok
16:43:40.0606 1804 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys
16:43:40.0622 1804 ssmdrv - ok
16:43:40.0637 1804 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll
16:43:40.0669 1804 SstpSvc - ok
16:43:40.0700 1804 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys
16:43:40.0747 1804 stexstor - ok
16:43:40.0809 1804 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll
16:43:40.0840 1804 StiSvc - ok
16:43:40.0903 1804 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys
16:43:40.0918 1804 swenum - ok
16:43:40.0981 1804 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll
16:43:41.0059 1804 swprv - ok
16:43:41.0121 1804 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll
16:43:41.0183 1804 SysMain - ok
16:43:41.0230 1804 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll
16:43:41.0293 1804 TabletInputService - ok
16:43:41.0355 1804 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll
16:43:41.0417 1804 TapiSrv - ok
16:43:41.0449 1804 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll
16:43:41.0511 1804 TBS - ok
16:43:41.0589 1804 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys
16:43:41.0636 1804 Tcpip - ok
16:43:41.0667 1804 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys
16:43:41.0698 1804 TCPIP6 - ok
16:43:41.0745 1804 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys
16:43:41.0776 1804 tcpipreg - ok
16:43:41.0823 1804 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys
16:43:41.0854 1804 TDPIPE - ok
16:43:41.0901 1804 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys
16:43:41.0963 1804 TDTCP - ok
16:43:42.0010 1804 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys
16:43:42.0073 1804 tdx - ok
16:43:42.0088 1804 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys
16:43:42.0104 1804 TermDD - ok
16:43:42.0151 1804 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll
16:43:42.0213 1804 TermService - ok
16:43:42.0244 1804 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll
16:43:42.0275 1804 Themes - ok
16:43:42.0307 1804 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll
16:43:42.0338 1804 THREADORDER - ok
16:43:42.0369 1804 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll
16:43:42.0416 1804 TrkWks - ok
16:43:42.0494 1804 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe
16:43:42.0525 1804 TrustedInstaller - ok
16:43:42.0572 1804 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys
16:43:42.0587 1804 tssecsrv - ok
16:43:42.0650 1804 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys
16:43:42.0697 1804 TsUsbFlt - ok
16:43:42.0743 1804 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys
16:43:42.0775 1804 tunnel - ok
16:43:42.0821 1804 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys
16:43:42.0837 1804 uagp35 - ok
16:43:42.0884 1804 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys
16:43:42.0915 1804 udfs - ok
16:43:42.0962 1804 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe
16:43:42.0993 1804 UI0Detect - ok
16:43:43.0055 1804 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys
16:43:43.0071 1804 uliagpkx - ok
16:43:43.0118 1804 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys
16:43:43.0133 1804 umbus - ok
16:43:43.0165 1804 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys
16:43:43.0180 1804 UmPass - ok
16:43:43.0211 1804 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll
16:43:43.0243 1804 upnphost - ok
16:43:43.0289 1804 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys
16:43:43.0321 1804 usbccgp - ok
16:43:43.0336 1804 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys
16:43:43.0383 1804 usbcir - ok
16:43:43.0399 1804 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\DRIVERS\usbehci.sys
16:43:43.0414 1804 usbehci - ok
16:43:43.0445 1804 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys
16:43:43.0477 1804 usbhub - ok
16:43:43.0508 1804 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys
16:43:43.0523 1804 usbohci - ok
16:43:43.0586 1804 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys
16:43:43.0601 1804 usbprint - ok
16:43:43.0648 1804 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys
16:43:43.0679 1804 usbscan - ok
16:43:43.0695 1804 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS
16:43:43.0742 1804 USBSTOR - ok
16:43:43.0757 1804 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\DRIVERS\usbuhci.sys
16:43:43.0804 1804 usbuhci - ok
16:43:43.0867 1804 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys
16:43:43.0898 1804 usbvideo - ok
16:43:43.0929 1804 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll
16:43:43.0976 1804 UxSms - ok
16:43:43.0991 1804 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe
16:43:44.0007 1804 VaultSvc - ok
16:43:44.0023 1804 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys
16:43:44.0038 1804 vdrvroot - ok
16:43:44.0085 1804 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe
16:43:44.0147 1804 vds - ok
16:43:44.0179 1804 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys
16:43:44.0194 1804 vga - ok
16:43:44.0210 1804 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys
16:43:44.0241 1804 VgaSave - ok
16:43:44.0288 1804 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys
16:43:44.0303 1804 vhdmp - ok
16:43:44.0350 1804 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys
16:43:44.0366 1804 viaagp - ok
16:43:44.0381 1804 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys
16:43:44.0413 1804 ViaC7 - ok
16:43:44.0428 1804 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys
16:43:44.0444 1804 viaide - ok
16:43:44.0459 1804 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys
16:43:44.0475 1804 volmgr - ok
16:43:44.0506 1804 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys
16:43:44.0522 1804 volmgrx - ok
16:43:44.0537 1804 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys
16:43:44.0569 1804 volsnap - ok
16:43:44.0584 1804 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys
16:43:44.0600 1804 vsmraid - ok
16:43:44.0662 1804 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe
16:43:44.0709 1804 VSS - ok
16:43:44.0725 1804 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys
16:43:44.0756 1804 vwifibus - ok
16:43:44.0787 1804 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys
16:43:44.0818 1804 vwififlt - ok
16:43:44.0849 1804 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys
16:43:44.0881 1804 vwifimp - ok
16:43:44.0912 1804 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll
16:43:44.0959 1804 W32Time - ok
16:43:45.0005 1804 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys
16:43:45.0021 1804 WacomPen - ok
16:43:45.0052 1804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys
16:43:45.0083 1804 WANARP - ok
16:43:45.0083 1804 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys
16:43:45.0115 1804 Wanarpv6 - ok
16:43:45.0161 1804 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe
16:43:45.0208 1804 wbengine - ok
16:43:45.0224 1804 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll
16:43:45.0255 1804 WbioSrvc - ok
16:43:45.0286 1804 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll
16:43:45.0333 1804 wcncsvc - ok
16:43:45.0349 1804 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll
16:43:45.0411 1804 WcsPlugInService - ok
16:43:45.0442 1804 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys
16:43:45.0458 1804 Wd - ok
16:43:45.0505 1804 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys
16:43:45.0551 1804 Wdf01000 - ok
16:43:45.0567 1804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll
16:43:45.0661 1804 WdiServiceHost - ok
16:43:45.0661 1804 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll
16:43:45.0676 1804 WdiSystemHost - ok
16:43:45.0723 1804 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll
16:43:45.0770 1804 WebClient - ok
16:43:45.0817 1804 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll
16:43:45.0848 1804 Wecsvc - ok
16:43:45.0879 1804 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll
16:43:45.0926 1804 wercplsupport - ok
16:43:45.0973 1804 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll
16:43:46.0019 1804 WerSvc - ok
16:43:46.0082 1804 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys
16:43:46.0113 1804 WfpLwf - ok
16:43:46.0129 1804 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys
16:43:46.0144 1804 WIMMount - ok
16:43:46.0238 1804 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll
16:43:46.0285 1804 WinDefend - ok
16:43:46.0300 1804 WinHttpAutoProxySvc - ok
16:43:46.0363 1804 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll
16:43:46.0409 1804 Winmgmt - ok
16:43:46.0472 1804 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll
16:43:46.0519 1804 WinRM - ok
16:43:46.0597 1804 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys
16:43:46.0612 1804 WinUsb - ok
16:43:46.0659 1804 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll
16:43:46.0706 1804 Wlansvc - ok
16:43:46.0862 1804 [ 5144AE67D60EC653F97DDF3FEED29E77 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
16:43:46.0909 1804 wlidsvc - ok
16:43:46.0940 1804 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys
16:43:46.0987 1804 WmiAcpi - ok
16:43:47.0065 1804 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe
16:43:47.0158 1804 wmiApSrv - ok
16:43:47.0267 1804 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe
16:43:47.0330 1804 WMPNetworkSvc - ok
16:43:47.0361 1804 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll
16:43:47.0439 1804 WPCSvc - ok
16:43:47.0486 1804 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll
16:43:47.0579 1804 WPDBusEnum - ok
16:43:47.0611 1804 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys
16:43:47.0673 1804 ws2ifsl - ok
16:43:47.0689 1804 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\System32\wscsvc.dll
16:43:47.0720 1804 wscsvc - ok
16:43:47.0720 1804 WSearch - ok
16:43:47.0813 1804 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll
16:43:47.0860 1804 wuauserv - ok
16:43:47.0891 1804 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys
16:43:47.0923 1804 WudfPf - ok
16:43:47.0985 1804 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys
16:43:48.0016 1804 WUDFRd - ok
16:43:48.0063 1804 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll
16:43:48.0094 1804 wudfsvc - ok
16:43:48.0141 1804 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll
16:43:48.0172 1804 WwanSvc - ok
16:43:48.0219 1804 [ B07C5B7EFDF936FF93D4F540938725BE ] yukonw7 C:\Windows\system32\DRIVERS\yk62x86.sys
16:43:48.0250 1804 yukonw7 - ok
16:43:48.0281 1804 ZTEusbmdm6k - ok
16:43:48.0313 1804 ZTEusbnmea - ok
16:43:48.0313 1804 ZTEusbser6k - ok
16:43:48.0375 1804 ================ Scan global ===============================
16:43:48.0422 1804 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll
16:43:48.0469 1804 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:43:48.0484 1804 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll
16:43:48.0515 1804 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll
16:43:48.0578 1804 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe
16:43:48.0578 1804 [Global] - ok
16:43:48.0578 1804 ================ Scan MBR ==================================
16:43:48.0593 1804 [ 61A349592C4728853F4A90FF78F7628E ] \Device\Harddisk0\DR0
16:43:49.0061 1804 \Device\Harddisk0\DR0 - ok
16:43:49.0061 1804 ================ Scan VBR ==================================
16:43:49.0093 1804 [ 8052CBDE7584F5ECDD48AA0F291F7799 ] \Device\Harddisk0\DR0\Partition1
16:43:49.0093 1804 \Device\Harddisk0\DR0\Partition1 - ok
16:43:49.0124 1804 [ 78A4A76261EC67649EBE7FF84F5652D7 ] \Device\Harddisk0\DR0\Partition2
16:43:49.0124 1804 \Device\Harddisk0\DR0\Partition2 - ok
16:43:49.0124 1804 ============================================================
16:43:49.0124 1804 Scan finished
16:43:49.0124 1804 ============================================================
16:43:49.0155 3380 Detected object count: 0
16:43:49.0155 3380 Actual detected object count: 0
|
|
11.04.2013, 15:49
| #12 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Dann bitte jetzt Combofix ausführen: Scan mit Combofix
__________________ Logfiles bitte immer in CODE-Tags posten |
|
11.04.2013, 16:25
| #13 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) Hallo cosinus ,hier nun der ComboFix-Log: Code:
ATTFilter ComboFix 13-04-10.02 - admin 11.04.2013 17:02:14.1.2 - x86
Microsoft Windows 7 Home Premium 6.1.7601.1.1252.49.1031.18.3037.1976 [GMT 2:00]
ausgeführt von:: c:\users\Ich\Desktop\ComboFix.exe
AV: Avira Desktop *Disabled/Updated* {F67B4DE5-C0B4-6C3F-0EFF-6C83BD5D0C2C}
SP: Avira Desktop *Disabled/Updated* {4D1AAC01-E68E-63B1-344F-57F1C6DA4691}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((( Weitere Löschungen ))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Ich\4.0
c:\windows\system32\SET3EF0.tmp
c:\windows\system32\SET4559.tmp
.
.
((((((((((((((((((((((( Dateien erstellt von 2013-03-11 bis 2013-04-11 ))))))))))))))))))))))))))))))
.
.
2013-04-11 15:10 . 2013-04-11 15:10 -------- d-----w- c:\users\Ich\AppData\Local\temp
2013-04-11 15:10 . 2013-04-11 15:10 -------- d-----w- c:\users\Default\AppData\Local\temp
2013-04-11 15:10 . 2013-04-11 15:11 -------- d-----w- c:\users\admin\AppData\Local\temp
2013-04-11 15:03 . 2013-04-11 15:03 60872 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C71754-F53C-47A1-902C-04782AA57047}\offreg.dll
2013-04-10 20:11 . 2013-02-21 10:30 217600 ----a-w- c:\program files\Internet Explorer\sqmapi.dll
2013-04-10 16:14 . 2013-04-10 16:14 -------- d-----w- c:\users\admin\AppData\Roaming\Malwarebytes
2013-04-10 16:14 . 2013-04-10 16:14 -------- d-----w- c:\programdata\Malwarebytes
2013-04-10 16:14 . 2013-04-10 16:14 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2013-04-10 16:14 . 2013-04-04 12:50 22856 ----a-w- c:\windows\system32\drivers\mbam.sys
2013-04-10 16:13 . 2013-04-10 16:13 -------- d-----w- c:\users\admin\AppData\Local\Programs
2013-04-10 16:05 . 2013-03-01 03:09 2347008 ----a-w- c:\windows\system32\win32k.sys
2013-04-10 16:05 . 2013-02-15 04:37 3217408 ----a-w- c:\windows\system32\mstscax.dll
2013-04-10 16:05 . 2013-02-15 04:34 131584 ----a-w- c:\windows\system32\aaclient.dll
2013-04-10 16:05 . 2013-02-15 03:25 36864 ----a-w- c:\windows\system32\tsgqec.dll
2013-04-10 16:04 . 2013-03-19 05:04 3968856 ----a-w- c:\windows\system32\ntkrnlpa.exe
2013-04-10 16:04 . 2013-03-19 05:04 3913560 ----a-w- c:\windows\system32\ntoskrnl.exe
2013-04-10 16:04 . 2013-03-19 04:48 38912 ----a-w- c:\windows\system32\csrsrv.dll
2013-04-10 16:04 . 2013-03-19 02:49 69632 ----a-w- c:\windows\system32\smss.exe
2013-04-10 16:04 . 2013-03-02 05:07 1212264 ----a-w- c:\windows\system32\drivers\ntfs.sys
2013-04-10 16:04 . 2013-01-24 04:47 196328 ----a-w- c:\windows\system32\drivers\fvevol.sys
2013-04-09 09:55 . 2013-03-15 07:21 7108640 ----a-w- c:\programdata\Microsoft\Windows Defender\Definition Updates\{34C71754-F53C-47A1-902C-04782AA57047}\mpengine.dll
2013-04-06 16:48 . 2013-04-06 16:48 -------- d-----w- c:\windows\system32\wbem\en-US
2013-04-05 21:42 . 2013-04-05 21:42 9728 ---ha-w- c:\windows\system32\api-ms-win-downlevel-shlwapi-l1-1-0.dll
2013-03-30 22:30 . 2013-03-30 22:30 -------- d-----w- c:\users\admin\AppData\Roaming\OpenOffice.org
2013-03-30 22:28 . 2013-03-30 22:28 -------- d-----w- c:\users\admin\AppData\Roaming\Avira
2013-03-24 09:59 . 2013-03-24 09:59 -------- d-----w- c:\users\Ich\AppData\Roaming\Avira
2013-03-24 09:54 . 2013-03-28 09:12 84744 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2013-03-24 09:54 . 2013-03-28 09:12 37352 ----a-w- c:\windows\system32\drivers\avkmgr.sys
2013-03-24 09:54 . 2013-03-28 09:12 135136 ----a-w- c:\windows\system32\drivers\avipbb.sys
2013-03-24 09:54 . 2013-03-24 09:54 -------- d-----w- c:\program files\Avira
2013-03-20 21:05 . 2013-02-12 03:32 15872 ----a-w- c:\windows\system32\drivers\usb8023.sys
.
.
.
(((((((((((((((((((((((((((((((((((( Find3M Bericht ))))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2013-03-21 11:54 . 2012-10-08 18:08 861088 ----a-w- c:\windows\system32\npDeployJava1.dll
2013-03-21 11:54 . 2010-11-22 13:04 782240 ----a-w- c:\windows\system32\deployJava1.dll
2013-03-19 18:34 . 2012-04-03 10:41 693976 ----a-w- c:\windows\system32\FlashPlayerApp.exe
2013-03-19 18:34 . 2011-05-30 18:39 73432 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2013-03-11 23:10 . 2010-01-31 10:41 237088 ------w- c:\windows\system32\MpSigStub.exe
2013-02-12 04:48 . 2013-03-19 17:21 474112 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2013-02-12 04:48 . 2013-03-19 17:21 2176512 ----a-w- c:\windows\apppatch\AcGenral.dll
2013-02-05 20:36 . 2010-06-27 20:22 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup-2\markup.dll
2013-02-05 20:30 . 2010-06-27 20:22 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM-2\StartResources.dll
2013-02-05 20:30 . 2010-07-02 12:48 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight-2\SpotlightResources.dll
2013-01-24 17:30 . 2010-06-24 13:24 893552 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\UpdateableMarkup\markup.dll
2013-01-24 17:29 . 2010-06-24 13:15 42776 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCEClientUX\dSM\StartResources.dll
2013-01-24 17:29 . 2010-06-24 13:15 1236816 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2013-03-19 17:56 . 2013-03-19 17:56 263064 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
(((((((((((((((((((((((((((( Autostartpunkte der Registrierung ))))))))))))))))))))))))))))))))))))))))
.
.
*Hinweis* leere Einträge & legitime Standardeinträge werden nicht angezeigt.
REGEDIT4
.
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\URLSearchHooks]
"{00000000-6E41-4FD3-8538-502F5495E5FC}"= "c:\program files\Ask.com\GenericAskToolbar.dll" [2013-02-08 1521800]
.
[HKEY_CLASSES_ROOT\clsid\{00000000-6e41-4fd3-8538-502f5495e5fc}]
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Philips Device Listener"="c:\program files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe" [2010-05-27 375296]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2010-03-12 49208]
"B2C_AGENT"="c:\programdata\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe" [2012-03-28 404568]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2012-12-03 946352]
"ApnUpdater"="c:\program files\Ask.com\Updater\Updater.exe" [2013-02-08 1644680]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2013-03-28 345312]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
" Malwarebytes Anti-Malware "="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2013-04-04 532040]
" Malwarebytes Anti-Malware (cleanup)"="c:\programdata\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll" [2013-04-04 1127496]
"Z1"="c:\users\Ich\Desktop\mbar-1.01.0.1022\mbar\mbar.exe" [2013-04-11 1363016]
.
c:\users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
c:\users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
OpenOffice.org 3.4.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2012-8-13 1199104]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"ConsentPromptBehaviorAdmin"= 5 (0x5)
"EnableUIADesktopToggle"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"aux1"=wdmaud.drv
.
R2 HWDeviceService.exe;HWDeviceService.exe;c:\programdata\DatacardService\HWDeviceService.exe [x]
R2 Mobile Partner. RunOuc;Mobile Partner. OUC;c:\program files\Mobile Partner\UpdateDog\ouc.exe [x]
R3 Andbus;LGE Android Platform Composite USB Device;c:\windows\system32\DRIVERS\lgandbus.sys [x]
R3 AndDiag;LGE Android Platform USB Serial Port;c:\windows\system32\DRIVERS\lganddiag.sys [x]
R3 AndGps;LGE Android Platform USB GPS NMEA Port;c:\windows\system32\DRIVERS\lgandgps.sys [x]
R3 ANDModem;LGE Android Platform USB Modem;c:\windows\system32\DRIVERS\lgandmodem.sys [x]
R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys [x]
R3 massfilter;Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter.sys [x]
R3 massfilter_hs;USB Mass Storage Filter Driver;c:\windows\system32\drivers\massfilter_hs.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys [x]
S1 avkmgr;avkmgr;c:\windows\system32\DRIVERS\avkmgr.sys [x]
S1 SABI;SAMSUNG Kernel Driver For Windows 7;c:\windows\system32\Drivers\SABI.sys [x]
S2 AMD External Events Utility;AMD External Events Utility;c:\windows\system32\atiesrxx.exe [x]
S2 AntiVirSchedulerService;Avira Planer;c:\program files\Avira\AntiVir Desktop\sched.exe [x]
S2 AntiVirWebService;Avira Browser-Schutz;c:\program files\Avira\AntiVir Desktop\AVWEBGRD.EXE [x]
S2 SBSDWSCService;SBSD Security Center Service;c:\program files\Spybot - Search & Destroy\SDWinSec.exe [x]
S3 ewusbmbb;HUAWEI USB-WWAN miniport;c:\windows\system32\DRIVERS\ewusbwwan.sys [x]
S3 huawei_enumerator;huawei_enumerator;c:\windows\system32\DRIVERS\ew_jubusenum.sys [x]
S3 yukonw7;NDIS6.2-Miniporttreiber für Marvell Yukon-Ethernet-Controller;c:\windows\system32\DRIVERS\yk62x86.sys [x]
.
.
--- Andere Dienste/Treiber im Speicher ---
.
*NewlyCreated* - 41695402
*NewlyCreated* - 75610312
*NewlyCreated* - ASWMBR
*NewlyCreated* - UGDDAPOB
*Deregistered* - 41695402
*Deregistered* - 75610312
*Deregistered* - aswMBR
*Deregistered* - ugddapob
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
LocalServiceAndNoImpersonation REG_MULTI_SZ SSDPSRV upnphost SCardSvr TBS fdrespub AppIDSvc QWAVE wcncsvc Mcx2Svc SensrSvc
.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - LocalService
FontCache
.
.
Inhalt des "geplante Tasks" Ordners
.
2013-04-11 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe [2012-04-03 18:34]
.
.
------- Zusätzlicher Suchlauf -------
.
uStart Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn
LSP: c:\program files\Avira\AntiVir Desktop\avsda.dll
TCP: Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.225 193.189.244.206
TCP: Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225
FF - ProfilePath - c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - ExtSQL: 2013-02-12 19:42; toolbar@ask.com; c:\users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\extensions\toolbar@ask.com
.
.
--------------------- Gesperrte Registrierungsschluessel ---------------------
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil32_11_6_602_180_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{73C9DFA0-750D-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}]
@Denied: (A 2) (Everyone)
@="IFlashBroker5"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{6AE38AE0-750C-11E1-B0C4-0800200C9A66}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0001\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0002\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0003\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0004\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0005\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0006\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0007\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0008\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0009\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
Zeit der Fertigstellung: 2013-04-11 17:13:51
ComboFix-quarantined-files.txt 2013-04-11 15:13
.
Vor Suchlauf: 9 Verzeichnis(se), 63.260.598.272 Bytes frei
Nach Suchlauf: 14 Verzeichnis(se), 63.623.446.528 Bytes frei
.
- - End Of File - - A3FA7EF071F84906731DFAFDB3914726
|
|
12.04.2013, 12:20
| #14 |
| /// Winkelfunktion /// TB-Süch-Tiger™ | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte  AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
|
12.04.2013, 20:28
| #15 |
| | Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) JRT: Code:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Thisisu
Version: 4.8.3 (04.05.2013:1)
OS: Windows 7 Home Premium x86
Ran by admin on 12.04.2013 at 20:55:06,65
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~ Services
~~~ Registry Values
Successfully deleted: [Registry Value] hkey_local_machine\software\microsoft\windows\currentversion\run\\apnupdater
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\DisplayName
Successfully repaired: [Registry Value] hkey_local_machine\software\microsoft\internet explorer\searchscopes\{0633ee93-d776-472f-a0ff-e1416b8b2e3a}\\URL
~~~ Registry Keys
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\appid\genericasktoolbar.dll
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\features\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\products\a28b4d68debaa244eb686953b7074fef
Successfully deleted: [Registry Key] hkey_local_machine\software\classes\installer\upgradecodes\f928123a039649549966d4c29d35b1c9
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\bundlesweetimsetup_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetim_rasmancs
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasapi32
Successfully deleted: [Registry Key] hkey_local_machine\software\microsoft\tracing\sweetpacksupdatemanager_rasmancs
~~~ Files
~~~ Folders
~~~ FireFox
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\{eee6c361-6118-11dc-9c72-001320c79847}.xpi
Successfully deleted: [File] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\searchplugins\askcom.xml
Successfully deleted: [Folder] C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\extensions\toolbar@ask.com
Successfully deleted the following from C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\prefs.js
user_pref("browser.search.defaultengine", "Ask.com");
user_pref("browser.search.order.1", "Ask.com");
user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
user_pref("extensions.asktb.apn_dbr", "ff_15.0.1");
user_pref("extensions.asktb.autofill-text-highlight-enabled", true);
user_pref("extensions.asktb.cbid", "^ABT");
user_pref("extensions.asktb.config-updated", true);
user_pref("extensions.asktb.crumb", "2013.02.12+10.41.31-toolbar002iad-DE-TXVuaWNoLEdlcm1hbnk%3D");
user_pref("extensions.asktb.default-channel-url-mask", "hxxp://avira-int.ask.com/web?q={query}&qsrc={qsrc}&o={o}&l={l}&gct=bar&locale={locale}");
user_pref("extensions.asktb.domain", "avira-int.ask.com");
user_pref("extensions.asktb.domainName", "avira-int.ask.com");
user_pref("extensions.asktb.dtid", "^YYYYYY^YY^DE");
user_pref("extensions.asktb.ff-original-keyword-url", "");
user_pref("extensions.asktb.fresh-install", false);
user_pref("extensions.asktb.guid", "0a52e595-6f8c-416f-a1d8-fac4f371e78f");
user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com\", \"www.facebook.com\", \"www.playsushi.com\", \"WWW.google.com\", \"hxxp
user_pref("extensions.asktb.if", "first");
user_pref("extensions.asktb.keyword-toggled-in-session", false);
user_pref("extensions.asktb.l", "dis");
user_pref("extensions.asktb.last-config-req", "1365357306564");
user_pref("extensions.asktb.last-search-timestamp", "1365357847020");
user_pref("extensions.asktb.locale", "de_DE");
user_pref("extensions.asktb.localePref", true);
user_pref("extensions.asktb.location", "Munich,Germany");
user_pref("extensions.asktb.new-tab-opt-out", true);
user_pref("extensions.asktb.notification-shown", true);
user_pref("extensions.asktb.o", "APN10395");
user_pref("extensions.asktb.overlay-reloaded-using-restart", true);
user_pref("extensions.asktb.qsrc", "2871");
user_pref("extensions.asktb.r", "20");
user_pref("extensions.asktb.sa", "YES");
user_pref("extensions.asktb.saguid", "38AF023F-C93E-49BE-BAC0-5EF0E69E326B");
user_pref("extensions.asktb.search-history-queries", "kurt cobain||Online-Trojaner Checker||CCleaner");
user_pref("extensions.asktb.search-suggestions-enabled", true);
user_pref("extensions.asktb.silent-upgrade", true);
user_pref("extensions.asktb.silent-upgrade-from-pre-newtabs-build", false);
user_pref("extensions.asktb.socialmini-native-on", true);
user_pref("extensions.asktb.themeid", "");
user_pref("extensions.asktb.timeinstalled", "12.02.2013 19:42:33");
user_pref("extensions.asktb.to", "");
user_pref("extensions.asktb.v", "3.15.18.100015");
user_pref("extensions.asktb.version", "5.15.18.37268");
Emptied folder: C:\Users\admin\AppData\Roaming\mozilla\firefox\profiles\hynkrtid.default\minidumps [3 files]
~~~ Event Viewer Logs were cleared
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 12.04.2013 at 20:58:06,34
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
AdwCleaner: Code:
ATTFilter # AdwCleaner v2.200 - Datei am 12/04/2013 um 21:08:02 erstellt
# Aktualisiert am 02/04/2013 von Xplode
# Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits)
# Benutzer : admin - PRIVATE
# Bootmodus : Normal
# Ausgeführt unter : C:\Users\Ich\Desktop\adwcleaner.exe
# Option [Löschen]
**** [Dienste] ****
***** [Dateien / Ordner] *****
Datei Gelöscht : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\b1rs201o.default\foxydeal.sqlite
Ordner Gelöscht : C:\Program Files\Ask.com
Ordner Gelöscht : C:\Users\admin\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Users\Ich\AppData\LocalLow\AskToolbar
Ordner Gelöscht : C:\Windows\Installer\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
***** [Registrierungsdatenbank] *****
Schlüssel Gelöscht : HKCU\Software\APN
Schlüssel Gelöscht : HKCU\Software\AppDataLow\Software\AskToolbar
Schlüssel Gelöscht : HKCU\Software\Ask.com
Schlüssel Gelöscht : HKCU\Software\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\{79A765E1-C399-405B-85AF-466F52E918B0}
Schlüssel Gelöscht : HKLM\Software\APN
Schlüssel Gelöscht : HKLM\Software\AskToolbar
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\AppID\{9B0CB95C-933A-4B8C-B6D4-EDCD19A43874}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\CLSID\{00000000-6E41-4FD3-8538-502F5495E5FC}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{6C434537-053E-486D-B62A-160059D9D456}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{91CF619A-4686-4CA4-9232-3B2E6B63AA92}
Schlüssel Gelöscht : HKLM\SOFTWARE\Classes\Interface\{AC71B60E-94C9-4EDE-BA46-E146747BB67E}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{A5AA24EA-11B8-4113-95AE-9ED71DEAF12A}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{F994E0D9-8335-48F1-99C2-A712C21F8D5F}
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASAPI32
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Tracing\apntoolbarinstaller_RASMANCS
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UpgradeCodes\F928123A039649549966D4C29D35B1C9
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0CFE535C35F99574E8340BFA75BF92C2
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0E12F736682067FDE4D1158D5940A82E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\120DFADEB50841F408F04D2A278F9509
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\1A24B5BB8521B03E0C8D908F5ABC0AE6
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\261F213D1F55267499B1F87D0CC3BCF7
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\2B0D56C4F4C46D844A57FFED6F0D2852
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\49D4375FE41653242AEA4C969E4E65E0
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6AA0923513360135B272E8289C5F13FA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\6F7467AF8F29C134CBBAB394ECCFDE96
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\741B4ADF27276464790022C965AB6DA8
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\7DE196B10195F5647A2B21B761F3DE01
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\922525DCC5199162F8935747CA3D8E59
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\9D4F5849367142E4685ED8C25E44C5ED
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A5875B04372C19545BEB90D4D606C472
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\A876D9E80B896EC44A8620248CC79296
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B5BAE2ED018083A4C8DA86D6E3F4B024
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\B66FFAB725B92594C986DE826A867888
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\BCDA179D619B91648538E3394CAC94CC
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\D677B1A9671D4D4004F6F2A4469E86EA
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\DD1402A9DD4215A43ABDE169A41AFA0E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\E36E114A0EAD2AD46B381D23AD69CDDF
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\EF8E618DB3AEDFBB384561B5C548F65E
Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\A28B4D68DEBAA244EB686953B7074FEF
Schlüssel Gelöscht : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{86D4B82A-ABED-442A-BE86-96357B70F4FE}
Wert Gelöscht : HKCU\Software\Microsoft\Internet Explorer\URLSearchHooks [{00000000-6E41-4FD3-8538-502F5495E5FC}]
***** [Internet Browser] *****
-\\ Internet Explorer v10.0.9200.16537
[OK] Die Registrierungsdatenbank ist sauber.
-\\ Mozilla Firefox v20.0.1 (de)
Datei : C:\Users\admin\AppData\Roaming\Mozilla\Firefox\Profiles\hynkrtid.default\prefs.js
Gelöscht : user_pref("extensions.asktb.InstallDir", "C:\\Program Files\\Ask.com\\");
Gelöscht : user_pref("extensions.asktb.hxxp-header-whitelist-hosts", "[\"static-dev.en.dev.ask.com\", \"ask.com[...]
Gelöscht : user_pref("extensions.enabledAddons", "toolbar%40ask.com:3.15.18.100015,%7B972ce4c6-7e08-4474-a285-3[...]
Datei : C:\Users\Ich\AppData\Roaming\Mozilla\Firefox\Profiles\b1rs201o.default\prefs.js
Gelöscht : user_pref("browser.search.defaultengine", "Ask.com");
Gelöscht : user_pref("browser.search.defaultenginename", "Ask.com");
Gelöscht : user_pref("browser.search.order.1", "Ask.com");
Gelöscht : user_pref("extensions.asktb.ff-original-keyword-url", "");
Gelöscht : user_pref("keyword.URL", "hxxp://websearch.ask.com/redirect?client=ff&src=kw&tb=AVR-3&o=APN10395&loc[...]
*************************
AdwCleaner[S1].txt - [6813 octets] - [12/04/2013 21:08:02]
########## EOF - \AdwCleaner[S1].txt - [6873 octets] ##########
OTL.Txt: Code:
ATTFilter OTL logfile created on: 12.04.2013 21:16:39 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich\Downloads Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 9.10.9200.16540) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,97 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 62,28% Memory free 5,93 Gb Paging File | 4,74 Gb Available in Paging File | 79,94% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 142,09 Gb Total Space | 59,66 Gb Free Space | 41,99% Space Free | Partition Type: NTFS Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS Computer Name: PRIVATE | User Name: admin | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Users\Ich\Downloads\OTL.exe (OldTimer Tools) PRC - C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Avira\AntiVir Desktop\avcenter.exe (Avira Operations GmbH & Co. KG) PRC - C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Program Files\Mobile Partner\Mobile Partner.exe () PRC - C:\ProgramData\Mobile Partner\OnlineUpdate\ouc.exe () PRC - C:\ProgramData\DatacardService\HWDeviceService.exe () PRC - C:\ProgramData\DatacardService\DCSHelper.exe (Huawei Technologies Co., Ltd.) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () PRC - C:\Windows\System32\atieclxx.exe (AMD) PRC - C:\Windows\System32\atiesrxx.exe (AMD) PRC - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe (Safer Networking Ltd.) ========== Modules (No Company Name) ========== MOD - C:\Program Files\Mozilla Firefox\mozjs.dll () MOD - C:\Program Files\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Program Files\Mobile Partner\Mobile Partner.exe () MOD - C:\Program Files\Mobile Partner\XFramePlugin.dll () MOD - C:\Program Files\Mobile Partner\XCodec.dll () MOD - C:\Program Files\Mobile Partner\Win7Support.dll () MOD - C:\Program Files\Mobile Partner\QtGui4.dll () MOD - C:\Program Files\Mobile Partner\QtCore4.dll () MOD - C:\Program Files\Mobile Partner\QtNetwork4.dll () MOD - C:\Program Files\Mobile Partner\NDISAPI.dll () MOD - C:\Program Files\Mobile Partner\AddrBookPlugin.dll () MOD - C:\Program Files\Mobile Partner\SMSUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\AddrBookUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\SmsAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallLogSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\PluginContainer.dll () MOD - C:\Program Files\Mobile Partner\DeviceMgrUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetInfoUIExPlugin.dll () MOD - C:\Program Files\Mobile Partner\DialupUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\USSDUIPlugin.dll () MOD - C:\Program Files\Mobile Partner\core.dll () MOD - C:\Program Files\Mobile Partner\QtXml4.dll () MOD - C:\Program Files\Mobile Partner\Proxy.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qtiff4.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qmng4.dll () MOD - C:\Program Files\Mobile Partner\DeviceAppPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetConnectPlugin.dll () MOD - C:\Program Files\Mobile Partner\StatusBarMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\DeviceSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\MenuMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetInfoSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\LiveUpdateInterface.dll () MOD - C:\Program Files\Mobile Partner\AddrBookSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\sdk.dll () MOD - C:\Program Files\Mobile Partner\AtCodec.dll () MOD - C:\Program Files\Mobile Partner\NetSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\Common.dll () MOD - C:\Program Files\Mobile Partner\SmsSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\DialUpPlugin.dll () MOD - C:\Program Files\Mobile Partner\ToolBarMgrPlugin.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qjpeg4.dll () MOD - C:\Program Files\Mobile Partner\NDISPlugin.dll () MOD - C:\Program Files\Mobile Partner\CallSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\NetConnectSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\DataServicePlugin.dll () MOD - C:\Program Files\Mobile Partner\STKSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\USSDSrvPlugin.dll () MOD - C:\Program Files\Mobile Partner\Trace.dll () MOD - C:\Program Files\Mobile Partner\OSDialup.dll () MOD - C:\Program Files\Mobile Partner\OSNDIS.dll () MOD - C:\Program Files\Mobile Partner\ATR2SMgr.dll () MOD - C:\Program Files\Mobile Partner\LayoutPlugin.dll () MOD - C:\Program Files\Mobile Partner\OSAdapt.dll () MOD - C:\Program Files\Mobile Partner\NotifyServicePlugin.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qgif4.dll () MOD - C:\Program Files\Mobile Partner\plugins\imageformats\qico4.dll () MOD - C:\Program Files\Mobile Partner\OSPowerMgr.dll () MOD - C:\Program Files\Mobile Partner\OSCall.dll () MOD - C:\Program Files\Mobile Partner\libgcc_s_dw2-1.dll () MOD - C:\Program Files\Mobile Partner\mingwm10.dll () MOD - C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () ========== Services (SafeList) ========== SRV - (SBSDWSCService) -- C:\Program Files\Spybot File not found SRV - (MozillaMaintenance) -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (AntiVirSchedulerService) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirWebService) -- C:\Program Files\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (AdobeARMservice) -- C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (Mobile Partner. RunOuc) -- C:\Program Files\Mobile Partner\UpdateDog\ouc.exe () SRV - (HWDeviceService.exe) -- C:\ProgramData\DatacardService\HWDeviceService.exe () SRV - (AMD External Events Utility) -- C:\Windows\System32\atiesrxx.exe (AMD) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Program Files\Windows Defender\MpSvc.dll (Microsoft Corporation) ========== Driver Services (SafeList) ========== DRV - (ZTEusbser6k) -- system32\DRIVERS\ZTEusbser6k.sys File not found DRV - (ZTEusbnmea) -- system32\DRIVERS\ZTEusbnmea.sys File not found DRV - (ZTEusbmdm6k) -- system32\DRIVERS\ZTEusbmdm6k.sys File not found DRV - (massfilter_hs) -- system32\drivers\massfilter_hs.sys File not found DRV - (massfilter) -- system32\drivers\massfilter.sys File not found DRV - (catchme) -- C:\Users\admin\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira Operations GmbH & Co. KG) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira Operations GmbH & Co. KG) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira Operations GmbH & Co. KG) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (ANDModem) -- C:\Windows\System32\drivers\lgandmodem.sys (LG Electronics Inc.) DRV - (AndDiag) -- C:\Windows\System32\drivers\lganddiag.sys (LG Electronics Inc.) DRV - (AndGps) -- C:\Windows\System32\drivers\lgandgps.sys (LG Electronics Inc.) DRV - (Andbus) -- C:\Windows\System32\drivers\lgandbus.sys (LG Electronics Inc.) DRV - (ewusbmbb) -- C:\Windows\System32\drivers\ewusbwwan.sys (Huawei Technologies Co., Ltd.) DRV - (hwdatacard) -- C:\Windows\System32\drivers\ewusbmdm.sys (Huawei Technologies Co., Ltd.) DRV - (ew_hwusbdev) -- C:\Windows\System32\drivers\ew_hwusbdev.sys (Huawei Technologies Co., Ltd.) DRV - (huawei_enumerator) -- C:\Windows\System32\drivers\ew_jubusenum.sys (Huawei Technologies Co., Ltd.) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (atikmdag) -- C:\Windows\System32\drivers\atikmdag.sys (ATI Technologies Inc.) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (yukonw7) -- C:\Windows\System32\drivers\yk62x86.sys (Marvell) DRV - (athr) -- C:\Windows\System32\drivers\athr.sys (Atheros Communications, Inc.) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search IE - HKLM\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{22F0B17F-A86E-4C0A-AA5C-6119E3002EBA}: "URL" = hxxp://websearch.ask.com/redirect?client=ie&tb=AVR-3&o=APN10395&src=crm&q={searchTerms}&locale=&apn_ptnrs=^ABT&apn_dtid=^YYYYYY^YY^DE&apn_uid=0a52e595-6f8c-416f-a1d8-fac4f371e78f&apn_sauid=38AF023F-C93E-49BE-BAC0-5EF0E69E326B IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com/ig/redirectdomain?brand=smsn&bmod=smsn IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Internet Explorer\Main,StartPageCache = 1 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{67A2568C-7A0A-4EED-AECC-B5405DE63B64}: "URL" = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7SMSN IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7 IE - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 ========== FireFox ========== FF - prefs.js..browser.search.selectedEngine: "Google" FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20 FF - prefs.js..extensions.enabledItems: {ACAA314B-EEBA-48e4-AD47-84E31C44796C}:1.0.1 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll () FF - HKLM\Software\MozillaPlugins\@canon.com/MycameraPlugin: C:\Program Files\Canon\MyCamera Download Plugin\NPCIG.dll (CANON INC.) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:43:37 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:43:33 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.12 09:43:37 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 18.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.12 09:43:33 | 000,000,000 | ---D | M] [2010.01.31 12:36:00 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Extensions [2013.04.12 20:57:50 | 000,000,000 | ---D | M] (No name found) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions [2010.04.28 17:44:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Users\admin\AppData\Roaming\mozilla\Firefox\Profiles\hynkrtid.default\extensions\{20a82645-c095-46ed-80e3-08825760534b} [2013.04.12 09:43:32 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions File not found (No name found) -- C:\USERS\ADMIN\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\HYNKRTID.DEFAULT\EXTENSIONS\TOOLBAR@ASK.COM [2013.04.12 09:43:37 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2013.02.12 20:50:04 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2013.02.12 20:50:04 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2013.02.12 20:50:04 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2013.02.12 20:50:04 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2013.02.12 20:50:04 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2013.02.12 20:50:04 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.04.11 17:11:09 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O3 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\..\Toolbar\WebBrowser: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found. O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [B2C_AGENT] C:\ProgramData\LGMOBILEAX\B2C_Client\B2CNotiAgent.exe (LG Electronics) O4 - HKLM..\Run: [Philips Device Listener] C:\Program Files\Philips\Philips Songbird Resources\Autolauncher\PhilipsDeviceListener.exe () O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.) O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001..\Run: [EPSON SX110 Series] C:\Windows\System32\spool\DRIVERS\W32X86\3\E_FATIFBE.EXE (SEIKO EPSON CORPORATION) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware ] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [ Malwarebytes Anti-Malware (cleanup)] C:\ProgramData\Malwarebytes\Malwarebytes' Anti-Malware\cleanup.dll (Malwarebytes Corporation) O4 - HKLM..\RunOnce: [Z1] C:\Windows\System32\cmd.exe (Microsoft Corporation) O4 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000..\RunOnce: [Report] \AdwCleaner[S1].txt () O4 - Startup: C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O4 - Startup: C:\Users\Ich\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Low Rights present O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O7 - HKU\S-1-5-21-3458810788-1957250234-4185931192-1001\Software\Policies\Microsoft\Internet Explorer\Control Panel present O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000020 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object) O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{207CF46E-06F6-44F9-92EF-6BCE91A74B41}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46D50210-7A62-4338-A6F6-8303BF35686A}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{48A0CE4C-692F-4871-BA11-49398ABF9F30}: NameServer = 193.189.244.225 193.189.244.206 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{A50637DA-74A3-4D25-B99E-82B4B23F0C5E}: NameServer = 193.189.244.206 193.189.244.225 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{CA47CB26-4693-46AE-A6C4-16926F19FBD4}: NameServer = 193.189.244.206 193.189.244.225 O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O32 - AutoRun File - [2011.03.15 01:27:21 | 000,148,320 | R--- | M] () - F:\AutoRun.exe -- [ CDFS ] O32 - AutoRun File - [2008.10.16 11:12:34 | 000,000,045 | R--- | M] () - F:\AUTORUN.INF -- [ CDFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.04.12 20:54:59 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.04.12 20:54:22 | 000,000,000 | ---D | C] -- C:\JRT [2013.04.12 09:43:32 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox [2013.04.11 17:13:55 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.04.11 17:13:53 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\temp [2013.04.11 17:10:31 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.04.11 17:00:24 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.04.11 17:00:24 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.04.11 17:00:24 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.04.11 17:00:16 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.04.11 16:59:53 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.04.10 22:11:11 | 002,706,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtml.tlb [2013.04.10 22:11:10 | 002,877,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jscript9.dll [2013.04.10 22:11:10 | 000,061,440 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesetup.dll [2013.04.10 22:11:10 | 000,039,424 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\jsproxy.dll [2013.04.10 22:11:09 | 000,391,168 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieui.dll [2013.04.10 22:11:08 | 000,493,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeeds.dll [2013.04.10 22:11:08 | 000,109,056 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iesysprep.dll [2013.04.10 22:11:08 | 000,071,680 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\RegisterIEPKEYs.exe [2013.04.10 22:11:08 | 000,042,496 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ie4uinit.exe [2013.04.10 22:11:08 | 000,033,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iernonce.dll [2013.04.10 18:14:51 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Malwarebytes [2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes' Anti-Malware [2013.04.10 18:14:32 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.04.10 18:14:31 | 000,022,856 | ---- | C] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.04.10 18:14:31 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2013.04.10 18:13:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Local\Programs [2013.04.10 18:05:04 | 002,347,008 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\win32k.sys [2013.04.10 18:05:00 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\aaclient.dll [2013.04.10 18:05:00 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\tsgqec.dll [2013.04.10 18:04:54 | 003,968,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.04.10 18:04:54 | 003,913,560 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.04.10 18:04:54 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll [2013.04.05 23:43:49 | 000,745,472 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 23:43:49 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 23:43:49 | 000,163,840 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 23:43:49 | 000,158,720 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 23:43:49 | 000,150,528 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 23:43:49 | 000,138,752 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 23:43:49 | 000,137,216 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 23:43:49 | 000,117,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 23:43:49 | 000,110,592 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 23:43:49 | 000,082,432 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 23:43:49 | 000,073,728 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 23:43:49 | 000,057,344 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 23:43:49 | 000,048,640 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 23:43:49 | 000,041,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 23:43:49 | 000,038,400 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 23:43:49 | 000,011,776 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 23:43:48 | 001,441,280 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 23:43:48 | 001,400,416 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 23:43:48 | 000,719,360 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 23:43:48 | 000,629,248 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 23:43:48 | 000,361,984 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 23:43:48 | 000,357,888 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 23:43:48 | 000,242,200 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 23:43:48 | 000,232,960 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 23:43:48 | 000,226,816 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 23:43:48 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 23:42:46 | 003,419,136 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 23:42:46 | 002,284,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 23:42:46 | 001,988,096 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 23:42:46 | 001,504,768 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 23:42:46 | 001,247,744 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 23:42:46 | 001,158,144 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 23:42:46 | 001,080,832 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 23:42:46 | 000,604,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 23:42:46 | 000,417,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 23:42:46 | 000,364,544 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 23:42:46 | 000,293,376 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 23:42:46 | 000,249,856 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 23:42:46 | 000,220,160 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 23:42:46 | 000,207,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 23:42:46 | 000,187,392 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.04.05 23:42:46 | 000,161,792 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 23:42:46 | 000,010,752 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 23:42:46 | 000,009,728 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 23:42:46 | 000,004,096 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,584 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 23:42:46 | 000,002,560 | -H-- | C] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.03.31 00:30:55 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\OpenOffice.org [2013.03.31 00:28:20 | 000,000,000 | ---D | C] -- C:\Users\admin\AppData\Roaming\Avira [2013.03.24 11:55:09 | 000,000,000 | ---D | C] -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira [2013.03.24 11:54:55 | 000,028,520 | ---- | C] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.24 11:54:54 | 000,135,136 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.24 11:54:54 | 000,084,744 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.24 11:54:54 | 000,037,352 | ---- | C] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.24 11:54:48 | 000,000,000 | ---D | C] -- C:\Program Files\Avira [2013.03.20 23:05:14 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\Windows\System32\drivers\usb8023.sys ========== Files - Modified Within 30 Days ========== [2013.04.12 21:17:40 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 21:17:40 | 000,010,944 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.04.12 21:09:37 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.04.12 21:09:29 | 2388,086,784 | -HS- | M] () -- C:\hiberfil.sys [2013.04.12 20:53:19 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.04.12 20:53:19 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.04.12 20:53:19 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.04.12 20:53:19 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.04.12 10:32:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.11 17:15:01 | 000,017,541 | ---- | M] () -- C:\Users\admin\Desktop\combo.rtf [2013.04.11 17:11:09 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.04.11 16:17:18 | 000,000,512 | ---- | M] () -- C:\Users\admin\Desktop\MBR.dat [2013.04.10 23:19:22 | 000,330,688 | ---- | M] () -- C:\Windows\System32\FNTCACHE.DAT [2013.04.05 23:43:49 | 000,745,472 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MsSpellCheckingFacility.exe [2013.04.05 23:43:49 | 000,185,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\elshyph.dll [2013.04.05 23:43:49 | 000,163,840 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msrating.dll [2013.04.05 23:43:49 | 000,158,720 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msls31.dll [2013.04.05 23:43:49 | 000,150,528 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iexpress.exe [2013.04.05 23:43:49 | 000,138,752 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\wextract.exe [2013.04.05 23:43:49 | 000,137,216 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieUnatt.exe [2013.04.05 23:43:49 | 000,117,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iepeers.dll [2013.04.05 23:43:49 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\IEAdvpack.dll [2013.04.05 23:43:49 | 000,082,432 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inseng.dll [2013.04.05 23:43:49 | 000,073,728 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\SetIEInstalledDate.exe [2013.04.05 23:43:49 | 000,057,344 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\pngfilt.dll [2013.04.05 23:43:49 | 000,048,640 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmler.dll [2013.04.05 23:43:49 | 000,041,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedsbs.dll [2013.04.05 23:43:49 | 000,038,400 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\imgutil.dll [2013.04.05 23:43:49 | 000,011,776 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msfeedssync.exe [2013.04.05 23:43:48 | 001,441,280 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\inetcpl.cpl [2013.04.05 23:43:48 | 001,400,416 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dat [2013.04.05 23:43:48 | 000,719,360 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\mshtmlmedia.dll [2013.04.05 23:43:48 | 000,629,248 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ieapfltr.dll [2013.04.05 23:43:48 | 000,361,984 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\html.iec [2013.04.05 23:43:48 | 000,357,888 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtmsft.dll [2013.04.05 23:43:48 | 000,242,200 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\iedkcs32.dll [2013.04.05 23:43:48 | 000,232,960 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\url.dll [2013.04.05 23:43:48 | 000,226,816 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxtrans.dll [2013.04.05 23:43:48 | 000,025,185 | ---- | M] () -- C:\Windows\System32\ieuinit.inf [2013.04.05 23:43:48 | 000,023,040 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\licmgr10.dll [2013.04.05 23:42:46 | 003,419,136 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d2d1.dll [2013.04.05 23:42:46 | 002,284,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\msmpeg2vdec.dll [2013.04.05 23:42:46 | 001,988,096 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10warp.dll [2013.04.05 23:42:46 | 001,504,768 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d11.dll [2013.04.05 23:42:46 | 001,247,744 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\DWrite.dll [2013.04.05 23:42:46 | 001,158,144 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsPrint.dll [2013.04.05 23:42:46 | 001,080,832 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10.dll [2013.04.05 23:42:46 | 000,604,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10level9.dll [2013.04.05 23:42:46 | 000,417,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WMPhoto.dll [2013.04.05 23:42:46 | 000,364,544 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\XpsGdiConverter.dll [2013.04.05 23:42:46 | 000,293,376 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\dxgi.dll [2013.04.05 23:42:46 | 000,249,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1core.dll [2013.04.05 23:42:46 | 000,220,160 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10core.dll [2013.04.05 23:42:46 | 000,207,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\WindowsCodecsExt.dll [2013.04.05 23:42:46 | 000,187,392 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\UIAnimation.dll [2013.04.05 23:42:46 | 000,161,792 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\d3d10_1.dll [2013.04.05 23:42:46 | 000,010,752 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l1-1-0.dll [2013.04.05 23:42:46 | 000,009,728 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l1-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shlwapi-l2-1-0.dll [2013.04.05 23:42:46 | 000,005,632 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-ole32-l1-1-0.dll [2013.04.05 23:42:46 | 000,004,096 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-user32-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,584 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-advapi32-l2-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-version-l1-1-0.dll [2013.04.05 23:42:46 | 000,003,072 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-shell32-l1-1-0.dll [2013.04.05 23:42:46 | 000,002,560 | -H-- | M] (Microsoft Corporation) -- C:\Windows\System32\api-ms-win-downlevel-normaliz-l1-1-0.dll [2013.04.04 14:50:32 | 000,022,856 | ---- | M] (Malwarebytes Corporation) -- C:\Windows\System32\drivers\mbam.sys [2013.03.31 00:31:22 | 000,001,157 | ---- | M] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2013.03.28 11:12:36 | 000,135,136 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avipbb.sys [2013.03.28 11:12:36 | 000,084,744 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avgntflt.sys [2013.03.28 11:12:36 | 000,037,352 | ---- | M] (Avira Operations GmbH & Co. KG) -- C:\Windows\System32\drivers\avkmgr.sys [2013.03.24 11:50:04 | 000,028,520 | ---- | M] (Avira GmbH) -- C:\Windows\System32\drivers\ssmdrv.sys [2013.03.21 13:54:07 | 000,861,088 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\npDeployJava1.dll [2013.03.21 13:54:07 | 000,782,240 | ---- | M] (Oracle Corporation) -- C:\Windows\System32\deployJava1.dll [2013.03.19 20:34:16 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.03.19 20:34:16 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.03.19 07:04:13 | 003,968,856 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntkrnlpa.exe [2013.03.19 07:04:10 | 003,913,560 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\ntoskrnl.exe [2013.03.19 06:48:45 | 000,038,912 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\csrsrv.dll ========== Files Created - No Company Name ========== [2013.04.11 17:15:01 | 000,017,541 | ---- | C] () -- C:\Users\admin\Desktop\combo.rtf [2013.04.11 17:00:24 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.04.11 17:00:24 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.04.11 17:00:24 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.04.11 17:00:24 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.04.11 17:00:24 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.04.11 16:17:18 | 000,000,512 | ---- | C] () -- C:\Users\admin\Desktop\MBR.dat [2013.04.05 23:43:48 | 000,025,185 | ---- | C] () -- C:\Windows\System32\ieuinit.inf [2013.03.31 00:31:22 | 000,001,157 | ---- | C] () -- C:\Users\admin\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk [2012.09.21 17:58:16 | 000,053,248 | ---- | C] () -- C:\Windows\System32\CommonDL.dll [2012.09.21 17:58:16 | 000,002,411 | ---- | C] () -- C:\Windows\System32\lgAxconfig.ini [2010.04.29 19:15:47 | 000,015,326 | ---- | C] () -- C:\Users\admin\AppData\Local\internal.grp ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > Extras.Txt: Code:
ATTFilter OTL Extras logfile created on: 12.04.2013 21:16:39 - Run 2
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\Ich\Downloads
Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation
Internet Explorer (Version = 9.10.9200.16540)
Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy
2,97 Gb Total Physical Memory | 1,85 Gb Available Physical Memory | 62,28% Memory free
5,93 Gb Paging File | 4,74 Gb Available in Paging File | 79,94% Paging File free
Paging file location(s): ?:\pagefile.sys [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files
Drive C: | 142,09 Gb Total Space | 59,66 Gb Free Space | 41,99% Space Free | Partition Type: NTFS
Drive D: | 143,00 Gb Total Space | 2,55 Gb Free Space | 1,78% Space Free | Partition Type: NTFS
Drive F: | 33,96 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Computer Name: PRIVATE | User Name: admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation)
.hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation)
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation)
exefile [open] -- "%1" %*
helpfile [open] -- Reg Error: Key error.
hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [CEWE FOTOSCHAU] -- "C:\Program Files\Müller Foto\Müller Foto\CEWE FOTOSCHAU.exe" -d "%1" ()
Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation)
Directory [Digital Photo Professional] -- C:\Program Files\Canon\Digital Photo Professional\DPPViewer.exe /path "%1" (CANON INC.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Müller Foto] -- "C:\Program Files\Müller Foto\Müller Foto\Müller Foto.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [explore] -- Reg Error: Value error.
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"cval" = 1
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc]
"VistaSp1" = Reg Error: Unknown registry data type -- File not found
"AntiVirusOverride" = 0
"AntiSpywareOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"DisableNotifications" = 0
"EnableFirewall" = 1
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
========== Vista Active Open Ports Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
========== Vista Active Application Exception List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{27E75EEB-A94E-4D1F-8461-D2F1411F7B9D}" = protocol=6 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{464D0401-2C66-4BB3-A2E8-A84BF952ED07}" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{638EA069-B42F-4006-BA51-52739EB7889E}" = protocol=6 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"{766A7AEA-FEA6-4E7B-98C4-29BD878FFE34}" = protocol=17 | dir=in | app=c:\program files\hp\hp deskjet 1000 j110 series\bin\usbsetup.exe |
"{8C3DAF3A-1D27-4342-9548-1671CDA331CE}" = protocol=17 | dir=in | app=c:\windows\system32\msiexec.exe |
"{CF1B2582-3850-4169-BD4F-07C5F1A24855}" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"{DB6A46AB-61EA-4FF3-A96D-87E49571190B}" = protocol=6 | dir=in | app=c:\windows\system32\msiexec.exe |
"{F542A838-0F15-4678-B6EB-5468758969A6}" = protocol=17 | dir=in | app=c:\program files\sweetim\communicator\sweetpacksupdatemanager.exe |
"TCP Query User{FA0336ED-FC52-46F1-B103-01DE328BC69B}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=6 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
"UDP Query User{4BA8973F-35B0-448E-AC70-CEABA5FFAFFD}C:\program files\epson software\event manager\eeventmanager.exe" = protocol=17 | dir=in | app=c:\program files\epson software\event manager\eeventmanager.exe |
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{145DE957-0679-4A2A-BB5C-1D3E9808FAB2}" = Samsung Recovery Solution 4
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2303AEEA-0FA8-4AFD-80A9-8F86BA4B44D2}" = OpenOffice.org 3.4.1
"{2A3A4BD6-6CE0-4E2A-80D2-1D0FF6ACBFBA}" = LG United Mobile Driver
"{2EA870FA-585F-4187-903D-CB9FFD21E2E0}" = DHTML Editing Component
"{3BCC5640-5360-11D4-A44A-0000E86D2305}" = Ulead Drop Spot 1.0
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3DEAED7D-E85E-48EB-999E-5B4576A22369}" = HP Deskjet 1000 J110 series - Grundlegende Software für das Gerät
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable
"{764143D0-CBA1-4699-B6D6-4D39A4DB75FB}" = Ulead PhotoImpact 7 SE
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{787D1A33-A97B-4245-87C0-7174609A540C}" = HP Update
"{82CED69E-C96D-401F-A6F3-1128C460712C}" = NetObjects Fusion 9.0
"{853F8A41-A3C9-43FA-87FA-1AE74FC6F3F7}" = BatteryLifeExtender
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{99FFFFC6-1A78-4837-AFED-55FAA854AF1F}" = Studie zur Verbesserung von HP Deskjet 1000 J110 series Produkten
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C9E6AC9C-4C9A-430C-8CF2-896A6755B6E6}" = SiteStyles Volume 2
"{DDDFCC77-7F9C-45E9-B38E-721BA599BA0C}" = HP Deskjet 1000 J110 series Hilfe
"{E2AE8456-CCFE-46C0-8629-71CC507660FC}" = LG SP USB Driver
"{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
"{FBA0CA60-8BF2-4381-B819-74F020E165A9}" = LG USB WML Modem Driver
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Avira AntiVir Desktop" = Avira Free Antivirus
"CANON iMAGE GATEWAY Task" = CANON iMAGE GATEWAY Task for ZoomBrowser EX
"Canon MOV Decoder" = Canon MOV Decoder
"Canon MOV Encoder" = Canon MOV Encoder
"DPP" = Canon Utilities Digital Photo Professional 3.10
"DSGPlayer" = DEUTSCHLAND SPIELT GAME CENTER
"EOS Sample Music" = Canon Utilities EOS Sample Music
"EOS Utility" = Canon Utilities EOS Utility
"EOS Video Snapshot Task" = Canon Utilities EOS Video Snapshot Task for ZoomBrowser EX
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FormatFactory" = FormatFactory 2.96
"HP Photo Creations" = HP Photo Creations
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware Version 1.75.0.1300
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Mobile Partner" = Mobile Partner
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"MovieUploaderForYouTube" = Canon Utilities Movie Uploader for YouTube
"Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de)
"MozillaMaintenanceService" = Mozilla Maintenance Service
"Müller Foto" = Müller Foto
"MyCamera Download Plugin" = CANON iMAGE GATEWAY MyCamera Download Plugin
"Philips Songbird" = Philips Songbird
"PhotoStitch" = Canon Utilities PhotoStitch
"Picture Style Editor" = Canon Utilities Picture Style Editor
"Sarah’s Ranch" = Sarah’s Ranch
"Sarah’s Ranch 2" = Sarah’s Ranch 2
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Mozilla Firefox 18.0.2 (x86 de)" = Mozilla Firefox 18.0.2 (x86 de)
========== HKEY_USERS Uninstall List ==========
[HKEY_USERS\S-1-5-21-3458810788-1957250234-4185931192-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{79A765E1-C399-405B-85AF-466F52E918B0}" = Avira SearchFree Toolbar plus Web Protection Updater
========== Last 20 Event Log Errors ==========
[ System Events ]
Error - 12.04.2013 14:59:35 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2013 15:09:38 | Computer Name = PRIVATE | Source = atikmdag | ID = 52236
Description = CPLIB :: General - Invalid Parameter
Error - 12.04.2013 15:09:38 | Computer Name = PRIVATE | Source = atikmdag | ID = 43029
Description = Display is not active
Error - 12.04.2013 15:09:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7009
Description = Das Zeitlimit (30000 ms) wurde beim Verbindungsversuch mit dem Dienst
Mobile Partner. OUC erreicht.
Error - 12.04.2013 15:09:45 | Computer Name = PRIVATE | Source = Service Control Manager | ID = 7000
Description = Der Dienst "Mobile Partner. OUC" wurde aufgrund folgenden Fehlers
nicht gestartet: %%1053
< End of report >
|
|
| Themen zu Vermute einen Trojaner / Virus (Schwarzer Bildschirm + Pop-up-Fenster) |
| anmeldung, ausgelastet, avira, bildschirm, entdeck, erneut, fehlermeldung, forum, javascript, js/agent.alf, kleines, laptop, malwarebytes, panik, quarantäne, schwarzer bildschirm, server, server ausgelastet, sicherheitslücke, spybot, trojaner, windows |
Linear-Darstellung
