|
Plagegeister aller Art und deren Bekämpfung: Merkwürdige TAN-Abfrage nach Login bei Online-BankingWindows 7 Wenn Du nicht sicher bist, ob Du dir Malware oder Trojaner eingefangen hast, erstelle hier ein Thema. Ein Experte wird sich mit weiteren Anweisungen melden und Dir helfen die Malware zu entfernen oder Unerwünschte Software zu deinstallieren bzw. zu löschen. Bitte schildere dein Problem so genau wie möglich. Sollte es ein Trojaner oder Viren Problem sein wird ein Experte Dir bei der Beseitigug der Infektion helfen. |
12.05.2013, 21:17 | #16 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking aswMBR Downloade dir bitte aswMBR.exe und speichere die Datei auf deinem Desktop.
Wichtig: Drücke keinesfalls einen der Fix Buttons ohne Anweisung Hinweis: Sollte der Scan Button ausgeblendet sein, schließe das Tool und starte es erneut. Sollte der Scan abbrechen und das Programm abstürzen, dann teile mir das mit und wähle unter AV Scan die Einstellung (none). TDSS-Killer Downloade dir bitte TDSSKiller.exe und speichere diese Datei auf dem Desktop
__________________ Logfiles bitte immer in CODE-Tags posten |
12.05.2013, 21:49 | #17 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Der aswMBR-Scan ist tatsächlich abgebrochen mit der Meldung, dass das Programm wegen eines unbekannten Problems geschlossen wird. Soll ich jetzt trotzdem mit dem TDSS-Killer weitermachen?
__________________ |
12.05.2013, 21:54 | #18 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Bitte lies die Anleitungen vollständig!
__________________Es gibt einen Hinweis unten zu aswMBR!
__________________ |
12.05.2013, 22:09 | #19 |
| Merkwürdige TAN-Abfrage nach Login bei Online-BankingCode:
ATTFilter aswMBR version 0.9.9.1771 Copyright(c) 2011 AVAST Software Run date: 2013-05-12 23:18:38 ----------------------------- 23:18:38.217 OS Version: Windows 6.1.7601 Service Pack 1 23:18:38.217 Number of processors: 4 586 0x2502 23:18:38.217 ComputerName: ***-PC UserName: 23:18:39.337 Initialize success 23:18:50.319 AVAST engine defs: 13051201 23:19:01.922 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IAAStorageDevice-1 23:19:01.932 Disk 0 Vendor: Hitachi_ PB3O Size: 305245MB BusType: 3 23:19:02.082 Disk 0 MBR read successfully 23:19:02.092 Disk 0 MBR scan 23:19:02.092 Disk 0 unknown MBR code 23:19:02.102 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 100 MB offset 2048 23:19:02.122 Disk 0 Partition 2 00 07 HPFS/NTFS NTFS 273397 MB offset 206848 23:19:02.162 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 30720 MB offset 560123904 23:19:02.182 Disk 0 Partition 4 00 12 Compaq diag NTFS 1026 MB offset 623038464 23:19:02.192 Disk 0 scanning sectors +625139712 23:19:02.402 Disk 0 scanning C:\Windows\system32\drivers 23:19:17.646 Service scanning 23:19:54.742 Modules scanning 23:20:04.634 Disk 0 trace - called modules: 23:20:04.664 ntkrnlpa.exe CLASSPNP.SYS disk.sys iaStor.sys halmacpi.dll 23:20:04.674 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x87d50030] 23:20:04.684 3 CLASSPNP.SYS[8b5a759e] -> nt!IofCallDriver -> \Device\Ide\IAAStorageDevice-1[0x861af028] 23:20:04.694 Scan finished successfully 23:20:15.158 Disk 0 MBR has been saved successfully to "C:\Users\***\Desktop\MBR.dat" 23:20:15.168 The log file has been saved successfully to "C:\Users\***\Desktop\aswMBR.txt" Code:
ATTFilter 23:22:05.0256 4552 TDSS rootkit removing tool 2.8.16.0 Feb 11 2013 18:50:42 23:22:05.0576 4552 ============================================================ 23:22:05.0576 4552 Current date / time: 2013/05/12 23:22:05.0576 23:22:05.0576 4552 SystemInfo: 23:22:05.0576 4552 23:22:05.0576 4552 OS Version: 6.1.7601 ServicePack: 1.0 23:22:05.0576 4552 Product type: Workstation 23:22:05.0586 4552 ComputerName: ***-PC 23:22:05.0586 4552 UserName: *** 23:22:05.0586 4552 Windows directory: C:\Windows 23:22:05.0586 4552 System windows directory: C:\Windows 23:22:05.0586 4552 Processor architecture: Intel x86 23:22:05.0586 4552 Number of processors: 4 23:22:05.0586 4552 Page size: 0x1000 23:22:05.0586 4552 Boot type: Normal boot 23:22:05.0586 4552 ============================================================ 23:22:06.0166 4552 Drive \Device\Harddisk0\DR0 - Size: 0x4A85D56000 (298.09 Gb), SectorSize: 0x200, Cylinders: 0x9801, SectorsPerTrack: 0x3F, TracksPerCylinder: 0xFF, Type 'K0', Flags 0x00000050 23:22:06.0176 4552 ============================================================ 23:22:06.0176 4552 \Device\Harddisk0\DR0: 23:22:06.0176 4552 MBR partitions: 23:22:06.0176 4552 \Device\Harddisk0\DR0\Partition1: MBR, Type 0x7, StartLBA 0x800, BlocksNum 0x32000 23:22:06.0176 4552 \Device\Harddisk0\DR0\Partition2: MBR, Type 0x7, StartLBA 0x32800, BlocksNum 0x215FA800 23:22:06.0176 4552 \Device\Harddisk0\DR0\Partition3: MBR, Type 0x7, StartLBA 0x2162D000, BlocksNum 0x3C00000 23:22:06.0176 4552 ============================================================ 23:22:06.0206 4552 C: <-> \Device\Harddisk0\DR0\Partition2 23:22:06.0266 4552 D: <-> \Device\Harddisk0\DR0\Partition3 23:22:06.0266 4552 ============================================================ 23:22:06.0266 4552 Initialize success 23:22:06.0266 4552 ============================================================ 23:22:44.0454 1796 ============================================================ 23:22:44.0454 1796 Scan started 23:22:44.0454 1796 Mode: Manual; SigCheck; TDLFS; 23:22:44.0454 1796 ============================================================ 23:22:44.0714 1796 ================ Scan system memory ======================== 23:22:44.0714 1796 System memory - ok 23:22:44.0714 1796 ================ Scan services ============================= 23:22:44.0934 1796 [ 1B133875B8AA8AC48969BD3458AFE9F5 ] 1394ohci C:\Windows\system32\drivers\1394ohci.sys 23:22:45.0074 1796 1394ohci - ok 23:22:45.0104 1796 [ CEA80C80BED809AA0DA6FEBC04733349 ] ACPI C:\Windows\system32\drivers\ACPI.sys 23:22:45.0124 1796 ACPI - ok 23:22:45.0164 1796 [ 1EFBC664ABFF416D1D07DB115DCB264F ] AcpiPmi C:\Windows\system32\drivers\acpipmi.sys 23:22:45.0254 1796 AcpiPmi - ok 23:22:45.0384 1796 [ 3927397AC60D943DAF8808AFFED582B7 ] AdobeARMservice C:\Program Files\Common Files\Adobe\ARM\1.0\armsvc.exe 23:22:45.0414 1796 AdobeARMservice - ok 23:22:45.0494 1796 [ EA856F4A46320389D1899B2CAA7BF40F ] AdobeFlashPlayerUpdateSvc C:\Windows\system32\Macromed\Flash\FlashPlayerUpdateService.exe 23:22:45.0514 1796 AdobeFlashPlayerUpdateSvc - ok 23:22:45.0564 1796 [ 21E785EBD7DC90A06391141AAC7892FB ] adp94xx C:\Windows\system32\DRIVERS\adp94xx.sys 23:22:45.0584 1796 adp94xx - ok 23:22:45.0624 1796 [ 0C676BC278D5B59FF5ABD57BBE9123F2 ] adpahci C:\Windows\system32\DRIVERS\adpahci.sys 23:22:45.0634 1796 adpahci - ok 23:22:45.0654 1796 [ 7C7B5EE4B7B822EC85321FE23A27DB33 ] adpu320 C:\Windows\system32\DRIVERS\adpu320.sys 23:22:45.0664 1796 adpu320 - ok 23:22:45.0694 1796 [ 8B5EEFEEC1E6D1A72A06C526628AD161 ] AeLookupSvc C:\Windows\System32\aelupsvc.dll 23:22:45.0764 1796 AeLookupSvc - ok 23:22:45.0824 1796 [ 9EBBBA55060F786F0FCAA3893BFA2806 ] AFD C:\Windows\system32\drivers\afd.sys 23:22:45.0904 1796 AFD - ok 23:22:45.0964 1796 [ 507812C3054C21CEF746B6EE3D04DD6E ] agp440 C:\Windows\system32\drivers\agp440.sys 23:22:45.0974 1796 agp440 - ok 23:22:46.0014 1796 [ 8B30250D573A8F6B4BD23195160D8707 ] aic78xx C:\Windows\system32\DRIVERS\djsvs.sys 23:22:46.0024 1796 aic78xx - ok 23:22:46.0074 1796 [ 18A54E132947CD98FEA9ACCC57F98F13 ] ALG C:\Windows\System32\alg.exe 23:22:46.0164 1796 ALG - ok 23:22:46.0224 1796 [ 0D40BCF52EA90FC7DF2AEAB6503DEA44 ] aliide C:\Windows\system32\drivers\aliide.sys 23:22:46.0234 1796 aliide - ok 23:22:46.0264 1796 [ 3C6600A0696E90A463771C7422E23AB5 ] amdagp C:\Windows\system32\drivers\amdagp.sys 23:22:46.0284 1796 amdagp - ok 23:22:46.0314 1796 [ CD5914170297126B6266860198D1D4F0 ] amdide C:\Windows\system32\drivers\amdide.sys 23:22:46.0324 1796 amdide - ok 23:22:46.0364 1796 [ 00DDA200D71BAC534BF56A9DB5DFD666 ] AmdK8 C:\Windows\system32\DRIVERS\amdk8.sys 23:22:46.0454 1796 AmdK8 - ok 23:22:46.0474 1796 [ 3CBF30F5370FDA40DD3E87DF38EA53B6 ] AmdPPM C:\Windows\system32\DRIVERS\amdppm.sys 23:22:46.0534 1796 AmdPPM - ok 23:22:46.0604 1796 [ D320BF87125326F996D4904FE24300FC ] amdsata C:\Windows\system32\drivers\amdsata.sys 23:22:46.0624 1796 amdsata - ok 23:22:46.0644 1796 [ EA43AF0C423FF267355F74E7A53BDABA ] amdsbs C:\Windows\system32\DRIVERS\amdsbs.sys 23:22:46.0664 1796 amdsbs - ok 23:22:46.0674 1796 [ 46387FB17B086D16DEA267D5BE23A2F2 ] amdxata C:\Windows\system32\drivers\amdxata.sys 23:22:46.0694 1796 amdxata - ok 23:22:46.0784 1796 [ B9B5DFAFEA592BD4CA967824EBB42E3D ] AntiVirMailService C:\Program Files\Avira\AntiVir Desktop\avmailc.exe 23:22:46.0814 1796 AntiVirMailService - ok 23:22:46.0874 1796 [ 67B1D78711B4386C26241096326EE14A ] AntiVirSchedulerService C:\Program Files\Avira\AntiVir Desktop\sched.exe 23:22:46.0884 1796 AntiVirSchedulerService - ok 23:22:46.0954 1796 [ 845C4E7AE211EDAD5E0B832126F56932 ] AntiVirService C:\Program Files\Avira\AntiVir Desktop\avguard.exe 23:22:46.0964 1796 AntiVirService - ok 23:22:46.0994 1796 [ 30D71E0C149943A8985D02EA0944F2FE ] AntiVirWebService C:\Program Files\Avira\AntiVir Desktop\AVWEBGRD.EXE 23:22:47.0014 1796 AntiVirWebService - ok 23:22:47.0064 1796 [ AEA177F783E20150ACE5383EE368DA19 ] AppID C:\Windows\system32\drivers\appid.sys 23:22:47.0124 1796 AppID - ok 23:22:47.0174 1796 [ 62A9C86CB6085E20DB4823E4E97826F5 ] AppIDSvc C:\Windows\System32\appidsvc.dll 23:22:47.0224 1796 AppIDSvc - ok 23:22:47.0274 1796 [ FB1959012294D6AD43E5304DF65E3C26 ] Appinfo C:\Windows\System32\appinfo.dll 23:22:47.0344 1796 Appinfo - ok 23:22:47.0454 1796 [ 4FE5C6D40664AE07BE5105874357D2ED ] Apple Mobile Device C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe 23:22:47.0484 1796 Apple Mobile Device - ok 23:22:47.0534 1796 [ 2932004F49677BD84DBC72EDB754FFB3 ] arc C:\Windows\system32\DRIVERS\arc.sys 23:22:47.0544 1796 arc - ok 23:22:47.0574 1796 [ 5D6F36C46FD283AE1B57BD2E9FEB0BC7 ] arcsas C:\Windows\system32\DRIVERS\arcsas.sys 23:22:47.0584 1796 arcsas - ok 23:22:47.0624 1796 [ ADD2ADE1C2B285AB8378D2DAAF991481 ] AsyncMac C:\Windows\system32\DRIVERS\asyncmac.sys 23:22:47.0744 1796 AsyncMac - ok 23:22:47.0804 1796 [ 338C86357871C167A96AB976519BF59E ] atapi C:\Windows\system32\drivers\atapi.sys 23:22:47.0814 1796 atapi - ok 23:22:47.0874 1796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] AudioEndpointBuilder C:\Windows\System32\Audiosrv.dll 23:22:47.0944 1796 AudioEndpointBuilder - ok 23:22:47.0954 1796 [ CE3B4E731638D2EF62FCB419BE0D39F0 ] Audiosrv C:\Windows\System32\Audiosrv.dll 23:22:47.0984 1796 Audiosrv - ok 23:22:48.0054 1796 [ D5541F0AFB767E85FC412FC609D96A74 ] avgntflt C:\Windows\system32\DRIVERS\avgntflt.sys 23:22:48.0064 1796 avgntflt - ok 23:22:48.0114 1796 [ 7D967A682D4694DF7FA57D63A2DB01FE ] avipbb C:\Windows\system32\DRIVERS\avipbb.sys 23:22:48.0134 1796 avipbb - ok 23:22:48.0154 1796 [ 271CFD1A989209B1964E24D969552BF7 ] avkmgr C:\Windows\system32\DRIVERS\avkmgr.sys 23:22:48.0164 1796 avkmgr - ok 23:22:48.0224 1796 [ 6E30D02AAC9CAC84F421622E3A2F6178 ] AxInstSV C:\Windows\System32\AxInstSV.dll 23:22:48.0304 1796 AxInstSV - ok 23:22:48.0344 1796 [ 1A231ABEC60FD316EC54C66715543CEC ] b06bdrv C:\Windows\system32\DRIVERS\bxvbdx.sys 23:22:48.0424 1796 b06bdrv - ok 23:22:48.0444 1796 [ BD8869EB9CDE6BBE4508D869929869EE ] b57nd60x C:\Windows\system32\DRIVERS\b57nd60x.sys 23:22:48.0464 1796 b57nd60x - ok 23:22:48.0534 1796 [ 01A24B415926BB5F772DBE12459D97DE ] BBSvc C:\Program Files\Microsoft\BingBar\BBSvc.EXE 23:22:48.0574 1796 BBSvc - ok 23:22:48.0634 1796 [ 785DE7ABDA13309D6065305542829E76 ] BBUpdate C:\Program Files\Microsoft\BingBar\SeaPort.EXE 23:22:48.0644 1796 BBUpdate - ok 23:22:48.0674 1796 [ EE1E9C3BB8228AE423DD38DB69128E71 ] BDESVC C:\Windows\System32\bdesvc.dll 23:22:48.0734 1796 BDESVC - ok 23:22:48.0784 1796 [ 505506526A9D467307B3C393DEDAF858 ] Beep C:\Windows\system32\drivers\Beep.sys 23:22:48.0844 1796 Beep - ok 23:22:48.0914 1796 [ 1E2BAC209D184BB851E1A187D8A29136 ] BFE C:\Windows\System32\bfe.dll 23:22:48.0984 1796 BFE - ok 23:22:49.0064 1796 [ E585445D5021971FAE10393F0F1C3961 ] BITS C:\Windows\system32\qmgr.dll 23:22:49.0104 1796 BITS - ok 23:22:49.0134 1796 [ 2287078ED48FCFC477B05B20CF38F36F ] blbdrive C:\Windows\system32\DRIVERS\blbdrive.sys 23:22:49.0184 1796 blbdrive - ok 23:22:49.0274 1796 [ DB5BEA73EDAF19AC68B2C0FAD0F92B1A ] Bonjour Service C:\Program Files\Bonjour\mDNSResponder.exe 23:22:49.0294 1796 Bonjour Service - ok 23:22:49.0344 1796 [ 8F2DA3028D5FCBD1A060A3DE64CD6506 ] bowser C:\Windows\system32\DRIVERS\bowser.sys 23:22:49.0414 1796 bowser - ok 23:22:49.0424 1796 [ 9F9ACC7F7CCDE8A15C282D3F88B43309 ] BrFiltLo C:\Windows\system32\DRIVERS\BrFiltLo.sys 23:22:49.0464 1796 BrFiltLo - ok 23:22:49.0474 1796 [ 56801AD62213A41F6497F96DEE83755A ] BrFiltUp C:\Windows\system32\DRIVERS\BrFiltUp.sys 23:22:49.0524 1796 BrFiltUp - ok 23:22:49.0574 1796 [ 77361D72A04F18809D0EFB6CCEB74D4B ] BridgeMP C:\Windows\system32\DRIVERS\bridge.sys 23:22:49.0604 1796 BridgeMP - ok 23:22:49.0664 1796 [ 3DAA727B5B0A45039B0E1C9A211B8400 ] Browser C:\Windows\System32\browser.dll 23:22:49.0734 1796 Browser - ok 23:22:49.0764 1796 [ 845B8CE732E67F3B4133164868C666EA ] Brserid C:\Windows\System32\Drivers\Brserid.sys 23:22:49.0834 1796 Brserid - ok 23:22:49.0864 1796 [ 203F0B1E73ADADBBB7B7B1FABD901F6B ] BrSerWdm C:\Windows\System32\Drivers\BrSerWdm.sys 23:22:49.0904 1796 BrSerWdm - ok 23:22:49.0944 1796 [ BD456606156BA17E60A04E18016AE54B ] BrUsbMdm C:\Windows\System32\Drivers\BrUsbMdm.sys 23:22:49.0994 1796 BrUsbMdm - ok 23:22:50.0024 1796 [ AF72ED54503F717A43268B3CC5FAEC2E ] BrUsbSer C:\Windows\System32\Drivers\BrUsbSer.sys 23:22:50.0064 1796 BrUsbSer - ok 23:22:50.0104 1796 [ ED3DF7C56CE0084EB2034432FC56565A ] BTHMODEM C:\Windows\system32\DRIVERS\bthmodem.sys 23:22:50.0124 1796 BTHMODEM - ok 23:22:50.0175 1796 [ 1DF19C96EEF6C29D1C3E1A8678E07190 ] bthserv C:\Windows\system32\bthserv.dll 23:22:50.0225 1796 bthserv - ok 23:22:50.0345 1796 catchme - ok 23:22:50.0385 1796 [ 77EA11B065E0A8AB902D78145CA51E10 ] cdfs C:\Windows\system32\DRIVERS\cdfs.sys 23:22:50.0455 1796 cdfs - ok 23:22:50.0515 1796 [ BE167ED0FDB9C1FA1133953C18D5A6C9 ] cdrom C:\Windows\system32\DRIVERS\cdrom.sys 23:22:50.0555 1796 cdrom - ok 23:22:50.0625 1796 [ 319C6B309773D063541D01DF8AC6F55F ] CertPropSvc C:\Windows\System32\certprop.dll 23:22:50.0685 1796 CertPropSvc - ok 23:22:50.0745 1796 [ 3FE3FE94A34DF6FB06E6418D0F6A0060 ] circlass C:\Windows\system32\DRIVERS\circlass.sys 23:22:50.0765 1796 circlass - ok 23:22:50.0795 1796 [ 635181E0E9BBF16871BF5380D71DB02D ] CLFS C:\Windows\system32\CLFS.sys 23:22:50.0815 1796 CLFS - ok 23:22:50.0875 1796 [ D88040F816FDA31C3B466F0FA0918F29 ] clr_optimization_v2.0.50727_32 C:\Windows\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe 23:22:50.0895 1796 clr_optimization_v2.0.50727_32 - ok 23:22:50.0965 1796 [ C5A75EB48E2344ABDC162BDA79E16841 ] clr_optimization_v4.0.30319_32 C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe 23:22:50.0985 1796 clr_optimization_v4.0.30319_32 - ok 23:22:51.0015 1796 [ DEA805815E587DAD1DD2C502220B5616 ] CmBatt C:\Windows\system32\DRIVERS\CmBatt.sys 23:22:51.0025 1796 CmBatt - ok 23:22:51.0065 1796 [ C537B1DB64D495B9B4717B4D6D9EDBF2 ] cmdide C:\Windows\system32\drivers\cmdide.sys 23:22:51.0075 1796 cmdide - ok 23:22:51.0125 1796 [ 247B4CE2DAB1160CD422D532D5241E1F ] CNG C:\Windows\system32\Drivers\cng.sys 23:22:51.0155 1796 CNG - ok 23:22:51.0175 1796 [ A6023D3823C37043986713F118A89BEE ] Compbatt C:\Windows\system32\DRIVERS\compbatt.sys 23:22:51.0195 1796 Compbatt - ok 23:22:51.0255 1796 [ CBE8C58A8579CFE5FCCF809E6F114E89 ] CompositeBus C:\Windows\system32\drivers\CompositeBus.sys 23:22:51.0305 1796 CompositeBus - ok 23:22:51.0335 1796 COMSysApp - ok 23:22:51.0375 1796 [ 2C4EBCFC84A9B44F209DFF6C6E6C61D1 ] crcdisk C:\Windows\system32\DRIVERS\crcdisk.sys 23:22:51.0395 1796 crcdisk - ok 23:22:51.0455 1796 [ 96C0E38905CFD788313BE8E11DAE3F2F ] CryptSvc C:\Windows\system32\cryptsvc.dll 23:22:51.0525 1796 CryptSvc - ok 23:22:51.0595 1796 [ 7660F01D3B38ACA1747E397D21D790AF ] DcomLaunch C:\Windows\system32\rpcss.dll 23:22:51.0655 1796 DcomLaunch - ok 23:22:51.0695 1796 [ 8D6E10A2D9A5EED59562D9B82CF804E1 ] defragsvc C:\Windows\System32\defragsvc.dll 23:22:51.0755 1796 defragsvc - ok 23:22:51.0835 1796 [ F024449C97EC1E464AAFFDA18593DB88 ] DfsC C:\Windows\system32\Drivers\dfsc.sys 23:22:51.0885 1796 DfsC - ok 23:22:51.0965 1796 [ E9E01EB683C132F7FA27CD607B8A2B63 ] Dhcp C:\Windows\system32\dhcpcore.dll 23:22:52.0025 1796 Dhcp - ok 23:22:52.0055 1796 [ 1A050B0274BFB3890703D490F330C0DA ] discache C:\Windows\system32\drivers\discache.sys 23:22:52.0115 1796 discache - ok 23:22:52.0155 1796 [ 565003F326F99802E68CA78F2A68E9FF ] Disk C:\Windows\system32\DRIVERS\disk.sys 23:22:52.0165 1796 Disk - ok 23:22:52.0205 1796 [ 33EF4861F19A0736B11314AAD9AE28D0 ] Dnscache C:\Windows\System32\dnsrslvr.dll 23:22:52.0275 1796 Dnscache - ok 23:22:52.0305 1796 [ 366BA8FB4B7BB7435E3B9EACB3843F67 ] dot3svc C:\Windows\System32\dot3svc.dll 23:22:52.0375 1796 dot3svc - ok 23:22:52.0415 1796 [ 8EC04CA86F1D68DA9E11952EB85973D6 ] DPS C:\Windows\system32\dps.dll 23:22:52.0475 1796 DPS - ok 23:22:52.0525 1796 [ B918E7C5F9BF77202F89E1A9539F2EB4 ] drmkaud C:\Windows\system32\drivers\drmkaud.sys 23:22:52.0565 1796 drmkaud - ok 23:22:52.0625 1796 [ 23F5D28378A160352BA8F817BD8C71CB ] DXGKrnl C:\Windows\System32\drivers\dxgkrnl.sys 23:22:52.0655 1796 DXGKrnl - ok 23:22:52.0705 1796 [ 8600142FA91C1B96367D3300AD0F3F3A ] EapHost C:\Windows\System32\eapsvc.dll 23:22:52.0765 1796 EapHost - ok 23:22:52.0885 1796 [ 024E1B5CAC09731E4D868E64DBFB4AB0 ] ebdrv C:\Windows\system32\DRIVERS\evbdx.sys 23:22:53.0015 1796 ebdrv - ok 23:22:53.0065 1796 [ 81951F51E318AECC2D68559E47485CC4 ] EFS C:\Windows\System32\lsass.exe 23:22:53.0145 1796 EFS - ok 23:22:53.0215 1796 [ A8C362018EFC87BEB013EE28F29C0863 ] ehRecvr C:\Windows\ehome\ehRecvr.exe 23:22:53.0335 1796 ehRecvr - ok 23:22:53.0365 1796 [ D389BFF34F80CAEDE417BF9D1507996A ] ehSched C:\Windows\ehome\ehsched.exe 23:22:53.0445 1796 ehSched - ok 23:22:53.0485 1796 [ 0ED67910C8C326796FAA00B2BF6D9D3C ] elxstor C:\Windows\system32\DRIVERS\elxstor.sys 23:22:53.0505 1796 elxstor - ok 23:22:53.0525 1796 [ 8FC3208352DD3912C94367A206AB3F11 ] ErrDev C:\Windows\system32\drivers\errdev.sys 23:22:53.0565 1796 ErrDev - ok 23:22:53.0625 1796 [ F6916EFC29D9953D5D0DF06882AE8E16 ] EventSystem C:\Windows\system32\es.dll 23:22:53.0695 1796 EventSystem - ok 23:22:53.0725 1796 [ 2DC9108D74081149CC8B651D3A26207F ] exfat C:\Windows\system32\drivers\exfat.sys 23:22:53.0785 1796 exfat - ok 23:22:53.0875 1796 Fabs - ok 23:22:53.0905 1796 [ 7E0AB74553476622FB6AE36F73D97D35 ] fastfat C:\Windows\system32\drivers\fastfat.sys 23:22:53.0965 1796 fastfat - ok 23:22:54.0045 1796 [ 967EA5B213E9984CBE270205DF37755B ] Fax C:\Windows\system32\fxssvc.exe 23:22:54.0105 1796 Fax - ok 23:22:54.0155 1796 [ E817A017F82DF2A1F8CFDBDA29388B29 ] fdc C:\Windows\system32\DRIVERS\fdc.sys 23:22:54.0176 1796 fdc - ok 23:22:54.0196 1796 [ F3222C893BD2F5821A0179E5C71E88FB ] fdPHost C:\Windows\system32\fdPHost.dll 23:22:54.0246 1796 fdPHost - ok 23:22:54.0286 1796 [ 7DBE8CBFE79EFBDEB98C9FB08D3A9A5B ] FDResPub C:\Windows\system32\fdrespub.dll 23:22:54.0336 1796 FDResPub - ok 23:22:54.0366 1796 [ 6CF00369C97F3CF563BE99BE983D13D8 ] FileInfo C:\Windows\system32\drivers\fileinfo.sys 23:22:54.0376 1796 FileInfo - ok 23:22:54.0406 1796 [ 42C51DC94C91DA21CB9196EB64C45DB9 ] Filetrace C:\Windows\system32\drivers\filetrace.sys 23:22:54.0456 1796 Filetrace - ok 23:22:54.0576 1796 [ FFF1130F7C9FA01D093A1EDFC5CCE8FC ] FirebirdServerMAGIXInstance C:\Program Files\Common Files\MAGIX Services\Database\bin\fbserver.exe 23:22:54.0706 1796 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - warning 23:22:54.0706 1796 FirebirdServerMAGIXInstance - detected UnsignedFile.Multi.Generic (1) 23:22:54.0746 1796 [ 87907AA70CB3C56600F1C2FB8841579B ] flpydisk C:\Windows\system32\DRIVERS\flpydisk.sys 23:22:54.0786 1796 flpydisk - ok 23:22:54.0826 1796 [ 7520EC808E0C35E0EE6F841294316653 ] FltMgr C:\Windows\system32\drivers\fltmgr.sys 23:22:54.0846 1796 FltMgr - ok 23:22:54.0946 1796 [ E12C4928B32ACE04610259647F072635 ] FontCache C:\Windows\system32\FntCache.dll 23:22:55.0026 1796 FontCache - ok 23:22:55.0076 1796 [ E56F39F6B7FDA0AC77A79B0FD3DE1A2F ] FontCache3.0.0.0 C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe 23:22:55.0106 1796 FontCache3.0.0.0 - ok 23:22:55.0126 1796 [ 1A16B57943853E598CFF37FE2B8CBF1D ] FsDepends C:\Windows\system32\drivers\FsDepends.sys 23:22:55.0136 1796 FsDepends - ok 23:22:55.0166 1796 [ 7DAE5EBCC80E45D3253F4923DC424D05 ] Fs_Rec C:\Windows\system32\drivers\Fs_Rec.sys 23:22:55.0186 1796 Fs_Rec - ok 23:22:55.0226 1796 [ E306A24D9694C724FA2491278BF50FDB ] fvevol C:\Windows\system32\DRIVERS\fvevol.sys 23:22:55.0246 1796 fvevol - ok 23:22:55.0266 1796 [ 65EE0C7A58B65E74AE05637418153938 ] gagp30kx C:\Windows\system32\DRIVERS\gagp30kx.sys 23:22:55.0286 1796 gagp30kx - ok 23:22:55.0326 1796 [ 185ADA973B5020655CEE342059A86CBB ] GEARAspiWDM C:\Windows\system32\DRIVERS\GEARAspiWDM.sys 23:22:55.0336 1796 GEARAspiWDM - ok 23:22:55.0386 1796 [ 007AEA2E06E7CEF7372E40C277163959 ] ggflt C:\Windows\system32\DRIVERS\ggflt.sys 23:22:55.0396 1796 ggflt - ok 23:22:55.0416 1796 [ C73DE35960CA75C5AB4AE636B127C64E ] ggsemc C:\Windows\system32\DRIVERS\ggsemc.sys 23:22:55.0426 1796 ggsemc - ok 23:22:55.0476 1796 [ E897EAF5ED6BA41E081060C9B447A673 ] gpsvc C:\Windows\System32\gpsvc.dll 23:22:55.0576 1796 gpsvc - ok 23:22:55.0716 1796 [ F02A533F517EB38333CB12A9E8963773 ] gupdate C:\Program Files\Google\Update\GoogleUpdate.exe 23:22:55.0736 1796 gupdate - ok 23:22:55.0776 1796 [ F02A533F517EB38333CB12A9E8963773 ] gupdatem C:\Program Files\Google\Update\GoogleUpdate.exe 23:22:55.0786 1796 gupdatem - ok 23:22:55.0816 1796 [ C44E3C2BAB6837DB337DDEE7544736DB ] hcw85cir C:\Windows\system32\drivers\hcw85cir.sys 23:22:55.0886 1796 hcw85cir - ok 23:22:55.0926 1796 [ A5EF29D5315111C80A5C1ABAD14C8972 ] HdAudAddService C:\Windows\system32\drivers\HdAudio.sys 23:22:55.0976 1796 HdAudAddService - ok 23:22:56.0016 1796 [ 9036377B8A6C15DC2EEC53E489D159B5 ] HDAudBus C:\Windows\system32\drivers\HDAudBus.sys 23:22:56.0066 1796 HDAudBus - ok 23:22:56.0116 1796 [ A88485DC6A7136C10D9A6C7E38FDFE3C ] HECI C:\Windows\system32\DRIVERS\HECI.sys 23:22:56.0136 1796 HECI - ok 23:22:56.0156 1796 [ 1D58A7F3E11A9731D0EAAAA8405ACC36 ] HidBatt C:\Windows\system32\DRIVERS\HidBatt.sys 23:22:56.0196 1796 HidBatt - ok 23:22:56.0236 1796 [ 89448F40E6DF260C206A193A4683BA78 ] HidBth C:\Windows\system32\DRIVERS\hidbth.sys 23:22:56.0286 1796 HidBth - ok 23:22:56.0326 1796 [ CF50B4CF4A4F229B9F3C08351F99CA5E ] HidIr C:\Windows\system32\DRIVERS\hidir.sys 23:22:56.0366 1796 HidIr - ok 23:22:56.0406 1796 [ 2BC6F6A1992B3A77F5F41432CA6B3B6B ] hidserv C:\Windows\System32\hidserv.dll 23:22:56.0476 1796 hidserv - ok 23:22:56.0526 1796 [ 10C19F8290891AF023EAEC0832E1EB4D ] HidUsb C:\Windows\system32\drivers\hidusb.sys 23:22:56.0596 1796 HidUsb - ok 23:22:56.0646 1796 [ 196B4E3F4CCCC24AF836CE58FACBB699 ] hkmsvc C:\Windows\system32\kmsvc.dll 23:22:56.0706 1796 hkmsvc - ok 23:22:56.0756 1796 [ 6658F4404DE03D75FE3BA09F7ABA6A30 ] HomeGroupListener C:\Windows\system32\ListSvc.dll 23:22:56.0846 1796 HomeGroupListener - ok 23:22:56.0886 1796 [ DBC02D918FFF1CAD628ACBE0C0EAA8E8 ] HomeGroupProvider C:\Windows\system32\provsvc.dll 23:22:56.0956 1796 HomeGroupProvider - ok 23:22:57.0026 1796 [ 295FDC419039090EB8B49FFDBB374549 ] HpSAMD C:\Windows\system32\drivers\HpSAMD.sys 23:22:57.0046 1796 HpSAMD - ok 23:22:57.0106 1796 [ 871917B07A141BFF43D76D8844D48106 ] HTTP C:\Windows\system32\drivers\HTTP.sys 23:22:57.0146 1796 HTTP - ok 23:22:57.0197 1796 [ 0C4E035C7F105F1299258C90886C64C5 ] hwpolicy C:\Windows\system32\drivers\hwpolicy.sys 23:22:57.0207 1796 hwpolicy - ok 23:22:57.0257 1796 [ F151F0BDC47F4A28B1B20A0818EA36D6 ] i8042prt C:\Windows\system32\drivers\i8042prt.sys 23:22:57.0307 1796 i8042prt - ok 23:22:57.0357 1796 [ 26541A068572F650A2FA490726FE81BE ] iaStor C:\Windows\system32\DRIVERS\iaStor.sys 23:22:57.0377 1796 iaStor - ok 23:22:57.0417 1796 [ 31A0E93CDF29007D6C6FFFB632F375ED ] IAStorDataMgrSvc C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe 23:22:57.0437 1796 IAStorDataMgrSvc - ok 23:22:57.0487 1796 [ 5CD5F9A5444E6CDCB0AC89BD62D8B76E ] iaStorV C:\Windows\system32\drivers\iaStorV.sys 23:22:57.0507 1796 iaStorV - ok 23:22:57.0587 1796 [ C521D7EB6497BB1AF6AFA89E322FB43C ] idsvc C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe 23:22:57.0637 1796 idsvc - ok 23:22:57.0897 1796 [ 8266AE06DF974E5BA047B3E9E9E70B3F ] igfx C:\Windows\system32\DRIVERS\igdkmd32.sys 23:22:58.0327 1796 igfx - ok 23:22:58.0347 1796 [ 4173FF5708F3236CF25195FECD742915 ] iirsp C:\Windows\system32\DRIVERS\iirsp.sys 23:22:58.0357 1796 iirsp - ok 23:22:58.0427 1796 [ F95622F161474511B8D80D6B093AA610 ] IKEEXT C:\Windows\System32\ikeext.dll 23:22:58.0497 1796 IKEEXT - ok 23:22:58.0557 1796 [ 03C0D99BC2913226F1CEA7CB0D984659 ] Impcd C:\Windows\system32\DRIVERS\Impcd.sys 23:22:58.0627 1796 Impcd - ok 23:22:58.0737 1796 [ F4427E5DF32CDE359B2E2E5512D18001 ] IntcAzAudAddService C:\Windows\system32\drivers\RTKVHDA.sys 23:22:58.0847 1796 IntcAzAudAddService - ok 23:22:58.0917 1796 [ BF31740828A26AB451803E3B35432651 ] IntcDAud C:\Windows\system32\DRIVERS\IntcDAud.sys 23:22:58.0987 1796 IntcDAud - ok 23:22:59.0017 1796 [ A0F12F2C9BA6C72F3987CE780E77C130 ] intelide C:\Windows\system32\drivers\intelide.sys 23:22:59.0027 1796 intelide - ok 23:22:59.0077 1796 [ 3B514D27BFC4ACCB4037BC6685F766E0 ] intelppm C:\Windows\system32\DRIVERS\intelppm.sys 23:22:59.0117 1796 intelppm - ok 23:22:59.0157 1796 [ ACB364B9075A45C0736E5C47BE5CAE19 ] IPBusEnum C:\Windows\system32\ipbusenum.dll 23:22:59.0207 1796 IPBusEnum - ok 23:22:59.0237 1796 [ 709D1761D3B19A932FF0238EA6D50200 ] IpFilterDriver C:\Windows\system32\DRIVERS\ipfltdrv.sys 23:22:59.0297 1796 IpFilterDriver - ok 23:22:59.0387 1796 [ 58F67245D041FBE7AF88F4EAF79DF0FA ] iphlpsvc C:\Windows\System32\iphlpsvc.dll 23:22:59.0477 1796 iphlpsvc - ok 23:22:59.0507 1796 [ 4BD7134618C1D2A27466A099062547BF ] IPMIDRV C:\Windows\system32\drivers\IPMIDrv.sys 23:22:59.0557 1796 IPMIDRV - ok 23:22:59.0597 1796 [ A5FA468D67ABCDAA36264E463A7BB0CD ] IPNAT C:\Windows\system32\drivers\ipnat.sys 23:22:59.0657 1796 IPNAT - ok 23:22:59.0807 1796 [ E46B17060D3962A384AE484094614788 ] iPod Service C:\Program Files\iPod\bin\iPodService.exe 23:22:59.0837 1796 iPod Service - ok 23:22:59.0917 1796 [ CF79FF3D10864F73660A34E006B6B8F8 ] iPodDrv C:\Windows\system32\drivers\iPodDrv.sys 23:22:59.0947 1796 iPodDrv ( UnsignedFile.Multi.Generic ) - warning 23:22:59.0947 1796 iPodDrv - detected UnsignedFile.Multi.Generic (1) 23:22:59.0987 1796 [ 42996CFF20A3084A56017B7902307E9F ] IRENUM C:\Windows\system32\drivers\irenum.sys 23:23:00.0057 1796 IRENUM - ok 23:23:00.0107 1796 [ 1F32BB6B38F62F7DF1A7AB7292638A35 ] isapnp C:\Windows\system32\drivers\isapnp.sys 23:23:00.0117 1796 isapnp - ok 23:23:00.0147 1796 [ CB7A9ABB12B8415BCE5D74994C7BA3AE ] iScsiPrt C:\Windows\system32\drivers\msiscsi.sys 23:23:00.0167 1796 iScsiPrt - ok 23:23:00.0197 1796 [ ADEF52CA1AEAE82B50DF86B56413107E ] kbdclass C:\Windows\system32\drivers\kbdclass.sys 23:23:00.0207 1796 kbdclass - ok 23:23:00.0257 1796 [ 9E3CED91863E6EE98C24794D05E27A71 ] kbdhid C:\Windows\system32\drivers\kbdhid.sys 23:23:00.0297 1796 kbdhid - ok 23:23:00.0327 1796 [ 81951F51E318AECC2D68559E47485CC4 ] KeyIso C:\Windows\system32\lsass.exe 23:23:00.0337 1796 KeyIso - ok 23:23:00.0387 1796 [ B7895B4182C0D16F6EFADEB8081E8D36 ] KSecDD C:\Windows\system32\Drivers\ksecdd.sys 23:23:00.0397 1796 KSecDD - ok 23:23:00.0417 1796 [ D30159AC9237519FBC62C6EC247D2D46 ] KSecPkg C:\Windows\system32\Drivers\ksecpkg.sys 23:23:00.0437 1796 KSecPkg - ok 23:23:00.0467 1796 [ 89A7B9CC98D0D80C6F31B91C0A310FCD ] KtmRm C:\Windows\system32\msdtckrm.dll 23:23:00.0527 1796 KtmRm - ok 23:23:00.0587 1796 [ 4566FD5F4416E7FEF3600E4B30D086C3 ] L1C C:\Windows\system32\DRIVERS\L1C62x86.sys 23:23:00.0597 1796 L1C - ok 23:23:00.0657 1796 [ D64AF876D53ECA3668BB97B51B4E70AB ] LanmanServer C:\Windows\System32\srvsvc.dll 23:23:00.0727 1796 LanmanServer - ok 23:23:00.0747 1796 [ 58405E4F68BA8E4057C6E914F326ABA2 ] LanmanWorkstation C:\Windows\System32\wkssvc.dll 23:23:00.0817 1796 LanmanWorkstation - ok 23:23:00.0857 1796 [ F7611EC07349979DA9B0AE1F18CCC7A6 ] lltdio C:\Windows\system32\DRIVERS\lltdio.sys 23:23:00.0947 1796 lltdio - ok 23:23:00.0987 1796 [ 5700673E13A2117FA3B9020C852C01E2 ] lltdsvc C:\Windows\System32\lltdsvc.dll 23:23:01.0047 1796 lltdsvc - ok 23:23:01.0077 1796 [ 55CA01BA19D0006C8F2639B6C045E08B ] lmhosts C:\Windows\System32\lmhsvc.dll 23:23:01.0117 1796 lmhosts - ok 23:23:01.0167 1796 [ 1E2F802846EB944E0333EFEE7C9532A8 ] LMS C:\Program Files\Intel\Intel(R) Management Engine Components\LMS\LMS.exe 23:23:01.0177 1796 LMS - ok 23:23:01.0227 1796 [ EB119A53CCF2ACC000AC71B065B78FEF ] LSI_FC C:\Windows\system32\DRIVERS\lsi_fc.sys 23:23:01.0237 1796 LSI_FC - ok 23:23:01.0277 1796 [ 8ADE1C877256A22E49B75D1CC9161F9C ] LSI_SAS C:\Windows\system32\DRIVERS\lsi_sas.sys 23:23:01.0287 1796 LSI_SAS - ok 23:23:01.0307 1796 [ DC9DC3D3DAA0E276FD2EC262E38B11E9 ] LSI_SAS2 C:\Windows\system32\DRIVERS\lsi_sas2.sys 23:23:01.0327 1796 LSI_SAS2 - ok 23:23:01.0337 1796 [ 0A036C7D7CAB643A7F07135AC47E0524 ] LSI_SCSI C:\Windows\system32\DRIVERS\lsi_scsi.sys 23:23:01.0347 1796 LSI_SCSI - ok 23:23:01.0377 1796 [ 6703E366CC18D3B6E534F5CF7DF39CEE ] luafv C:\Windows\system32\drivers\luafv.sys 23:23:01.0437 1796 luafv - ok 23:23:01.0487 1796 [ BFB9EE8EE977EFE85D1A3105ABEF6DD1 ] Mcx2Svc C:\Windows\system32\Mcx2Svc.dll 23:23:01.0497 1796 Mcx2Svc - ok 23:23:01.0527 1796 [ 0FFF5B045293002AB38EB1FD1FC2FB74 ] megasas C:\Windows\system32\DRIVERS\megasas.sys 23:23:01.0547 1796 megasas - ok 23:23:01.0577 1796 [ DCBAB2920C75F390CAF1D29F675D03D6 ] MegaSR C:\Windows\system32\DRIVERS\MegaSR.sys 23:23:01.0597 1796 MegaSR - ok 23:23:01.0627 1796 [ 146B6F43A673379A3C670E86D89BE5EA ] MMCSS C:\Windows\system32\mmcss.dll 23:23:01.0687 1796 MMCSS - ok 23:23:01.0757 1796 [ 5B9CA81817E046666E7ABF8B9B101545 ] mod7700 C:\Windows\system32\DRIVERS\mod7700.sys 23:23:01.0777 1796 mod7700 - ok 23:23:01.0807 1796 [ F001861E5700EE84E2D4E52C712F4964 ] Modem C:\Windows\system32\drivers\modem.sys 23:23:01.0877 1796 Modem - ok 23:23:01.0917 1796 [ 79D10964DE86B292320E9DFE02282A23 ] monitor C:\Windows\system32\DRIVERS\monitor.sys 23:23:01.0957 1796 monitor - ok 23:23:02.0017 1796 [ FB18CC1D4C2E716B6B903B0AC0CC0609 ] mouclass C:\Windows\system32\drivers\mouclass.sys 23:23:02.0037 1796 mouclass - ok 23:23:02.0067 1796 [ 2C388D2CD01C9042596CF3C8F3C7B24D ] mouhid C:\Windows\system32\DRIVERS\mouhid.sys 23:23:02.0097 1796 mouhid - ok 23:23:02.0157 1796 [ FC8771F45ECCCFD89684E38842539B9B ] mountmgr C:\Windows\system32\drivers\mountmgr.sys 23:23:02.0167 1796 mountmgr - ok 23:23:02.0237 1796 [ 7EDBBB9351A38C6BB0FE98CFD44DB430 ] MozillaMaintenance C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe 23:23:02.0257 1796 MozillaMaintenance - ok 23:23:02.0267 1796 [ 2D699FB6E89CE0D8DA14ECC03B3EDFE0 ] mpio C:\Windows\system32\drivers\mpio.sys 23:23:02.0287 1796 mpio - ok 23:23:02.0317 1796 [ AD2723A7B53DD1AACAE6AD8C0BFBF4D0 ] mpsdrv C:\Windows\system32\drivers\mpsdrv.sys 23:23:02.0377 1796 mpsdrv - ok 23:23:02.0427 1796 [ 9835584E999D25004E1EE8E5F3E3B881 ] MpsSvc C:\Windows\system32\mpssvc.dll 23:23:02.0507 1796 MpsSvc - ok 23:23:02.0567 1796 [ CEB46AB7C01C9F825F8CC6BABC18166A ] MRxDAV C:\Windows\system32\drivers\mrxdav.sys 23:23:02.0617 1796 MRxDAV - ok 23:23:02.0697 1796 [ 5D16C921E3671636C0EBA3BBAAC5FD25 ] mrxsmb C:\Windows\system32\DRIVERS\mrxsmb.sys 23:23:02.0797 1796 mrxsmb - ok 23:23:02.0837 1796 [ 6D17A4791ACA19328C685D256349FEFC ] mrxsmb10 C:\Windows\system32\DRIVERS\mrxsmb10.sys 23:23:02.0877 1796 mrxsmb10 - ok 23:23:02.0907 1796 [ B81F204D146000BE76651A50670A5E9E ] mrxsmb20 C:\Windows\system32\DRIVERS\mrxsmb20.sys 23:23:02.0967 1796 mrxsmb20 - ok 23:23:03.0017 1796 [ 012C5F4E9349E711E11E0F19A8589F0A ] msahci C:\Windows\system32\drivers\msahci.sys 23:23:03.0037 1796 msahci - ok 23:23:03.0077 1796 [ 55055F8AD8BE27A64C831322A780A228 ] msdsm C:\Windows\system32\drivers\msdsm.sys 23:23:03.0097 1796 msdsm - ok 23:23:03.0117 1796 [ E1BCE74A3BD9902B72599C0192A07E27 ] MSDTC C:\Windows\System32\msdtc.exe 23:23:03.0157 1796 MSDTC - ok 23:23:03.0187 1796 [ DAEFB28E3AF5A76ABCC2C3078C07327F ] Msfs C:\Windows\system32\drivers\Msfs.sys 23:23:03.0227 1796 Msfs - ok 23:23:03.0247 1796 [ 3E1E5767043C5AF9367F0056295E9F84 ] mshidkmdf C:\Windows\System32\drivers\mshidkmdf.sys 23:23:03.0307 1796 mshidkmdf - ok 23:23:03.0337 1796 [ 0A4E5757AE09FA9622E3158CC1AEF114 ] msisadrv C:\Windows\system32\drivers\msisadrv.sys 23:23:03.0347 1796 msisadrv - ok 23:23:03.0377 1796 [ 90F7D9E6B6F27E1A707D4A297F077828 ] MSiSCSI C:\Windows\system32\iscsiexe.dll 23:23:03.0437 1796 MSiSCSI - ok 23:23:03.0447 1796 msiserver - ok 23:23:03.0487 1796 [ 8C0860D6366AAFFB6C5BB9DF9448E631 ] MSKSSRV C:\Windows\system32\drivers\MSKSSRV.sys 23:23:03.0517 1796 MSKSSRV - ok 23:23:03.0537 1796 [ 3EA8B949F963562CEDBB549EAC0C11CE ] MSPCLOCK C:\Windows\system32\drivers\MSPCLOCK.sys 23:23:03.0587 1796 MSPCLOCK - ok 23:23:03.0607 1796 [ F456E973590D663B1073E9C463B40932 ] MSPQM C:\Windows\system32\drivers\MSPQM.sys 23:23:03.0667 1796 MSPQM - ok 23:23:03.0697 1796 [ 0E008FC4819D238C51D7C93E7B41E560 ] MsRPC C:\Windows\system32\drivers\MsRPC.sys 23:23:03.0707 1796 MsRPC - ok 23:23:03.0747 1796 [ FC6B9FF600CC585EA38B12589BD4E246 ] mssmbios C:\Windows\system32\drivers\mssmbios.sys 23:23:03.0767 1796 mssmbios - ok 23:23:03.0777 1796 [ B42C6B921F61A6E55159B8BE6CD54A36 ] MSTEE C:\Windows\system32\drivers\MSTEE.sys 23:23:03.0807 1796 MSTEE - ok 23:23:03.0817 1796 [ 33599130F44E1F34631CEA241DE8AC84 ] MTConfig C:\Windows\system32\DRIVERS\MTConfig.sys 23:23:03.0827 1796 MTConfig - ok 23:23:03.0847 1796 [ 159FAD02F64E6381758C990F753BCC80 ] Mup C:\Windows\system32\Drivers\mup.sys 23:23:03.0857 1796 Mup - ok 23:23:03.0897 1796 [ 61D57A5D7C6D9AFE10E77DAE6E1B445E ] napagent C:\Windows\system32\qagentRT.dll 23:23:03.0987 1796 napagent - ok 23:23:04.0027 1796 [ 26384429FCD85D83746F63E798AB1480 ] NativeWifiP C:\Windows\system32\DRIVERS\nwifi.sys 23:23:04.0057 1796 NativeWifiP - ok 23:23:04.0107 1796 [ 8C9C922D71F1CD4DEF73F186416B7896 ] NDIS C:\Windows\system32\drivers\ndis.sys 23:23:04.0127 1796 NDIS - ok 23:23:04.0157 1796 [ 0E1787AA6C9191D3D319E8BAFE86F80C ] NdisCap C:\Windows\system32\DRIVERS\ndiscap.sys 23:23:04.0218 1796 NdisCap - ok 23:23:04.0258 1796 [ E4A8AEC125A2E43A9E32AFEEA7C9C888 ] NdisTapi C:\Windows\system32\DRIVERS\ndistapi.sys 23:23:04.0308 1796 NdisTapi - ok 23:23:04.0378 1796 [ D8A65DAFB3EB41CBB622745676FCD072 ] Ndisuio C:\Windows\system32\DRIVERS\ndisuio.sys 23:23:04.0448 1796 Ndisuio - ok 23:23:04.0498 1796 [ 38FBE267E7E6983311179230FACB1017 ] NdisWan C:\Windows\system32\DRIVERS\ndiswan.sys 23:23:04.0558 1796 NdisWan - ok 23:23:04.0598 1796 [ A4BDC541E69674FBFF1A8FF00BE913F2 ] NDProxy C:\Windows\system32\drivers\NDProxy.sys 23:23:04.0658 1796 NDProxy - ok 23:23:04.0698 1796 [ 80B275B1CE3B0E79909DB7B39AF74D51 ] NetBIOS C:\Windows\system32\DRIVERS\netbios.sys 23:23:04.0758 1796 NetBIOS - ok 23:23:04.0808 1796 [ 280122DDCF04B378EDD1AD54D71C1E54 ] NetBT C:\Windows\system32\DRIVERS\netbt.sys 23:23:04.0878 1796 NetBT - ok 23:23:04.0918 1796 [ 81951F51E318AECC2D68559E47485CC4 ] Netlogon C:\Windows\system32\lsass.exe 23:23:04.0928 1796 Netlogon - ok 23:23:04.0968 1796 [ 7CCCFCA7510684768DA22092D1FA4DB2 ] Netman C:\Windows\System32\netman.dll 23:23:05.0038 1796 Netman - ok 23:23:05.0068 1796 [ 8C338238C16777A802D6A9211EB2BA50 ] netprofm C:\Windows\System32\netprofm.dll 23:23:05.0108 1796 netprofm - ok 23:23:05.0158 1796 [ F476EC40033CDB91EFBE73EB99B8362D ] NetTcpPortSharing C:\Windows\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe 23:23:05.0178 1796 NetTcpPortSharing - ok 23:23:05.0198 1796 [ 1D85C4B390B0EE09C7A46B91EFB2C097 ] nfrd960 C:\Windows\system32\DRIVERS\nfrd960.sys 23:23:05.0219 1796 nfrd960 - ok 23:23:05.0259 1796 [ 374071043F9E4231EE43BE2BB48DD36D ] NlaSvc C:\Windows\System32\nlasvc.dll 23:23:05.0319 1796 NlaSvc - ok 23:23:05.0339 1796 [ 1DB262A9F8C087E8153D89BEF3D2235F ] Npfs C:\Windows\system32\drivers\Npfs.sys 23:23:05.0379 1796 Npfs - ok 23:23:05.0409 1796 [ BA387E955E890C8A88306D9B8D06BF17 ] nsi C:\Windows\system32\nsisvc.dll 23:23:05.0439 1796 nsi - ok 23:23:05.0459 1796 [ E9A0A4D07E53D8FEA2BB8387A3293C58 ] nsiproxy C:\Windows\system32\drivers\nsiproxy.sys 23:23:05.0519 1796 nsiproxy - ok 23:23:05.0589 1796 [ 5E43D2B0EE64123D4880DFA6626DEFDE ] Ntfs C:\Windows\system32\drivers\Ntfs.sys 23:23:05.0629 1796 Ntfs - ok 23:23:05.0649 1796 [ F9756A98D69098DCA8945D62858A812C ] Null C:\Windows\system32\drivers\Null.sys 23:23:05.0679 1796 Null - ok 23:23:05.0709 1796 [ B3E25EE28883877076E0E1FF877D02E0 ] nvraid C:\Windows\system32\drivers\nvraid.sys 23:23:05.0719 1796 nvraid - ok 23:23:05.0749 1796 [ 4380E59A170D88C4F1022EFF6719A8A4 ] nvstor C:\Windows\system32\drivers\nvstor.sys 23:23:05.0769 1796 nvstor - ok 23:23:05.0789 1796 [ 5A0983915F02BAE73267CC2A041F717D ] nv_agp C:\Windows\system32\drivers\nv_agp.sys 23:23:05.0799 1796 nv_agp - ok 23:23:05.0859 1796 [ 6ED44348CA155A86A5B9802DB2CEBC69 ] NxpCap C:\Windows\system32\DRIVERS\NxpCap.sys 23:23:05.0959 1796 NxpCap - ok 23:23:06.0009 1796 [ 08A70A1F2CDDE9BB49B885CB817A66EB ] ohci1394 C:\Windows\system32\drivers\ohci1394.sys 23:23:06.0049 1796 ohci1394 - ok 23:23:06.0149 1796 [ 9D10F99A6712E28F8ACD5641E3A7EA6B ] ose C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE 23:23:06.0169 1796 ose - ok 23:23:06.0399 1796 [ 358A9CCA612C68EB2F07DDAD4CE1D8D7 ] osppsvc C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE 23:23:06.0619 1796 osppsvc - ok 23:23:06.0649 1796 [ 82A8521DDC60710C3D3D3E7325209BEC ] p2pimsvc C:\Windows\system32\pnrpsvc.dll 23:23:06.0739 1796 p2pimsvc - ok 23:23:06.0769 1796 [ 59C3DDD501E39E006DAC31BF55150D91 ] p2psvc C:\Windows\system32\p2psvc.dll 23:23:06.0819 1796 p2psvc - ok 23:23:06.0849 1796 [ 2EA877ED5DD9713C5AC74E8EA7348D14 ] Parport C:\Windows\system32\DRIVERS\parport.sys 23:23:06.0889 1796 Parport - ok 23:23:06.0939 1796 [ 3F34A1B4C5F6475F320C275E63AFCE9B ] partmgr C:\Windows\system32\drivers\partmgr.sys 23:23:06.0949 1796 partmgr - ok 23:23:06.0969 1796 [ EB0A59F29C19B86479D36B35983DAADC ] Parvdm C:\Windows\system32\DRIVERS\parvdm.sys 23:23:07.0009 1796 Parvdm - ok 23:23:07.0049 1796 [ 358AB7956D3160000726574083DFC8A6 ] PcaSvc C:\Windows\System32\pcasvc.dll 23:23:07.0089 1796 PcaSvc - ok 23:23:07.0129 1796 [ 673E55C3498EB970088E812EA820AA8F ] pci C:\Windows\system32\drivers\pci.sys 23:23:07.0149 1796 pci - ok 23:23:07.0159 1796 [ AFE86F419014DB4E5593F69FFE26CE0A ] pciide C:\Windows\system32\drivers\pciide.sys 23:23:07.0179 1796 pciide - ok 23:23:07.0199 1796 [ F396431B31693E71E8A80687EF523506 ] pcmcia C:\Windows\system32\DRIVERS\pcmcia.sys 23:23:07.0209 1796 pcmcia - ok 23:23:07.0239 1796 [ 250F6B43D2B613172035C6747AEEB19F ] pcw C:\Windows\system32\drivers\pcw.sys 23:23:07.0249 1796 pcw - ok 23:23:07.0279 1796 [ 9E0104BA49F4E6973749A02BF41344ED ] PEAUTH C:\Windows\system32\drivers\peauth.sys 23:23:07.0349 1796 PEAUTH - ok 23:23:07.0459 1796 [ 414BBA67A3DED1D28437EB66AEB8A720 ] pla C:\Windows\system32\pla.dll 23:23:07.0549 1796 pla - ok 23:23:07.0609 1796 [ EC7BC28D207DA09E79B3E9FAF8B232CA ] PlugPlay C:\Windows\system32\umpnpmgr.dll 23:23:07.0679 1796 PlugPlay - ok 23:23:07.0709 1796 [ 63FF8572611249931EB16BB8EED6AFC8 ] PNRPAutoReg C:\Windows\system32\pnrpauto.dll 23:23:07.0749 1796 PNRPAutoReg - ok 23:23:07.0779 1796 [ 82A8521DDC60710C3D3D3E7325209BEC ] PNRPsvc C:\Windows\system32\pnrpsvc.dll 23:23:07.0799 1796 PNRPsvc - ok 23:23:07.0849 1796 [ 53946B69BA0836BD95B03759530C81EC ] PolicyAgent C:\Windows\System32\ipsecsvc.dll 23:23:07.0889 1796 PolicyAgent - ok 23:23:07.0929 1796 [ F87D30E72E03D579A5199CCB3831D6EA ] Power C:\Windows\system32\umpo.dll 23:23:07.0969 1796 Power - ok 23:23:07.0999 1796 [ 631E3E205AD6D86F2AED6A4A8E69F2DB ] PptpMiniport C:\Windows\system32\DRIVERS\raspptp.sys 23:23:08.0029 1796 PptpMiniport - ok 23:23:08.0049 1796 [ 85B1E3A0C7585BC4AAE6899EC6FCF011 ] Processor C:\Windows\system32\DRIVERS\processr.sys 23:23:08.0069 1796 Processor - ok 23:23:08.0129 1796 [ CADEFAC453040E370A1BDFF3973BE00D ] ProfSvc C:\Windows\system32\profsvc.dll 23:23:08.0199 1796 ProfSvc - ok 23:23:08.0219 1796 [ 81951F51E318AECC2D68559E47485CC4 ] ProtectedStorage C:\Windows\system32\lsass.exe 23:23:08.0229 1796 ProtectedStorage - ok 23:23:08.0259 1796 [ 6270CCAE2A86DE6D146529FE55B3246A ] Psched C:\Windows\system32\DRIVERS\pacer.sys 23:23:08.0319 1796 Psched - ok 23:23:08.0359 1796 [ A6A7AD767BF5141665F5C675F671B3E1 ] PSI_SVC_2 c:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe 23:23:08.0379 1796 PSI_SVC_2 - ok 23:23:08.0439 1796 [ AB95ECF1F6659A60DDC166D8315B0751 ] ql2300 C:\Windows\system32\DRIVERS\ql2300.sys 23:23:08.0479 1796 ql2300 - ok 23:23:08.0489 1796 [ B4DD51DD25182244B86737DC51AF2270 ] ql40xx C:\Windows\system32\DRIVERS\ql40xx.sys 23:23:08.0509 1796 ql40xx - ok 23:23:08.0539 1796 [ 31AC809E7707EB580B2BDB760390765A ] QWAVE C:\Windows\system32\qwave.dll 23:23:08.0559 1796 QWAVE - ok 23:23:08.0569 1796 [ 584078CA1B95CA72DF2A27C336F9719D ] QWAVEdrv C:\Windows\system32\drivers\qwavedrv.sys 23:23:08.0579 1796 QWAVEdrv - ok 23:23:08.0609 1796 [ 30A81B53C766D0133BB86D234E5556AB ] RasAcd C:\Windows\system32\DRIVERS\rasacd.sys 23:23:08.0669 1796 RasAcd - ok 23:23:08.0709 1796 [ 57EC4AEF73660166074D8F7F31C0D4FD ] RasAgileVpn C:\Windows\system32\DRIVERS\AgileVpn.sys 23:23:08.0769 1796 RasAgileVpn - ok 23:23:08.0789 1796 [ A60F1839849C0C00739787FD5EC03F13 ] RasAuto C:\Windows\System32\rasauto.dll 23:23:08.0829 1796 RasAuto - ok 23:23:08.0849 1796 [ D9F91EAFEC2815365CBE6D167E4E332A ] Rasl2tp C:\Windows\system32\DRIVERS\rasl2tp.sys 23:23:08.0909 1796 Rasl2tp - ok 23:23:08.0949 1796 [ CB9E04DC05EACF5B9A36CA276D475006 ] RasMan C:\Windows\System32\rasmans.dll 23:23:09.0009 1796 RasMan - ok 23:23:09.0049 1796 [ 0FE8B15916307A6AC12BFB6A63E45507 ] RasPppoe C:\Windows\system32\DRIVERS\raspppoe.sys 23:23:09.0099 1796 RasPppoe - ok 23:23:09.0149 1796 [ 44101F495A83EA6401D886E7FD70096B ] RasSstp C:\Windows\system32\DRIVERS\rassstp.sys 23:23:09.0199 1796 RasSstp - ok 23:23:09.0260 1796 [ D528BC58A489409BA40334EBF96A311B ] rdbss C:\Windows\system32\DRIVERS\rdbss.sys 23:23:09.0320 1796 rdbss - ok 23:23:09.0360 1796 [ 0D8F05481CB76E70E1DA06EE9F0DA9DF ] rdpbus C:\Windows\system32\DRIVERS\rdpbus.sys 23:23:09.0400 1796 rdpbus - ok 23:23:09.0440 1796 [ 23DAE03F29D253AE74C44F99E515F9A1 ] RDPCDD C:\Windows\system32\DRIVERS\RDPCDD.sys 23:23:09.0490 1796 RDPCDD - ok 23:23:09.0540 1796 [ 5A53CA1598DD4156D44196D200C94B8A ] RDPENCDD C:\Windows\system32\drivers\rdpencdd.sys 23:23:09.0590 1796 RDPENCDD - ok 23:23:09.0610 1796 [ 44B0A53CD4F27D50ED461DAE0C0B4E1F ] RDPREFMP C:\Windows\system32\drivers\rdprefmp.sys 23:23:09.0640 1796 RDPREFMP - ok 23:23:09.0680 1796 [ F031683E6D1FEA157ABB2FF260B51E61 ] RDPWD C:\Windows\system32\drivers\RDPWD.sys 23:23:09.0740 1796 RDPWD - ok 23:23:09.0800 1796 [ 518395321DC96FE2C9F0E96AC743B656 ] rdyboost C:\Windows\system32\drivers\rdyboost.sys 23:23:09.0820 1796 rdyboost - ok 23:23:09.0850 1796 [ 7B5E1419717FAC363A31CC302895217A ] RemoteAccess C:\Windows\System32\mprdim.dll 23:23:09.0880 1796 RemoteAccess - ok 23:23:09.0920 1796 [ CB9A8683F4EF2BF99E123D79950D7935 ] RemoteRegistry C:\Windows\system32\regsvc.dll 23:23:09.0980 1796 RemoteRegistry - ok 23:23:10.0010 1796 [ 78D072F35BC45D9E4E1B61895C152234 ] RpcEptMapper C:\Windows\System32\RpcEpMap.dll 23:23:10.0070 1796 RpcEptMapper - ok 23:23:10.0090 1796 [ 94D36C0E44677DD26981D2BFEEF2A29D ] RpcLocator C:\Windows\system32\locator.exe 23:23:10.0130 1796 RpcLocator - ok 23:23:10.0170 1796 [ 7660F01D3B38ACA1747E397D21D790AF ] RpcSs C:\Windows\system32\rpcss.dll 23:23:10.0210 1796 RpcSs - ok 23:23:10.0240 1796 [ 032B0D36AD92B582D869879F5AF5B928 ] rspndr C:\Windows\system32\DRIVERS\rspndr.sys 23:23:10.0300 1796 rspndr - ok 23:23:10.0360 1796 [ A633399432491BB173BB3CF3B41B9C55 ] RSUSBSTOR C:\Windows\System32\Drivers\RtsUStor.sys 23:23:10.0380 1796 RSUSBSTOR - ok 23:23:10.0420 1796 [ B5E9979FBB26FC059BD87A81F763D5DA ] rtl8192se C:\Windows\system32\DRIVERS\rtl8192se.sys 23:23:10.0450 1796 rtl8192se - ok 23:23:10.0490 1796 [ 59509AD6CBC28F2C73056268985B3E48 ] s0016bus C:\Windows\system32\DRIVERS\s0016bus.sys 23:23:10.0510 1796 s0016bus - ok 23:23:10.0530 1796 [ B98C3A6F91F4FBA285AF9606A240C6B4 ] s0016mdfl C:\Windows\system32\DRIVERS\s0016mdfl.sys 23:23:10.0540 1796 s0016mdfl - ok 23:23:10.0560 1796 [ 8A83426F4FB7B5212825D9DE76368B1A ] s0016mdm C:\Windows\system32\DRIVERS\s0016mdm.sys 23:23:10.0580 1796 s0016mdm - ok 23:23:10.0590 1796 [ 7A78BBA97FEB5E6D24C49E93A3BF7287 ] s0016mgmt C:\Windows\system32\DRIVERS\s0016mgmt.sys 23:23:10.0600 1796 s0016mgmt - ok 23:23:10.0620 1796 [ 34EF7B5F611957B73E7219DD5A222AD1 ] s0016nd5 C:\Windows\system32\DRIVERS\s0016nd5.sys 23:23:10.0630 1796 s0016nd5 - ok 23:23:10.0660 1796 [ 36792935847143E4A3CDA0DC87248487 ] s0016obex C:\Windows\system32\DRIVERS\s0016obex.sys 23:23:10.0670 1796 s0016obex - ok 23:23:10.0710 1796 [ 927208754FB27FC3E7A659E77500C5D1 ] s0016unic C:\Windows\system32\DRIVERS\s0016unic.sys 23:23:10.0720 1796 s0016unic - ok 23:23:10.0740 1796 [ 81951F51E318AECC2D68559E47485CC4 ] SamSs C:\Windows\system32\lsass.exe 23:23:10.0750 1796 SamSs - ok 23:23:10.0760 1796 [ 05D860DA1040F111503AC416CCEF2BCA ] sbp2port C:\Windows\system32\drivers\sbp2port.sys 23:23:10.0780 1796 sbp2port - ok 23:23:10.0810 1796 [ 8FC518FFE9519C2631D37515A68009C4 ] SCardSvr C:\Windows\System32\SCardSvr.dll 23:23:10.0840 1796 SCardSvr - ok 23:23:10.0870 1796 [ 0693B5EC673E34DC147E195779A4DCF6 ] scfilter C:\Windows\system32\DRIVERS\scfilter.sys 23:23:10.0930 1796 scfilter - ok 23:23:11.0000 1796 [ A04BB13F8A72F8B6E8B4071723E4E336 ] Schedule C:\Windows\system32\schedsvc.dll 23:23:11.0060 1796 Schedule - ok 23:23:11.0090 1796 [ 319C6B309773D063541D01DF8AC6F55F ] SCPolicySvc C:\Windows\System32\certprop.dll 23:23:11.0120 1796 SCPolicySvc - ok 23:23:11.0180 1796 [ 08236C4BCE5EDD0A0318A438AF28E0F7 ] SDRSVC C:\Windows\System32\SDRSVC.dll 23:23:11.0280 1796 SDRSVC - ok 23:23:11.0320 1796 [ 90A3935D05B494A5A39D37E71F09A677 ] secdrv C:\Windows\system32\drivers\secdrv.sys 23:23:11.0380 1796 secdrv - ok 23:23:11.0410 1796 [ A59B3A4442C52060CC7A85293AA3546F ] seclogon C:\Windows\system32\seclogon.dll 23:23:11.0480 1796 seclogon - ok 23:23:11.0510 1796 [ DCB7FCDCC97F87360F75D77425B81737 ] SENS C:\Windows\system32\sens.dll 23:23:11.0560 1796 SENS - ok 23:23:11.0580 1796 [ 50087FE1EE447009C9CC2997B90DE53F ] SensrSvc C:\Windows\system32\sensrsvc.dll 23:23:11.0670 1796 SensrSvc - ok 23:23:11.0720 1796 [ 9AD8B8B515E3DF6ACD4212EF465DE2D1 ] Serenum C:\Windows\system32\DRIVERS\serenum.sys 23:23:11.0750 1796 Serenum - ok 23:23:11.0810 1796 [ 5FB7FCEA0490D821F26F39CC5EA3D1E2 ] Serial C:\Windows\system32\DRIVERS\serial.sys 23:23:11.0850 1796 Serial - ok 23:23:11.0900 1796 [ 79BFFB520327FF916A582DFEA17AA813 ] sermouse C:\Windows\system32\DRIVERS\sermouse.sys 23:23:11.0910 1796 sermouse - ok 23:23:11.0970 1796 [ 4AE380F39A0032EAB7DD953030B26D28 ] SessionEnv C:\Windows\system32\sessenv.dll 23:23:12.0040 1796 SessionEnv - ok 23:23:12.0080 1796 [ 9F976E1EB233DF46FCE808D9DEA3EB9C ] sffdisk C:\Windows\system32\drivers\sffdisk.sys 23:23:12.0140 1796 sffdisk - ok 23:23:12.0170 1796 [ 932A68EE27833CFD57C1639D375F2731 ] sffp_mmc C:\Windows\system32\drivers\sffp_mmc.sys 23:23:12.0210 1796 sffp_mmc - ok 23:23:12.0230 1796 [ 6D4CCAEDC018F1CF52866BBBAA235982 ] sffp_sd C:\Windows\system32\drivers\sffp_sd.sys 23:23:12.0250 1796 sffp_sd - ok 23:23:12.0270 1796 [ DB96666CC8312EBC45032F30B007A547 ] sfloppy C:\Windows\system32\DRIVERS\sfloppy.sys 23:23:12.0300 1796 sfloppy - ok 23:23:12.0350 1796 [ D1A079A0DE2EA524513B6930C24527A2 ] SharedAccess C:\Windows\System32\ipnathlp.dll 23:23:12.0420 1796 SharedAccess - ok 23:23:12.0450 1796 [ 414DA952A35BF5D50192E28263B40577 ] ShellHWDetection C:\Windows\System32\shsvcs.dll 23:23:12.0510 1796 ShellHWDetection - ok 23:23:12.0550 1796 [ 2565CAC0DC9FE0371BDCE60832582B2E ] sisagp C:\Windows\system32\drivers\sisagp.sys 23:23:12.0560 1796 sisagp - ok 23:23:12.0590 1796 [ A9F0486851BECB6DDA1D89D381E71055 ] SiSRaid2 C:\Windows\system32\DRIVERS\SiSRaid2.sys 23:23:12.0600 1796 SiSRaid2 - ok 23:23:12.0610 1796 [ 3727097B55738E2F554972C3BE5BC1AA ] SiSRaid4 C:\Windows\system32\DRIVERS\sisraid4.sys 23:23:12.0620 1796 SiSRaid4 - ok 23:23:12.0710 1796 [ A4FAB5F7818A69DA6E740943CB8F7CA9 ] SkypeUpdate C:\Program Files\Skype\Updater\Updater.exe 23:23:12.0790 1796 SkypeUpdate - ok 23:23:12.0820 1796 [ 3E21C083B8A01CB70BA1F09303010FCE ] Smb C:\Windows\system32\DRIVERS\smb.sys 23:23:12.0850 1796 Smb - ok 23:23:12.0890 1796 [ 6A984831644ECA1A33FFEAE4126F4F37 ] SNMPTRAP C:\Windows\System32\snmptrap.exe 23:23:12.0930 1796 SNMPTRAP - ok 23:23:13.0070 1796 [ 3A4F2C0BB87A0895ABEBA341AA1E341B ] Sony PC Companion C:\Program Files\Sony\Sony PC Companion\PCCService.exe 23:23:13.0100 1796 Sony PC Companion - ok 23:23:13.0110 1796 [ 95CF1AE7527FB70F7816563CBC09D942 ] spldr C:\Windows\system32\drivers\spldr.sys 23:23:13.0130 1796 spldr - ok 23:23:13.0190 1796 [ 9AEA093B8F9C37CF45538382CABA2475 ] Spooler C:\Windows\System32\spoolsv.exe 23:23:13.0220 1796 Spooler - ok 23:23:13.0330 1796 [ CF87A1DE791347E75B98885214CED2B8 ] sppsvc C:\Windows\system32\sppsvc.exe 23:23:13.0460 1796 sppsvc - ok 23:23:13.0530 1796 [ B0180B20B065D89232A78A40FE56EAA6 ] sppuinotify C:\Windows\system32\sppuinotify.dll 23:23:13.0580 1796 sppuinotify - ok 23:23:13.0620 1796 [ E4C2764065D66EA1D2D3EBC28FE99C46 ] srv C:\Windows\system32\DRIVERS\srv.sys 23:23:13.0680 1796 srv - ok 23:23:13.0700 1796 [ 03F0545BD8D4C77FA0AE1CEEDFCC71AB ] srv2 C:\Windows\system32\DRIVERS\srv2.sys 23:23:13.0750 1796 srv2 - ok 23:23:13.0780 1796 [ BE6BD660CAA6F291AE06A718A4FA8ABC ] srvnet C:\Windows\system32\DRIVERS\srvnet.sys 23:23:13.0820 1796 srvnet - ok 23:23:13.0860 1796 [ D887C9FD02AC9FA880F6E5027A43E118 ] SSDPSRV C:\Windows\System32\ssdpsrv.dll 23:23:13.0920 1796 SSDPSRV - ok 23:23:13.0970 1796 [ A36EE93698802CD899F98BFD553D8185 ] ssmdrv C:\Windows\system32\DRIVERS\ssmdrv.sys 23:23:13.0980 1796 ssmdrv - ok 23:23:13.0990 1796 [ D318F23BE45D5E3A107469EB64815B50 ] SstpSvc C:\Windows\system32\sstpsvc.dll 23:23:14.0050 1796 SstpSvc - ok 23:23:14.0090 1796 [ DB32D325C192B801DF274BFD12A7E72B ] stexstor C:\Windows\system32\DRIVERS\stexstor.sys 23:23:14.0100 1796 stexstor - ok 23:23:14.0160 1796 [ E1FB3706030FB4578A0D72C2FC3689E4 ] StiSvc C:\Windows\System32\wiaservc.dll 23:23:14.0231 1796 StiSvc - ok 23:23:14.0281 1796 [ E58C78A848ADD9610A4DB6D214AF5224 ] swenum C:\Windows\system32\drivers\swenum.sys 23:23:14.0301 1796 swenum - ok 23:23:14.0331 1796 [ A28BD92DF340E57B024BA433165D34D7 ] swprv C:\Windows\System32\swprv.dll 23:23:14.0371 1796 swprv - ok 23:23:14.0411 1796 [ D776EB85A20696D9D43129CCF6E703E2 ] SynTP C:\Windows\system32\DRIVERS\SynTP.sys 23:23:14.0431 1796 SynTP - ok 23:23:14.0501 1796 [ 36650D618CA34C9D357DFD3D89B2C56F ] SysMain C:\Windows\system32\sysmain.dll 23:23:14.0541 1796 SysMain - ok 23:23:14.0571 1796 [ 763FECDC3D30C815FE72DD57936C6CD1 ] TabletInputService C:\Windows\System32\TabSvc.dll 23:23:14.0601 1796 TabletInputService - ok 23:23:14.0631 1796 [ 613BF4820361543956909043A265C6AC ] TapiSrv C:\Windows\System32\tapisrv.dll 23:23:14.0671 1796 TapiSrv - ok 23:23:14.0701 1796 [ B799D9FDB26111737F58288D8DC172D9 ] TBS C:\Windows\System32\tbssvc.dll 23:23:14.0751 1796 TBS - ok 23:23:14.0851 1796 [ 7C0507D2391AF5933600CBCED799F277 ] Tcpip C:\Windows\system32\drivers\tcpip.sys 23:23:14.0891 1796 Tcpip - ok 23:23:14.0911 1796 [ 7C0507D2391AF5933600CBCED799F277 ] TCPIP6 C:\Windows\system32\DRIVERS\tcpip.sys 23:23:14.0941 1796 TCPIP6 - ok 23:23:15.0001 1796 [ 3EEBD3BD93DA46A26E89893C7AB2FF3B ] tcpipreg C:\Windows\system32\drivers\tcpipreg.sys 23:23:15.0041 1796 tcpipreg - ok 23:23:15.0081 1796 [ 1CB91B2BD8F6DD367DFC2EF26FD751B2 ] TDPIPE C:\Windows\system32\drivers\tdpipe.sys 23:23:15.0151 1796 TDPIPE - ok 23:23:15.0191 1796 [ 2C2C5AFE7EE4F620D69C23C0617651A8 ] TDTCP C:\Windows\system32\drivers\tdtcp.sys 23:23:15.0231 1796 TDTCP - ok 23:23:15.0281 1796 [ B459575348C20E8121D6039DA063C704 ] tdx C:\Windows\system32\DRIVERS\tdx.sys 23:23:15.0331 1796 tdx - ok 23:23:15.0381 1796 [ 04DBF4B01EA4BF25A9A3E84AFFAC9B20 ] TermDD C:\Windows\system32\drivers\termdd.sys 23:23:15.0391 1796 TermDD - ok 23:23:15.0431 1796 [ 382C804C92811BE57829D8E550A900E2 ] TermService C:\Windows\System32\termsrv.dll 23:23:15.0511 1796 TermService - ok 23:23:15.0541 1796 [ 42FB6AFD6B79D9FE07381609172E7CA4 ] Themes C:\Windows\system32\themeservice.dll 23:23:15.0581 1796 Themes - ok 23:23:15.0601 1796 [ 146B6F43A673379A3C670E86D89BE5EA ] THREADORDER C:\Windows\system32\mmcss.dll 23:23:15.0641 1796 THREADORDER - ok 23:23:15.0661 1796 [ 4792C0378DB99A9BC2AE2DE6CFFF0C3A ] TrkWks C:\Windows\System32\trkwks.dll 23:23:15.0721 1796 TrkWks - ok 23:23:15.0801 1796 [ 2C49B175AEE1D4364B91B531417FE583 ] TrustedInstaller C:\Windows\servicing\TrustedInstaller.exe 23:23:15.0841 1796 TrustedInstaller - ok 23:23:15.0891 1796 [ 254BB140EEE3C59D6114C1A86B636877 ] tssecsrv C:\Windows\system32\DRIVERS\tssecsrv.sys 23:23:15.0971 1796 tssecsrv - ok 23:23:16.0031 1796 [ FD1D6C73E6333BE727CBCC6054247654 ] TsUsbFlt C:\Windows\system32\drivers\tsusbflt.sys 23:23:16.0081 1796 TsUsbFlt - ok 23:23:16.0171 1796 [ B2FA25D9B17A68BB93D58B0556E8C90D ] tunnel C:\Windows\system32\DRIVERS\tunnel.sys 23:23:16.0231 1796 tunnel - ok 23:23:16.0262 1796 [ 750FBCB269F4D7DD2E420C56B795DB6D ] uagp35 C:\Windows\system32\DRIVERS\uagp35.sys 23:23:16.0272 1796 uagp35 - ok 23:23:16.0292 1796 [ EE43346C7E4B5E63E54F927BABBB32FF ] udfs C:\Windows\system32\DRIVERS\udfs.sys 23:23:16.0362 1796 udfs - ok 23:23:16.0402 1796 [ 8344FD4FCE927880AA1AA7681D4927E5 ] UI0Detect C:\Windows\system32\UI0Detect.exe 23:23:16.0442 1796 UI0Detect - ok 23:23:16.0512 1796 [ 44E8048ACE47BEFBFDC2E9BE4CBC8880 ] uliagpkx C:\Windows\system32\drivers\uliagpkx.sys 23:23:16.0522 1796 uliagpkx - ok 23:23:16.0532 1796 [ D295BED4B898F0FD999FCFA9B32B071B ] umbus C:\Windows\system32\drivers\umbus.sys 23:23:16.0552 1796 umbus - ok 23:23:16.0582 1796 [ 7550AD0C6998BA1CB4843E920EE0FEAC ] UmPass C:\Windows\system32\DRIVERS\umpass.sys 23:23:16.0622 1796 UmPass - ok 23:23:16.0732 1796 [ AF905F4966CFC8B973623AB150CD4B2B ] UNS C:\Program Files\Intel\Intel(R) Management Engine Components\UNS\UNS.exe 23:23:16.0792 1796 UNS - ok 23:23:16.0832 1796 [ 833FBB672460EFCE8011D262175FAD33 ] upnphost C:\Windows\System32\upnphost.dll 23:23:16.0872 1796 upnphost - ok 23:23:16.0912 1796 [ BD9C55D7023C5DE374507ACC7A14E2AC ] usbccgp C:\Windows\system32\DRIVERS\usbccgp.sys 23:23:16.0982 1796 usbccgp - ok 23:23:17.0002 1796 [ 04EC7CEC62EC3B6D9354EEE93327FC82 ] usbcir C:\Windows\system32\drivers\usbcir.sys 23:23:17.0042 1796 usbcir - ok 23:23:17.0072 1796 [ F92DE757E4B7CE9C07C5E65423F3AE3B ] usbehci C:\Windows\system32\drivers\usbehci.sys 23:23:17.0092 1796 usbehci - ok 23:23:17.0102 1796 [ 8DC94AEC6A7E644A06135AE7506DC2E9 ] usbhub C:\Windows\system32\DRIVERS\usbhub.sys 23:23:17.0152 1796 usbhub - ok 23:23:17.0192 1796 [ E185D44FAC515A18D9DEDDC23C2CDF44 ] usbohci C:\Windows\system32\drivers\usbohci.sys 23:23:17.0232 1796 usbohci - ok 23:23:17.0292 1796 [ 797D862FE0875E75C7CC4C1AD7B30252 ] usbprint C:\Windows\system32\DRIVERS\usbprint.sys 23:23:17.0312 1796 usbprint - ok 23:23:17.0352 1796 [ 576096CCBC07E7C4EA4F5E6686D6888F ] usbscan C:\Windows\system32\DRIVERS\usbscan.sys 23:23:17.0402 1796 usbscan - ok 23:23:17.0422 1796 [ F991AB9CC6B908DB552166768176896A ] USBSTOR C:\Windows\system32\DRIVERS\USBSTOR.SYS 23:23:17.0502 1796 USBSTOR - ok 23:23:17.0542 1796 [ 68DF884CF41CDADA664BEB01DAF67E3D ] usbuhci C:\Windows\system32\drivers\usbuhci.sys 23:23:17.0582 1796 usbuhci - ok 23:23:17.0622 1796 [ 45F4E7BF43DB40A6C6B4D92C76CBC3F2 ] usbvideo C:\Windows\System32\Drivers\usbvideo.sys 23:23:17.0652 1796 usbvideo - ok 23:23:17.0672 1796 [ 081E6E1C91AEC36758902A9F727CD23C ] UxSms C:\Windows\System32\uxsms.dll 23:23:17.0732 1796 UxSms - ok 23:23:17.0762 1796 [ 81951F51E318AECC2D68559E47485CC4 ] VaultSvc C:\Windows\system32\lsass.exe 23:23:17.0772 1796 VaultSvc - ok 23:23:17.0802 1796 [ A059C4C3EDB09E07D21A8E5C0AABD3CB ] vdrvroot C:\Windows\system32\drivers\vdrvroot.sys 23:23:17.0812 1796 vdrvroot - ok 23:23:17.0862 1796 [ C3CD30495687C2A2F66A65CA6FD89BE9 ] vds C:\Windows\System32\vds.exe 23:23:17.0932 1796 vds - ok 23:23:17.0962 1796 [ 17C408214EA61696CEC9C66E388B14F3 ] vga C:\Windows\system32\DRIVERS\vgapnp.sys 23:23:17.0982 1796 vga - ok 23:23:18.0002 1796 [ 8E38096AD5C8570A6F1570A61E251561 ] VgaSave C:\Windows\System32\drivers\vga.sys 23:23:18.0032 1796 VgaSave - ok 23:23:18.0072 1796 [ 5461686CCA2FDA57B024547733AB42E3 ] vhdmp C:\Windows\system32\drivers\vhdmp.sys 23:23:18.0082 1796 vhdmp - ok 23:23:18.0102 1796 [ C829317A37B4BEA8F39735D4B076E923 ] viaagp C:\Windows\system32\drivers\viaagp.sys 23:23:18.0112 1796 viaagp - ok 23:23:18.0132 1796 [ E02F079A6AA107F06B16549C6E5C7B74 ] ViaC7 C:\Windows\system32\DRIVERS\viac7.sys 23:23:18.0172 1796 ViaC7 - ok 23:23:18.0202 1796 [ E43574F6A56A0EE11809B48C09E4FD3C ] viaide C:\Windows\system32\drivers\viaide.sys 23:23:18.0222 1796 viaide - ok 23:23:18.0242 1796 [ 4C63E00F2F4B5F86AB48A58CD990F212 ] volmgr C:\Windows\system32\drivers\volmgr.sys 23:23:18.0252 1796 volmgr - ok 23:23:18.0282 1796 [ B5BB72067DDDDBBFB04B2F89FF8C3C87 ] volmgrx C:\Windows\system32\drivers\volmgrx.sys 23:23:18.0302 1796 volmgrx - ok 23:23:18.0322 1796 [ F497F67932C6FA693D7DE2780631CFE7 ] volsnap C:\Windows\system32\drivers\volsnap.sys 23:23:18.0332 1796 volsnap - ok 23:23:18.0352 1796 [ 9DFA0CC2F8855A04816729651175B631 ] vsmraid C:\Windows\system32\DRIVERS\vsmraid.sys 23:23:18.0362 1796 vsmraid - ok 23:23:18.0432 1796 [ 209A3B1901B83AEB8527ED211CCE9E4C ] VSS C:\Windows\system32\vssvc.exe 23:23:18.0492 1796 VSS - ok 23:23:18.0522 1796 [ 90567B1E658001E79D7C8BBD3DDE5AA6 ] vwifibus C:\Windows\system32\DRIVERS\vwifibus.sys 23:23:18.0572 1796 vwifibus - ok 23:23:18.0612 1796 [ 7090D3436EEB4E7DA3373090A23448F7 ] vwififlt C:\Windows\system32\DRIVERS\vwififlt.sys 23:23:18.0632 1796 vwififlt - ok 23:23:18.0652 1796 [ A3F04CBEA6C2A10E6CB01F8B47611882 ] vwifimp C:\Windows\system32\DRIVERS\vwifimp.sys 23:23:18.0672 1796 vwifimp - ok 23:23:18.0702 1796 [ 55187FD710E27D5095D10A472C8BAF1C ] W32Time C:\Windows\system32\w32time.dll 23:23:18.0772 1796 W32Time - ok 23:23:18.0812 1796 [ DE3721E89C653AA281428C8A69745D90 ] WacomPen C:\Windows\system32\DRIVERS\wacompen.sys 23:23:18.0852 1796 WacomPen - ok 23:23:18.0892 1796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] WANARP C:\Windows\system32\DRIVERS\wanarp.sys 23:23:18.0952 1796 WANARP - ok 23:23:18.0952 1796 [ 3C3C78515F5AB448B022BDF5B8FFDD2E ] Wanarpv6 C:\Windows\system32\DRIVERS\wanarp.sys 23:23:18.0992 1796 Wanarpv6 - ok 23:23:19.0042 1796 [ 691E3285E53DCA558E1A84667F13E15A ] wbengine C:\Windows\system32\wbengine.exe 23:23:19.0082 1796 wbengine - ok 23:23:19.0102 1796 [ 9614B5D29DC76AC3C29F6D2D3AA70E67 ] WbioSrvc C:\Windows\System32\wbiosrvc.dll 23:23:19.0152 1796 WbioSrvc - ok 23:23:19.0192 1796 [ 34EEE0DFAADB4F691D6D5308A51315DC ] wcncsvc C:\Windows\System32\wcncsvc.dll 23:23:19.0262 1796 wcncsvc - ok 23:23:19.0292 1796 [ 5D930B6357A6D2AF4D7653BDABBF352F ] WcsPlugInService C:\Windows\System32\WcsPlugInService.dll 23:23:19.0332 1796 WcsPlugInService - ok 23:23:19.0372 1796 [ 1112A9BADACB47B7C0BB0392E3158DFF ] Wd C:\Windows\system32\DRIVERS\wd.sys 23:23:19.0382 1796 Wd - ok 23:23:19.0422 1796 [ A840213F1ACDCC175B4D1D5AAEAC0D7A ] Wdf01000 C:\Windows\system32\drivers\Wdf01000.sys 23:23:19.0452 1796 Wdf01000 - ok 23:23:19.0472 1796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiServiceHost C:\Windows\system32\wdi.dll 23:23:19.0552 1796 WdiServiceHost - ok 23:23:19.0562 1796 [ 46EF9DC96265FD0B423DB72E7C38C2A5 ] WdiSystemHost C:\Windows\system32\wdi.dll 23:23:19.0572 1796 WdiSystemHost - ok 23:23:19.0622 1796 [ A9D880F97530D5B8FEE278923349929D ] WebClient C:\Windows\System32\webclnt.dll 23:23:19.0662 1796 WebClient - ok 23:23:19.0702 1796 [ 760F0AFE937A77CFF27153206534F275 ] Wecsvc C:\Windows\system32\wecsvc.dll 23:23:19.0742 1796 Wecsvc - ok 23:23:19.0752 1796 [ AC804569BB2364FB6017370258A4091B ] wercplsupport C:\Windows\System32\wercplsupport.dll 23:23:19.0812 1796 wercplsupport - ok 23:23:19.0842 1796 [ 08E420D873E4FD85241EE2421B02C4A4 ] WerSvc C:\Windows\System32\WerSvc.dll 23:23:19.0902 1796 WerSvc - ok 23:23:19.0942 1796 [ 8B9A943F3B53861F2BFAF6C186168F79 ] WfpLwf C:\Windows\system32\DRIVERS\wfplwf.sys 23:23:19.0972 1796 WfpLwf - ok 23:23:19.0992 1796 [ 5CF95B35E59E2A38023836FFF31BE64C ] WIMMount C:\Windows\system32\drivers\wimmount.sys 23:23:20.0002 1796 WIMMount - ok 23:23:20.0072 1796 [ 3FAE8F94296001C32EAB62CD7D82E0FD ] WinDefend C:\Program Files\Windows Defender\mpsvc.dll 23:23:20.0132 1796 WinDefend - ok 23:23:20.0142 1796 WinHttpAutoProxySvc - ok 23:23:20.0202 1796 [ F62E510B6AD4C21EB9FE8668ED251826 ] Winmgmt C:\Windows\system32\wbem\WMIsvc.dll 23:23:20.0262 1796 Winmgmt - ok 23:23:20.0322 1796 [ 1B91CD34EA3A90AB6A4EF0550174F4CC ] WinRM C:\Windows\system32\WsmSvc.dll 23:23:20.0402 1796 WinRM - ok 23:23:20.0482 1796 [ A67E5F9A400F3BD1BE3D80613B45F708 ] WinUsb C:\Windows\system32\DRIVERS\WinUsb.sys 23:23:20.0532 1796 WinUsb - ok 23:23:20.0602 1796 [ 4C69A8E2E159C1C59BC4B688E9DD7F8C ] WisLMSvc C:\Program Files\Launch Manager\WisLMSvc.exe 23:23:20.0612 1796 WisLMSvc - ok 23:23:20.0652 1796 [ 16935C98FF639D185086A3529B1F2067 ] Wlansvc C:\Windows\System32\wlansvc.dll 23:23:20.0722 1796 Wlansvc - ok 23:23:20.0822 1796 [ D9250B31B353EE3322C1CAD411997E38 ] wlidsvc C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE 23:23:20.0862 1796 wlidsvc - ok 23:23:20.0922 1796 [ 0217679B8FCA58714C3BF2726D2CA84E ] WmiAcpi C:\Windows\system32\drivers\wmiacpi.sys 23:23:20.0972 1796 WmiAcpi - ok 23:23:21.0022 1796 [ 6EB6B66517B048D87DC1856DDF1F4C3F ] wmiApSrv C:\Windows\system32\wbem\WmiApSrv.exe 23:23:21.0072 1796 wmiApSrv - ok 23:23:21.0172 1796 [ 3B40D3A61AA8C21B88AE57C58AB3122E ] WMPNetworkSvc C:\Program Files\Windows Media Player\wmpnetwk.exe 23:23:21.0292 1796 WMPNetworkSvc - ok 23:23:21.0322 1796 [ A2F0EC770A92F2B3F9DE6D518E11409C ] WPCSvc C:\Windows\System32\wpcsvc.dll 23:23:21.0352 1796 WPCSvc - ok 23:23:21.0402 1796 [ AA53356D60AF47EACC85BC617A4F3F66 ] WPDBusEnum C:\Windows\system32\wpdbusenum.dll 23:23:21.0482 1796 WPDBusEnum - ok 23:23:21.0512 1796 [ 6DB3276587B853BF886B69528FDB048C ] ws2ifsl C:\Windows\system32\drivers\ws2ifsl.sys 23:23:21.0582 1796 ws2ifsl - ok 23:23:21.0622 1796 [ 6F5D49EFE0E7164E03AE773A3FE25340 ] wscsvc C:\Windows\system32\wscsvc.dll 23:23:21.0672 1796 wscsvc - ok 23:23:21.0672 1796 WSearch - ok 23:23:21.0772 1796 [ FC3EC24FCE372C89423E015A2AC1A31E ] wuauserv C:\Windows\system32\wuaueng.dll 23:23:21.0832 1796 wuauserv - ok 23:23:21.0852 1796 [ 06E6F32C8D0A3F66D956F57B43A2E070 ] WudfPf C:\Windows\system32\drivers\WudfPf.sys 23:23:21.0872 1796 WudfPf - ok 23:23:21.0892 1796 [ 867C301E8B790040AE9CF6486E8041DF ] WUDFRd C:\Windows\system32\DRIVERS\WUDFRd.sys 23:23:21.0942 1796 WUDFRd - ok 23:23:21.0992 1796 [ FE47B7BC8EA320C2D9B5E5BF6E303765 ] wudfsvc C:\Windows\System32\WUDFSvc.dll 23:23:22.0032 1796 wudfsvc - ok 23:23:22.0092 1796 [ FF2D745B560F7C71B31F30F4D49F73D2 ] WwanSvc C:\Windows\System32\wwansvc.dll 23:23:22.0122 1796 WwanSvc - ok 23:23:22.0182 1796 [ 1F93FCB5BAB3A921ECBA522F63586F4A ] X10Hid C:\Windows\System32\Drivers\x10hid.sys 23:23:22.0202 1796 X10Hid - ok 23:23:22.0232 1796 [ 5A0C788C5BC5F2C993CB60940ADCF95E ] x10nets C:\PROGRA~1\COMMON~1\X10\Common\x10nets.exe 23:23:22.0242 1796 x10nets ( UnsignedFile.Multi.Generic ) - warning 23:23:22.0242 1796 x10nets - detected UnsignedFile.Multi.Generic (1) 23:23:22.0252 1796 [ 378DC1B0B1F62A7488EE8D31A3C6E949 ] XUIF C:\Windows\System32\Drivers\x10ufx2.sys 23:23:22.0262 1796 XUIF - ok 23:23:22.0292 1796 ================ Scan global =============================== 23:23:22.0342 1796 [ DAB748AE0439955ED2FA22357533DDDB ] C:\Windows\system32\basesrv.dll 23:23:22.0392 1796 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:23:22.0402 1796 [ 1F5F07091D50244F17DD8D5147A628CC ] C:\Windows\system32\winsrv.dll 23:23:22.0412 1796 [ 364455805E64882844EE9ACB72522830 ] C:\Windows\system32\sxssrv.dll 23:23:22.0442 1796 [ 5F1B6A9C35D3D5CA72D6D6FDEF9747D6 ] C:\Windows\system32\services.exe 23:23:22.0452 1796 [Global] - ok 23:23:22.0452 1796 ================ Scan MBR ================================== 23:23:22.0462 1796 [ 2E0FE7FC299470E30383716B164CF901 ] \Device\Harddisk0\DR0 23:23:25.0483 1796 \Device\Harddisk0\DR0 - ok 23:23:25.0483 1796 ================ Scan VBR ================================== 23:23:25.0483 1796 [ 43B7F22CBEDED9EB79DF3DE9BC0BDCEC ] \Device\Harddisk0\DR0\Partition1 23:23:25.0493 1796 \Device\Harddisk0\DR0\Partition1 - ok 23:23:25.0523 1796 [ E1F4CAC441C5D581E9F22C7DB53CA607 ] \Device\Harddisk0\DR0\Partition2 23:23:25.0533 1796 \Device\Harddisk0\DR0\Partition2 - ok 23:23:25.0563 1796 [ 7D3B8B28F175E6798FF316D400457ADF ] \Device\Harddisk0\DR0\Partition3 23:23:25.0573 1796 \Device\Harddisk0\DR0\Partition3 - ok 23:23:25.0573 1796 ============================================================ 23:23:25.0573 1796 Scan finished 23:23:25.0573 1796 ============================================================ 23:23:25.0573 0976 Detected object count: 3 23:23:25.0573 0976 Actual detected object count: 3 23:24:10.0052 0976 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:10.0052 0976 FirebirdServerMAGIXInstance ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:10.0052 0976 iPodDrv ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:10.0052 0976 iPodDrv ( UnsignedFile.Multi.Generic ) - User select action: Skip 23:24:10.0052 0976 x10nets ( UnsignedFile.Multi.Generic ) - skipped by user 23:24:10.0052 0976 x10nets ( UnsignedFile.Multi.Generic ) - User select action: Skip |
12.05.2013, 22:34 | #20 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking JRT - Junkware Removal Tool Beende bitte Deine Schutzsoftware um eventuelle Konflikte zu vermeiden.
Im Anschluss: adwCleaner - Toolbars und ungewollte Start-/Suchseiten entfernen Downloade Dir bitte AdwCleaner auf deinen Desktop.
Danach eine Kontrolle mit OTL bitte:
__________________ Logfiles bitte immer in CODE-Tags posten |
14.05.2013, 19:58 | #21 |
| Merkwürdige TAN-Abfrage nach Login bei Online-BankingCode:
ATTFilter ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Thisisu Version: 4.9.4 (05.06.2013:1) OS: Windows 7 Home Premium x86 Ran by *** on 14.05.2013 at 20:10:07,39 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~ Services ~~~ Registry Values ~~~ Registry Keys ~~~ Files ~~~ Folders Successfully deleted: [Folder] "C:\Users\***\AppData\Roaming\opencandy" ~~~ FireFox Emptied folder: C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\minidumps [211 files] ~~~ Event Viewer Logs were cleared ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 14.05.2013 at 20:11:21,51 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Code:
ATTFilter # AdwCleaner v2.300 - Datei am 14/05/2013 um 20:13:29 erstellt # Aktualisiert am 28/04/2013 von Xplode # Betriebssystem : Windows 7 Home Premium Service Pack 1 (32 bits) # Benutzer : *** - ***-PC # Bootmodus : Normal # Ausgeführt unter : C:\Users\***\Desktop\adwcleaner.exe # Option [Löschen] **** [Dienste] **** ***** [Dateien / Ordner] ***** Datei Gelöscht : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\searchplugins\11-suche.xml ***** [Registrierungsdatenbank] ***** Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\0FF2AEFF45EEA0A48A4B33C1973B6094 Schlüssel Gelöscht : HKLM\Software\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\305B09CE8C53A214DB58887F62F25536 Schlüssel Gelöscht : HKLM\SOFTWARE\Software ***** [Internet Browser] ***** -\\ Internet Explorer v8.0.7601.17514 [OK] Die Registrierungsdatenbank ist sauber. -\\ Mozilla Firefox v20.0.1 (de) Datei : C:\Users\***\AppData\Roaming\Mozilla\Firefox\Profiles\s6grsajo.default\prefs.js [OK] Die Datei ist sauber. ************************* AdwCleaner[S1].txt - [1359 octets] - [14/05/2013 20:13:29] ########## EOF - C:\AdwCleaner[S1].txt - [1419 octets] ########## OTL Logfile: Code:
ATTFilter OTL logfile created on: 14.05.2013 20:19:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 59,09% Memory free 5,73 Gb Paging File | 4,39 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 217,81 Gb Free Space | 81,58% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS Computer Name: ***-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Processes (SafeList) ========== PRC - C:\Users\***\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Programme\Mozilla Firefox\firefox.exe (Mozilla Corporation) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanion.exe (Sony) PRC - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () PRC - C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) PRC - C:\Windows\System32\conhost.exe (Microsoft Corporation) PRC - C:\Windows\System32\taskhost.exe (Microsoft Corporation) PRC - C:\Programme\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Avira\AntiVir Desktop\avshadow.exe (Avira Operations GmbH & Co. KG) PRC - C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) PRC - C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) PRC - C:\Windows\explorer.exe (Microsoft Corporation) PRC - C:\Programme\Windows Sidebar\sidebar.exe (Microsoft Corporation) PRC - C:\Programme\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) PRC - C:\Programme\OpenOffice.org 3\program\soffice.bin (OpenOffice.org) PRC - C:\Programme\OpenOffice.org 3\program\soffice.exe (OpenOffice.org) PRC - C:\Programme\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) PRC - C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) PRC - C:\Programme\Launch Manager\WButton.exe (Wistron Corp.) PRC - C:\Programme\Launch Manager\HotkeyApp.exe (Wistron) PRC - C:\Programme\Launch Manager\OSD.exe (Wistron Corp.) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) PRC - C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) PRC - C:\Programme\Common Files\X10\Common\X10nets.exe (X10) PRC - C:\Programme\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) PRC - C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) PRC - \\?\C:\Windows\System32\wbem\WMIADAP.EXE () PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVCM.EXE (Microsoft Corporation) PRC - C:\Programme\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) PRC - c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Modules (No Company Name) ========== MOD - C:\Programme\Mozilla Firefox\mozjs.dll () MOD - C:\Programme\Sony\Sony PC Companion\PCCompanionInfo.exe () MOD - C:\Programme\Sony\Sony PC Companion\sqlite3.dll () MOD - C:\Programme\Sony\Sony PC Companion\PhoneUpdate.dll () MOD - C:\Programme\Sony\Sony PC Companion\MExplorer.dll () MOD - C:\Programme\Sony\Sony PC Companion\TMonitorAPI.dll () MOD - C:\Programme\Sony\Sony PC Companion\CAgdLNotes.dll () MOD - C:\Programme\Sony\Sony PC Companion\CAgdOutlook.dll () MOD - C:\Programme\Sony\Sony PC Companion\CalEngine.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\zlib1.dll () MOD - C:\Programme\Common Files\Apple\Apple Application Support\libxml2.dll () MOD - C:\Programme\Sony\Sony PC Companion\Report.dll () MOD - C:\Programme\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF () MOD - C:\Programme\Sony\Sony PC Companion\VistaCalendar.dll () MOD - C:\Programme\OpenOffice.org 3\program\libxml2.dll () MOD - C:\Programme\Sony\Sony PC Companion\VObject.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMLSvcPS.dll () MOD - C:\Programme\CyberLink\Power2Go\CLMediaLibrary.dll () ========== Services (SafeList) ========== SRV - (AdobeFlashPlayerUpdateSvc) -- C:\Windows\System32\Macromed\Flash\FlashPlayerUpdateService.exe (Adobe Systems Incorporated) SRV - (MozillaMaintenance) -- C:\Programme\Mozilla Maintenance Service\maintenanceservice.exe (Mozilla Foundation) SRV - (Sony PC Companion) -- C:\Programme\Sony\Sony PC Companion\PCCService.exe (Avanquest Software) SRV - (AdobeARMservice) -- C:\Programme\Common Files\Adobe\ARM\1.0\armsvc.exe (Adobe Systems Incorporated) SRV - (SkypeUpdate) -- C:\Programme\Skype\Updater\Updater.exe (Skype Technologies) SRV - (AntiVirWebService) -- C:\Programme\Avira\AntiVir Desktop\avwebgrd.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirMailService) -- C:\Programme\Avira\AntiVir Desktop\avmailc.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirService) -- C:\Programme\Avira\AntiVir Desktop\avguard.exe (Avira Operations GmbH & Co. KG) SRV - (AntiVirSchedulerService) -- C:\Programme\Avira\AntiVir Desktop\sched.exe (Avira Operations GmbH & Co. KG) SRV - (BBSvc) -- C:\Programme\Microsoft\BingBar\BBSvc.EXE (Microsoft Corporation.) SRV - (BBUpdate) -- C:\Programme\Microsoft\BingBar\SeaPort.EXE (Microsoft Corporation) SRV - (WMPNetworkSvc) -- C:\Programme\Windows Media Player\wmpnetwk.exe (Microsoft Corporation) SRV - (IAStorDataMgrSvc) -- C:\Programme\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe (Intel Corporation) SRV - (osppsvc) -- C:\Programme\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Microsoft Corporation) SRV - (ose) -- C:\Programme\Common Files\microsoft shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (UNS) -- C:\Programme\Intel\Intel(R) Management Engine Components\UNS\UNS.exe (Intel Corporation) SRV - (LMS) -- C:\Programme\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) SRV - (x10nets) -- C:\Programme\Common Files\X10\Common\X10nets.exe (X10) SRV - (WisLMSvc) -- C:\Programme\Launch Manager\WisLMSvc.exe (Wistron Corp.) SRV - (SensrSvc) -- C:\Windows\System32\sensrsvc.dll (Microsoft Corporation) SRV - (WinDefend) -- C:\Programme\Windows Defender\MpSvc.dll (Microsoft Corporation) SRV - (wlidsvc) -- C:\Programme\Common Files\microsoft shared\Windows Live\WLIDSVC.EXE (Microsoft Corporation) SRV - (Fabs) -- C:\Program Files\Common Files\MAGIX Services\Database\bin\FABS.exe (MAGIX AG) SRV - (FirebirdServerMAGIXInstance) -- C:\Programme\Common Files\MAGIX Services\Database\bin\fbserver.exe (MAGIX®) SRV - (PSI_SVC_2) -- c:\Programme\Common Files\Protexis\License Service\PsiService_2.exe (Protexis Inc.) ========== Driver Services (SafeList) ========== DRV - (catchme) -- C:\Users\***~1\AppData\Local\Temp\catchme.sys File not found DRV - (avipbb) -- C:\Windows\System32\drivers\avipbb.sys (Avira GmbH) DRV - (avgntflt) -- C:\Windows\System32\drivers\avgntflt.sys (Avira GmbH) DRV - (avkmgr) -- C:\Windows\System32\drivers\avkmgr.sys (Avira GmbH) DRV - (iPodDrv) -- C:\Windows\System32\drivers\iPodDrv.sys (Windows (R) Codename Longhorn DDK provider) DRV - (ggsemc) -- C:\Windows\System32\drivers\ggsemc.sys (Sony Ericsson Mobile Communications) DRV - (ggflt) -- C:\Windows\System32\drivers\ggflt.sys (Sony Ericsson Mobile Communications) DRV - (TsUsbFlt) -- C:\Windows\System32\drivers\TsUsbFlt.sys (Microsoft Corporation) DRV - (WinUsb) -- C:\Windows\System32\drivers\winusb.sys (Microsoft Corporation) DRV - (ssmdrv) -- C:\Windows\System32\drivers\ssmdrv.sys (Avira GmbH) DRV - (rtl8192se) -- C:\Windows\System32\drivers\rtl8192se.sys (Realtek Semiconductor Corporation ) DRV - (RSUSBSTOR) -- C:\Windows\System32\drivers\RtsUStor.sys (Realtek Semiconductor Corp.) DRV - (L1C) -- C:\Windows\System32\drivers\L1C62x86.sys (Atheros Communications, Inc.) DRV - (Impcd) -- C:\Windows\System32\drivers\Impcd.sys (Intel Corporation) DRV - (NxpCap) -- C:\Windows\System32\drivers\NxpCap.sys (NXP Semiconductors Germany GmbH) DRV - (IntcDAud) -- C:\Windows\System32\drivers\IntcDAud.sys (Intel(R) Corporation) DRV - (HECI) -- C:\Windows\System32\drivers\HECI.sys (Intel Corporation) DRV - (mod7700) -- C:\Windows\System32\drivers\mod7700.sys (DiBcom SA) DRV - (vwifimp) -- C:\Windows\System32\drivers\vwifimp.sys (Microsoft Corporation) DRV - (XUIF) -- C:\Windows\System32\drivers\x10ufx2.sys (X10 Wireless Technology, Inc.) DRV - (X10Hid) -- C:\Windows\System32\drivers\x10hid.sys (X10 Wireless Technology, Inc.) DRV - (s0016unic) -- C:\Windows\System32\drivers\s0016unic.sys (MCCI Corporation) DRV - (s0016nd5) -- C:\Windows\System32\drivers\s0016nd5.sys (MCCI Corporation) DRV - (s0016mdfl) -- C:\Windows\System32\drivers\s0016mdfl.sys (MCCI Corporation) DRV - (s0016mdm) -- C:\Windows\System32\drivers\s0016mdm.sys (MCCI Corporation) DRV - (s0016mgmt) -- C:\Windows\System32\drivers\s0016mgmt.sys (MCCI Corporation) DRV - (s0016obex) -- C:\Windows\System32\drivers\s0016obex.sys (MCCI Corporation) DRV - (s0016bus) -- C:\Windows\System32\drivers\s0016bus.sys (MCCI Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\..\SearchScopes,DefaultScope = IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\.DEFAULT\..\SearchScopes,DefaultScope = IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://medion.msn.com [binary data] IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.de/ig IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes,DefaultScope = IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{34C25CAE-683B-47D4-AAA0-856CFB42208D}: "URL" = hxxp://www.google.de/search?q={searchTerms} IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{5E563452-E8D2-491E-8793-9691F5D196EF}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&form=MEDTDF&pc=MAMD&src=IE-SearchBox IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = hxxp://www.bing.com/search?q={searchTerms}&FORM=IE8SRC IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local ========== FireFox ========== FF - prefs.js..browser.search.useDBForOrder: true FF - prefs.js..browser.startup.homepage: "hxxp://www.google.de/ig" FF - prefs.js..extensions.enabledAddons: %7Bb9db16a4-6edc-47ec-a1f4-b86292ed211d%7D:4.9.14 FF - prefs.js..extensions.enabledAddons: toolbar%40web.de:2.6 FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:20.0.1 FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6906 FF - prefs.js..network.proxy.no_proxies_on: "*.local" FF - prefs.js..network.proxy.type: 0 FF - user.js - File not found FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\Windows\system32\Macromed\Flash\NPSWF32_11_7_700_169.dll () FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll () FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google) FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.17.2: C:\Windows\system32\npDeployJava1.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin,version=10.17.2: C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll (Oracle Corporation) FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\5.1.20125.0\npctrl.dll ( Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeAuthz,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.4: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.) FF - HKLM\Software\MozillaPlugins\@microsoft.com/SharePoint,version=14.0: C:\PROGRA~1\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@microsoft.com/WLPG,version=14.0.8081.0709: C:\Program Files\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation) FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.450: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.3.448: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.448: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.) FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found FF - HKLM\Software\MozillaPlugins\@SonyCreativeSoftware.com/Media Go,version=1.0: C:\Program Files\Sony\Media Go\npmediago.dll (Sony Network Entertainment International LLC) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.145\npGoogleUpdate3.dll (Google Inc.) FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.) FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M] FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2013.04.11 21:47:54 | 000,000,000 | ---D | M] FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 20.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2013.04.16 22:06:15 | 000,000,000 | ---D | M] [2010.08.22 16:38:16 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Extensions [2013.05.14 20:04:27 | 000,000,000 | ---D | M] (No name found) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions [2013.02.23 16:20:41 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Users\***\AppData\Roaming\mozilla\Firefox\Profiles\s6grsajo.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d} [2013.05.14 20:04:27 | 000,620,130 | ---- | M] () (No name found) -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\extensions\toolbar@web.de.xpi [2013.05.14 20:04:31 | 000,002,418 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\englische-ergebnisse.xml [2013.05.14 20:04:31 | 000,010,701 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\gmx-suche.xml [2013.05.14 20:04:31 | 000,002,432 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\lastminute.xml [2013.05.14 20:04:31 | 000,005,682 | ---- | M] () -- C:\Users\***\AppData\Roaming\mozilla\firefox\profiles\s6grsajo.default\searchplugins\webde-suche.xml [2013.04.11 21:47:46 | 000,000,000 | ---D | M] (No name found) -- C:\Programme\Mozilla Firefox\extensions [2013.04.11 21:47:46 | 000,000,000 | ---D | M] (Skype Click to Call) -- C:\Programme\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A} [2013.04.11 21:47:54 | 000,263,064 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll [2012.07.29 16:17:03 | 000,001,392 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom-de.xml [2012.09.16 20:43:58 | 000,002,465 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml [2012.07.29 16:17:03 | 000,001,153 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay-de.xml [2012.07.29 16:17:03 | 000,006,805 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\leo_ende_de.xml [2012.07.29 16:17:03 | 000,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia-de.xml [2012.07.29 16:17:03 | 000,001,105 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo-de.xml O1 HOSTS File: ([2013.05.10 22:13:58 | 000,000,027 | ---- | M]) - C:\Windows\System32\drivers\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Programme\Java\jre7\bin\ssv.dll (Oracle Corporation) O2 - BHO: (Windows Live ID-Anmelde-Hilfsprogramm) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Programme\Common Files\microsoft shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Skype Browser Helper) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Programme\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation) O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Programme\Java\jre7\bin\jp2ssv.dll (Oracle Corporation) O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.) O3 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\..\Toolbar\WebBrowser: (no name) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - No CLSID value found. O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.) O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG) O4 - HKLM..\Run: [BCSSync] C:\Program Files\Microsoft Office\Office14\BCSSync.exe (Microsoft Corporation) O4 - HKLM..\Run: [CLMLServer] C:\Program Files\CyberLink\Power2Go\CLMLSvc.exe (CyberLink) O4 - HKLM..\Run: [HotkeyApp] C:\Program Files\Launch Manager\HotkeyApp.exe (Wistron) O4 - HKLM..\Run: [LMgrVolOSD] C:\Program Files\Launch Manager\OSD.exe (Wistron Corp.) O4 - HKLM..\Run: [RtHDVBg] C:\Program Files\Realtek\Audio\HDA\RtHDVBg.exe (Realtek Semiconductor) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [Wbutton] C:\Program Files\Launch Manager\Wbutton.exe (Wistron Corp.) O4 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000..\Run: [Sony PC Companion] C:\Program Files\Sony\Sony PC Companion\PCCompanion.exe (Sony) O4 - Startup: C:\Users\Birte Schulenburg\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.2.lnk = C:\Programme\OpenOffice.org 3\program\quickstart.exe () O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorAdmin = 5 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: ConsentPromptBehaviorUser = 3 O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\Software\Policies\Microsoft\Internet Explorer\Control Panel present O7 - HKU\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O9 - Extra Button: eBay - Der weltweite Online-Marktplatz - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra 'Tools' menuitem : eBay - {0B65DCC9-1740-43dc-B19C-4F309FB6A6CA} - hxxp://rover.ebay.com/rover/1/707-37276-17534-25/4 File not found O9 - Extra Button: In Blog veröffentlichen - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : In Windows Live Writer in Blog veröffentliche&n - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Programme\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra Button: Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O9 - Extra 'Tools' menuitem : Skype Click to Call - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000006 [] - C:\Programme\Common Files\microsoft shared\Windows Live\WLIDNSP.DLL (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000009 [] - C:\Programme\Bonjour\mdnsNSP.dll (Apple Inc.) O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\Program Files\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG) O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Reg Error: Value error.) O16 - DPF: {CAFEEFAC-0016-0000-0031-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 1.6.0_31) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_31-windows-i586.cab (Java Plug-in 10.17.2) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{45E7A42D-34F3-4E38-8108-0519D5D90937}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{84F95E93-CFB7-4836-AA94-CA8AB71B56DC}: DhcpNameServer = 192.168.2.1 O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{AF1075E2-4B82-43A8-937F-DE7FCB359661}: DhcpNameServer = 192.168.1.1 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Programme\Common Files\microsoft shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Programme\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Programme\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Programme\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807573E5-5146-11D5-A672-00B0D022E945} - C:\Programme\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\Windows\explorer.exe (Microsoft Corporation) O20 - HKLM Winlogon: UserInit - (C:\Windows\system32\userinit.exe) - C:\Windows\System32\userinit.exe (Microsoft Corporation) O20 - HKLM Winlogon: VMApplet - (SystemPropertiesPerformance.exe) - C:\Windows\System32\SystemPropertiesPerformance.exe (Microsoft Corporation) O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - No CLSID value found. O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2009.06.10 23:42:20 | 000,000,024 | ---- | M] () - C:\autoexec.bat -- [ NTFS ] O34 - HKLM BootExecute: (autocheck autochk *) O35 - HKLM\..comfile [open] -- "%1" %* O35 - HKLM\..exefile [open] -- "%1" %* O37 - HKLM\...com [@ = ComFile] -- "%1" %* O37 - HKLM\...exe [@ = exefile] -- "%1" %* O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3) O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2) O38 - SubSystems\\Windows: (ServerDll=sxssrv,4) ========== Files/Folders - Created Within 30 Days ========== [2013.05.14 20:10:04 | 000,000,000 | ---D | C] -- C:\Windows\ERUNT [2013.05.14 20:09:58 | 000,000,000 | ---D | C] -- C:\JRT [2013.05.14 20:09:41 | 000,545,954 | ---- | C] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.05.12 23:21:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.05.12 23:20:43 | 002,237,968 | ---- | C] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe.part [2013.05.12 22:43:05 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.05.11 16:39:56 | 000,000,000 | ---D | C] -- C:\ProgramData\Malwarebytes [2013.05.11 16:38:52 | 000,000,000 | ---D | C] -- C:\Users\***\Desktop\mbar [2013.05.10 22:15:29 | 000,000,000 | -HSD | C] -- C:\$RECYCLE.BIN [2013.05.10 22:15:27 | 000,000,000 | ---D | C] -- C:\Windows\temp [2013.05.10 22:15:27 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Local\temp [2013.05.10 22:02:32 | 005,068,844 | R--- | C] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.05.10 21:24:21 | 000,518,144 | ---- | C] (SteelWerX) -- C:\Windows\SWREG.exe [2013.05.10 21:24:21 | 000,406,528 | ---- | C] (SteelWerX) -- C:\Windows\SWSC.exe [2013.05.10 21:24:21 | 000,060,416 | ---- | C] (NirSoft) -- C:\Windows\NIRCMD.exe [2013.05.10 21:24:15 | 000,000,000 | ---D | C] -- C:\Qoobox [2013.05.10 21:23:59 | 000,000,000 | ---D | C] -- C:\Windows\erdnt [2013.05.10 17:31:10 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.09 11:54:28 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Urlaub [2013.05.07 18:20:50 | 000,000,000 | ---D | C] -- C:\Users\***\Documents\Anti-Malware [2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Pave [2013.05.03 21:27:06 | 000,000,000 | ---D | C] -- C:\Users\***\AppData\Roaming\Hirol [2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe [2013.04.16 22:06:01 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2013.05.14 20:22:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 20:22:51 | 000,009,696 | -H-- | M] () -- C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0 [2013.05.14 20:20:35 | 000,654,400 | ---- | M] () -- C:\Windows\System32\perfh007.dat [2013.05.14 20:20:35 | 000,616,242 | ---- | M] () -- C:\Windows\System32\perfh009.dat [2013.05.14 20:20:35 | 000,130,240 | ---- | M] () -- C:\Windows\System32\perfc007.dat [2013.05.14 20:20:35 | 000,106,622 | ---- | M] () -- C:\Windows\System32\perfc009.dat [2013.05.14 20:14:55 | 000,001,116 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineCore.job [2013.05.14 20:14:47 | 000,067,584 | --S- | M] () -- C:\Windows\bootstat.dat [2013.05.14 20:14:40 | 2307,862,528 | -HS- | M] () -- C:\hiberfil.sys [2013.05.14 20:12:51 | 000,628,743 | ---- | M] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.14 20:09:41 | 000,545,954 | ---- | M] (Oleg N. Scherbakov) -- C:\Users\***\Desktop\JRT.exe [2013.05.14 20:02:44 | 000,001,120 | ---- | M] () -- C:\Windows\tasks\GoogleUpdateTaskMachineUA.job [2013.05.13 18:40:00 | 000,000,884 | ---- | M] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.05.12 23:21:43 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe [2013.05.12 23:20:50 | 002,237,968 | ---- | M] (Kaspersky Lab ZAO) -- C:\Users\***\Desktop\tdsskiller.exe.part [2013.05.12 23:20:15 | 000,000,512 | ---- | M] () -- C:\Users\***\Desktop\MBR.dat [2013.05.12 22:44:30 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Users\***\Desktop\aswMBR.exe [2013.05.11 16:36:40 | 012,917,756 | ---- | M] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip [2013.05.11 16:08:40 | 000,377,856 | ---- | M] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.10 22:13:58 | 000,000,027 | ---- | M] () -- C:\Windows\System32\drivers\etc\hosts [2013.05.10 22:02:51 | 005,068,844 | R--- | M] (Swearware) -- C:\Users\***\Desktop\ComboFix.exe [2013.05.10 17:31:12 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Users\***\Desktop\OTL.exe [2013.05.09 12:40:21 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerApp.exe [2013.05.09 12:40:21 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\Windows\System32\FlashPlayerCPLApp.cpl [2013.05.07 18:56:19 | 000,002,020 | ---- | M] () -- C:\Users\Public\Desktop\Avira Control Center.lnk [2013.05.02 02:06:08 | 000,238,872 | ---- | M] (Microsoft Corporation) -- C:\Windows\System32\MpSigStub.exe [2013.04.19 23:41:23 | 000,001,976 | ---- | M] () -- C:\Users\Public\Desktop\Sony PC Companion 2.1.lnk [2013.04.16 22:06:15 | 000,001,993 | ---- | M] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [1 C:\Windows\*.tmp files -> C:\Windows\*.tmp -> ] ========== Files Created - No Company Name ========== [2013.05.14 20:12:51 | 000,628,743 | ---- | C] () -- C:\Users\***\Desktop\adwcleaner.exe [2013.05.12 23:20:15 | 000,000,512 | ---- | C] () -- C:\Users\***\Desktop\MBR.dat [2013.05.11 16:36:40 | 012,917,756 | ---- | C] () -- C:\Users\***\Desktop\mbar-1.05.0.1001.zip [2013.05.11 16:08:40 | 000,377,856 | ---- | C] () -- C:\Users\***\Desktop\gmer_2.1.19163.exe [2013.05.10 21:24:21 | 000,256,000 | ---- | C] () -- C:\Windows\PEV.exe [2013.05.10 21:24:21 | 000,208,896 | ---- | C] () -- C:\Windows\MBR.exe [2013.05.10 21:24:21 | 000,098,816 | ---- | C] () -- C:\Windows\sed.exe [2013.05.10 21:24:21 | 000,080,412 | ---- | C] () -- C:\Windows\grep.exe [2013.05.10 21:24:21 | 000,068,096 | ---- | C] () -- C:\Windows\zip.exe [2013.05.09 12:01:22 | 000,000,884 | ---- | C] () -- C:\Windows\tasks\Adobe Flash Player Updater.job [2013.04.16 22:06:15 | 000,002,441 | ---- | C] () -- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk [2013.04.16 22:06:15 | 000,001,993 | ---- | C] () -- C:\Users\Public\Desktop\Adobe Reader XI.lnk [2011.01.25 21:51:42 | 000,000,056 | -H-- | C] () -- C:\ProgramData\ezsidmv.dat ========== ZeroAccess Check ========== [2009.07.14 06:42:31 | 000,000,227 | RHS- | M] () -- C:\Windows\assembly\Desktop.ini [HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] [HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32] [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32] "" = %SystemRoot%\system32\shell32.dll -- [2012.06.09 06:41:00 | 012,873,728 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Apartment [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32] "" = %systemroot%\system32\wbem\fastprox.dll -- [2010.11.20 14:19:02 | 000,606,208 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Free [HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32] "" = %systemroot%\system32\wbem\wbemess.dll -- [2009.07.14 03:16:17 | 000,342,528 | ---- | M] (Microsoft Corporation) "ThreadingModel" = Both < End of report > OTL Logfile: Code:
ATTFilter OTL Extras logfile created on: 14.05.2013 20:19:34 - Run 2 OTL by OldTimer - Version 3.2.69.0 Folder = C:\Users\***\Desktop Home Premium Edition Service Pack 1 (Version = 6.1.7601) - Type = NTWorkstation Internet Explorer (Version = 8.0.7601.17514) Locale: 00000407 | Country: Deutschland | Language: DEU | Date Format: dd.MM.yyyy 2,87 Gb Total Physical Memory | 1,69 Gb Available Physical Memory | 59,09% Memory free 5,73 Gb Paging File | 4,39 Gb Available in Paging File | 76,62% Paging File free Paging file location(s): ?:\pagefile.sys [binary data] %SystemDrive% = C: | %SystemRoot% = C:\Windows | %ProgramFiles% = C:\Program Files Drive C: | 266,99 Gb Total Space | 217,81 Gb Free Space | 81,58% Space Free | Partition Type: NTFS Drive D: | 30,00 Gb Total Space | 20,09 Gb Free Space | 66,97% Space Free | Partition Type: NTFS Computer Name: BIRTE-PC | User Name: *** | Logged in as Administrator. Boot Mode: Normal | Scan Mode: All users Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .cpl [@ = cplfile] -- C:\Windows\System32\control.exe (Microsoft Corporation) .hlp [@ = hlpfile] -- C:\Windows\winhlp32.exe (Microsoft Corporation) [HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Classes\<extension>] .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* cplfile [cplopen] -- %SystemRoot%\System32\control.exe "%1",%* (Microsoft Corporation) exefile [open] -- "%1" %* helpfile [open] -- Reg Error: Key error. hlpfile [open] -- %SystemRoot%\winhlp32.exe %1 (Microsoft Corporation) htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation) inffile [install] -- %SystemRoot%\System32\InfDefaultInstall.exe "%1" (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [cmd] -- cmd.exe /s /k pushd "%V" (Microsoft Corporation) Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [explore] -- Reg Error: Value error. Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "cval" = 1 "FirewallDisableNotify" = 0 "AntiVirusDisableNotify" = 0 "UpdatesDisableNotify" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc] "VistaSp1" = Reg Error: Unknown registry data type -- File not found "AntiVirusOverride" = 0 "AntiSpywareOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Svc\Vol] ========== System Restore Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore] "DisableSR" = 0 ========== Firewall Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile] [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile] "DisableNotifications" = 0 "EnableFirewall" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] ========== Vista Active Open Ports Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{D2B00194-CDC6-41D2-B6E2-031348AA6A84}" = lport=6004 | protocol=17 | dir=in | app=c:\program files\microsoft office\office14\outlook.exe | ========== Vista Active Application Exception List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules] "{0470F7F3-087F-430D-BD3A-0E96568C7556}" = protocol=17 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{07A596CD-E869-4383-9067-B2084A82B0A3}" = protocol=6 | dir=in | app=c:\program files\bonjour\mdnsresponder.exe | "{2556ED4F-6084-4AE3-9435-76B021AEBBCA}" = protocol=17 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{281AC749-6665-48B6-9D0D-DEC1E2E9DF18}" = protocol=6 | dir=in | app=c:\program files\sony ericsson\update engine\sony ericsson update engine.exe | "{76BDD44B-9D6F-4D81-A170-F95BC3042B3B}" = dir=in | app=c:\program files\common files\apple\apple application support\webkit2webprocess.exe | "{CCB25877-DE0F-40B1-B8D5-62667107302C}" = dir=in | app=c:\program files\skype\phone\skype.exe | "{DA16BA91-AD6B-47AE-BAB2-19C176B2F7CA}" = dir=in | app=c:\program files\itunes\itunes.exe | "{EEF61AC1-5102-4CB7-8103-046C28F8590E}" = dir=in | app=c:\program files\windows live\sync\windowslivesync.exe | ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "_{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 "_{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "{07B62101-7EBD-434A-94B1-B38063BE5516}" = CorelDRAW Essentials 4 - PHOTO-PAINT "{0E532C84-4275-41B3-9D81-D4A1A20D8EE7}" = PlayStation(R)Store "{0ED4216F-3540-4D6B-8199-1C8DDEA3924B}" = CorelDRAW Essentials 4 - Lang DE "{0F895695-33CC-4203-9C47-25EF2AC9441C}" = Media Go "{10A44844-4465-456E-8C97-80BDD4F68845}" = Windows Live ID-Anmelde-Assistent "{19AC095C-3520-4999-AA15-93B6D0248A50}" = CorelDRAW Essentials 4 - Content "{1E517C0C-8542-4F8C-DA23-98BCA13CD1F4}_is1" = Haushaltsbuch Freeware 2.8 "{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 "{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live-Uploadtool "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT "{268278CF-FB69-4D98-B70E-BFEC1CDCA225}" = iTunes "{26A24AE4-039D-4CA4-87B4-2F83216031FF}" = Java(TM) 6 Update 31 "{26A24AE4-039D-4CA4-87B4-2F83217017FF}" = Java 7 Update 17 "{2BA722D1-48D1-406E-9123-8AE5431D63EF}" = Windows Live Fotogalerie "{3108C217-BE83-42E4-AE9E-A56A2A92E549}" = Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver "{34A9406E-1994-4C20-AC72-04CFA2B24545}" = CorelDRAW Essentials 4 - Lang EN "{3576C335-958D-4D60-A812-F68F9A2796AF}" = CorelDRAW Essentials 4 - Lang IT "{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform "{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile "{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}" = Intel(R) Rapid Storage Technology "{3E6F0CAD-EE38-42A5-9EEA-AE17A55BF2D4}" = Firebird SQL Server - MAGIX Edition "{3EFEF049-23D4-4B46-8903-4592FEA51018}" = Windows Live Movie Maker "{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}" = Apple Application Support "{468D22C0-8080-11E2-B86E-B8AC6F98CCE3}" = Google Earth "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater "{51C7AD07-C3F6-4635-8E8A-231306D810FE}" = Cisco LEAP Module "{5500BB35-1C21-4328-9F16-F894B860FADE}" = CorelDRAW Essentials 4 - Lang NL "{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime "{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}" = Cisco EAP-FAST Module "{65153EA5-8B6E-43B6-857B-C6E4FC25798A}" = Intel(R) Management Engine Components "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 "{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}" = Microsoft Visual C++ 2005 Redistributable "{76618402-179D-4699-A66B-D351C59436BC}" = Windows Live Sync "{76E852ED-1B06-4BC8-9D6A-625DB95FB7E5}" = CorelDRAW Essentials 4 - IPM - No VBA "{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053 "{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update "{79155F2B-9895-49D7-8612-D92580E0DE5B}" = Bonjour "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight "{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86) "{8D1E61D1-1395-4E97-997F-D002DB3A5074}" = OpenOffice.org 3.2 "{90120000-0020-0407-0000-0000000FF1CE}" = Compatibility Pack für 2007 Office System "{90140000-001A-0407-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (German) 2010 "{90140000-001A-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{69E54534-4569-4639-89E9-305B60A11601}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2010 "{90140000-001F-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{65A2328E-FDFB-4CA3-8582-357EA6825FEA}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010 "{90140000-001F-0409-0000-0000000FF1CE}_Office14.OUTLOOKR_{99ACCA38-6DD3-48A8-96AE-A283C9759279}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010 "{90140000-001F-040C-0000-0000000FF1CE}_Office14.OUTLOOKR_{46298F6A-1E7E-4D4A-B5F5-106A4F0E48C6}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2010 "{90140000-001F-0410-0000-0000000FF1CE}_Office14.OUTLOOKR_{C0743197-FFEE-4C19-BAEB-8F7437DC4C8A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-002C-0407-0000-0000000FF1CE}" = Microsoft Office Proofing (German) 2010 "{90140000-002C-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{4275FB46-ABDF-4456-876C-17CF64294D9A}" = Microsoft Office 2010 Service Pack 1 (SP1) "{90140000-006E-0407-0000-0000000FF1CE}" = Microsoft Office Shared MUI (German) 2010 "{90140000-006E-0407-0000-0000000FF1CE}_Office14.OUTLOOKR_{98EDFD9F-EA76-40CC-BCE9-92C69413F65B}" = Microsoft Office 2010 Service Pack 1 (SP1) "{9043B9A0-9505-405B-8202-E7167A38A89C}" = CorelDRAW Essentials 4 "{91140000-001A-0000-0000-0000000FF1CE}" = Microsoft Office Outlook 2010 "{91140000-001A-0000-0000-0000000FF1CE}_Office14.OUTLOOKR_{047B0968-E622-4FAA-9B4B-121FA109EDDE}" = Microsoft Office 2010 Service Pack 1 (SP1) "{95120000-00AF-0407-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (German) "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting "{96AE7E41-E34E-47D0-AC07-1091A8127911}" = Realtek USB 2.0 Card Reader "{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 "{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 "{9D3D8C60-A55F-4fed-B2B9-173F09590E16}" = REALTEK Wireless LAN Driver "{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper "{ABD8B955-1C69-4AF3-949B-13CD587C175F}" = CorelDRAW Essentials 4 - Lang BR "{AC76BA86-7AD7-1031-7B44-AB0000000001}" = Adobe Reader XI (11.0.02) - Deutsch "{AE3CF174-872C-46C6-B9F6-C0593F3BC7B8}" = Microsoft Office Live Add-in 1.4 "{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0 "{B4089055-D468-45A4-A6BA-5A138DD715FC}" = Bing Bar "{B6659DD8-00A7-4A24-BBFB-C1F6982E5D66}" = PlayStation(R)Network Downloader "{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Click to Call "{B9FA9F15-A1F3-4DB1-AD49-0B9351843FAA}" = CorelDRAW Essentials 4 - Draw "{BA9319FE-BCEF-4C99-8039-F464648D046E}" = CorelDRAW Essentials 4 - Lang FR "{BAC80EF3-E106-4AEA-8C57-F217F9BC7358}" = Microsoft SQL Server 2005 Compact Edition [DEU] "{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86) "{C0237AA4-1BFB-46EA-860D-7B0EB365CA13}" = CorelDRAW Essentials 4 - ICA "{C4D738F7-996A-4C81-B8FA-C4E26D767E41}" = Windows Live Mail "{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "{C682F3F0-00A6-4379-B083-4F3273624D7B}" = CorelDRAW Essentials 4 - Lang ES "{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}" = PlayReady PC Runtime x86 "{CF0ADC18-6D8F-4353-8EAA-DF45456B7853}" = CorelDRAW Essentials 4 - Windows Shell Extension "{D0846526-66DD-4DC9-A02C-98F9A2806812}" = Launch Manager V1.5.0.8 "{E0A4805D-280A-4DD7-9E74-3A5F85E302A1}" = Windows Live Writer "{E14ADE0E-75F3-4A46-87E5-26692DD626EC}" = Apple Mobile Device Support "{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update "{E38C00D0-A68B-4318-A8A6-F7D4B5B1DF0E}" = Windows Media Encoder 9 Series "{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "{E50AE784-FABE-46DA-A1F8-7B6B56DCB22E}" = Microsoft Office Suite Activation Assistant "{EA17F4FC-FDBF-4CF8-A529-2D983132D053}" = Skype™ 6.0 "{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}" = Cisco PEAP Module "{F09EF8F2-0976-42C1-8D9D-8DF78337C6E3}" = Sony PC Companion 2.10.155 "{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU] "{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard "{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}" = Intel(R) Graphics Media Accelerator Driver "{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver "{F16841F6-5F0F-4DBE-B318-63CEB916F21D}" = CorelDRAW Essentials 4 - Filters "{F750C986-5310-3A5A-95F8-4EC71C8AC01C}" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "{F8FF18EE-264A-43FD-B2F6-5EAD40798C2F}" = Windows Live Essentials "Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX "Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin "Ashampoo Burning Studio_is1" = Ashampoo Burning Studio "Ashampoo Photo Commander_is1" = Ashampoo Photo Commander "Ashampoo Snap_is1" = Ashampoo Snap "Avira AntiVir Desktop" = Avira Antivirus Premium 2012 "ElsterFormular" = ElsterFormular "ElsterFormular für Privatanwender 12.0.0.5880p" = ElsterFormular-Upgrade "InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}" = CyberLink YouCam "InstallShield_{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = Medion Home Cinema "InstallShield_{40BF1E83-20EB-11D8-97C5-0009C5020658}" = CyberLink Power2Go "InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}" = CyberLink LabelPrint "InstallShield_{E3D04529-6EDB-11D8-A372-0050BAE317E1}" = CyberLink PowerDVD Copy "MEDION Fotos auf CD & DVD SE Nord D" = MEDION Fotos auf CD & DVD SE Nord "Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile "Microsoft .NET Framework 4 Client Profile DEU Language Pack" = Microsoft .NET Framework 4 Client Profile DEU Language Pack "Mozilla Firefox 20.0.1 (x86 de)" = Mozilla Firefox 20.0.1 (x86 de) "MozillaMaintenanceService" = Mozilla Maintenance Service "Office14.OUTLOOKR" = Microsoft Outlook 2010 "RealPlayer 12.0" = RealPlayer "SynTPDeinstKey" = Synaptics Pointing Device Driver "Update Engine" = Sony Ericsson Update Engine "Windows Media Encoder 9" = Windows Media Encoder 9 Series "WinLiveSuite_Wave3" = Windows Live Essentials "X10Hardware" = X10 Hardware(TM) ========== HKEY_USERS Uninstall List ========== [HKEY_USERS\S-1-5-21-3257401125-2040109845-2132314743-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "Game Organizer" = EasyBits GO < End of report > |
15.05.2013, 10:22 | #22 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Sieht ok aus. Wir sollten fast durch sein. Mach bitte zur Kontrolle einen Vollscan mit Malwarebytes - denk bitte vorher daran, Malwarebytes über den Updatebutton zu aktualisieren Anschließend über den OnlineScanner von ESET eine zusätzliche Meinung zu holen ist auch nicht verkehrt: ESET Online Scanner
__________________ Logfiles bitte immer in CODE-Tags posten |
16.05.2013, 20:55 | #23 |
| Merkwürdige TAN-Abfrage nach Login bei Online-BankingCode:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.15.08 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 16.05.2013 20:32:37 mbam-log-2013-05-16 (20-32-37).txt Art des Suchlaufs: Quick-Scan Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 216978 Laufzeit: 5 Minute(n), 38 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) Code:
ATTFilter ESETSmartInstaller@High as downloader log: all ok ESETSmartInstaller@High as downloader log: all ok # version=8 # OnlineScannerApp.exe=1.0.0.1 # OnlineScanner.ocx=1.0.0.6920 # api_version=3.0.2 # EOSSerial=6810630dbf65ce43b468887ca530c8ff # engine=13847 # end=finished # remove_checked=false # archives_checked=true # unwanted_checked=false # unsafe_checked=false # antistealth_checked=true # utc_time=2013-05-16 08:11:27 # local_time=2013-05-16 10:11:27 (+0100, Mitteleuropäische Sommerzeit) # country="Germany" # lang=1033 # osver=6.1.7601 NT Service Pack 1 # compatibility_mode=1800 16775165 100 97 6784 234154740 0 0 # compatibility_mode=5893 16776573 100 94 6167 120366278 0 0 # scanned=148488 # found=0 # cleaned=0 # scan_time=5496 |
16.05.2013, 21:26 | #24 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Hm, wolltest du nicht einen Vollscan mit MBAM machen?
__________________ Logfiles bitte immer in CODE-Tags posten |
18.05.2013, 09:29 | #25 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Ups, ja stimmt. Hier jetzt die Datei vom vollständigen Scan: Code:
ATTFilter Malwarebytes Anti-Malware 1.75.0.1300 www.malwarebytes.org Datenbank Version: v2013.05.18.01 Windows 7 Service Pack 1 x86 NTFS Internet Explorer 8.0.7601.17514 *** :: ***-PC [Administrator] 18.05.2013 09:23:05 mbam-log-2013-05-18 (09-23-05).txt Art des Suchlaufs: Vollständiger Suchlauf (C:\|D:\|F:\|) Aktivierte Suchlaufeinstellungen: Speicher | Autostart | Registrierung | Dateisystem | Heuristiks/Extra | HeuristiKs/Shuriken | PUP | PUM Deaktivierte Suchlaufeinstellungen: P2P Durchsuchte Objekte: 356492 Laufzeit: 1 Stunde(n), 20 Minute(n), 17 Sekunde(n) Infizierte Speicherprozesse: 0 (Keine bösartigen Objekte gefunden) Infizierte Speichermodule: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungsschlüssel: 0 (Keine bösartigen Objekte gefunden) Infizierte Registrierungswerte: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateiobjekte der Registrierung: 0 (Keine bösartigen Objekte gefunden) Infizierte Verzeichnisse: 0 (Keine bösartigen Objekte gefunden) Infizierte Dateien: 0 (Keine bösartigen Objekte gefunden) (Ende) |
19.05.2013, 01:53 | #26 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Sieht soweit ok aus Wegen Cookies und anderer Dinge im Web: Um die Pest von vornherein zu blocken (also TrackingCookies, Werbebanner etc.) müsstest du dir mal sowas wie MVPS Hosts File anschauen => Blocking Unwanted Parasites with a Hosts File - sinnvollerweise solltest du alle 4 Wochen mal bei MVPS nachsehen, ob er eine neue Hosts Datei herausgebracht hat. Info: Cookies sind keine Schädlinge direkt, aber es besteht die Gefahr der missbräuchlichen Verwendung (eindeutige Wiedererkennung zB für gezielte Werbung o.ä. => HTTP-Cookie ) Ansonsten gibt es noch gute Cookiemanager, Erweiterungen für den Firefox zB wäre da CookieCuller Wenn du aber damit leben kannst, dich bei jeder Browsersession überall neu einzuloggen (zB Facebook, Ebay, GMX, oder auch Trojaner-Board) dann stell den Browser einfach so ein, dass einfach alles beim Beenden des Browser inkl. Cookies gelöscht wird. Ist dein System nun wieder in Ordnung oder gibt's noch andere Funde oder Probleme?
__________________ Logfiles bitte immer in CODE-Tags posten |
19.05.2013, 10:02 | #27 |
| Merkwürdige TAN-Abfrage nach Login bei Online-Banking Ich denke, jetzt ist alles wieder ok - vielen Dank für die tolle Hilfe und die Geduld!!! Die Links zu den Cookiemanagern werde ich mir mal anschauen. Und dann hoffe ich, dass jetzt erstmal alles sauber bleibt. Kann ich gentlich die ganzen Scan-Programme, die ich mir runtergeladen habe, installiert lassen oder sollte ich sie lieber wieder deinstallieren? |
19.05.2013, 19:58 | #28 |
/// Winkelfunktion /// TB-Süch-Tiger™ | Merkwürdige TAN-Abfrage nach Login bei Online-Banking Dann wären wir durch! Falls du noch Lob oder Kritik loswerden möchtest => http://www.trojaner-board.de/lob-kritik-wuensche/ Die Programme, die hier zum Einsatz kamen, können alle wieder runter. Combofix entfernen (nur relevant wenn es hier benutzt wurde!) : Start/Ausführen (Tastenkombination WIN+R), dort den Befehl combofix /uninstall eintippen und ausführen Mit Hilfe von OTL kannst du auch viele andere Tools entfernen: Starte dazu einfach OTL und klicke auf Bereinigung. Dies wird die meisten Tools entfernen, die wir zur Bereinigung benötigt haben. Sollte etwas bestehen bleiben, bitte mit Rechtsklick --> Löschen entfernen. Malwarebytes zu behalten ist zu empfehlen. Kannst ja 1x im Monat damit einen Vollscan machen, aber immer vorher ans Update denken. Bitte abschließend die Updates prüfen, unten mein Leitfaden dazu. Um in Zukunft die Aktualität der installierten Programme besser im Überblick zu halten, kannst du zB Secunia PSI verwenden. Für noch mehr Sicherheit solltest Du nach der beseitigten Infektion auch möglichst alle Passwörter ändern. Microsoftupdate Windows XP:Besuch mit dem IE die MS-Updateseite und lass Dir alle wichtigen Updates installieren. Windows Vista/7: Start, Systemsteuerung, Windows-Update PDF-Reader aktualisieren Ein veralteter AdobeReader stellt ein großes Sicherheitsrisiko dar. Du solltest daher besser alte Versionen vom AdobeReader über Systemsteuerung => Software bzw. Programme und Funktionen deinstallieren, indem Du dort auf "Adobe Reader x.0" klickst und das Programm entfernst. (falls du AdobeReader installiert hast) Ich empfehle einen alternativen PDF-Reader wie PDF Xchange Viewer, SumatraPDF oder Foxit PDF Reader, die sind sehr viel schlanker und flotter als der AdobeReader. Bitte überprüf bei der Gelegenheit auch die Aktualität des Flashplayers: Prüfen => Adobe - Flash Player Downloadlinks findest du hier => Browsers and Plugins - FilePony.de Alle Plugins im Firefox-Browser kannst du auch ganz einfach hier auf Aktualität prüfen => https://www.mozilla.org/de/plugincheck Natürlich auch darauf achten, dass andere installierte Browser wie zB Firefox, Opera oder Chrome aktuell sind. Java-Update Veraltete Java-Installationen sind ein großes Sicherheitsrisiko, daher solltest Du die alten Versionen deinstallieren. Beende dazu alle Programme (v.a. die Browser), klick danach auf Start, Systemsteuerung, Software (bzw. Programme und Funktionen) und deinstalliere darüber alle aufgelisteten Java-Versionen. Lad Dir danach von hier das aktuelle Java SE Runtime Environment (JRE) herunter und installiere es.
__________________ Logfiles bitte immer in CODE-Tags posten |
Themen zu Merkwürdige TAN-Abfrage nach Login bei Online-Banking |
antivir, deutsche, e-banking, eintragen, formular, gestern, heute, login, meldung, merkwürdige, nach login, nichts, online-banking, quarantäne, sauber, sperre, sperren, tans, tr/bublik.i.6, tr/cridex.172032.84, tr/rogueerickd.938208, trojaner, virenscan |